Task 2 Response
Assignment 2
Task 2
|

Contents
Vulnerability Identification
and Impact
Identification and explanation of proposed
remedial action
Evaluation of the Maintenance Programme
Prioritisation of Implementation
Immediate Implementation (Critical Risks)
Medium-Term/Long-Term Implementation
Consequences of Not Implementing the Programme
For this
report, I will consider the issues that were encountered as part of Task 1 and
identify the types of vulnerabilities these could pose to the organisation and
the impact they can have. For each of these vulnerabilities identified, I will
consider any countermeasures. By addressing this, it will ensure the system
remains secure and operational.
Vulnerability
Identification and Impact
The following
table looks at a range of digital and human data security vulnerabilities,
explaining them and recommending any remedial actions suggested to Linkchain
Gaming.
|
Vulnerability |
Type |
Risk
Level |
Countermeasure |
Business
Impact |
|
Lack of
Network Monitoring |
Digital |
|
Implementation
of tools like Wireshark would
help monitor traffic, detecting inbound and outbound traffic.
This will help us distinguish any malicious traffic coming in that we can
thereafter block at the firewall level. Keeping a log of all
traffic can help the organisation meet regulatory requirements, as well
as being able to carry out log analysis to prevent attacks from
recurring. |
If
we don’t act upon malicious traffic entering the
organisation's network, it can lead to attacks going undetected and C2
communication going unnoticed, which can thereafter lead to data
breaches with severe consequences such as fines, lawsuits, and reputational
damage. |
|
Little to no
authentication method |
Digital |
|
Introducing
Multi-Factor Authentication (MFA) can help verify the user's identity
and help distinguish between an attacker and a user.
It will involve users providing confidential information that is true to
them.
|
This
is an important step in securing access to the organisation's
network. As credentials alone were used in the previous breach
faced by Linkchain Gaming. If not acted upon, this can lead to
unauthorised access and allow the attacker to gain confidential intellectual
property, which can be used against them. |
|
Poor Access
Control / Shared Folder Exposure |
Digital |
|
Introducing
Role-Based Access control can prevent an organisation-level
attack. Everyone will be given access depending on their role
in the organisation. This means privileges will be distributed on a
hierarchy basis. |
When there is
shared level access across the organisation, the attacker can
attack any employee within the organisation to gain the company’s
confidential information. Leading to a data breach and intellectual property
theft, putting the organisation at jeopardy as they will be facing consequences
such as fines, lawsuits, and reputational damage, which can be difficult to
gain back. |
|
Insecure Home
Network |
Digital |
|
It
is stated that there are employees who work from home and,
very occasionally, go into the office. It is important to
assess their home network as they wouldn’t be under the
organisation's network system when working from home. This can
be tackled by making sure that they are using VPN’s and a secure connection
when accessing data. |
An insecure
network can leave gaps for MITM attacks and traffic interception. As traffic
across the network may not be encrypted, enabling attackers to intercept
and gain access to credentials. Due to the recent credential-based
breach faced by Linkchain Gaming, they are more vulnerable to this
type of attack. |
|
Opening
Attachments Blindly |
Human |
|
Staff should
undergo regular training, and employees should be cyber-aware.
These training sessions should highlight how to spot a phishing email,
its harm, and how to deal with it. Furthermore,
they should know how to validate whether it's safe
to open attachments. |
Failure
to obey can lead to a higher chance of human error, making
them vulnerable and leading them to download malware and spread it
across the organisation's network. Jordan’s bad habit of
opening attachments without validating the sender can lead to
organisation-level threats. |
|
Phishing
Email |
Digital/Human |
|
To reduce the
likelihood of phishing emails reaching staff members, we could implement
email filtering, which would involve scanning incoming emails for
malicious links, spoofed domains, and suspicious attachments.
Furthermore, it's important to make staff members aware and
make them undergo security awareness training, as humans behaviour is
often the most vulnerable point in security. |
Phishing
emails are one of the most successful and damaging cyberattacks. It can lead
to financial losses, fines and reputational damage. Failure to do
so can put employee and customer data at risk, and once this data is gone,
you can’t recover it. |
|
Lack of
employee cyber awareness |
Human |
|
Humans are
one of the most significant and persistent vulnerabilities in any
organisation, in the context of Linkchain Gaming, Jordan was a significant
threat to the organisation due to his bad habit of downloading attachments of
emails. In order to prevent and close the risk of human error, it is important
to carry out regular training as it will allow them to spot phishing attacks
and reinforce safe attachment handling |
Human error
is so dangerous because it bypasses even the technical controls, by making it
unpredictable its difficult to eliminate it entirely. Attackers specifically target
human behaviour by deploying phishing and social engineering attacks. In many
organisations, over 80% of breaches involve human error in some form, making
it important to address. |
Identification
and explanation of proposed remedial action
An examination
of Jordan’s laptop highlighted some remedial actions that would be required to
secure the laptop and other systems from attempts to compromise. This section
seeks to identify the recommended remediation and explain what the remediation
is in a non-technical way.
The table below
lists each of the proposed remediations along with an explanation of each:
|
Proposed
remediation including system upgrades |
Explanation |
How it will
be managed |
|
Schedule an
anti-virus deep scan checks on each laptop several times per
week |
The
anti-virus installed on each laptop needs to be configured so that a deep
scan is automatically carried out at least once per week. This level of scan
would detect more malware as it scans at a deeper level including
operating system files |
As most
employees working at Linkchain Gaming work from home, you can’t rely on employees
leaving computers at the office overnight. Therefore, modern organisations
carry out automatic scans via central platforms such as Microsoft Intune in
order to schedule deep scans at specific times, preferably off working hours
in order to not affect their work progress. To ensure consistency, it is important
for the organisation to make sure that all laptops should be enrolled in the
same management platform, they all have the same antivirus configuration, and
that they receive updates automatically. |
|
Install a
network behavioural analysis solution |
Sometimes a
piece of malware installs itself on an asset and then uses the network to
either replicate itself to other assets, allow the attacker access or
send data to the attacker. A network behavioural analysis solution listens to
and analyses network traffic looking for this type of behaviour and
then identifies the assets that are producing the traffic. This
allows those assets to be scanned and the malware removed. |
Traditional
NBA tools sit inside the corporate network and analyse the traffic. However,
as remote workers rarely send traffic through the corporate network we will
require to add and deploy Endpoint Detection and Response (EDR) that include
behavioural analytics directly on their computer. These tool monitor local
process made by the employee and analysis inbound/outbound traffic from the
device. In order to manage this as an organisation we are required to use a
cloud-based management system like Microsoft Intune which allows the IT team
at Linkchain Gaming to push the EDR agents across all computers and enforce
installation. This will allow them to monitor the agent whilst the user works
from home and will trigger investigations from a central dashboard. |
|
Install an
intrusion protection system (IPS) |
An IPS
detects attempts to infiltrate a network by comparing traffic to known
patterns of malware/traffic to known patterns of malware/exploits. It can
then automatically block the attempted access. It also could upload
new signatures as new exploits are discovered. |
As for remote
workers, we will require a different version of intrusion protection system. As
a traditional IPS appliance will sit in the data centre and inspect traffic
passing through the corporate firewall, which remote workers bypass entirely.
Therefore, we would need to deploy a Host-Based IPS agent directly on each laptop,
which will allow us to monitor traffic on the device itself and block malicious
connections. Its key benefit is that it works from anywhere, whether its from
home, the office, or even at a café. In order to centrally manage this, you
are required to install and manage HIPS agents on Microsoft Intune allowing
them to apply IPS policies remotely. This also makes it more convenient for
the user as the computer doesn’t need to return to the office in order for
the IT to make changes, they can easily deploy them over the cloud. |
|
Install a
cloud email security solution |
A cloud email
security system inspects incoming and outgoing emails scanning attachments
for malware and automatically quarantining emails that are potential
phishing attempts. |
For remote workers,
we are required to use a cloud-based solution. Modern cloud email security tools
are directly integrated within cloud email providers such as Microsoft 365 or
Google Workspace. These platforms scan emails before they reach the user,
blocking any phishing, malware attacks that may directed to the user. They do
this by analysing URLs in real time and apply AI-based behavioural detection.
This means remote workers are protected before the email even hits their
computer. Nonetheless, it is possible for some phishing emails to go undetected,
therefore its important to enforce security awareness training as human error
is a still factor, teaching staff on how to recognise phishing attacks and
simulation phishing practices within the organisation can help reduce the likelihood
of human error. |
|
Enforce
Multi-Factor Authentication |
A security model
that requires the user to provide two or more forms of verification before
they can access a system, application or network. Instead of relying on just
a password, which can be compromised given the recent attack faced by
Linkchain Gaming, MFA offers an extra layer of protection. Authentication methods
involve, security questions, SMS codes, and even fingerprints. Remote workers
often login from different networks with some being protected and some being public,
making them less secure than the office. MFA ensures that even if credentials
are intercepted, attackers still cannot access company systems. |
The most
reliable way to enforce MFA for remote workers is to manage authentication through
a cloud Identity provider such as Microsoft Azure A. These platforms allow
you to enforce MFA before a user can access emails, VPN, or internal systems,
by introducing this you will achieve MFA becoming mandatory before every logging
which remote workers cannot bypass, and access becoming blocked if MFA is not
passed. You can also create rules such as “Require MFA for all remote logins”
which is called conditional access policies where MFA is enforced
automatically depending on the rule set by the organisation. This ensures that
MFA is applied intelligently, based on the risk it poses on the organisation. |
|
Apply Least-Privilege
Access and PAM (Privileged Access Management) |
PAM is a security
framework used to control, monitor, and protect access to privileged accounts.
Privileged accounts involve system administrators, network engineers and any
other account that can access sensitive IP or shared folders. As of Linkchain
Gaming, the disgruntled employee sharing usernames and passwords is a perfect
example of why PAM should be included. PAM will help Linkchain Gaming prevent
sharing passwords, stop unauthorised access to confidential IP and limit the damage
from an insider threat. This helps reduce the risk of credential theft whilst
enforcing least-privilege access across the organisation. |
Before enforcing
any least-privileges or PAM, we need to recognise who has access to what and which
permissions are unnecessary. Therefore, its recommended to first carry out a
full access audit within the organisation. Least-privilege access means that
every user gets the minimum access needed to perform the job. We can manage
this by introducing RBAC (Role-Based Access Control), which assigns permissions
based on the employee job role within the organisation and not individuals. PAM
controls and monitors all privileged accounts. For remote workers, this is essential
because you can’t rely on office-based network controls. It is important to
integrate everything with zero-trust access control to ensure that every
access request is being verified continuously. |
|
Implement
Zero-Trust Access Controls |
A security model
that enforces users to verify devices whether they are within the
organisation, Zero-Trust requires continuous verification every time someone
tries to access a resource on the organisation network. Every access request
must be authenticated by the user using identity verification, location and
user behaviour. Given that Linkchain Gaming issues where employees are
sharing credentials and accessing to sensitive intellectual property, this makes
it a perfect fit, as it would prevent unauthorised access even if the credentials
are stolen as they will be required to verify their identity. This limits the
damage from insider threats and external attacks by enforcing strong
authentication for all remote access. |
This model is
important for remote workers as they operate outside the organisation network,
making it hard to trace back to their actions. Therefore, establishing a
strong identity foundation such as MFA would make the remote workers verify
their identity using more than just a password. Linkchain Gaming should also
enforce company-managed devices to be able to access the corporate systems as
home networks may not be up-to-date and pose as a threat to the organisation
network. Zero-Trust requires breaking the network into smaller, isolated
segments. In a case of an attack, this means that the attacker cannot spread
through the organisation as network is segmented makes the attack isolated.
It is also important to for the organisation to provide sufficient training
on how to operate from home safely widely covering phishing, MFA, device security
and safe remote working in general. |
Evaluation
of the Maintenance Programme
The proposed security
programme for Linkchain Gaming provides a comprehensive, multi-layered approach
to addressing the vulnerabilities identifies in Task 1. It successfully targets
the three primary attack vectors presented: human factors (phishing and user behaviour),
technical weaknesses (malware, lack of monitoring, weak authentication), and
organisational gaps (poor access control and policy enforcement)
Measures such as
email security filtering, staff awareness’ training, and phishing simulations directly
mitigate the most significant risk identified, Jordan’s unsafe email handling
behaviour. At the same time, technical controls such as HIPS (Host-based Intrusion
Prevention System), and endpoint protection addresses malware infections and unauthorised
network activity. The introduction of Multi-Factor Authentication (MFA) and
Privileged Access Management (PAM) specifically responds to the previous
credential-based breach, significantly reducing the likelihood of unauthorised
access even if credentials are compromised again.
Overall, the
programme demonstrates strong alignments with the organisation’s risk profile
and provides defence in depth, ensuring that if one control fails, other remain
in place to mitigate the threat.
Trade-offs
and Limitations
Despite its strengths,
the programme presents several practical limitations and trade-offs that must
be considered:
-
Cost:
Implementing
advanced solutions such as PAM and network behavioural analysis tools can be expensive,
particularly for a medium-sized organisation. Licensing, infrastructure, and ongoing
maintenance costs can be budgeted.
-
Resources
and Skills Requirements:
Many
of the proposed controls like HIPS and network monitoring require skilled cybersecurity
personnel to manage alerts and respond effectively. Without adequate staffing
or training, this system may generate alerts that are not acted upon.
-
User
Impact and Productivity:
Security
measures such as MFA and strict access controls may initially reduce user convenience
and productivity. Employees may resist changes, particularly if they are not supported
with adequate training.
-
Implementation
Time:
Rolling
out organisation-wide changes such as Zero-Trust architectures can take time
and must be carefully phased to avoid operational disruptions
-
False
Positives:
Systems
such as IPS and email filtering may occasionally block legitimate activity, requiring
manual review processes, which therefore increase workload.
-
Dependency
on cloud services:
If Intune/Azure goes
down, it can have an impact on management which can disrupt productivity and
leave the organisation at risk during downtime.
The limitations
highlight the importance of balancing security with usability and operational
efficiency.
Prioritisation
of Implementation
Given the range
of vulnerabilities and resource constrains, Linkchain Gaming should adopt a
risk-based prioritisation approach, focusing first on controls that need
addressing effectively based on:
-
Likelihood
-
Impact
-
Ease
of Implementation
Immediate
Implementation (Critical Risks)
-
Security
Awareness Training with the focus on Phishing
-
Email
Security Filtering solution
-
Multi-Factor
Authentication (MFA)
-
Implement
Zero-Trust Access Control
-
Privileged
Access Management (PAM)
These controls
directly address the primary attack vector and provide the greatest immediate reduction
in risk.
Short-Term
Implementation
-
Endpoint
Protection and regular malware scanning
-
Patch
Management and system updates
-
Basic
Network Monitoring and firewall rule improvements
-
Install
Host-Based Intrusion Prevention System (HIPS)
These measures strengthen
the technical defence and reduce the likelihood of malware exploitation.
Medium-Term/Long-Term
Implementation
-
Network
behavioural analysis tools
-
Schedule
Deep Antivirus Scans
These solutions
enhance visibility and control access the network but require more investment
and planning. As well as providing a long-term resilience in the organisation
security posture.
Consequences
of Not Implementing the Programme
Failure to
implement these measures would leave Linkchain Gaming exposed to continued and
potentially more severe cyber-attacks. Given the existing credential-based
breach and evidence of phishing attempts, the organisation is already a primary
target for attacker and inaction would significantly increase the likelihood of
data breaches involving sensitive information and unannounced intellectual
property. As well as financial losses due to operational disruption, ransomware
and legal cost. Furthermore, it puts the organisations reputation on the line, which
can lead to loss customer trust and competitive disadvantage.
From a legal and
regulatory aspect, non-compliance with data protection requirements such as the
GDPR could result in a mandatory breach reporting within the 72 hours of the
attack and face significant financial penalties which can involve fines
reaching millions of pounds. It can also lead to legal action from affected
stakeholders which only ruins their relationship but it can lead to delays into
projects as their budget may be constrained.
Conclusion
In conclusion,
the proposed security programme provides a well-structured and effective
approach to mitigating the risks identified within Linkchain Gaming. While
there are cost, resource, and usability considerations, these are outweighed by
the significant reduction in risk and improved organisational resilience. By
prioritising high-impact controls such as MFA, email security, and user
training, and gradually implementing more advanced solutions, Linkchain Gaming
can develop a robust, scalable, and sustainable security posture.
Failure to act
would not only expose the organisation to further cyber incidents but could
also result in serious financial, legal, and reputational consequences, making
the implementation of this programme both a technical necessity and a
business-critical priority.
Comments
Post a Comment