Contact Details
Incident Details
Status change (including time zone). Sifers-Grayson security defense system could not detect nor inform about the time the attack happened. However, the IT staff managed to detect the system attack due to the abnormally slow speed on the system attributed to high traffic. Additionally, malfunctioning of the company’s drones became a red flag for system attack. After tracing, the IT staff found that the IP address, 11.143.135.4, was unauthorized.
Cause of the Incident
Cyberattacks are a common threat to many businesses. As Romanosky (2016) elucidates, there are different vulnerabilities, such as failure to update security systems that may increase the susceptibility to attacks, such as brute force attack and phishing. In Sifers-Grayson case, the attacks resulted from an overall lack of network security, improper device security, and unsecure access points. Lack of a proper systems security system created an avenue for attackers to gain access to the secure part of the system. Besides, the fact that the company has not put in place a bring your own device policy, which restricts the use of external devices in the corporate network, has increased the vulnerability for installation of malwares and viruses into the system. Furthermore, allowing unauthorized persons into secure areas within the company may have increased the possibility of physical hacking.
Cost of the Incident
Currently, the team has not managed to determine the total cost attributed to the security breach. However, Sifers-Grayson considers the documentation and coding for the AX10 as priceless. Moreover, the cost of any other damaged equipment is yet to be totaled. Other associated costs include the cleanup time and cost required by the IT staff to bring the security to a good security standing is 200 hours at $100 per hour. This makes cleanup cost approximately $20,000.
Impact of the Incidence on the Business
The attack incidence had some detrimental effect on the company’s overall reputation and its informational resources. Nonetheless, it is a necessary trigger for Sifers-Grayson to adopt best security practices to ensure any possible future threats are mitigated.
General Comments
The test made it possible to identify the system vulnerabilities at Sifers-Grayson. The section below details about the incident, key issues analysis, and the appropriate tools the company should utilize to secure the network system.
Background Overview
Analysis of software vulnerability is an integral element for ensuring companies maintain high security within their systems. At Sifers-Grayson, the company hired an external player to perform its network security test. As Barabanov et al. (2018) inform, this type of testing is performed to test the compliance with national and corporate standards of technical specifications. The test comprised of several network penetration tests and reporting of any vulnerabilities found. After extensive penetration tests, the Red Team managed to penetrate Sifers-Grayson network and revealed various security loopholes. For instance, the Red Team managed to steal information from the R&D data centers and the SCADA Lab. Notably, the two centers hold secret and classified information pertaining the company’s contract with different government agencies and private entities. With such information being held by a malicious party, the organization might suffer a big blow, such as termination of contract by the government entities. Moreover, the contract parameters hold that adequate protection of classified information. Additionally, Sifers-Grayson should store any non-classified information with a non-federal information security organization. However, violation of these terms may attract contract termination or heavy fines. The worst case scenario would be a termination of contract since it would be challenging for other companies to enter into contract with the Sifers-Grayson. Hence, the Blue Team will utilize the information provided by the Red Team to determine the best recommendations and best tools appropriate to safeguard the company’s data.
Incident Analysis
Sifers-Grayson case study reveals that the company’s network topology incorporated two wired connections, copper cabling and fiber optic connection, both of which are connected to the R&D department and a wireless connection protected through a Wireless Access Point. These connections have a protective firewall to prevent external threats. However, the test performed by the Red Team indicated vulnerabilities in both the external and internal environment security since they managed to hack the enterprise network, steal all employees’ passwords through USB devices, and took confidential files from the company’s servers.
A noteworthy factor worth considering is that Sifers-Grayson contracts entails government agencies that place utmost security as a prime factor. In this case, Sifers-Grayson needs to embrace WPA2 encryption for its wireless network combined with an encryption protection, such as AES. According to Abishu et al. (2017), adopting these options ensures that its wireless connection is reinforced with a strong security system. Furthermore, Abishu et al. (2017) informs that AES and WPA2 offer strong protection and are hard for hackers to bypass.
A company should consider precursors and indicators as elemental factors when handling an incidence. Importantly, precursors show the probability of an incidence occurring in the future. Indicators, on the other hand, provide details about incidences in progress or those that have already happened. The precursors to the Sifers-Grayson scenario could be the log files from the server pointing to the system vulnerability. While precursors are elemental in incidence prevention, a major challenge is understanding which precursors should fit certain incidences.
An important security measure to help boost Sifers-Grayson security system is an active directory. Sifers-Grayson can take advantages of installing Windows Active Directory, which plays a vital role in assigning of system resources based on user level. For instance, an administrator can set different groups and assign them different access privileges (Sharad et al., 2019). That way, it becomes impossible for employees to access resources they are not authorized to access in the system.
Another benefit of using an active directory in Sifers-Grayson is an active directory management services. An ADRMS operates both as a security checker for both organizational employees and intruders (Microsoft, 2016). The ADRMS limits access to company’s documents, emails, files, and webpages, using an encryption system. If a user does not have the right code, it becomes impossible to access those files.
During the post attack conducted by the Red Team, the employees were found to be a weak link in the systems security. For instance, their use of unrecognized devices and plugging them into the corporate system allowed the test team to access all employees’ login details. However, the company can solve this issue through various approaches. First, the company can perform an extensive company-wide training about system security and the importance of the employees taking their role responsibly. The training would enlighten on the dangers of using unrecognized devices in the company’s network. Moreover, the training would also detail the dangers of downloading any suspicious files, as well as enlightening them on how to detect malicious activities, such as phishing schemes. By conducting an intensive training on the employees, it would ensure that employees are at par with the company security needs.
Containment, Eradication, and Recovery (C.E.R)
There are different alternatives that Sifers-Grayson can utilize to acquire, preserve, secure, and document the evidence from the incidence. Upon handling the incidence, the company should also use a backup system to reinforce its informational system, as well as to avoid any loss or modification of data. In this case, Sifers-Grayson should rely both on offline and online backup system. Considerably, Sifers-Grayson had encountered two ransomware attacks. These would have prompted the company on the need to take appropriate precautionary measures.
Another additional approach to prevent future attacks is by implementing an intrusion prevention system (IPS) and an intrusion detection system (IDS). Accordion to Bhaksh et al. (2019), an IDS is essential in determining whether there are any looming threats within the corporate network by continuously monitoring the network traffic. The continuous surveillance of the system helps to report any event of an anomaly in the network system. Sifers-Grayson should adopt a hybrid IDS to help monitor both its network and its host systems. The threats identified by an IDS include denial of service, viruses, equipment failure, and distributed denial-of-service attacks (Bakhsh et al., 2019). Upon detection, an IDS-IPS system prevents an attack and highlights the system administrator of the malicious activity for appropriate action. In our case, if Sifers-Grayson had installed an IDS-IPS system, the IT Staff would have received an early warning about the intrusion attempt. Additionally, they would also receive the attempts by the Red Team to hack into the system during the test phase. As Granjal and Pedroso (2018) elucidates, the IDS-IPS would have logged all the activities and also blocked installation of malware into the system.
Post-Incident Activity
Follow-Up Activity
The company needs to perform thorough and regular checks on its information system to ensure it is fully functional. Appropriate actions that the IT department needs to take include regular updates on the servers, backups, and logging of system data. By taking these measures, the company will have consolidated its security to ensure that malicious activities do not reach the company’s servers.
Additionally, the firm needs to keep updated about emerging security threats so as to understand how to identify and manage them. One way to ensure that it remains ahead in this arena is by dedicating ample resources to the network security and investing heavily in any network security applications. Moreover, it needs to regularly train its IT staff and other employees regarding information systems security. Some of the activities that the IT staff need to become fully conversant with include: monitoring systems for malicious activities, reviewing documentations to ensure its consistent with appropriate incidence handling standards, regular system updates and attending to server notifications, and performing post-mortem on any affected systems in case of an incidence. An important lesson to learn from Sifers-Grayson in the corporate world is the reality of cyber-attacks. Unless an organization takes appropriate precautionary measures, there is a high risk of sustaining huge losses and terminating important relations with other companies.
References
Bakhsh, S. T., Alghamdi, S., Alsemmeari, R. A., & Hassan, S. R. (2019). An adaptive intrusion detection and prevention system for Internet of Things. International Journal of Distributed Sensor Networks. https://doi.org/10.1177/1550147719888109
Barabanov, A. V., Markov, A. S., & Tsirlov, V. L. (2018). Statistics of software vulnerability detection in certification testing. Journal of Physics: Conference Series, 1015. https://doi.org/10.1088/1742-6596/1015/4/042033
Granjal, J. & Pedroso, A. (2018). An intrusion detection and prevention framework for internet-integrated CoAP WSN. Security and Communications Network, 2018, Article ID 1753897. https://doi.org/10.1155/2018/1753897
Microsoft. (2016, August 31). Active directory rights management services overview. Retrieved from https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/hh831364(v=ws.11)
Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2(2), 121-135. https://doi.org/10.1093/cybsec/tyw001
Sharad, S., Singh, A., Divyanshu, & Rai, A. (2019). Research paper on active directory. International Research of Engineering and Technology, 6(4), 3579-3582. https://www.irjet.net/archives/V6/i4/IRJET-V6I4761.pdf
Why Essay-writing.com
Quality Research Papers
If you’re looking for an Essay writing service to help turn all of your hard work into a product that readers can appreciate, then look no further than our essay writing website. With a team of writers who go the extra mile, and customer support representative’s around-the-clock eager to assist you, we are ready to ace any exam or provide any posterity with what they need.
Top Assignment Writers
Our essay writers are experienced professionals who have the knowledge to write an essay about any subject matter in an interesting way while maintaining academic integrity. Our professional essay writers work day and night to ensure that you receive quality essays on time without any delay or interruption. Looking to "pay someone to do my assignment"? With many years of experience behind us, our essay writing website is now led by professionals with extensive knowledge in various fields of study.
Zero Plagiarism
For any write my essay for me request, you will never need to worry about plagiarism or getting caught up in the stress of completing assignments when you use our professional services! Get started today by ordering your first paper from us and we'll give you 10% off!
24/7 Customer Support
We are available 24/7, 365 days a year to help you out with your academic needs! if you have any "do my paper" questions or technical concerns, simply chat with one of our essay writing customer service representatives via the Chat Window on the bottom right corner of this screen
Prompt Delivery and 100% Money Back Guarantee
These academic experts are distinct from most other essay writing websites because they have doctoral degrees and decades of professional experience in academia. And because they know how overwhelming college life can be, we waive all minimum deadlines so you can focus on studying without worrying about your assignment always hanging over your head.
Free Revisions
Our Academic writers are confident and highly capable to take on any challenge ranging from a simple high school essay, question and answer assignment help, PowerPoint Presentation, research paper, dissertation, among others . However, we do not allow customers who abuse the free revisions privilege.
Try it now!
How it works?
Follow these simple steps to get your paper done
Place your "pay for essay" order
Fill in the homework order form and provide all details of your assignment.
Proceed with the payment
Choose the payment system that suits your "do my homework" request
Receive the final file
Once your paper is ready, we will email it to you.
Our Services
When the world rushes and deadlines increase, it's hard to put your best foot forward. The Homework help website is here to help you with top quality essays on all topics, from history papers and engineering design descriptions to sociology case studies. For any write my essay for me request, you can count on a professional team of essay writers who are well experienced and researched in their field as they develop an original paper for you with 24/7 customer support.
Essays
The assignment help website is an excellent solution for all your problems regarding writing an outstanding admission essay. You don't need to worry about anything anymore because we will provide you with high-quality papers written by expert writers who know how to write professionally!
Admissions
Paper Formats and Types
From time management skills to APA format citations; from MLA formatting rules for research papers; from college application essays where the stakes are high--all these aspects of academic life become clearer as we write it all down on paper! Essay-Writing.com is a professional essay writing service that provides students with well-researched, high quality essays on any topic and at any level of study.
Reviews
Editing & Proofreading
Some of our clients prefer to write their essays themselves and have a third-party like Essay-writing.com proofread it for errors after they are done writing. We have a skilled team of editors and assignment helpers assignment helpers who examine your paper closely, looking out for any mistakes that may lessen the appeal or effectiveness of the essay as well as make amends in order to better improve its overall quality before you submit it anywhere else! For all your editing needs, turn to Essay-writing.com
Reviews
Revision Support
You work hard at your academics, and you should be rewarded, with a revision or modification for free on any order from a discursive essay , assignment to dissertation papers.