Paper

Introduction

Understanding how to protect information from hackers is the root of cybersecurity. Ways you can prevent an attack is to learn the fundamentals. These fundamentals include learning what network breaches are, how frequent they are, detection, lastly solutions. Network security is a central part of keeping data integrity. Retaining data integrity is our job as cybersecurity majors.

The importance of retaining data integrity is a big part in cybersecurity. Learning how network breaches are done is important. The importance it holds is that the opposing side can get prepared or educate themselves on what to do in this situation.

A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed and/or disclosed in an unauthorized fashion.

Data breaches can occur in any size organization, from small businesses to major corporations. They may involve personal health information (PHI), personally identifiable information (PII), trade secrets or other confidential information.

Network security is one of the most important aspects to consider when working over the internet, LAN or other method, no matter how small or big your business is. While there is no network that is immune to attacks, a stable and efficient network security system is essential to protecting client data. A good network security system helps business reduce the risk of falling victim of data theft and sabotage.

Network security helps protect your workstations from harmful spyware. It also ensures that shared data is kept secure. Network security infrastructure provides several levels of protection to prevent MiM attacks by breaking down information into numerous parts, encrypting these parts and transmitting them through independent paths thus preventing cases like eavesdropping.

Getting connected to the internet means that you will receive lots of traffic. Huge traffic can cause stability problems and may lead to vulnerabilities in the system. Network security promotes reliability of your network by preventing lagging and downtimes through continuous monitoring of any suspicious transaction that can sabotage the system.

Having your network hacked can put you out of business. Vandalism can occur. This typically involves the planting of misleading information into the system. It is one of the many tactics that hackers use. By planting the wrong information, your company’s integrity can be called into question and customers may feel misled.

Damaging of intellectual property is also one of the impacts of faulty networks security systems. Hacking gives unauthorized access to company’s or individual’s information. For instance, the Citibank Security Breach which affected roughly 1% of its customers in the US. If a hacker gets in and steals plans, ideas, or blue prints, the company can miss out being able to implement new designs and products. This might destroy the business or keep it stagnating.

The company can, as well, experience revenue loss. Most attacks launched on a network can lead to crashing. The extended downtime, your company will have to cease making any transactions, leading to revenue loss. The longer the network stays down, more revenue is lost, and your company will begin to look unreliable and potentially lose credibility.

Different Types Of Breaches

MAN-IN-THE-MIDDLE ATTACK:

A man-in-the-middle (MitM) attack is a difficult security breach to recognize because it involves a bad actor taking advantage of a trusted “man in the middle” to infiltrate your system. Most often, the hacker will start by compromising a customer’s system to launch an attack on your server. Hackers can achieve this by either:

  • Sneaking through a connection you’ve already established with your customer
  • Stealing a customer’s IP address and disguising themselves as the customer to lure you into providing valuable information or funds

DENIAL-OF-SERVICE AND DISTRIBUTED-DENIAL-OF-SERVICE ATTACKS:

A denial-of-service (DoS) attack attempts to knock a network or service offline by flooding it with traffic to the point the network or service can’t cope. A distributed-denial-of-service (DDoS) attack hijacks devices (often using botnets) to send traffic from multiple sources to take down a network. A DDoS attack by itself doesn’t constitute a data breach, and many are often used simply to create havoc on the victim’s end and disrupt business operations. However, DDoS attacks can act as smokescreens for other attacks occurring behind the scenes.

PHISHING AND SPEAR PHISHING

If you’ve ever received an email claiming to be from a trusted company you have an account with—for example, Paypal—but something about the email seemed unusual, then you have probably encountered a phishing attempt. Phishing involves the hacker sending an email designed to look like it has been sent from a trusted company or website. The email will often sound forceful, odd, or feature spelling and grammatical errors. Phishing emails will attempt to entice the recipient into performing an action, such as clicking a link or downloading an attachment. The link or attachment usually requests sensitive data or contains malware that compromises the system.

A phishing email is typically sent out to a large number of recipients without a specific target, in the hopes that casting a wide net will result in at least one recipient taking the bait. Spear phishing, on the other hand, has a specific target. With spear phishing, the hacker may have conducted research on the recipient. For example, they might look through an individual’s social media profiles to determine key details like what company the victim works for. The hacker could then use this information to pretend to be the recipient’s employer, giving them a better chance of successfully persuading the victim to share valuable information or even transfer funds.

 PASSWORD ATTACK

According to Have I Been Pwned, a source that allows you to check if your account has been compromised in a data breach, these are the most commonly used passwords. Sadly, many people and businesses make use of the same passwords for multiple accounts. This means that if the hacker guesses just one of the passwords, they can try that password on other services and get a match. For example, they may get an email and password combination, then try them on bank accounts, looking for a hit. Hackers can use password attacks to compromise accounts, steal your identity, make purchases in your name, and gain access to your bank details.

 EAVESDROP ATTACK\

An eavesdrop attack is an attack made by intercepting network traffic. Eavesdropping attacks entail the hacker using your behavior on your network to track things like credit card numbers and other potentially valuable, sensitive information. There are two different types of eavesdrop attacks—active and passive. In an active attack, the hacker will disguise themselves as a trusted server and send queries to the transmitters. A passive attack, on the other hand, listens to information through the transmission network.

CROSS-SITE SCRIPTING ATTACK

A cross-site (XXS) attack attempts to inject malicious scripts into websites or web apps. Launching a successful XXS attack is a reasonably complicated process, which requires the victim to visit a website and have the network translate the website with the attacker’s HTML. This means that when the website reaches the victim’s browser, the website automatically executes the malicious script. The aim of this attack is to capture screenshots, log keystrokes, collect network information, steal cookies, and even remotely access the victim’s device. This can ultimately be one method of launching a larger attack leading to a full-on data breach.

MALWARE ATTACK

A malware attack is an umbrella term that refers to a range of different types of security breaches. This includes the following:

  1. Polymorphic viruses, which change their signatures frequently to evade signature-based antivirus (AV)
    1. Systems or boot-record infectors, which are viruses that attach themselves to your hard disk
    1. Trojan or trojan horses, which are programs that appear as a typical file like an MP3 download but that hide malicious behavior
    1. File infectors, which are viruses that attach themselves to code on files
    1. Macro viruses, which are viruses that target and infect major applications
    1. Stealth viruses, which take control over your system and then use obfuscation methods like changing the filename to avoid detection
    1. Worms, which are viruses that propagate across a network
    1. Logic bombs, which are malicious software programs that are triggered by a specific condition, such as a date and time
    1. Ransomware, which are malware viruses that block access to the victim’s sensitive data until the victim pays a specific amount of money
    1. Both individuals and businesses can fall victim to these types of attacks, which can have drastic financial, legal, and operational consequences.

Recent Data Breaches

Ways to Detect A Breach

While for obvious reasons a proactive approach is best for preventing data breaches in the first place, there are a number of warning signs that can indicate your business has experienced a data breach. The following signs are all red flags that should lead to further investigation:

  • The presence of unexpected software or system processes
  • Alerts from malware protection solutions or notifications that these services have been disabled
  • Repeated application or system crashes
  • Strange user activity (such as logging in at weird times, from abnormal locations, or from several locations in a short period of time)
  • Abnormally high system, network, or disk activity (in particular when the majority of applications are idle)
  • Unusual behavior during browsing (such as pop-ups, redirects, or changes to browser configuration)
  • Configuration changes that cannot be traced back to an approval
  • Activity on unusual network ports
  • Sudden and unexpected user account lockouts, password changes, or group membership changes
  • Reports from contacts and/or customers that they have been receiving strange messages from you by email or social media
  • A message from an attacker (often via ransomware)

Why Cybersecurity is Important for Businesses

Improves Productivity

Corporate firms seek talents from different business-related fields to make their workplace more productive, efficient, and effective. Human resource managers are also introducing training and development programs to make their employees more adaptable. With increasing threats, managers can encourage their cybersecurity team members to expand their skills and knowledge. They can opt for masters in cyber security online programs and save their companies from these threats. Virtual education helps them stay focused on the work at hand while flexibly managing their studies and improving their expertise.

Cybersecurity is important for businesses as it is conducive to improving overall productivity. It could only happen if the company recruits suitable workers. For instance, there should be experts who know how to stop viruses from attacking computers. Otherwise, they could lose a lot of critical business hours as a cyberattack could cause the production to come to a halt. It would also waste employees’ time and energy, ultimately leading to inefficiency. Hence, cybersecurity is crucial for the productivity of businesses.

One-Stop Solution

The increase in fast-changing technologies and their use in businesses has more benefits than costs. Technology continues to be one of the most significant reasons behind booming businesses. Hence, businesses need a one-stop solution to cyberattacks, and that is cybersecurity. The technology makes computer devices vulnerable to cyberattacks from unauthorized personnel and outsiders. Therefore, it requires strategic cybersecurity for businesses to keep their network safe.

Unfortunately, the improved and enhanced technology is accessed by organizations and comes as a favor for cybercriminals. They are learning new ways of automating cyberattacks through AI and machine learning, which could compromise the security of many systems at once. Thus, businesses have become necessary to hire professionals and take cybersecurity measures in their day-to-day organizational activities. Similarly, companies use cloud computing excessively, especially after the recent lockdown events, and work from home due to COVID-19. It has posed a significant threat to essential data and information stored online. Hence, cybersecurity has become even more crucial.

Stable Website Performance

Entrepreneurs realize that they need to make their businesses more adaptable to the modern world. Therefore, most companies actively maintain websites. Online presence helps them retain customers from all over the world and provides easy access to them through a single click. However, one of the rising threats of digital operations is that your website may also shut down if your system becomes corrupted. An infected hosting server will force your webpage to close down and leave your online customers vulnerable in the hands of unsecured networks. It will make your customers lose trust in you and your website and dampen your brand reputation.

It will also create huge losses for your business because restarting the website could be costly, and the trust deficit would lose several customers. A website shutdown would also lead to losing profit from missed transactions and delay in responding to clients. Cybersecurity can help you navigate such issues before they become too challenging to handle. It ensures safe networking between businesses and customers. It will protect your system from lasting damages and viruses and improve the smooth running of online operations.

Protects Business from Losses

It is high time that businesses and organizations become aware of cyberattacks and cybercrime. A cybersecurity system can help businesses to stay safe against cybercrimes like hacking, phishing, and fraud. For instance, if there is a theft of a company’s data, sensitive information could fall into the wrong hands. It would lead to excessive fines and strict legislation. As these threats increase, the government has started imposing new laws and regulations to protect consumers. It will hold the business accountable for not implementing cybersecurity measures while dealing with consumers’ private information.

Additionally, in the case of hacking and theft, it could cost a lot to recover the data, money, and time. It could cause huge deficits and losses to businesses and could render bankruptcy quickly. These significant financial losses could take ages to recover from and can be avoided only through cybersecurity. Not only this, but these losses would further cause damage to the company’s reputation, especially to publicly-listed ones. We have several examples of substantial corporate firms that faced a sudden decrease in equity when shareholders sold their stocks right after the systems got hacked.

Increases Security

It would be imprudent not to access the analytics and data regarding the customer to market your product efficiently. However, storing crucial information about the public puts the organization at risk of cyberattacks. Fortunately, with the right kind of cyber protection, you can empower your business on a digital platform and allow a safe space for your employees, customers, and other stakeholders. They can trust your business, invest in it and buy from it. And most importantly, cybersecurity would allow them to conduct financial transactions with your business without fear.

The Impact Of Cybercrime On A Buisness

Cyber-attacks can impact every organisation regardless of size, in many ways including financial losses, dip in productivity, damage to reputation, legal liability and business continuity problems.

As reported by GlobalNewswire, cybercrime will cost companies worldwide an estimated $10.5 trillion annually by 2025, up from $3 trillion in 2015. According to The U.N. disarmament chief, cybercrime is up 600% as a result of the COVID-19 pandemic. All signs point to cyberattacks only increasing here on out, therefore, businesses need to prioritise the implementation of a robust cyber security program or strategy.

The Importance Of This To Me

This whole innovative idea to create stronger networks has helped me outside the classroom and my major as a whole. This has given me a different perspective on how I see ideas now, how I can map things out, also how I can act on them.

I see ideas or possibilities for in innovation now rather than “someone else will do that”. To further elaborate. Everytime I would see an issue that I felt there could be an easy solution to or a good entrepreneurial idea my brain was programed in a fashion where it would imetdiatly bail. Meaning, I would think automatically that the idea was already taken or already completed. However, after going through this process I have taken something afr more important than just understanding the importance of network security. I have taken a life lesson for myself that this closed minded thinking process isnt going to help me excel down the road.

This is going to change the way I perceive things outside class and in the real world. I feel that my thought process has changed entirely. Now, when I have an idea my initial reaction is to get my phone out and search if the idea has already been completed. Then I plan next steps out to see if its possible or not. However, even if the idea is already been completed. I would see if I could improve it or cut cost down. Also, id have to see how passionate I am about it to see if I want to make my idea into fruition.

After completing this paper, I have taken away how to also plan things out better. If given an idea, I first complete my research. The more research the better the end product will be. Thi shas been a staple in helping me excel in my knowledge for things. Its like the the saying “the more you know the better”. It never hurts to know as much as you can on the intdened issue and or idea. After this step of research is completed then your faced with more speed bumps. Such as, now finding you target auidence.

Finding your target audience is key. This is important because its who your pitching the idea to. Like in this paper I was pitching to a business that maybe has little to no knowledge on the issue at hand. Once you find your intended audience your on a road to success. Dependent on your audience is how you should taylor how your information is worded. For example, to pitch to traditional business use a very formal language with little to no fluff. Next is laying out how to prevent your idea from happing or solutions to your problem.

Finding solutions shouldnt be that hard but you have to get creative with it. Finding solutions is not a the finish line. The consumer usually wants proof of completion or that the solution actually works. So you need to have trials on hand and or data backing up your claims. This part is key to have nailed down. The solution is your final nail.

I feel that this exercise has given me the confidence needed to better act on things. I used to lack the entrepreneurial mindset when seeing things. However, after taking this life lesson away. I have changed my perspective and it has given me the confidence I lacked. This has made me feel more confident in my abilities to better act on things. I feel that knowing more of the steps to better plan things out has helped me tremendously. Because I know where to start now.

How My innovation Is Affective

Test Your Firewall for Weaknesses

The first port of call for checking your internet security is the firewall. The firewall’s main job is to protect the ports on your computer from unwanted visitors. As such, it’s a good idea to test these ports to ensure unauthorized connections can’t creep through.

Test Your Antivirus Strength

Antivirus software secures your downloads to ensure nothing malicious slips onto your system. As a result, it’s a good idea to ensure it’s active and doing its job properly. A poor antivirus won’t catch threats as they appear, and will let them infect your computer.

To safely test an antivirus, you can download an EICAR file. EICAR files are harmless by themselves, but antiviruses are trained to detect it as if it were a virus. The EICAR file can be downloaded on its own, or bundled up in layers of ZIP files in an effort to hide it from your antivirus. This makes EICAR files a great way to test your antivirus without exposing your PC to actual threats.

Check Your Protocol While Browsing

When you send data to a website that uses the HTTP protocol, it’s sent as what’s called “plaintext.” This means there’s nothing that encrypts the data between you and the target server.

People can snoop on what you’re sending and note any private information. This makes HTTP dangerous to use on a public network, as you’re never sure if someone is logging your data.

On the flipside, HTTPS does encrypt your data. HTTPS is typically used when you log into a website, so your information is hidden. You can tell if a website uses HTTPS by looking at the URL; it should start with “HTTPS” if your connection is secure.

Browsers may also show an icon next to the address bar to let you know your data is encrypted. Google Chrome, for example, will show a little padlock to inform you that it’s using HTTPS.

When you’re logging into a website, be sure to check the protocol. If it uses HTTPS, you’re safe to log in. If you don’t see the lock, the website is using HTTP—and is therefore unsafe.

If this happens when you visit a popular website, there’s a good chance that malware has redirected you to a fake website that looks identical to the real thing. This is done so the hackers can get your login details and get into your real account on the actual website.

Secure Your Router From Hackers

Your router is the central hub for your home’s internet connection. It handles who can and can’t use your connection, which makes it a key target for hackers. As such, it’s worth securing your router to prevent any headaches in the future.

For one, make sure you’re using WPA2 for your Wi-Fi key. If you received your router semi-recently, there’s a very good chance it has been using WPA2 since you bought it. Older models will use WPA, or worse, WEP. There are plenty of reasons why you shouldn’t use WEP, so be sure to buy a new router if your one uses it.

Is your network secure from password hacking? If you’re unsure, double-check the passwords that your router uses. There are two you need to check: the password to access the network and the password that gives you admin controls over the router itself.

These days, routers use randomized passwords for every model to stop hacks. Older or cheaper models, however, will likely use default usernames and passwords, such as the classic “username: admin, password: admin” standard. If yours has this, be sure to change it immediately!

Ways To Prevent A Data Breach

Limit access to your most valuable data.

In the old days, every employee had access to all the files on their computer. These days, companies are learning the hard way, to limit access to their more critical data. After all, there’s no reason for a mailroom employee to view customer financial information. When you limit who is allowed to view certain documents, you narrow the pool of employees who might accidentally click on a harmful link. As corporations move into the future, expect to see all records partitioned off so that only those who specifically need access will have it. This is one of those common-sense solutions that companies probably should have been doing all along.

Conduct employee security awareness training.

According to recent surveys, employees are the weakest link in the data security chain. In spite of training, employees open suspicious emails every day that have the potential to download viruses. One mistake that employers make is thinking that one training class about cybersecurity is enough. If you’re serious about safeguarding your important data, schedule regular classes each quarter or even monthly.

Believe it or not, employees have been known to leave those classes, return to their desks and open suspicious emails without even thinking twice. Marketing studies show that most people need to hear the same message at least seven times before it begins to change their behavior.

Update software regularly.

Professionals recommend keeping all application software and operating systems updated regularly. Install patches whenever available. Your network is vulnerable when programs aren’t patched and updated regularly. Microsoft now has a product called Baseline Security Analyzer that can regularly check to ensure all programs are patched and up to date. This is a fairly easy and cost-effective way to strengthen your network and stop attacks before they happen.

How to protect your business from cybercrime

There are a few simple steps your business can take to protect itself from cybercrime, below are a few examples:

Educate employees –  Cyber security training is a strategy implemented by the IT and Security professionals in an organisation to prevent and mitigate risk when it comes to compromising an organisation’s information security. These training programs are specifically designed to provide employees with clarity regarding their roles and responsibilities when it comes to upholding information security. A successful security awareness program, helps employees understand proper cyber etiquette, the security risks associated with their actions and to identify cyberattacks they may encounter during their day to day operations.

Implement privileged access – Privileged Access Management refers to the strategies and technologies organisations utilise to manage the privileged access and permissions for users, accounts, processes, and systems across an IT environment. By strategically assigning employees the correct level of access depending on their role and responsibilities in the organisation, the overall risk of suffering extensive damage from a cyber attack is effectively mitigated, irrespective of whether it is from an external actor or due to internal errors.

Monitoring, Detection & Response – Businesses need to monitor their systems and networks on a 24/7 basis to ensure that there is no suspicious activity that may point to an attack or breach. If cybersecurity monitoring is not in place this could lead to a delay in detecting that an attack is underway and your business may not be able to respond in time to prevent it or reduce its impact.

Manage Third-Party Risk – Third-Party Risk refers to the potential threat presented to a business’s employees and customer data, financial information and operations, from third-party vendors e.g. suppliers, and other outside parties that provide products and/or services and have access to your systems. It is important for businesses to do their due diligence when partnering with a vendor e.g. ensuring that they have adequate information security policies in place and to continue to monitor that these standards are upheld when handling their valuable data.

These are just a few examples of initiatives businesses can adopt to increase their cybersecurity and reduce the chance of falling prey to a cyber attack or data breach.

Reflection

After completing this assignment I have gained more knowledge. I have received more knowledge on how to completed a successful proposal, and paper. I have learned to find credible sources that help fill the information in my paper and various different aspects. I hope after going through my paper you better understand my aim of my page.

Preserving your online security will always help you in the long run. Data breaching raises alot of concerns. Even big companies such as Ebay, AOL, and The United States Military face data breaching issues. Data breaching is a problem that is unfortunately here to stay. After reciting the important information on how to detect data breaching, prevent it from happening, ways to prevent it from happening and much more. The main solution is to keep being selfaware and continue to adapt to different environments.

Refrences:

  1. Nov 2019 KYC-Chain, 19, and KYC-Chain. “How to Identify a Data Breach and Report It Quickly – KYC-Chain.” KYC, 19 Nov. 2019, https://kyc-chain.com/how-to-identify-a-data-breach-and-report-it-quickly/.
  2. Ulisticadmin. “6 Ways to Prevent Cybersecurity Breaches.” Tech Support of Minnesota, Tech Support of Minnesota, 13 Feb. 2018, https://www.techsupportofmn.com/6-ways-to-prevent-cybersecurity-breaches.
  3. “The Largest Data Breaches in U.S. History.” Spanning, 5 Nov. 2020, https://spanning.com/resources/industry-research/largest-data-breaches-us-history/.
  4. Richter, Felix. “Infographic: Large-Scale Data Breaches Affect Millions of Users.” Statista Infographics, 19 Aug. 2015, https://www.statista.com/chart/2540/data-breaches/.
  5. “Seven Common Types of Security Breaches and How to Prevent Them – N-Able.” N, 12 Apr. 2021, https://www.n-able.com/blog/types-of-security-breaches-and-how-to-prevent-them.
  6. Importance of Network Security: Safety in the Digital World, https://www.ecpi.edu/blog/importance-of-network-security-safety-in-the-digital-world.
  7. Hanna, Katie Terrell, et al. “What Is a Data Breach?” SearchSecurity, TechTarget, 7 May 2021, https://www.techtarget.com/searchsecurity/definition/data-breach.
  8. Adhar DhavalAdhar Dhaval is experienced portfolio. “Why Cybersecurity Is Important for Businesses.” Projectcubicle, 5 Jan. 2022, https://www.projectcubicle.com/five-reasons-why-cybersecurity-is-important-for-businesses/.