Question.736 - What current cyber threats must be considered? How does this impact an organization’s security structure?
Answer Below:
Before assessing the present threat to cyberspace, it is important to understand the technological advancement of the present era, where data sharing is heading towards a centralized model, exposing personalized information to higher risk when hacked. In terms of datasets, there is a threat of SQL injection in order to breach the datasets (Blakemore & Awan, 2016). Since a large number of data is stored on a database that is handled by the structured query language is subjected to a higher rate of risk, where the SQL injections are towards the permissions on the datasets, password fields, and the inputs of retrieval where the validation is attacked. The DDoS attack is where the Distributed Denial-of-service is targeted towards the server in terms of intruding on it with higher traffic, where the several linked network can be brought down (Blakemore & Awan, 2016). Certain significant types of DDoS attacks are Smurf, fragmented packet attacks, and the SYN floods, where the primary target tends to be on the actual server; with the advancement of technology, the current era DDoS attacks also breach through intrusion prevention systems and cause traffic inconsistencies as to crash the network performance. Phishing on the contemporarily adapted cyber-attacks targets victims that are unaware of the threat, tricking the people into handing over their own personal information; this cyber threat could be on both a domestic or global level since the information pertaining to passwords and details related to bank or financial accounts (Blakemore & Awan, 2016). The phishing is achieved through various activities such as email; for instance, from the reports of "itgovernance.eu" an example of email phishing can be seen when the letter "r" and "n" are used next to each other depicted as the letter "m" when put together on the Amazon logo or the email ids into fraud the target victims (Irwin, 2022). The other types of phishing activities include spearing, smishing and vishing, and whaling. Malware and ransomware are other significant and well-known cyber threats to the world. In terms of malware, the convicts tend to employ malicious code into the victim's personal device, where the privacy of the victims is infringed; in terms of ransomware, where the intrusion is towards financial elements of the victims, where the attackers tend to utilize the public-key encryption that is hard to detect by the preventive measures and training protocols in terms of cyber security guidelines that protects the system (Blakemore & Awan, 2016). Some of the other threats include DNS tunneling, where the attackers insert tunnel malware into the request of DNS from the client end, and the entire DNS communication is hacked, where they serve as invisibility to the firewalls (Blakemore & Awan, 2016). These threats could compromise the security of the entire company along with its stakeholders or even a nation; one such example could be seen in the war between Ukraine and Russia when Ukraine's public database was hacked and destroyed. Cyber-attacks could compromise the dataset of an organization leading to failure to uphold the privacy of sensitive data, which could range from an individual's personal data to a nation's nuclear code. References Blakemore, B., & Awan, I. (2016).?Policing cyber hate, cyber threats and cyber terrorism. Routledge. Irwin, L. (2022, April 27). The 5 most common types of phishing attack. IT Governance Blog En. Retrieved from https://www.itgovernance.eu/blog/en/the-5-most-common-types-of-phishing-attackMore Articles From Risk Management
.ico)
.ico)
.ico)
.ico)
