Modern Times: Cybercrime and Risks Facing Organizations - Essay Sample

Introduction

In modern times, organizations face risks more imminently than before. Connecting to the internet creates significant loopholes and crevices, which allows hackers to access critical and privately stored information, using different methodologies. Conventionally, cybercrime has grown to become an essential issue of consideration, especially when dealing with large databases. Eventually, a company might face severe monetary and reputational consequences if stringent security measures and standards are not established. Imperatively, XYZ company failed to hire an Information Security Officer (ISO), and that led to critical data breaching and exposure. Studies done by Ursillo and Arnold (2019) suggested that about 40% of businesses in the United Kingdom suffered a cyberattack. The report also stated that 38% of small organizations did not install security tools to enhance their protection from cybercrime threats. Related studies by Baldoni and Montanari (2016) further postulated that cybercrime cases in organizations were solely caused in environments where companies operate below the "security poverty line". The risks are increased by acts such as sending malicious emails between employees through open networks, which may be compromised to data exposure. The purpose of this presentation is to explicitly explore the causes and effects of information security at XYZ company and then develop immediate plans of actions that should be enacted to correct the mess.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

Immediate Plan of Action for XYZ to Combat the Network Breach

Organizations that have data ambiguity must be ready at all times to undertake stringent measures that address the emerging dynamic data threats. To mention but a few, the following constitutes different system utilities that can help XYZ to detect, and protect itself from probable malicious attacks.

First, firewalls are useful software and hardware tools whose presence protects the organizational system from getting attacked by external parties and hence accessing its information. Firewalls help to protect both external and internal links that may be subject to exposure. Studies done by Ten (2010) suggested that organizations using web servers, and routers need at least three firewalls to protect the data adequately. In this case, XYZ only had a single firewall, with 43 employees. The information stored was, therefore, quite significant to be contained using a single firewall. Nonetheless, the presence of a firewall in the company is positive, and should only be advanced by adding more firewalls or other anti-malicious software.

Secondly, a company needs malware or spyware and a highly advanced proxy protection solution for protecting the company's internet from being accessed by hackers. Most importantly, malware often prevents any possible pop up of software codes, which may be used by a hacker to access usernames and passwords. XYZ has weak authentication, and its login credentials are subject to hacking when there is no malware. Besides, the company completely lacks malware, and spyware software, thus its website can easily be used for fraudulent purposes. In most cases, hackers usually develop software codes in open networks that help them to obtain all saved passwords. The CIO and IT employees, therefore, needs to get the opportunity of funding, to install this malware, which is sensitive enough to block all software codes which are meant to allow external access.

Thirdly, a company should have anti-spam software to help in protecting the system during email broadcasting. With 43 employees in the company, there is a higher likelihood that most communications are done on the 7th floor. Moreover, everyone has free access to the internet, including the administrative ones; hence, email servers are continually used. In convention, XYZ has an email server that operates a Virtual protection network (VPN) for all telecommuters. Sharing the same email server at a workplace without differentiation makes it crucial to conclude that the information is not safe at all. Occasionally, hackers can send emails which are similar to those send by organizations, to allow them to get individual responses, which eventually provides room for fraudulent purposes. However, anti-spam software is necessary, as they are automated to detect incorrect emails and senders, and immediately block them from having to access further access.

Finally, it is vital to understand that because internet access in the organization has no restrictions for the employees, there is no confidence in the sites that employees visit while using their gadgets. While off at work, employees can be visiting websites that are threatening the leakage of the organizational information. For this reason, a company like XYZ needs the access of an anti-phishing software to help in monitoring the websites that employees visit in their daily encounters to ascertain that no risky website is accessed which may allow hackers to obtain the customer data and other sets of confidential information. Typically, the software usually comes in packaging of other vital computer programs that monitors websites servers, and emails that are being used on day-day operations. The programs are meant to block any peculiar websites that aim at acquiring the company's data. For instance, some employees may use the internet in clicking some ads that they find in social media sites like Facebook and other digital streaming sites like YouTube. When anti-phishing software is encrypted to understand the codes for authorized streaming sites. Therefore, it means that external sites will be blocked immediately. So, one of the practical strategies to correct this is by ensuring that the company's internet is meant explicitly for doing company-related activities.

The passwords must only be known by the IT specialists, the CIO, CEO, and CTO. The relevance of restricting internet access in organizations is that in case of data loss or credit card theft as it was the case with the XYZ, then a few individuals can be held responsible. However, it becomes so hard for the XYZ company to find the people who are behind the cybercrime event when all employees access the computer room. The risk is created in two or more ways: The first possibility occurs because there is not enough physical security in guidance of the computer room. So, one of the workers can even get the data outside unknowingly. The second scenario is created when the workers use the internet in their gadgets for accessing their respective services. This is also a possible cause for the case of XYZ because hackers must have taken advantage of the sites visited by employees because they might equally not understand how risky it is. In other words, this section presents a visible outline and speculation of whatever caused the data loss; hence the installation of an anti-phishing software is mandatory, to prevent possible arise of a similar case in future.

All of these security tools are efficient when they are applied well for improving the security of data. It is undoubtedly true that the costs related to costs of an attack including that of data loss, fraud, and overall rebuilding cost will be higher than the costs which can be used to defend the threats. As a company, enough funds should, therefore, be set forth for use in setting up these security malicious software and standards. This will potentially minimize the resulting overall costs after the occurrence of such risks, in a similar situation like the current one. In the presence of the experienced Information Security Officer (ISO), these tools will be installed more effectively. During the process, three elements will be taken into consideration. These are installation, configuration, and finally, the maintenance process. Ideally, every step in this process is substantial as only experts will manage to do it, hence the need for an expert. Probably, the need for having a maintenance stage is to enable the CIO to update the system regularly. As earlier observed, more malicious activities emerge daily at workplaces; thus, the need for a consistent checkup to ensure that all loopholes are addressed, and no risky activity is left open for attacks.

Lastly, an organization like XYZ would need to be confident that the invested funds will not go into waste. To find that assurance and certainty even after setting up all of these security software applications, the company should also have automatic update settings to monitor the activities by the organization. Automatic updates would also help in making daily adjustments, to ensure that any malicious acts are identified, detected, and responded to accordingly. Software elements like the Microsoft professional should be the latest updates. XYZ seems to have components which are out of date. That can be a cause of the fault. Other out of date elements are the database server Red Hat Linux ES 3.0 instead of RHT ES 15.0, a file server for Microsoft windows 2008 version instead of windows for 2019, and windows which are of 2003 version instead of using the 2019version. All these should be updated to the latest versions which fully understands the liabilities that may currently cause the data loss of fraud activities by hackers.

Hardware Emergency Maintenance Plans

From the observation, XYZ company have limited hardware, and there are equally no records for any spare-parts storage. However, the organizational records state apparently that XYZ's offices have switches and laptops for all employees. Similarly, there are routers, servers, printers, switches in the computer room, which holds the company's data. Either, the CIO, ISO, and the IT employees need to fully understand and comprehend the functionalities of all hardware, so that the same information is propagated to the rest of 43 employees. Being knowledgeable on this would assist the employees to raise concerns whenever any faults take places in the points of operation, to allow for a more straightforward way of identifying threats. Since all the PC's, routers, switches, and printers are part and parcel of the company's domain, regular maintenance is essential. Besides, the rooms (both offices and computer room) keys need to be availed to executive and employee representatives only, just like it is the case with authentication credentials.

Again, having only a few people with the keys makes the process of investigations more accessible and reliable. It would be easier to identify the person responsible for a fault, suppose five individuals owned the key than in the case where every employee and executive member have the keys to the office room. Employees become incredibly irresponsible, and careless when they are sure that, tacking them in the point of fault is challenging. However, restricting the critical ownership compels the person (people) to get assured that all buildings are closed at the right time, and only opened at the right time. Meanwhile, if putting restrictions on the access of computer and office rooms proves to be challenging, then XYZ can also consider using the Closed-Circuit Televisions (CCTV's) for 7*24-hour surveillance. It will help the administration in monitoring its workers, and even external intruders into rooms. Availability of CCTV's also makes it possible to track hardware problems, before making judgments whether the fault was intentional or unintentional.