Practise Task1
Swift FinTech Solution is a medium-sized company which provides digital payment services for a range of finance companies across the UK. It has faced many cyber threats in recent years which has led to unauthorized access to financial data, phishing attacks, and potential data leaks. The company is currently in operations and prepares to launch in new international markets. Swift FinTech solutions operates from its headquarters in London, with a branch office in Berlin. It currently has 75 staff members and its planning to embark on an exciting phase of growth across all of Europe.
CURRENT ISSUES WITHIN THE COMPANY
PHISHING ATTACKS:
This type of threat is where the hacker sends an email where they pretend, they are some other trusted person/businesses and try to gain user's personal information. This type of email usually includes some type of link where it redirects the user into a dangerous site where they gain user's confidential data such as card details, home addresses, and phone numbers. There are many forms that phishing can be represented such as: Pharming, this type of spam is very similar to phishing as they both tend to use fraudulent websites. The main difference between them is that phishing makes use of fake emails whereas pharming will rarely use such tactic. Smishing, this type of spam involves a hacker trying to gain the user's information via sending them a 'trustworthy' text message contains suspicious links which will redirect the user and making them fill in their personal information. Spear phishing, this form of spam involves an email being sent from a 'trustworthy' source and redirects the user to a website full of malware. Vishing, this form of spam involves calls and messages which pretend to be from well-known companies to try and trick people into giving out personal information, such as bank details and credit card numbers. If Swift FinTech employees access this phishing emails it can lead to data loss and reputational damage for the company which can affect the number of clients and sales that Swift FinTech achieves. Furthermore, it is a company’s responsibility to make sure that they are not breaking any legislation and their network is kept safe. In order to reduce the likelihood of this threat, staff should be undergoing regular training on how to identify and safely remove the vulnerability.
OUTDATED OPERATING SYSTEMS:
An operating system a program that manages a computer's hardware and software resources, and provides services for other programs. It handles tasks such as input and output, memory allocation, and scheduling. It is important to keep an up-to-date operating system, this can prevent any cyber-attacks and vulnerabilities to the system as well as making sure that they are performing well. Updates can improve the functionality and usability of your device. If you're using an old operating system, the vendor might not support it anymore. It is important for Swift FinTech Solutions to make sure that their hardware is all kept up to data to remove the likelihood of any other problems such as communication with other users. It is important that Swift FinTech Solutions invest into new servers in order to gain up-to-date operating system which will help with communication and accessibility issues.
VPN LICENSES:
A VPN is an encrypted connection between the device and the internet, in order to do so it hides the users IP address and location, and encrypts users’ data to increase privacy and security. There are currently only 20 licenses available to use for the company. Which are all currently in use by the remote workers in order to access their work documents. The company is considering to expand their offices and move to different headquarters. Due to the servers being in the London headquarters, it will mean that all employees from Berlin and the new flagship headquarters will require to access to the servers via a VPN connection. With the limited number of VPN licenses, it can affect the company’s work rate and performance as well as delaying their projects for the new headquarters. Swift FinTech Solutions should invest in more VPN licenses in order to allow more staff to access the internet safely and allow room for company expansion around Europe.
USER’S BROAD ACCESS TO RESOURCES:
It is made clear that Swift FinTech Solutions system, allows users to access a broad amount of data which can be seen as a vulnerability to data breaches. That is because it introduces factors such as insider threats, human error, and disguised criminals. Insider threats is a perceived threat to an organization from someone who has access to the organization's sensitive information. This could be an employee, former employee, contractor, or business associate. Insider threats can be intentional or unintentional, and can have serious consequences for an organization. This also bring consequences to the company of which they can lead to data theft, financial fraud, identity theft, and reputational damage. This can also result in fines and legal action. Human error involves accidental loss of data. This is a loss of data itself rather than a copy which means that the data is lost permanently and cannot be retraced. There are many other errors that included such saving files in the wrong location, sending emails to the wrong users with attachments, and accidental changes to documents. Human error were the causes to approximately 90% of data breaches. Disguised criminals involve the use of social engineering to gain access to buildings. This usually involve 2 types, tailgating/piggybacking which involves following someone with access to go inside the building, and shoulder surfing involves stealing someone’s confidential information this could be when looking over someone whilst they are entering their PIN to the server room. In order to prevent these issues, they should implement role-based access control which will allow appropriate access to resources depending on their role in the organization. This will enhance security and reduce the likelihood of any threats such as malicious employees.
MISCONFIGURED FIREWALLS:
A firewall is a network security device that regulated inbound and outbound traffic based on the security rules applied. Firewalls and other networks settings can be a potential security vulnerability if they are not configured correctly. This usually occurs when there are open ports which are allowing unauthorized external connections to the network. This can be vulnerable to the network as hackers can intercept data throughout the network which can disrupt the way the users access data. This can lead to other threats such as viruses, ransomware, adware, DoS attacks. This can have an immense impact on the systems security, as it will make it much easier to access users’ data for the hackers. They should implement new and adaptable firewall rules which will allow only appropriate data into the system.
STAFF TRAINING:
During staff induction, they are provided with 1 hour of training on any cyber threats and how to prevent them. Once they complete it, they are signed off as competent in the area, the videos focus on 2022 security threats and how to remain safe. This can be a major issue as it is important that staff are kept up to date with threats and legislations as it can introduce human error which were the causes of approximately 90% of data breaches. Therefore, I would suggest Swift FinTech Solutions to carry out regular staff training focusing on new threats and legislation and enhance the user policy in the company.
EXTERNAL DEVICES:
It appears that the company has been allowing users to connect external devices into their computers. This makes their system vulnerable to threats such as viruses, key loggers, password-cracking software. Virus is a program that is installed into the user’s computer, this then replicates itself and spreads throughout the computer and to other user’s computers as well. They do this by simply affecting files and when the user sends this to other users, they will download the file which then can affect their system as well as the virus is carried over to their system. Key logger is installed on to the user’s device and its purpose is to record the users key strokes so the they can gain any type of information by the user. When the user is typing some confidential data such as passwords the hacker will be able to see what the user is typing this will allow them to steal this information without the user being aware of it. Password-cracking software is used by hackers to gain access to data. This software exploits people who have easy or repetitive passwords which can be guessed quite easily. There are 2 types of techniques that the software tends to use, dictionary which will use a list of predefined passwords to gain access, or brute force which is when you try different combination of letters, digits, and characters to gain access to the dat. Simple passwords can be cracked very easy and that's why users should ensure to set hard passwords. To reduce the likelihood of such problems, Swift FinTech should implement a code of conduct which would influence the employee behaviours and practices. This will make sure that no external devices are connected to the network without any authorisation.
TEST PLAN
In order to find the root cause behind each induvial problem I have attached tests that should be carried out in order to find the issues involved with the problems. This will help us find a solution much quicker and effectively. It is important for the company to implement any health and safety measures accordingly to each test. For example, they should make sure that they have the right people with the right skills to be completing each task to make it more efficient and precise. Moreover, they should hire professionals for some tests such as pen testing as it will require a more in-depth knowledge in order to tackle the testing.
USER DETAILS | TEST DATE | SOFTWARE/ HARDWARE | PROPOSED TEST | PURPOSE | EXPECTED OUTCOME | ACTUAL OUTCOME |
Financial analyst | 17/03/2025 | Windows 8 Laptop | Load testing: Set up an environment that is similar to companies’ environment. Develop scripts and actions the user would be simulating. Run the test against application. | To determine how the system performs under peak load conditions | We will be able to determine if the system performance under extreme load testing. | TBD |
| 17/03/2025 | Windows 8 Laptop | Stress testing: You will require to plan the test and correctly identifying the resources required and monitor system while gradually increasing the load on the application. | To determine how reliable the system is under extreme workload | It will allow identify system vulnerabilities, and potential failure points under extreme conditions. | TBD |
Head of compliance | 17/03/2025 | VPN connection | Leak testing: Check your current IP address whilst NOT connecting to a VPN. Thereafter, turn the VPN and check IP address again by going to Google and asking “What is my IP address?” | To determine if your VPN connection is protecting your IP address and ensuring your online activity is kept safe. | It will allow identify if the VPN is functioning properly and masking the IP address to keep online activity safe. | TBD |
| 17/03/2025 | VPN connection | Pen testing: This will include hiring professionals which will try to penetrate the system in order to gain access | To find any vulnerability in the system
| If any vulnerability is found, we quickly fix them | TBD |
| 17/03/2025 | VPN connection | Black box testing: This involves hiring a professional who will penetrate into the system by only knowing key details of the user. They will thereafter report any issues and bugs in the system. Usually provides unexpected vulnerabilities. | Evaluate the functionality, security, performance, and other aspects of an application with no knowledge of a system's internals | We will be able to identify any bugs and issues with the system | TBD |
| 17/03/2025 | VPN connection | White box testing: This involves hiring a professional who will be provided with full information on the system and will penetrate into the system and provide a report with key issues and bugs in the system. This usually include internal vulnerabilities that company may be aware of. | Provides the tester with complete knowledge of the application being tested, including access to source code and design documents. | We will be able to identify any bugs and issues with the system | TBD |
IT security engineer | 18/03/2025 | Firewall | Port scanning: In order to carry out a port scanning test it will require the user to use online tools like DNS checker to check for any open ports on a system. | This helps identify any open ports on a network or server, which can introduce any vulnerabilities to the system. | It will provide a detailed overview of what data is currently entering the system and if there are any open ports. | TBD |
| 18/03/2025 | Firewall | Ping scan: To run a ping scan, you require to open the command prompt on windows, type “ping” followed by a space and the IP address to test, and simply press enter. | It will help identify any active devices on a network. | The ping scan will reveal all different hostname of each device connected to the network. | TBD |
Risk manager | 18/03/2025 | Payment system using old TLS protocols | Pen testing: This will include hiring professionals which will try to penetrate the system in order to gain access | To uncover any vulnerability in the system
| If any vulnerability is found, we quickly fix them | TBD |
| 18/03/2025 | Payment system using old TLS protocols | Black box testing: This involves hiring a professional who will penetrate into the system by only knowing key details of the user. They will thereafter report any issues and bugs in the system. Usually provides unexpected vulnerabilities. | Evaluate the functionality, security, performance, and other aspects of an application with no knowledge of a system's internals | We will be able to identify any bugs and issues with the system | TBD |
| 18/03/2025 | Payment system using old TLS protocols | White box testing: This involves hiring a professional who will be provided with full information on the system and will penetrate into the system and provide a report with key issues and bugs in the system. This usually include internal vulnerabilities that company may be aware of. | Provides the tester with complete knowledge of the application being tested, including access to source code and design documents. | We will be able to detect any bugs and issues with the system | TBD |
| 18/03/2025 | Payment system using old TLS protocols | Vulnerability scanning: This will require to install a scanning tool such as Microsoft Defender Vulnerability Management and will entail to input the IP address and start the scan also making sure to monitor progress and review the report. | This helps to proactively identify any vulnerabilities in the security system before hackers can exploit them. | A list of vulnerabilities will be identified and categorized depending on their security levels. | TBD |
IT administrator | 18/03/2025 | Unauthorized software | SAST testing: Select a static analysis tool that can perform code reviews of applications written in programming language. Thereafter, create a scanning infrastructure and launch the tool. Finally, analyse the results and provide training accordingly | This identifies the root cause of vulnerabilities and helps remediate the underlying security | By using the “code analysis” filter it will display the results from the SAST scan. | TBD |
| 18/03/202025 | Unauthorized software | Risk assessment: This will require detecting any hazards and determine who might harmed and how the risks could impact the system, thereafter take precautions on matter.
| Helps identify the potential risks opposed by the software and take precautions accordingly | It will provide a full report with likelihoods and severity of risks and enables implementation of effective control measures. | TBD |
| 18/03/2025 | Unauthorized software | Virus and threat protection: Click the start icon on the taskbar, and then click setting. Click privacy and security, and then click window security. Click virus & threat protection. It will make sure that the hardware has anti-virus installed and can scan if the apps is safe or not | This help the organization to classify if the software is safe to access by the users | The report will outline if the software operated by the users is safe or not. If not, it will provide any vulnerabilities in the system. | TBD |
This cyber security fault-finding investigation has highlighted critical vulnerabilities and associated threats within the organization's network. By adding all the recommended security measures and testing that were discussed, the company can strengthen its defence and minimize any external threats and cyber-attacks. Regular security assessments, user training, and regular monitoring are crucial to maintaining a secure IT environment within the company and ensuring all users with online safety.
Comments
Post a Comment