OCU C)ISSO D Discussion Lesson 15
- This topic has 9 replies, 3 voices, and was last updated 1 year, 5 months ago by Kevin Mehok.
-
AuthorPosts
-
-
March 24, 2022 at 3:04 pm #65746Jessica JagersonKeymaster
Staying ahead of attacks is crucial for a security officer. Discuss the “more advanced attacks” presented in this chapter. Rationalize how a SO could try to prevent these advanced attacks.
-
May 5, 2023 at 8:57 am #85679Marcena DavisParticipant
After reviewing Lesson 4 on advanced attacks, I understand that malware attacks have become more sophisticated, and attackers are continuously coming up with new techniques to breach organizations’ security.
One of the advanced attacks discussed in the lesson is Advanced Persistent Threats (APTs). These attacks are more sophisticated and harder to detect as they often occur over an extended period. APTs can include malware, social engineering, and network intrusion to gain access to sensitive data. A Security Officer can prevent APTs by implementing robust security measures, such as regularly conducting vulnerability assessments, updating antivirus software, and using firewalls to protect the network.
Another advanced attack discussed is Ransomware. Ransomware is a type of malware that encrypts a victim’s files, and the attacker demands payment in exchange for the decryption key. Ransomware attacks have become more prevalent, and attackers have become more sophisticated in their tactics. A Security Officer can try to prevent Ransomware attacks by keeping systems and software up to date with the latest security patches, implementing strict access controls, and conducting regular backups of critical data.
Another advanced attack discussed in the lesson is Fileless Malware. Fileless Malware is a type of malware that runs in memory and does not require a file to execute, making it challenging to detect. A Security Officer can prevent Fileless Malware attacks by implementing robust endpoint protection solutions, using a network security policy that monitors all incoming and outgoing network traffic, and conducting regular security awareness training for employees.
Ultimately, as attackers become more sophisticated, Security Officers need to remain vigilant and proactive in implementing robust security measures to prevent these advanced attacks. By staying up to date with the latest security threats and implementing a comprehensive security strategy, Security Officers can help their organizations stay ahead of these attacks and protect against potential data breaches.
-
May 5, 2023 at 10:54 am #85683Kevin MehokParticipant
Marcena,
I love that you discussed encryption and it’s connection to ransomware. Even good things with good intentions can be the most dangerous of weaponry in cyber attacks. Security threats and defenses do start with a plan, then the implementation of a strategy. I am learning that the aftermath of data breaches can be absolutely endless. The resources needed to regain consumer confidence and trust may be limitless.
Great job as always.
God Bless,
Kevin
-
May 7, 2023 at 9:59 pm #85727Kelly CrooksParticipant
Marcena, I agree completely with you when you said that as attackers become more sophisticated, security officers need to remain vigilant and proactive. It seems to me that as security measures change and become more proactive and better at preventing the loss and theft of data the attackers just try harder to get around those security measures. It is important as a security officers that we stay two steps ahead of the attacker and make it more difficult for them to gain access to that data.
-
-
May 5, 2023 at 10:41 am #85682Kevin MehokParticipant
IST3100 Information Systems Security Officer
Week Four
Discussion #3
WK4 Breaching Discussion
Kevin MehokHey Class,
Breaching is real, and I do think as future professional, we need to understand the mind of a hacker. In June of 2021 Hackers broke into the systems of Electronic Arts, one of the world’s biggest video game publishers, and stole source code used in company games (Vallinsky, 2021). The company made the announcement in June of 2021, which may or may not have shocked the world. I say this, sadly, we are like sitting ducks and we wait for the next digital breach.
As for EA, an online forum posts reviewed by CNN Business and vetted by an independent cybersecurity expert show that on June 6, hackers claimed to have obtained 780 gigabytes of data from EA, including source code for Frostbite, the game engine that powers games that include titles in the FIFA, Madden and Battlefield series (Vallinsky, 2021). In a digital era, to me, this should not be a surprise. The audience surrounding EA are tech savvy, and they are looking to gain ways in, and perform better in gaming sectors.
Interestingly enough, Mr. Brett Callow, a threat analyst at cybersecurity software maker Emsisoft, said losing control over source code could be problematic for EA’s business (Vallinsky, 2021). You think? Of course, it is. How could it not be?
“Source code could, theoretically, be copied by other developers or used to create hacks for games,” Callow said (Vallinsky, 2021). we has Security Professionals need to be in front of these attacks and be better prepared, and well informed.
An EA spokesperson said “no player data was accessed, and we have no reason to believe there is any risk to player privacy. Following the incident, we’ve already made security improvements and do not expect an impact on our games or our business” (Vallinsky, 2021). The time spent and the value that needs to be reassured in these attacks destroy businesses.
This has been an awesome discussion.
God Bless,
Kevin
References:
Vallinsky, J. (2021) https://www.cnn.com/2021/06/26/tech/cyberattacks-security-breaches-june/index.html
-
May 8, 2023 at 3:32 pm #85775Kelly CrooksParticipant
Kevin, I do remember hearing about the EA breach and the theft of the source codes. I only remember this because I was talking to my son about it because he plays a lot of games made by EA. I agree with you that we are sitting ducks until the next digital breach. As we have learned about different security policies and protocols do you think there is more that some companies or organizations can do to protect their data?
-
May 8, 2023 at 8:09 pm #85779Kevin MehokParticipant
Hey Kelly,
Thanks for responding to my post. I really appreciate it. I wanted to make breaching, well a bit more relatable. I feel that read about issues, and sort of understand the magnitude; however, when we learn about a company, especially a popular one such as EA, it hits home for many of us. This is so important when trying to comprehend just how important our roles can be as a Security Officer.
Thanks again.
God Bless,
Kevin
-
-
-
May 5, 2023 at 11:53 am #85687Kelly CrooksParticipant
One of the “more advanced attacks” discussed was ransomware. A more sophisticated type of ransomware is being used to target key and specific data. The agenda of the attackers may not be to take down an organization but to see what data it can steal and sell for the highest price. The attacker determines where the biggest payoff can be found and holds that data for money or ransom. I can think of several cases of this just within the last year or so where the attackers gained access to the data and held it for a high price.
Another “more advanced attack” they discussed was Trusted Third Parties. These kinds of attacks include attacks on our supply chain and the attack on the Microsoft Exchange Server. These kinds of attacks go undetected for a longer period. This kind of malware threat is concerning the fact it can go unnoticed for so long. This is a concern because it allows the threat to access more data and possibly steal that data and sell or dispose of it before the company even realizes there is a threat.
A security officer can try to mitigate and minimize the loss of data by making sure the right security policies are in place and as I mentioned before, making sure those policies and procedures are tested daily. A security officer can also make sure that the up-to-date and current firewalls and antivirus software are installed and working properly. Another way to minimize data theft or loss is to make sure only the right people have access to that data and that their credentials are checked and updated regularly.
-
May 8, 2023 at 12:50 pm #85759Kevin MehokParticipant
Kelly,
I loved that you mentioned the value of a trust 3rd party. Regardless of the business type, the 3rd party transaction completely unavoidable. Meaning, we have to have security measures in place to protect all parties involved.
I used to manage a large TPA (Third Party Administrator) for auto insurance claims, the amount of data privacy paperwork and regulatory information needed to run all facets of the business was overwhelming at times.
We had to create SSO and MFA to verify identities for all parties to maintain a safe and effective work environment.
Great post.
God Bless,
Kevin
-
-
May 7, 2023 at 5:29 pm #85721Marcena DavisParticipant
Kelly,
It’s alarming to hear that attackers may not only be looking to take down an organization, but also to steal and sell valuable data for a high price. It’s also concerning that these types of attacks can go undetected for a long time, allowing the attacker to access more data and potentially cause greater harm. As you mentioned, security officers can help to mitigate the risk of data theft or loss by implementing and regularly testing security policies and procedures, ensuring that firewalls and antivirus software are up-to-date and functioning properly, and carefully controlling access to sensitive data
-
-
AuthorPosts
- You must be logged in to reply to this topic.