Allocation of Funding and Resources Against Cyber Threats

Posted by jdavi186 on

Introduction

     In the modern day, cyber threats are exceedingly common in the business world. Between phishing attacks, brute force attacks, weak passwords, and security protocols not being accurately followed, there are many avenues for attackers to hinder business operations. I would argue that resources should be allocated 30% into technical protections and 70% into employee training and development.

Phishing Attacks

     According to Security Magazine, 2023 alone saw over 1.76 billion phishing emails sent to a wide range of victims (Security Magazine, 2024). Put simply, phishing attacks are when an attacker sends fake emails which attempt to passably replicate a real business email, leading to unsuspecting users logging in to fake websites or forms which provide their login credentials to the attacker. The attacker will then proceed to the real site and exploit those credentials to their own ends. With phishing attacks being increasingly common year to year, it is very important to train employees to be vigilant in ensuring that all communications are from legitimate sources, and that passwords are not shared to fraudulent parties. To this end, company resources must be utilized in training and developing employees in safety policies.

Brute Force Attacks and Weak Passwords

     Passwords are used in nearly every account, whether for business or personal use. The complexity of a password is particularly important when it comes to preventing brute force attacks. Brute force attacks are when an attacker runs a program to try every possible permutation of a password within the bounds of the site’s password rules, such as “aaaa”, “aaab”, “aaac” and so on until all combinations of letters and numbers have been attempted. These can be mitigated by locking accounts after a certain amount of failed attempts, and ensuring that passwords are complex with both letters and numbers. This is a relatively simple and cheap mitigation strategy which will help to ensure that the human factor of cybersecurity is covered by company policy.

Security Protocols

     Every business should employ strict security protocols to ensure that employees follow procedures which prevent unauthorized access to company assets. This can include policies such as only using company-supplied devices with specific digital signatures, only accessing company resources via their company accounts, and ensuring that no device is left unattended while logged into company accounts or servers. Physical security must also be employed, including locked doors with access codes, and vigilance against unknown persons entering the building.

Anomaly Detection

     Networks should be consistently logged and monitored by trained professionals. This helps to ensure that any unauthorized or otherwise malicious access to the network is caught and rectified very quickly. Network monitoring also helps to ensure that firewalls are operating as intended in restricting and segmenting the network to prevent a full-scale data breach. Network monitoring does require expensive and extensive training for employees, meaning that many company resources should be allocated to employee training. To this end, Harvard Business Review lends the example of the US Military, which boasts incredible statistics in detecting and preventing intrusions: “From September 2014 to June 2015 alone, it repelled more than 30 million known malicious attacks at the boundaries of its networks” (Harvard Business Review, 2015). The article stipulates that the reason for this statistic is the unification of military systems under a common framework as well as consistent training in network monitoring. Clearly, network monitoring and anomaly detection is an important facet in the human factor of cybersecurity.

Conclusion / Allocation of Resources

     Evidently, the human factor in cybersecurity far outweighs the technological factor. Social engineering attacks are far more effective against business networks than brute force attacks or other vulnerabilities, so company resources should always be allocated into effective training to ensure employee vigilance. As cyber threats continue to increase in commonality, so must employee training.

References

     “Cybersecurity’s Human Factor: Lessons from the Pentagon” https://hbr.org/2015/09/cybersecuritys-human-factor-lessons-from-the-pentagon 

     “Cybersecurity Vulnerabilities: Do Employees Pose a Risk?” https://www.apu.apus.edu/area-of-study/information-technology/resources/cybersecurity-vulnerabilities-do-employees-pose-a-risk/ 

     “Report: Over 1.76 billion phishing emails were sent in 2023” https://www.securitymagazine.com/articles/100398-report-over-176-billion-phishing-emails-were-sent-in-2023#:~:text=In%202023%2C%20phishing%20emails%20totaled,the%20top%20of%20the%20list

     “12 Most Common Types of Cyberattacks” https://www.crowdstrike.com/en-us/cybersecurity-101/cyberattacks/common-cyberattacks/ 

Leave a Reply

Your email address will not be published. Required fields are marked *