PPT - Computer Science

Mitigation Strategy

Risk and threat mitigation when it comes to cybersecurity issues involve processes and policies put aside by an organization to help prevent data breaches, security incidents and limit the extent of damage in case the security attack occurs. Threat mitigation is usually broken into several layers or components. Some of these layers had been implemented by Capital One, although it still faced a considerable security threat.

Prevention and identification

Mitigation begins with threat prevention. Prevention acts as the appropriate policies and practices that safeguard organization systems and information from being threatened attackers. All organizations like Capital One have their threat prevention practices as indicated in the administrative, physical, and technical controls (Carlton & Ramim, 2019). All these controls are there to prevent situations where a threat might occur. They also help in finding vulnerabilities in the company so that they can be mitigated. The second layer involves threat identification. In identification, organizations put in place tools and technical equipment to identify security threats. Capital One had all the measures and security experts to identify the security threat.

However, the tools and the teams were not able to identify the misconfiguration. In the company, there was a vulnerability of firewall misconfiguration, which allowed the servers' execution of commands. In the incident, it was unclear the misconfiguration used to compromise the cloud resources (Grobler et al., 2017). Thus, the organization should have had the appropriate tools too critically and continuously assess the cloud environment for any security issues. The expert teams should also have a means in which they regularly reviewed the security group configurations.

Remedy

The last section, when it comes to threat mitigation involves threat remedy. Threat remedies look at the tools and strategies used to lower the effects of active security risks that have surpassed an organization's security defenses and infiltrate the systems by containing and isolating the risk (Carlton & Ramim, 2019). Since hackers are always determined and utilize sophisticated attack techniques to compromise the company's data, organizations are encouraged to protect their data and systems.

For cybersecurity risks mitigations, the company needs to have policies in place, preventive security measures, and response plans for solving breaches and any attempts to breach. For capital one, it should ensure that it has the basic mitigation strategies. It should also have tools that help in monitoring network traffic for suspicious activities (Carlton & Ramim, 2019). it should patch and upgrade software appropriately. Moreover, it should upgrade the authentication process for external and internal partners. Although the company utilized several measures, it can increase the use of real-time security analysis and monitoring. Besides that, the penetration and vulnerability assessment should be annual and regularly. Using real-time alerting of issues in a network would have helped the company track activities like AWS cloud trail logging since the cloud trail keeps a log of events on the AWS account, which is stored in an s3 bucket.

Furthermore, during the attack, the attacker used IPredator and Tor to hide the network identity during the attack on cloud resources. Thus, the company can mitigate this by using whitelisting access to resources for known useful IP addresses (Novaes Neto et al., 2019). This would have helped avoid unauthorized access. However, the whitelisting should be used with additional robust authentication methods.

Result analysis

Several results come from the attack. Foremost the company responded by saying that it had massively invested in cybersecurity and planned to continue doing so. It also mentioned that affected customers would get free credit monitoring and identity protection (Lu, 2019). However, as a direct result of the incident, the customer’s confidence in the company might remain lower. Due to this, its revenue was projected to reduce.

Additionally, the company started to assess the use of public cloud storage providers accurately, ensuring compliance of all security standards during deployment. Furthermore, they started taking security issues seriously due to the continued lawsuit subjected to them after the attack. It also gave other organizations the green light to find the means to prevent cyber-attack from happening.

References

Carlton, M., Levy, Y., & Ramim, M. (2019). Mitigating cyber-attacks through the measurement of non-IT professionals' cybersecurity skills. Information & Computer Security.

Grobler, M., Jacobs, P., & van Niekerk, B. (2017). Cybersecurity centers for threat detection and mitigation. In Threat Mitigation and Detection of Cyber Warfare and Terrorism Activities (pp. 21-51). IGI Global.

Lu, J. (2019). Assessing The Cost, Legal Fallout Of Capital One Data Breach. Legal Fallout Of Capital One Data Breach (August 15, 2019).