Thesis
The ever-evolving landscape of an interconnected world, the significance of information security has never been more critical. Individuals and organizations rely on digital platforms more than ever. According to the statistics “ITU estimates that approximately 5.5 billion people – or 68 per cent of the world’s population – are using the Internet in 2024.” (Geneva, 2024) With growing reliance comes with the growing threat of cyberattacks, data breaches, and unauthorized access, which can lead to significant damage. This thesis will explore the importance of safeguarding one’s individual data integrity and protecting organizational data integrity whilst also, examining the types of attacks a threat actor can utilize to negate these safeguards.Importance Of Information Security
When it comes to the practices and procedures for protecting digital infrastructure, system security, and information; the all-encompassing term is “cybersecurity” so I will refer to it as such. The digital revolution has changed how individuals, businesses, and governments operate as well, it has introduced vulnerabilities that can be exploited through malicious means. The DOD has reported significant impacts due to the threat of cybersecurity attacks, “These threats have become a significant concern to policymakers due to recent alleged incidents involving the unlawful acquisition of significant quantities of sensitive defense information from DIB systems” (Peters, 2020) With the rapid adoption technology outpacing the implementation of effective cybersecurity measures is paramount. Specific Threats and Countermeasures
A common command that many computer users may be familiar with is the ping command, most often associated to identify if a network is reachable using ICMP packets. Though, used nefariously can cause damage to an individual or organizations network infrastructure. These types of attacks however or characterized as a ping flood attack, where the threat actor sends a massive number of ping requests with the intent of overloading the networking resources and causing a bottleneck of ping echo requests back slowing down hosts IPS bandwidth or to cause it to completely crash. There is not one best defense for a ping attack, but many layers for helping to deter and defend like the other threats I will discuss. A first easy step to employ for an individual with low level knowledge on security countermeasures would be to install a reputable firewall system on their devices, this will act as a barrier filtering and monitoring incoming and outgoing network traffic to prevent malicious data and allowing legitimate traffic through large organizations can utilize this as well though. Access control lists should also be emplaced to block specific traffic from regions or IP’s not native to the organizations network infrastructure as an extra layer of cyber security.
Social engineering exploits human psychology to manipulate individuals into divulging sensitive information or performing actions that compromise security. Tactics include impersonation, pretexting, and baiting. To mitigate social engineering, organizations should implement security awareness training, encouraging employees to recognize suspicious requests and verify identities. Training is a crucial piece when it comes to thwarting a threat actors’ intent especially when it comes to that of social engineering there are a plethora of resources available for organizations to utilize to prepare employees for this type of attack. Enforcing strict verification procedures and fostering a culture of skepticism toward unsolicited communications can further reduce risks.
Like ping attacks another method that would be categorized as brute force used by threat actors is password cracking. Their purpose is to gain unauthorized access to organization or individual’s specific passwords, tools like John The Ripper can be used to crack hashes and passwords “It combines several cracking modes in one and is fully configurable (you can even define a custom cracking mode using the built-in compiler supporting a subset of C)” (Marchetti & Bodily, 2022) These tools are not only available to cybersecurity personnel but to the malicious actors at their who wish to do harm and are able to steal data for financial gain or blackmail purposes. Much of the testing still being done with John The Ripper begs that there may be little one can do to defend against such a tool though some process can still help. Enforcing strong complex passwords should be mandatory especially when working in critical and sectors of business or government, with the use of complex passwords another layer that can be added is secure and store these passwords and respective personnel can hold these repositories and can monitor them as well as setting standards for these passwords and timeframes for authenticity of login and when they should be changed. Another technique that is also great is multi-factor authentication, adding a layer of encryption and subsequent keys to be used for login prevents a user from accessing the information if they do not have the remaining subsets of information to complete the authentication process.
Conclusion
The end-point goal for information security and data security is trust, privacy, and operational resilience in the digital age. Individuals and organizations need to take a proactive approach to safe-guarding network and information infrastructure to constantly adapt to the threat landscape. With research and development of new tools and measures for scalable countermeasures against cyberattacks, threat actors also create new tactics, tools, and procedures to conduct these attacks. As the technology we utilize continues to advance so does the importance of cybersecurity. With proper training, education, and prioritization both, individuals and organizations can harness the true potential of the digital landscape whilst minimizing their risk to attacks and vulnerabilities.References:
Geneva, I. (2024, September 12). Statistics. https://www.itu.int/en/ITU-D/Statistics/pages/stat/default.aspx
Peters, H. M. (2020, December) Defense acquisitions: DoD’s cybersecurity maturity model certification framework. Congressional Research Service. https://crsreports. congress.gov/product/pdf/R/R46643
Berry, H. S. (2023). The importance of cybersecurity in Supply Chain. 2023 11th International Symposium on Digital Forensics and Security (ISDFS), 1–5. https://doi.org/10.1109/isdfs58141.2023.10131834
Marchetti, K., & Bodily, P. (2022). John the ripper: An examination and analysis of the popular hash cracking algorithm. 2022 Intermountain Engineering, Technology and Computing (IETC), 1–6. https://doi.org/10.1109/ietc54973.2022.9796671
Comments
Post a Comment