Distributed Systems Deployment IP5

Security Threats

Charles Williams

Colorado Technical University/ IT401 Unit 4 IP

Prof. Kenneth Orgill

5/1/18

The primary security risks and threats Rolcox distributed system might face.

One of the leading concerns in the development of dependable distributed systems is security. Despite the services this project delivers to the users, it is faced with various security threats and risks. As we are in a digital era, cyber crimes advance day in day out just like technology. Although technology innovators and those in charge of cybersecurity come up with ways to deal with risks and threats, some do not efficiently aid in fighting against a cyber criminal. For the Rolcox company, as it relies on the internet (middleware) and uses email as the means of communication, the risks associated and threats it might face are; hacktivism, internet scams, spear phishing, spams, ransomware, and spoofing.

Severity basing on Likelihood and Impact on business

According to Rossi (2015), 95% of the massive data breaches begin with spear phishing attack. Despite organization installing anti-spam and antivirus software, phishing attacks are prevalent. This is due to spear phishing email are sent to specific individuals or businesses made to appear legitimate. They also use zero-day vulnerabilities not easy to be detected by anti-malware. For this reason, there is high chance for the Rolcox company to face this threat because clients are the most targeted. Most of them do not consider security measures for their devices and personal information. Therefore, by sending a spam message to the client will significantly serve as a gateway. This, in turn, will affect the organization causing a breach of data; loss of confidentiality. Apart from phishing, ransomware is another problem that might be faced by this company. It is a nasty malware where the attacker encrypts all files in the system and demands a ransom to decrypt the information. In 2016, according to CNBC this type of malware spiked up to 6,000%. Most victims had to pay a payment for their data to be restored (Rankin, 2017). As Rolcox will be interacting with its customers and partners, links and information are shared. This could be a vulnerability that can be used by attackers and as a result, the business may lose data, customers and incur extra costs to have its information restored. Ransomware has a significant impact on the market in case of attack.

Spoofing just like spear phishing, hackers use domains and addresses that appear to be legitimate; this is possible since protocols of email do lack effective mechanisms that are supposed to authenticate addresses. Therefore, people fall, victims, as they trust such emails come from individuals they believe. In case it happens on Rolcox, loss of data integrity, confidentiality and availability will occur. However, even though its impact on business is not significant, it is prevalent. Hacking activism (hacktivism) has been another security threat to most systems. Hackers will always find possible vulnerabilities and use them to access unauthorized information. The hacked business is likely to suffer significantly from the information about its operations can be traded to the competitors thus losing its competitive advantage. Moreover, strategies. Internet scams are designed to attract user’s attention such as adverts that are malware based. Others are insecure websites where of a user visits them personal details or their device IP address can be retrieved without their knowledge. Also, a scam in the form of unconfirmed internet rumors meant to scare consumers against the company or its services. Much of these scams happen in social media and calls for the business to address and be on the lookout for the sake of its clients and reputation. Lastly, spamming remains a significant challenge to the industry. Lots of unwanted emails are sent to addresses, and despite many ways used to filter them, they never stop. Although ordinary spam can be considered as a nuisance, they can be used to deliver malware. Ransomware, for example, is usually distributed through spam. The order to address the threats basing on likelihood and impact

Most prevalent and with the most significant effect is spear phishing, followed by ransomware, internet scams, hacktivism, spamming and then spoofing.

Action plan for the threats and risks basing on the order of priority

To address the issue of spear phishing, Rolcox will be needed to beef up its email security gateway using a multi-scanning solution. This aids in protecting against known and unknown threats and reduces vulnerabilities. Also, data sanitization will be necessary to remove any active code by changing the file format of the email attachments. Ransomware attacks can be dealt with by ensuring organization's information that is transmitted via email is encrypted. Also, users and workers should be taught of potential risks and vulnerabilities to avoid them. Once attacked, paying the ransom is the possible solution. Users should be told to be using websites that have embedded secure sockets layer (SSL). Also, to avoid online adverts that ask for personal data like credit card number, scams such as 'you have won, click here to see' or wanting them to pay for money. Using white hat hackers can be a solution to hacking. They help in identifying available and potential system's weaknesses for the benefit of the organization. Also, use of a firewall, password protection to prevent unauthorized access to sensitive information. Spamming and spoofing require the installation of mechanisms to offer authenticity of emails. To effectively deal with security threats, prevention should be considered. Using antivirus, anti-spyware, firewall to prevent against malware, ransomware, hackers, and spoofing. In case of attack, the organization should have a backup plan underway. This aids in losing data permanently as it can be restored after the issue is solved.

References

Rankin, B. (2017). Top 10 Malicious Email Threats. Retrieved from: https://www.lastline.com/blog/top-10-malicious-email-threats/

Ross, B. (2015). How to solve the five biggest email security problems. Retrieved from: http://www.information-age.com/how-solve-five-biggest-email-security-problems-123460017/