In: Operations Management
In that regard, you have been asked to join in as a consultant for a company with global divisions in Brazil and Russia. Based on cultural differences in those countries, assess two cyber security threats and offer two strategic recommendations on how to defend against the threats.
Introduction
A cyber or cybersecurity threat could be a malicious act that seeks to wreck information, steal data, or disrupt digital life generally.Cyber threats embody pc viruses, information breaches, Denial of Service (DoS) attacks and alternative attack vectors.Cyber threats conjointly see the chance of a triple-crown cyber attack that aims to realize unauthorized access, damage, disrupt, or steal AN data technology plus, electronic network, material possession or Cyber threats will come back from inside a company by trusty users or from remote locations by unknown parties.Cyber threats come back from varied threat actors including:
Hostile nation-states: National cyber warfare programs offer rising cyber threats starting from info, web site hurt, espionage, disruption of key infrastructure to loss of life.
Government-sponsored programs ar progressively subtle and create advanced threats when put next to alternative threat actors.
Terrorist teams: Terrorist groups ar progressively victimization cyber attacks to wreck national interests.they're less developed in cyber attacks and have a lower propensity to pursue cyber means that than nation-states.it's possible that terrorist teams can gift substantial cyber threats as a lot of technically competent generations be part of their ranks.
Generally, these parties have an interest in profit primarily based activities, either creating a profit or disrupting a business's ability to create a profit by offensive key infrastructure of competitors, stealing trade secrets, or gaining access and blackmail material.
Hacktivists: Hacktivists activities vary across political ideals and problems.Most hacktivist teams ar involved with spreading info instead of damaging infrastructure or disrupting services.Their goal is to support their political agenda instead of cause most injury to a company.
Hackers: Malicious intruders may benefit of a zero-day exploit to realize unauthorized access to information.Hackers might forced the lock data systems for a challenge or bragging rights.within the past, this needed a high level of ability.Today, machine-controlled attack scripts and protocols may be downloaded from the net, creating subtle attacks straightforward.
Natural disasters: Natural disasters represent a cyber threat as a result of they'll disrupt your key infrastructure a bit like a cyber attack may.Accidental actions of licensed users: a certified user might forget to properly set up S3 security, inflicting a possible information leak.a number of the most important information breaches are caused by poor configuration instead of hackers or dissatisfied insiders.
Malware: Malware is code that will malicious tasks on a tool or network like corrupting information or taking management of a system.
Spyware: Spyware could be a type of malware that hides on a tool providing period of time data sharing to its host, sanctioning them to steal information like bank details
Phishing attacks: Phishing is once a cybercriminal makes an attempt to lure people into providing sensitive information like in person recognizable data (PII), banking and mastercard details and passwords.
Distributed denial of service (DDoS) attacks: Distributed denial of service attacks aim to disrupt a electronic network by flooding the network with superfluous requests to overload the system and forestall
Ransomware: Ransomware could be a style of malware that denies access to a {computer system|computing system|automatic information processing system|ADP system|ADPS|system} or data till a ransom is paid.
Zero-day exploits: A zero-day exploit could be a flaw in code, hardware or microcode that's unknown to the party or parties to blame for fixture the flaw.
Trojans: A trojan creates a backdoor in your system, permitting the aggressor to realize management of your pc or access counsel.
Wiper attacks: A wiper attack could be a type of malware whose intention is to wipe the drive of the pc it infects.
Intellectual property larceny: material possession theft is stealing or victimization somebody else's material possession while not permission.
Theft of cash: Cyber attacks might gain access to mastercard numbers or bank accounts to steal money.
Data manipulation: information manipulation could be a type of cyber attack that does not steal information however aims to alter the information to create it more durable for a company
Data destruction: information destruction is once a cyber aggressor makes an attempt to delete information.
Man-in-the-middle attack (MITM attack): A MITM attack is once AN attack relays and probably alters the communication between 2 parties World Health Organization believe they're communication with one another.
Drive-by transfers: A drive-by transfer attack could be a download that happens while not a human information typically putting in a malicious program, spyware or malware.
Malvertising: Malvertising is that the use of on-line advertising to unfold malware.
Rogue code: villain code is malware that's disguised as real software.
Why is it necessary to protect against cyber threats?
Cybersecurity risks pervade every organization and aren't always under direct control of your IT security team.Increasing global connectivity, usage of cloud services, and outsourcing means a much larger attack vector than in the past.Third-party risk and fourth-party risk is on the rise, making third-party risk management, vendor risk management and cyber security risk management all the more important for reducing the riskPair this with business leaders making technology-related risk decisions everyday, in every department, without even knowing it.Imagine your CMO trials a new email marketing tool that has poor security practices, this could be a huge security risk that could expose your customers' personally identifiable informationWhether you work in the public or private sector, information security cannot be left to your Chief Information Security Officer (CISO), it must be an organizational wide initiative.
How to protect against and identify cyber threats
A good place to start to understand how to protect your organization from cyber threats is with the National Institute of Standards and Technology's (NIST) Cybersecurity Framework (NIST Cybersecurity Framework)
Cyber threat intelligence is what cyber threat information becomes once it is collected, evaluated and analyzed.Cyber threat intelligence is developed in an cyclical process referred to as the intelligence cycle.
In the intelligence cycle, data collection is planned, implemented and evaluated to produce a report that is then disseminated and revaluated in the context of any new information.The process is a cycle because during the gathering or evaluation process you may identify gaps, unanswered questions or be prompted to collect new requirements and restart the intelligence cycle.
Analysis hinges on the triad of actors, intent and capability with consideration of their tactics, techniques and procedures (TTPs), motivations and access to intended targets.By studying the triad of actors, it becomes possible to make informed strategic, operation and tactical assessments:Strategic assessments: Informs decision makers on broad and long-term issues, as well as providing timely warnings of threats.Strategic cyber threat intelligence forms a view of the intent and capabilities of malicious cyber attackers and what cyber threats they could pose.
Operational assessments: Target potential incidents related to events, investigations or activities and provide guidance about how to respond to them e.g.
what to do when a computer is infected with malware.
Tactical assessments: Real-time assessment of events, investigations and activities that provide day-to-day support.
Properly applied cyber threat intelligence provides insights into cyber threats and promotes a faster more targeted response.
It can assist decision makers in determining acceptable cybersecurity risks, controls and budget constraints in equipment and staffing, and support incident response and post-incident response activities.
At MWR, we believe the concept of cyber war limits understanding of cybersecurity risk, and reduces our ability to respond effectively.
It encourages a state of denial, where the absence of casualties leaves many victims, already struggling to comprehend cybersecurity, in a state of paralysis.
This failure to respond, compounded by a fear of retaliation, has become “almost an invitation to [aggressors to] escalate more” says Thomas Rid, an academic.[2] It may even lead
to a militarization of responses, where public and private organizations alike look to military minds to solve policy problems, and conflict becomes a fait accompli.[3]
Cyber has however brought about a revolutionary change in global relations, with states and organizations exposed to a range of harms that fall short of armed conflict.[4] This is described
by academic Lucas Kello as a state of ‘unpeace’, or by journalist, David Sanger as the ‘new normal’ [5], where state actors exploit opportunities the cyber domain presents.
By targeting organizations rather than states, taking care to avoid positive attribution, and calibrating the impact to fall short of war, they can pursue their foreign policy goals while
The 2012 attack by Iranian hackers against Saudi Aramco, the world’s largest oil company, represents a high profile example, but Russia’s emerging pattern of activity in cyberspace suggests it
Valeray Gerasimov, General of Russia’s armed forces, is credited as the architect of the country’s hybrid tactics.
The Gerasimov doctrine combines information operations and cyberattack with conventional levers to achieve Russia’s aggressive geopolitical goals, without risking armed conflict with its NATO opponents.
His approach, tested and refined in attacks on Estonia, Georgia and Ukraine, has since been successfully deployed against the United States.
Key characteristics of Russia’s activity in cyberspace include establishing a foothold within critical industries, abuse of information platforms, and interference with democratic processes.
In 2018 the US Department of Homeland Security (DHS), the Federal Bureau of Investigation (FBI), and the United Kingdom's National Cyber Security Centre (NCSC) warned that Russian state-sponsored cyber actors
had compromised hundreds of thousands of network devices in key national infrastructure sectors, including telecommunications, power and utilities.[6] DHS later reported that Russian APT actor ENERGETIC BEAR had gained access
to air gapped control rooms by abusing third party access to these environments.[7] MWR’s investigations indicate Russian actors have targeted smaller, apparently more vulnerable organizations in western countries within these
They use publically available penetration testing tools and non-attributable malware to avoid positive attribution.
Instead, the Kremlin seeks a foothold in organizations, partially to project power, but also in preparation for any escalation in hostilities.
This creates a window of opportunity for defenders to hunt and remove attackers persisting within these networks.
This often involves abuse of media outlets including social media platforms, to not only influence public opinion but also undermine credible sources.
Brazil is confronted with a large style of alleged cyber
threats, as well as on-line scams, cybercrime, and
digital police work. Not all of those threats ar essentially equal.
Arguably the foremost serious and widespread
risk is economically-motivated law-breaking – the targeting of
personal banks, companies and individual customers for
profit. Another vital set of cyber threats is rising from domestic
and foreign hacktivist teams seeking
to disrupt government services, websites and additionally company
targets.
More than thirteen % of the world's cyber attacks originated in
Russia throughout the third quarter, in line with Akamai
Technologies' "State of the Internet" report for the third quarter
of 2009.
Russia's ascent to the highest of the list came at the expense of
the U.S. and China, that fell from the highest 2 spots within the
second quarter to No. 3 and No. 4 with 6.9 % and half dozen.5 % of
the attacks, severally.
Brazil additionally leapfrogged the U.S. and China to earn a
dubious palm with eight.6 % of the intrusive traffic emanating from
the South yankee nation.
Akamai (NASDAQ: AKAM) officers same it discovered cyber attacks
from 207 completely different countries within the third quarter,
up from 201 countries within the previous quarter.
The company's report found that the highest ten countries were
liable for sixty one % of all attack traffic. Italy, Taiwan,
Germany, Argentina, Asian country and Balkan state rounded out the
list of offensive nations.
Security software package vendors like McAfee (NYSE: MFE) and
Symantec (NASDAQ: SYMC) are very vocal and consistent in their
efforts to warn government agencies and private-sector corporations
concerning the increasing range of politically motivated cyber
attacks they've uncovered.
This week, Google confirmed that it and over twenty alternative
U.S. corporations were the target of multiple subtle attacks that
investigators believe originated in China.
McAfee CEO Dave DeWalt in Nov same researchers have seen AN threate
increase in politically motivated cyber attacks originating in
Russia, France, Israel and China.
"McAfee began to warn of the world cyber race over 2 years agone,
however currently we’re seeing increasing proof that it’s become
real," he said. "Now many nations round the world ar actively
engaged in cyberwar-like preparations and attacks. Today, the
weapons aren't nuclear, however virtual, and everybody should adapt
to those threats."
The Akamai report additionally found that world web affiliation
speeds still improve at a spectacular clip. Overall, the world's
average affiliation speed was one.7 Mbps and among the highest ten
countries, seven enjoyed flat to higher affiliation speeds within
the half-moon.
The U.S. hierarchal eighteenth on the list with a median
affiliation speed of three.9 Mbps.
South Korea hierarchal No. one in average affiliation speed at
fourteen.6 Mbps, leaps and bounds sooner than second place Japan
(7.9 Mbps) and city (7.6 Mbps).
Russian hackers tried to interfere within the Brazilian elections
victimization social media to by artificial means amplify
discussions that questioned democracy in Brazil and alternative
topics connected to the presidential run.
Moscow's activities were discovered by cybersecurity firm FireEye,
a corporation that sometimes works with the yankee country against
foreign threats to North American country security.
The hacking was detected by late Sep, and were seen even throughout
one in all the presidential debates, same Cristiana Kittner, a
Brazilian FireEye worker United Nations agency was accountable to
analyze cyber-spying activities.
Brazil is undergoing a digital revolution with few parallels within
the developing world. the speed of digital penetration
and social media adoption has up exponentially over the past
decade. throughout this era, Brazil witnessed
a denary increase in web access and transportable subscriptions,
with over 1/2 its population
of two hundred million folks presently on-line.4 variety of things
about Brazil´s enhancements in social and
economic development ar driving these trends. a comparatively
stable political economy climate and powerfully
redistributive social policies resulted within the enlargement of
the country’s socio-economic class. AN inflow of latest
consumers at the same time ratcheted-up the demand for info and
communication technologies (ICTs)
and remodeled the dimensions of provide at levels proportionate
with Brazil’s large domestic market.
The demographics of web usage in Brazil ar analogous to variety of
alternative giant middle-income
countries, tho' with some important variations attributable to the
sheer dimensions of the state. Specifically,
Brazil is well positioned when put next to alternative powerful
rising economies, notably at intervals the Brazil,
Russia, India, China and African nation (BRICS) cluster. Brazil is
settled between Russia and China in terms of
the percentage of web users (of the country’s total
population).8
when put next to its neighbors and alternative
emerging powers, however, Brazil is leads the cluster. Brazil is
way sooner than its Latin American and Caribbean
(LAC) counterparts in terms of ICTs usage. it's the most important
on- and offline populations in Latin America: there
are about one hundred ten million web users within the country, or
around fifty four.2 per cent of the population.9
This
represents nearly double the quantity of total users of the second
most digitally-connected country in Latin
America, Mexico.10
Several characteristics related to Brazilian web usage warrant
special attention. For one, Brazilians
are avid producers and users of social media.11 If the animal
product region is that the world’s largest shopper of social
media, this can be for the most part because of Brazil’s voracious
appetency for on-line networking.
A wide spectrum treatment of cyber threats is essential so as to
start to beat misconceptions and
address misguided policies. because of the novelty and technical
nature of the problem, governments and voters
are comparatively poorly hip to concerning a way to respond.
Citizens, businesses and establishments typically feel that
understanding the problems is on the far side their capability or
that threats aren't relevant to them. mental object or
misperceptions typically lead to a failure to handle cyber-security
threats directly. Strategies, if they're adopted
at all, tend to be cobbled along on the idea of spurious and
untested premises. there's rarely sturdy
data to drive decision-making. A a lot of evidence-based approach
is desperately required so as to assess cyber
threats – one hip to by information of the various and
interconnected risks on-line.