Implementation of cybersecurity changes will always create an abrasive reaction among employees and higher-ups. With employees, they are comfortable with the current technology, despite the vulnerabilities in place. Cybersecurity changes in technology force them to put in more work in accessing applications, or overall tasks, which creates a feeling of annoyance or working from the ground up again. Higher management dislikes the change due to perceiving it as a cost that doesn’t produce anything to generate more revenue. Furthermore, both groups lack a deep understanding of cybersecurity and will have less incentive to like the change due to not understanding what it may do.

To mitigate these reactions, I feel that the best action would be to educate both groups on basic cybersecurity knowledge, what the changes will affect, and how it is beneficial to the organization. Educating employees on cybersecurity will inform them of basic risks to look out for and having them be involved with testing the changes made to applications can help maintain workflow. For higher management, educating them on the larger costs that come from a lack of cybersecurity practices or data breaches will be an effective method for informing them and creating incentives to invest in more practices. Overall, education on cybersecurity practices, changes, and benefits, is necessary for improving the responses to technology changes within an organization.

https://staysafeonline.org/resources/cybersecurity-its-more-than-it/

Single Sign-On (SSO) offers many security benefits by allowing users to remember only one set of credentials to access services, hence the name of SSO. First, SSO is beneficial by reducing human error via its single set of credentials, which can incentivize users to make strong passwords. Another benefit is login thresholds and lockouts being a default in the scheme, mitigating brute-force attacks by restricting absent users to a timer.

However, there are some drawbacks to SSO with implementation and compromises in credentials or servers preventing access. For implementation, SSO is a difficult scheme to adopt onto older systems, maintaining exploitable vulnerabilities. Furthermore, compromised credentials are a large vulnerability for SSO, due to the vast system access given to the user. Authentication servers being compromised or down is another failure in SSO, as it prevents anyone from being able to access any services.

With that being said, some measures can counteract these risks. A primary solution is two or multi-factor authentication, which can provide more layers of security that hackers need to break through to get into a system as opposed to one set of credentials. Another solution could be role-based access control, which limits the amount of access users have to services based on their role within an organization. In summary, while there are risks with the framework, adopting more restrictive strategies onto the default benefits of SSO can create a more safeguarded system.

There are several positives to involving law enforcement in cybersecurity incidents. Firstly, in the event of an incident occurring due to a criminal act instead of a mistake by an employee or the company, law enforcement should be notified to handle the situation because their purpose is to stop criminals. They also have tools that can be used to locate data and criminals. Secondly, a company cooperating with law enforcement benefits from faster speed of the process and credibility from the perspectives of other parties and the public. Finally, law enforcement being involved makes the information usable in protecting other companies, as well as deterring future criminals when the current one gets a sentence for the incident.

However, there are reasons as to why companies don’t report cybersecurity incidents to law enforcement. One reason is companies may view the process as a time drain when it’s not possible to see the criminal stealing anything and are not able to grasp how detrimental the incident is. The lack of a legal requirement also doesn’t help with motivation when these types of incidents occur. Another reason is the belief that involving law enforcement will lead to bad press and the company being shamed by the public. Companies feel that kind of information getting out leads to an overall decrease in reputation and investment from shareholders.

Despite these reasonable beliefs, it is still a better choice to inform law enforcement about a cybersecurity incident within a company. While the process of ending the incident may take time, it is a worthwhile process for the company’s credibility to anyone who views them, law enforcement has another case to use as a tool for preventing more crimes, and the company has a better understanding of cybersecurity incident and how to protect themselves from future ones.

Current, S. (2018, March 12). Engaging with Law Enforcement When It Comes to Cybersecurity Incidents. SecurityCurrent. https://securitycurrent.com/engaging-law-enforcement-comes-cybersecurity-incidents/

Swinhoe, D. (2019, May 30). Why businesses don’t report cybercrimes to law enforcement. CSO Online. https://www.csoonline.com/article/567307/why-businesses-don-t-report-cybercrimes-to-law-enforcement.html

A threat is a potential action that could cause damage or exploit a vulnerability. Threats can come from single people making statements to entire organizations. Some threats involve simply sharing private information, malware, or hardware and software issues. These are occurrences where there is potential for harm, and nothing specific has happened yet to cause that harm. However, an attack is the actual exploitation of a vulnerability in a system. Attacks like DoS, phishing, and brute-force password attacks are some of many that exploit the vulnerabilities in systems and people to stop a network from functioning.

Exploits are tied to vulnerabilities by existing once a vulnerability exists. The purpose of an exploit is to make use of a vulnerability to cause an attack in different forms. This can be installing malware, encrypting an entire system to prevent users from access, or using other attack methods. It’s acceptable to study and use the many attack methods mentioned due to that information being critical for fortifying systems against those attacks in the future, as well as educating others to protect themselves at the same time.

I believe that the biggest security risks of IoT are data exposure, the lack of a standardized framework, and devices being manufactured in multiple ways. Due to more devices being involved in a system, it creates more data that needs to be accounted for and secure. Furthermore, without a standard framework, complications arise in managing the overall system which makes IoT more susceptible to malware attacks. The final risk is how different vendors and companies are manufacturing IoT devices. Having multiple devices with differing configurations can complicate integration into a system by not being suited functionally.

Several challenges need to be overcome within the IoT industry such as the cost of power, effective functionality and availability of devices, and integration into existing IoT systems. With the addition of more devices being connected to the internet, there will be a significant drain and cost of power when IoT devices run on batteries. Moreover, an increase in batteries also affects the environment due to energy waste. A challenge of functionality comes from having to route and connect every device to one system as well as have proper storage. Finally, integrating new devices into an existing IoT system will be a challenge for proper functionality without ruining the overall performance of the system. In summary, several risks come with large integrations of IoT, as well as many challenges that will slow down overall development.

Lawal, & Rafsanjani, H. N. (2022). Trends, benefits, risks, and challenges of IoT implementation in residential and commercial buildings. Energy and Built Environment, 3(3), 251–266. https://doi.org/10.1016/j.enbenv.2021.01.009

There are several similarities between computer security and information security, but the primary difference is what’s being protected. Computer security focuses on protecting a network and system associated with a computer. This also prevents both hardware and software from becoming infected and ensures correct usability and accessibility. , information security is about protecting the personal information, credentials, or data of people. It prevents people from opening up their information to potential identity theft or phishing.

This is why information security can be argued as an application to social science due to its fundamental involvement in people. There’s the human element that is applied to these systems to make them more secure for protecting data from breaches. That element is also applied to analyzing what people do to mitigate risk and applying necessary practices to make change.

Read the brief article about “SQL Injection loses #1 spot as most dangerous attack technique” at https://securityboulevard.com/2019/12/sql-injection-loses-1-spot-as-most-dangerous-attack-technique

The article mentions a new technique used to rank the most dangerous vulnerabilities. At the end it mentions the top 3 vulnerabilities. Research on the top vulnerability listed and provide any other articles you came across about it.

While SQL Injection was one of the most dangerous attack techniques, “Improper Restriction of Operations within the Bounds of a Memory Buffer” or CWE-119 has taken that position due to the Common Weakness Enumeration. CWE-199 is a vulnerability where there are little to no restrictions on devices that work on a memory buffer, and they can read and write code outside of the intended boundary. This allows for attacks like buffer overflow, where attackers can inject code into a device’s memory to cause different issues. This can include an out-of-bounds read, which gives access to sensitive information. There is also memory corruption, where malicious code injection manipulates the memory’s contents or leads to it crashing. However, there are mitigation strategies for this issue. Some of them are choosing languages with overflow protection, effectively implementing application memory, and using software and hardware with data execution protection.

https://cwe.mitre.org/data/definitions/119.html

https://www.immuniweb.com/vulnerability/buffer-errors.html#description

Watch this video on “Cyber warfare is everywhere”: https://www.ted.com/talks/brijesh_singh_brijesh_singh_cyber_warfare_is_everywhere

He explains how human warfare evolved through the ages and how cyberwarfare is a culmination of it all. Something new he talks about is the concept of “Kinetic Cyberwarfare” and provided “Stuxnet” as an example. Research on other examples and provide your feedback.

I agree with the speaker on the importance of Kinetic Cyberwarfare and how it needs to be acknowledged as a genuine threat. Due to its capability for cyberattacks causing harm to physical forms of infrastructure should be a pressing concern. Some of the speaker’s examples such as power grids and factories now involve the employees maintaining them as an additional risk on top of data loss. An example of an older kinetic cyber-attack was the hacked Tramways in Poland. In 2008, a 14-year-old managed to rewire a television remote into a control for the tram system in Lodz. He had rerouted two trams, which ended up derailing four vehicles and causing many people to be injured. While the purpose of the event was to be a prank, this kind of attack shows that even devices that may not seem like possible weapons are if the right person is tinkering with them and that unintentional consequences of harm can come from actions like this.

Applegate, Scott. (2013). The Dawn of Kinetic Cyber. https://www.researchgate.net/publication/237065308_The_Dawn_of_Kinetic_Cyberhttps://www.researchgate.net/publication/237065308_The_Dawn_of_Kinetic_Cyber

Watch this TED talk: “Governments don’t understand cyber warfare. We need hackers”. https://www.ted.com/talks/rodrigo_bijou_governments_don_t_understand_cyber_warfare_we_need_hackers?language=en#t-84310

How much do you agree with the speaker? Provide an additional article supporting your thoughts.