Task 2 Response


Assignment 2

Task 2

    

    

    

 


 

Contents

Vulnerability Identification and Impact 2

Identification and explanation of proposed remedial action. 5

Evaluation of the Maintenance Programme. 9

Trade-offs and Limitations. 10

Prioritisation of Implementation. 10

Immediate Implementation (Critical Risks) 11

Short-Term Implementation. 11

Medium-Term/Long-Term Implementation. 11

Consequences of Not Implementing the Programme. 11

Conclusion. 12

 

 

 


 

For this report, I will consider the issues that were encountered as part of Task 1 and identify the types of vulnerabilities these could pose to the organisation and the impact they can have. For each of these vulnerabilities identified, I will consider any countermeasures. By addressing this, it will ensure the system remains secure and operational.

Vulnerability Identification and Impact

The following table looks at a range of digital and human data security vulnerabilities, explaining them and recommending any remedial actions suggested to Linkchain Gaming.

Vulnerability

Type

Risk Level

Countermeasure

Business Impact

Lack of Network Monitoring 

Digital 

 

Implementation of tools like Wireshark would help monitor traffic, detecting inbound and outbound traffic. This will help us distinguish any malicious traffic coming in that we can thereafter block at the firewall level. Keeping a log of all traffic can help the organisation meet regulatory requirements, as well as being able to carry out log analysis to prevent attacks from recurring.  

If we don’t act upon malicious traffic entering the organisation's network, it can lead to attacks going undetected and C2 communication going unnoticed, which can thereafter lead to data breaches with severe consequences such as fines, lawsuits, and reputational damage.  

Little to no authentication method 

Digital 

 

Introducing Multi-Factor Authentication (MFA) can help verify the user's identity and help distinguish between an attacker and a user. It will involve users providing confidential information that is true to them.  

 

 

This is an important step in securing access to the organisation's network. As credentials alone were used in the previous breach faced by Linkchain Gaming. If not acted upon, this can lead to unauthorised access and allow the attacker to gain confidential intellectual property, which can be used against them.  

Poor Access Control / Shared Folder Exposure 

Digital 

 

Introducing Role-Based Access control can prevent an organisation-level attack. Everyone will be given access depending on their role in the organisation. This means privileges will be distributed on a hierarchy basis. 

When there is shared level access across the organisation, the attacker can attack any employee within the organisation to gain the company’s confidential information. Leading to a data breach and intellectual property theft, putting the organisation at jeopardy as they will be facing consequences such as fines, lawsuits, and reputational damage, which can be difficult to gain back. 

Insecure Home Network 

Digital 

 

It is stated that there are employees who work from home and, very occasionally, go into the office. It is important to assess their home network as they wouldn’t be under the organisation's network system when working from home. This can be tackled by making sure that they are using VPN’s and a secure connection when accessing data.  

An insecure network can leave gaps for MITM attacks and traffic interception. As traffic across the network may not be encrypted, enabling attackers to intercept and gain access to credentials. Due to the recent credential-based breach faced by Linkchain Gaming, they are more vulnerable to this type of attack. 

Opening Attachments Blindly 

Human 

 

Staff should undergo regular training, and employees should be cyber-aware. These training sessions should highlight how to spot a phishing email, its harm, and how to deal with it. Furthermore, they should know how to validate whether it's safe to open attachments. 

Failure to obey can lead to a higher chance of human error, making them vulnerable and leading them to download malware and spread it across the organisation's network. Jordan’s bad habit of opening attachments without validating the sender can lead to organisation-level threats. 

Phishing Email 

Digital/Human 

 

To reduce the likelihood of phishing emails reaching staff members, we could implement email filtering, which would involve scanning incoming emails for malicious links, spoofed domains, and suspicious attachments. Furthermore, it's important to make staff members aware and make them undergo security awareness training, as humans behaviour is often the most vulnerable point in security.

Phishing emails are one of the most successful and damaging cyberattacks. It can lead to financial losses, fines and reputational damage. Failure to do so can put employee and customer data at risk, and once this data is gone, you can’t recover it.

Lack of employee cyber awareness

Human

 

Humans are one of the most significant and persistent vulnerabilities in any organisation, in the context of Linkchain Gaming, Jordan was a significant threat to the organisation due to his bad habit of downloading attachments of emails. In order to prevent and close the risk of human error, it is important to carry out regular training as it will allow them to spot phishing attacks and reinforce safe attachment handling

Human error is so dangerous because it bypasses even the technical controls, by making it unpredictable its difficult to eliminate it entirely. Attackers specifically target human behaviour by deploying phishing and social engineering attacks. In many organisations, over 80% of breaches involve human error in some form, making it important to address.

 

 

 

Identification and explanation of proposed remedial action

An examination of Jordan’s laptop highlighted some remedial actions that would be required to secure the laptop and other systems from attempts to compromise. This section seeks to identify the recommended remediation and explain what the remediation is in a non-technical way.

The table below lists each of the proposed remediations along with an explanation of each:

Proposed remediation including system upgrades

Explanation

How it will be managed

Schedule an anti-virus deep scan checks on each laptop several times per week 

The anti-virus installed on each laptop needs to be configured so that a deep scan is automatically carried out at least once per week. This level of scan would detect more malware as it scans at a deeper level including operating system files 

As most employees working at Linkchain Gaming work from home, you can’t rely on employees leaving computers at the office overnight. Therefore, modern organisations carry out automatic scans via central platforms such as Microsoft Intune in order to schedule deep scans at specific times, preferably off working hours in order to not affect their work progress. To ensure consistency, it is important for the organisation to make sure that all laptops should be enrolled in the same management platform, they all have the same antivirus configuration, and that they receive updates automatically.

Install a network behavioural analysis solution 

Sometimes a piece of malware installs itself on an asset and then uses the network to either replicate itself to other assets, allow the attacker access or send data to the attacker. A network behavioural analysis solution listens to and analyses network traffic looking for this type of behaviour and then identifies the assets that are producing the traffic. This allows those assets to be scanned and the malware removed. 

Traditional NBA tools sit inside the corporate network and analyse the traffic. However, as remote workers rarely send traffic through the corporate network we will require to add and deploy Endpoint Detection and Response (EDR) that include behavioural analytics directly on their computer. These tool monitor local process made by the employee and analysis inbound/outbound traffic from the device. In order to manage this as an organisation we are required to use a cloud-based management system like Microsoft Intune which allows the IT team at Linkchain Gaming to push the EDR agents across all computers and enforce installation. This will allow them to monitor the agent whilst the user works from home and will trigger investigations from a central dashboard.

Install an intrusion protection system (IPS) 

An IPS detects attempts to infiltrate a network by comparing traffic to known patterns of malware/traffic to known patterns of malware/exploits. It can then automatically block the attempted access. It also could upload new signatures as new exploits are discovered. 

As for remote workers, we will require a different version of intrusion protection system. As a traditional IPS appliance will sit in the data centre and inspect traffic passing through the corporate firewall, which remote workers bypass entirely. Therefore, we would need to deploy a Host-Based IPS agent directly on each laptop, which will allow us to monitor traffic on the device itself and block malicious connections. Its key benefit is that it works from anywhere, whether its from home, the office, or even at a café. In order to centrally manage this, you are required to install and manage HIPS agents on Microsoft Intune allowing them to apply IPS policies remotely. This also makes it more convenient for the user as the computer doesn’t need to return to the office in order for the IT to make changes, they can easily deploy them over the cloud.

Install a cloud email security solution 

A cloud email security system inspects incoming and outgoing emails scanning attachments for malware and automatically quarantining emails that are potential phishing attempts. 

For remote workers, we are required to use a cloud-based solution. Modern cloud email security tools are directly integrated within cloud email providers such as Microsoft 365 or Google Workspace. These platforms scan emails before they reach the user, blocking any phishing, malware attacks that may directed to the user. They do this by analysing URLs in real time and apply AI-based behavioural detection. This means remote workers are protected before the email even hits their computer. Nonetheless, it is possible for some phishing emails to go undetected, therefore its important to enforce security awareness training as human error is a still factor, teaching staff on how to recognise phishing attacks and simulation phishing practices within the organisation can help reduce the likelihood of human error.

Enforce Multi-Factor Authentication

A security model that requires the user to provide two or more forms of verification before they can access a system, application or network. Instead of relying on just a password, which can be compromised given the recent attack faced by Linkchain Gaming, MFA offers an extra layer of protection. Authentication methods involve, security questions, SMS codes, and even fingerprints. Remote workers often login from different networks with some being protected and some being public, making them less secure than the office. MFA ensures that even if credentials are intercepted, attackers still cannot access company systems.

The most reliable way to enforce MFA for remote workers is to manage authentication through a cloud Identity provider such as Microsoft Azure A. These platforms allow you to enforce MFA before a user can access emails, VPN, or internal systems, by introducing this you will achieve MFA becoming mandatory before every logging which remote workers cannot bypass, and access becoming blocked if MFA is not passed. You can also create rules such as “Require MFA for all remote logins” which is called conditional access policies where MFA is enforced automatically depending on the rule set by the organisation. This ensures that MFA is applied intelligently, based on the risk it poses on the organisation.

Apply Least-Privilege Access and PAM (Privileged Access Management)

PAM is a security framework used to control, monitor, and protect access to privileged accounts. Privileged accounts involve system administrators, network engineers and any other account that can access sensitive IP or shared folders. As of Linkchain Gaming, the disgruntled employee sharing usernames and passwords is a perfect example of why PAM should be included. PAM will help Linkchain Gaming prevent sharing passwords, stop unauthorised access to confidential IP and limit the damage from an insider threat. This helps reduce the risk of credential theft whilst enforcing least-privilege access across the organisation.

Before enforcing any least-privileges or PAM, we need to recognise who has access to what and which permissions are unnecessary. Therefore, its recommended to first carry out a full access audit within the organisation. Least-privilege access means that every user gets the minimum access needed to perform the job. We can manage this by introducing RBAC (Role-Based Access Control), which assigns permissions based on the employee job role within the organisation and not individuals. PAM controls and monitors all privileged accounts. For remote workers, this is essential because you can’t rely on office-based network controls. It is important to integrate everything with zero-trust access control to ensure that every access request is being verified continuously.

Implement Zero-Trust Access Controls

A security model that enforces users to verify devices whether they are within the organisation, Zero-Trust requires continuous verification every time someone tries to access a resource on the organisation network. Every access request must be authenticated by the user using identity verification, location and user behaviour. Given that Linkchain Gaming issues where employees are sharing credentials and accessing to sensitive intellectual property, this makes it a perfect fit, as it would prevent unauthorised access even if the credentials are stolen as they will be required to verify their identity. This limits the damage from insider threats and external attacks by enforcing strong authentication for all remote access.

This model is important for remote workers as they operate outside the organisation network, making it hard to trace back to their actions. Therefore, establishing a strong identity foundation such as MFA would make the remote workers verify their identity using more than just a password. Linkchain Gaming should also enforce company-managed devices to be able to access the corporate systems as home networks may not be up-to-date and pose as a threat to the organisation network. Zero-Trust requires breaking the network into smaller, isolated segments. In a case of an attack, this means that the attacker cannot spread through the organisation as network is segmented makes the attack isolated. It is also important to for the organisation to provide sufficient training on how to operate from home safely widely covering phishing, MFA, device security and safe remote working in general.

 

Evaluation of the Maintenance Programme

The proposed security programme for Linkchain Gaming provides a comprehensive, multi-layered approach to addressing the vulnerabilities identifies in Task 1. It successfully targets the three primary attack vectors presented: human factors (phishing and user behaviour), technical weaknesses (malware, lack of monitoring, weak authentication), and organisational gaps (poor access control and policy enforcement)

Measures such as email security filtering, staff awareness’ training, and phishing simulations directly mitigate the most significant risk identified, Jordan’s unsafe email handling behaviour. At the same time, technical controls such as HIPS (Host-based Intrusion Prevention System), and endpoint protection addresses malware infections and unauthorised network activity. The introduction of Multi-Factor Authentication (MFA) and Privileged Access Management (PAM) specifically responds to the previous credential-based breach, significantly reducing the likelihood of unauthorised access even if credentials are compromised again.

Overall, the programme demonstrates strong alignments with the organisation’s risk profile and provides defence in depth, ensuring that if one control fails, other remain in place to mitigate the threat.

 

Trade-offs and Limitations

Despite its strengths, the programme presents several practical limitations and trade-offs that must be considered:

-          Cost:

Implementing advanced solutions such as PAM and network behavioural analysis tools can be expensive, particularly for a medium-sized organisation. Licensing, infrastructure, and ongoing maintenance costs can be budgeted.

-          Resources and Skills Requirements:

Many of the proposed controls like HIPS and network monitoring require skilled cybersecurity personnel to manage alerts and respond effectively. Without adequate staffing or training, this system may generate alerts that are not acted upon.

-          User Impact and Productivity:

Security measures such as MFA and strict access controls may initially reduce user convenience and productivity. Employees may resist changes, particularly if they are not supported with adequate training.

-          Implementation Time:

Rolling out organisation-wide changes such as Zero-Trust architectures can take time and must be carefully phased to avoid operational disruptions

-          False Positives:

Systems such as IPS and email filtering may occasionally block legitimate activity, requiring manual review processes, which therefore increase workload.

-          Dependency on cloud services:
If Intune/Azure goes down, it can have an impact on management which can disrupt productivity and leave the organisation at risk during downtime.

The limitations highlight the importance of balancing security with usability and operational efficiency.

Prioritisation of Implementation

Given the range of vulnerabilities and resource constrains, Linkchain Gaming should adopt a risk-based prioritisation approach, focusing first on controls that need addressing effectively based on:

-          Likelihood

-          Impact

-          Ease of Implementation

 

 

Immediate Implementation (Critical Risks)

-          Security Awareness Training with the focus on Phishing

-          Email Security Filtering solution

-          Multi-Factor Authentication (MFA)

-          Implement Zero-Trust Access Control

-          Privileged Access Management (PAM)

These controls directly address the primary attack vector and provide the greatest immediate reduction in risk.

Short-Term Implementation

-          Endpoint Protection and regular malware scanning

-          Patch Management and system updates

-          Basic Network Monitoring and firewall rule improvements

-          Install Host-Based Intrusion Prevention System (HIPS)

These measures strengthen the technical defence and reduce the likelihood of malware exploitation.

Medium-Term/Long-Term Implementation

-          Network behavioural analysis tools

-          Schedule Deep Antivirus Scans

These solutions enhance visibility and control access the network but require more investment and planning. As well as providing a long-term resilience in the organisation security posture.

Consequences of Not Implementing the Programme

Failure to implement these measures would leave Linkchain Gaming exposed to continued and potentially more severe cyber-attacks. Given the existing credential-based breach and evidence of phishing attempts, the organisation is already a primary target for attacker and inaction would significantly increase the likelihood of data breaches involving sensitive information and unannounced intellectual property. As well as financial losses due to operational disruption, ransomware and legal cost. Furthermore, it puts the organisations reputation on the line, which can lead to loss customer trust and competitive disadvantage.

From a legal and regulatory aspect, non-compliance with data protection requirements such as the GDPR could result in a mandatory breach reporting within the 72 hours of the attack and face significant financial penalties which can involve fines reaching millions of pounds. It can also lead to legal action from affected stakeholders which only ruins their relationship but it can lead to delays into projects as their budget may be constrained.

Conclusion

In conclusion, the proposed security programme provides a well-structured and effective approach to mitigating the risks identified within Linkchain Gaming. While there are cost, resource, and usability considerations, these are outweighed by the significant reduction in risk and improved organisational resilience. By prioritising high-impact controls such as MFA, email security, and user training, and gradually implementing more advanced solutions, Linkchain Gaming can develop a robust, scalable, and sustainable security posture.

Failure to act would not only expose the organisation to further cyber incidents but could also result in serious financial, legal, and reputational consequences, making the implementation of this programme both a technical necessity and a business-critical priority.

 

 

Comments

Popular posts from this blog

OS A3 Task 1

OS A3 Task 2