Company Attitude

Wibble Ltd. Is a medium sized company located in two places with the head office being located in Coventry and another office and warehouse in Birmingham. The company is being managed by Anthony Cecil Hogmanay Melchett who is the managing director. In the last year, after account audit, it was found out that the company made a loss of about $1.2 million which has not been the case because the company had been making profits in the past years. The managing director contracted a security consultant to find out why the company is experiencing such challenges. What the security consultant found out is that the company’s IT team has not been paying attention to the security of the digital resources and network. This document will discuss the different security issues that the company is facing because of the ignorance to keep their IT infrastructure up-to-date.

Wibble Ltd is facing numerous threats because of the attitude across the entire company. The company has been making little annual budget towards improving and upgrading its IT system. The company is running outdated systems, for instance, the company is running Windows SP 1 that security patches are no longer supported by Microsoft in some of the workstation. This increases the vulnerability of the company IT infrastructure. Also, running a bespoke inventory management system written in COBOL language and running on Windows NT4 server is also risky. This is because Windows NT$ server is an older version of windows server and currently no support is provided by Microsoft. Also, COBOL systems have been phased out because the language does not support interoperability. Because the company is running on outdate infrastructure the company is facing several security risks including the following:

Ransomware: the company has been experiencing heavy traffic at 2am and the IT team has been trying to figure out where the traffic came from. When the conduct network analysis the found out that the traffic is coming from the network printers. Ransomware is one of the major risks facing IT infrastructure that is running outdated systems (Alcon, 2018).  The security consultant believes that the traffic that is being experienced daily at 2am is because of a ransomware that has attacked the network and is using the company’s network to solicit confidential information and some transactions and that is why the company is facing drastic loses.

Business disruptions: running outdates systems slows down business operations and users tend to experience several challenges as found out within the company. Blackadder who is the senior systems administrator is away on holiday and has left behind his two junior assistants and one of the has not been coming to work for two weeks. The staff have been facing numerous problems because the IT infrastructure is unreliable and George, who is the assistant network administrator has been left to manage the entire system. The many problems currently being faced by the staff cannot be handled by one person. If the IT infrastructure and systems were up-to-date then there would be minimum business interruptions because of reliability and availability would be enhanced by upgrading and improving the IT infrastructure (Munro, 2018).

Network Security Issues

The company is also facing third party risks especially if the company vendors are accessing critical data using outdated browsers and programs. The customer and business data could be inadvertently exposed by the vendors to risk. Therefore, the company should ensure that the IT infrastructure is kept up to date to minimize such risks.

The company has not been paying attention to its IT infrastructure and that is why the it is experiences numerous challenges. The attitude of the company towards how critical IT systems are to the business can be concluded as it was not positive. IT systems are very essential components to any business and should be regularly to ensure that its security is enhanced to protect the company’s critical digital resources such as data and files from unauthorized access (Schneider, 2012).

Wibble Ltd is using several outdated systems and network infrastructure thus making the company suffer from several network security issues and problems without even noticing them. If these issues are not resolve the company will create loop holes for attackers to get through the security infrastructure of the company to wreak havoc and steal data. This section will discuss the various network security issues that the company is facing or likely to face if the routine continues as it is currently. Solutions to such issues will also be recommended.

Issue 1: unknown assets and users on the network

Many companies lack complete inventory of the IT assets and a record of users accessing the network. This brings massive problem if you cannot account for the devices and users connected to the network.  For instance, three former employees are still on the payroll and this is because the employee records are not regularly reviewed and updated (Dosal, 2018). The best fix to such a problem is to carry out a review of all the user record and devices on the company network and determine all the different platforms they run. This will allow the IT management team to know all the various network access points, the devices, and users accessing the network and keep a log of every activity on the network. It will also be easier to identify any device that requires security updates.

Issue 2: User account privileges abuse

If there are no proper network security policies, employees with malicious motives can use their access privileges to gain, generate, modify or sell critical data for their personal gains. According to research conducted by Nibusinessinfo (2018), more than 60 percent of all the attacks are normally done by insiders. This include losing company devices such as a laptop that contains critical data, accidentally sending information to the wrong addresses, phishing, scams, or intentionally leaking information. The company employees present the biggest security challenge to any company. However, there are several to reduce the risks of insider attacks including policy of least privilege (POLP) so as to minimize the impact that abuse of accounts could cause. POLP will ensure that users only access what they need to accomplish their daily tasks. The company should adopt such a policy to ensure that the risk of leaking critical information is minimized.

Issue 3: Unpatched security vulnerabilities

One of the major concerns of any company is ‘zero day’ exploits. The company has not been updating its network security procedures and components for a long time. For instance, the company just acquired a new firewall but the concerned team has not bothered to configure the device to ensure it is working well. Additionally, most of the company systems are using outdated systems that no longer receives security patches making such systems to be very vulnerable. Attackers will often make use of such vulnerabilities to attacks the systems because they know that they have unreliable defense system. The simplest and most effective way to address such a problem is to ensure that the systems are running the most updated systems and programs and regularly run security patches. Additionally, gradually changing the network operating systems and programs on the network will further enhance and simplify this process.

Issue 3: insufficient in-depth defense

One day attackers my eventually succeed in breaching the company network despite the numerous efforts that the company may have put in securing it. But what is critical is the network structure because the level of damage that the attacker will have depends on the network structure. The company should ensure that they have a proper and well structure network infrastructure with reliable segmentation to ensure that all the discrete sections are kept separate to minimize and slow down attacker’s activities form getting to the most crucial and sensitive systems and give the security team enough time to determine, mitigate, and eliminate the breach (Rack, 2018).

Issue 5: insufficient IT security management

This is one of the main challenges that Wibble Ltd is facing. The company has hired only 3 IT staff to manage the IT infrastructure that is being used by more than 750 employees excluding customers, vendors, and guest users. Additionally, the company does not have a qualified cybersecurity expert to manage the cyber threats that the company is facing and propose drastic solutions. Because the three employees currently hired by the company have insufficient knowledge in cyber security, they tend to miss cyber security alerts and this allows attackers to successfully get into the company network without being detected. The most reliable solution is to hire competitive and high skilled cyber security and network experts to continuously monitor the traffic and identify any malicious traffic may harm the network or may be targeting to collect sensitive and critical data sent over the network. This will ensure that the IT infrastructure is maintained and monitored at all times to quickly identify attacks, mitigate, and eliminate them.

By keeping the company IT infrastructure updated, the company will be able to enjoy numerous benefits including the following:

Improved performance across the business: in order to enjoy optimal performance from the IT systems the company should ensure that the applications are regularly updated. Access times will be enhanced and the employees will be able to access required files faster thus increasing efficiency (Secure.com, 2018).

Bug fixes: regularly updating will help fix bugs that applications often have which can impact their performance and usage. Some of the problems that bugs may cause include applications crushing amongst other graphical inconsistencies. By regularly updating the applications such bugs will be fixed increasing efficiency and improving performance.

Improved security: one of the main reasons why applications and computer systems are updated or upgraded is to enhance security. Attackers will continuously find vulnerabilities in the system making the threat landscape to continuously evolving, as such, the company should continuously update it network security installations. The company is currently running legacy applications that are very susceptible to cyberattacks. Maintaining the IT infrastructure up-to-date is not only the general best practice for the company but also the most secure and efficient way to manage third party applications (Rudra and Vyas, 2015).

There are several strategies and methods that the company can employ to protect its IT infrastructure from malware and intruders. Installing antiviruses and firewall is not enough to say that the company network is secured. Hackers and cybercriminals are more advanced today than yesterday and they continuously share exploits almost instantly because of the global culture we operate in today. As such, the company management should always have network security concerns on their mind (Hurley, 2018). The following recommendation are proposed for the company to implement:

Firewall

Firewalls forms the first line defense on any corporate network and is still needed for a solid security structure. The sole purpose of a firewall is to allow only permitted traffic to go through and block all the other traffic or connection attempts. Firewalls prevents non-critical ports from being utilized by attackers for malicious purposes (Sanchez, 2018). The two main areas that firewall should be installed is on the internet edge to only permit inbound access from the internet as specified in the company DMZ zone. Data center access should also have a firewall to prevent open access to the critical servers through the internet.

Intrusion Prevention System (IPS)

Intrusion prevention systems are needed because even with firewall in place the network is still vulnerable based on the applications allowed on the network. The IPS analyzes and looks deeper into the content and traffic on the network to identify any malicious activities running. The IPS uses known library of attacks and compares these signatures to the traffic on the network (Bradbury, 2018). It is important to regularly update the IPS and maintain active subscription to have the latest signatures. It is crucial for the company to install IPS in the data center and on the internet edge.

Malware are programs that attackers use to open up the backdoor into the company IT infrastructure and once it gains access the attacker can use the malware or command it to do anything on the network depending on how it was programmed. As such, it is important that the company have malware detection programs and applications to detect the malware before it infects and take over the machine (Mahawer and Nagaraju, 2013). Network based malware prevention is required to inspect the traffic on the company network and block any malware that is known. This is installed on the internet edge and in the data center. End-point based malware prevention is required on the end-point to view and monitor traffic from and getting onto the workstations connected to the network (Kalnoor and Agarkhed, 2016). This is installed on end-user devices. The company also requires other security mechanisms such as web-filtering, antiviruses, and spam filtering

Access control is a very critical security techniques that any company requires to regulate what is accessed or who accessed particular network resources in a network environment. There exist two types of access controls that the company should adopt: physical and logical. Logical access control is required to limit and regulate connections to the company network, data, and system files while physical access control involves limiting access to computer rooms and physical IT components (Margaret, 2018). The company requires to employ the use of electronic access control systems that is based on user details such as electronic access cards or biometric readers to track and monitor employee access to restricted computer locations and proprietary areas.

Access control and management systems performs authorization, authentication, and identification of users and evaluate login credentials before allowing the user to access digital, network, or computer resources. There are several types of access controls that the company can adopt including mandatory access control, discretionary access controls, role-based access controls, and attribute-based access controls (Chang, 2014). Access control mechanisms allows the company to keep a log of how the critical resources such as data is being used, who is accessing it, what time, and for what purpose.

The proposed network architecture has considered all the security recommendations including segmentations to enhance the security and reliability of the overall IT infrastructure

Cryptography is one of the important approaches to securing and building a secure network. Cryptography employs the use of algorithms from being plain text that can be read and interpreted by human beings to a format that one cannot make sense out of it (encrypted data) (Janet, 2018). While building or upgrading the IT infrastructure it is important to consider encryption algorithms that provides both authentication and encryption to ensure data secrecy. For a company like Wibble, data confidentiality is very important and thus there is need to employ cryptography to ensure that employee, customer, or company being sent over the network or internet is secured. There are several cryptography approaches that the company can adopt including secret key cryptography, public key cryptography, digital certificates, digital signatures, and authentication.

Secret key cryptography: this approach uses a one key to encrypt and decrypt data. The sender and the receiver of the message should have the key in order to encrypt or decrypt the message. This approach can be categorized as block ciphers or stream ciphers. However, one major challenge facing this approach is the distribution of the key.

Public key cryptography (PKC): this is a technique of data encryption that employs the use of paired private and public key algorithms to ensure data security and communication. In this method, the sender of the message uses the public key of the receiver to encrypt the message (Bedrune, Filiol and Raynal, 2009). Upon receiving the message, the recipient will use private key to decrypt the message.

Digital Signatures: this approach is used to verify and validate the authenticity of the electronic documents where a unique code is attached to the document that is used as the signature. It is important to validate the source of the electronic documents before opening them as it may contain malicious content.

Digital certificates: this is a digital file that is used to determine user’s identity on the internet. It is used to prove the official relationship between a particular public key and certificate holder (user). Digital certificate contains several information including issuers name, serial number, subject name, validity data range among others (Shashank, 2018).

Authentication: this is a very crucial approach of ensuring data security. This is the use of passwords, personal identification numbers, biometric authentication, and other forms to validate the users before being granted access to a system or network resource. Authentication methods have evolved over time and now many companies are using double authentication approaches such as even after keying in a password you have to enter a code sent to your mobile phone or email, or after entering password you need to scan your biometrics (Kessler, 2018).

Conclusion

For a long time now, Wibble Ltd. Has been running outdated systems, for instance, the company is running Windows SP 1 that security patches are no longer supported by Microsoft in some of the workstation. This increases the vulnerability of the company IT infrastructure and the company is facing numerous threats such as ransomware, disruption of business activities (unavailability), third party risk, abuse of account privileges, unknown assets and users on the network, User account privileges abuse, and insufficient IT security management. However, by regularly updating the IT infrastructure, applications and systems the company will enjoy improved performance across the business, bug fixes and improved security. Some of the security strategies that the company can implement include use of firewall, Intrusion Prevention System (IPS), Malware Detection and Prevention, and access control mechanism. As such, this report recommends that Wibble upgrades its IT infrastructure as proposed in this report.

Reference List

Alcon, J. (2018). 5 Risks Of Outdated Software, Browsers & Operating Systems. [online] BitSight. Available at: https://www.bitsighttech.com/blog/outdated-software-issues [Accessed 3 Dec. 2018].

Bedrune, J., Filiol, É. and Raynal, F. (2009). Cryptography: all-out attacks or how to attack cryptography without intensive cryptanalysis. Journal in Computer Virology, 6(3), pp.207-237.

Bradbury, D. (2018). How to protect your business from hackers. [online] the Guardian. Available at: https://www.theguardian.com/media-network/2015/jul/23/protect-business-security-threats [Accessed 3 Dec. 2018].

Chang, Y. (2014). A flexible hierarchical access control mechanism enforcing extension policies. Security and Communication Networks, 8(2), pp.189-201.

Dosal, E. (2018). 5 Common Network Security Problems and Solutions. [online] Compuquip.com. Available at: https://www.compuquip.com/blog/5-common-network-security-problems-and-solutions [Accessed 3 Dec. 2018].

Hurley, M. (2018). 6 Ways to Secure Your Network. [online] Annese.com. Available at: https://www.annese.com/blog/secure [Accessed 3 Dec. 2018].

Janet, H. (2018). An introduction to cryptographic techniques | Jisc community. [online] Community.jisc.ac.uk. Available at: https://community.jisc.ac.uk/library/advisory-services/introduction-cryptographic-techniques [Accessed 5 Dec. 2018].

Kalnoor, G. and Agarkhed, J. (2016). Preventing attacks and detecting intruder for secured Wireless Sensor Networks. 2016 International Conference on Wireless Communications, Signal Processing and Networking (WiSPNET).

Kessler, G. (2018). An Overview of Cryptography. [online] Garykessler.net. Available at: https://www.garykessler.net/library/crypto.html [Accessed 5 Dec. 2018].

Mahawer, D. and Nagaraju, A. (2013). Metamorphic malware detection using base malware identification approach. Security and Communication Networks, 7(11), pp.1719-1733.

Margaret, R. (2018). What is access control? – Definition from WhatIs.com. [online] SearchSecurity. Available at: https://searchsecurity.techtarget.com/definition/access-control [Accessed 3 Dec. 2018].

Munro, O. (2018). Importance of Keeping Applications Up to Date. [online] Eci.com. Available at: https://www.eci.com/blog/16065-importance-of-keeping-applications-up-to-date.html [Accessed 3 Dec. 2018].

Nibusinessinfo, N. (2018). Network security issues. [online] nibusinessinfo.co.uk. Available at: https://www.nibusinessinfo.co.uk/content/network-security-issues [Accessed 3 Dec. 2018].

Rack, B. (2018). The Risks And Hidden Dangers Of Outdated Technology – The Official Rackspace Blog. [online] The Official Rackspace Blog. Available at: https://blog.rackspace.com/the-risks-and-hidden-dangers-of-outdated-technology [Accessed 3 Dec. 2018].

Rudra, B. and Vyas, O. (2015). Investigation of security issues for service-oriented network architecture. Security and Communication Networks, 9(10), pp.1025-1039.

Sanchez, M. (2018). Firewalls: Protecting your business from unwanted intruders. [online] [email protected] – Cisco Blogs. Available at: https://blogs.cisco.com/smallbusiness/firewalls_protecting_your_business_from_unwanted_intruders [Accessed 3 Dec. 2018].

Schneider, D. (2012). The state of network security. Network Security, 2012(2), pp.14-20.

Secure.com, S. (2018). F-Secure Help Center. [online] Help.f-secure.com. Available at: https://help.f-secure.com/product.html?business/client-security/12.30/en/concept_718B3C5B42754343848AB83CFF222B01-12.30-en [Accessed 3 Dec. 2018].

Shashank, K. (2018). Digital Signatures and Certificates – GeeksforGeeks. [online] GeeksforGeeks. Available at: https://www.geeksforgeeks.org/digital-signatures-certificates/ [Accessed 5 Dec. 2018].