Add to collection(s) Add to saved
  1. No category
Uploaded by liz722408

UIS CASE STUDY #1

advertisement 
CAMERO, LIZA MARIEL A.
4BSAIS-2
PROFESSIONAL ELECTIVE 2- UIS
Case 2: A Construction Company Gets Hammered by A Keylogger
This cybersecurity case covers over 6 attacks of unauthorized bank transfer to an
unknown source totaling for a loss of $550,000 specifically through malware-based phishing and
keylogger attack. In malware-based phishing attacks, hackers hide malware in links or files that
look authentic and come from a trustable source. The attack started when the employee of this
small family-owned construction company had opened an email from a user whom disguised
himself as a materials supplier but in reality, the user uses an impostor account which sent a
malicious email with a malware attached to it. As per the article, cyber criminals successfully
installed a malware onto the company’s computers for which it uses a keylogger to capture the
bank credentials. More so, keyloggers were built to create records of everything being typed in
the keyboard. In this case, the log in records of a user-specific ID and password which is very
crucial in securing the company’s resources and information. Typically, victims were unaware
that all information being typed in the keyboard were being captured and monitored by these
criminals whilst bank credentials were extracted.
Upon observing that there has been an unauthorized access in the company’s bank
transactions, the company resorts a plan to shut down their bank account to halt more transfer
transactions. The company also consulted cybersecurity forensics to review their cybersecurity
systems, identify the source of incident, and recommend upgrades to their existing security
software. The step taken by the company is very commendable and for which I believe, is the
best approach to address the issue. However, this incident would have been avoided if there has
been a precautionary training or seminar for its employees to inform and warn employees about
these kind of cybersecurity issues which in comparison, would result to lesser cost than
addressing the actual attack. Moreover, the construction company did not discover the first
attack which is very disturbing for it only implies that their system is not being reviewed on a
regular basis. Reviewing all transactional reports regularly would have been their key tool to
identify all threats and attacks in the business.
CAMERO, LIZA MARIEL A.
4BSAIS-2
PROFESSIONAL ELECTIVE 2- UIS
Even from a small to big enterprises, cybersecurity plays a vital role in protecting all
categories of data from theft and damage. This includes sensitive data, personally identifiable
information (PII), protected health information (PHI), personal information, intellectual property,
data, and governmental and industry information systems. In this case, some security measures
would have been implemented to prevent this incident. First, the company must have a standard
format of trusted email addresses to ensure that fake email addresses are filtered out from those
trusted sources. This would make the company’s database more coordinated in tracking down
the source of phishing attacks. More so, the management must communicate this to the
employees to imply awareness as to what files or links will they open over the load of emails.
Second, the company must invest in utilizing a Key Encryption software. This is a type of security
program that enables the encryption and decryption of all data stream at rest or in transit. It
enables the encryption of the content of a data object, file, network packet or application, so that
all data such as login data ID and password, are secure and unviewable by unauthorized users. In
this case specifically, this would allow all key stroke to be read first in other forms of data and
not directly copying what the employee is typing even when keylogger is attached in the
malware. Third, the most important step is to have a technical support in the business. Technical
support will be addressing all the concerns of employees such as upon suspecting that there has
been an untrusted link or email sent on the company’s address. This would prevent the company
in outflowing its resources for the reason that all suspected attacks will be identified and solved
as it occurs and no further losses is incurred. They could also run reviews on the systems to
recommend and implement various ways of strengthening the security within the company.
All businesses are prone to cyberattacks. In a construction industry, unauthorized bank
transfer risks could be reduced through the following:
1. Initiate transaction alerts such as deposit, withdrawal, and transfer on all bank
accounts.
2. Make sure that all of the employees are trained about cybersecurity.
3. Update bank credentials regularly.
4. Immediately report incidences of phishing, or its variations, to bank or financial
institution.
CAMERO, LIZA MARIEL A.
4BSAIS-2
PROFESSIONAL ELECTIVE 2- UIS
5. Choose a bank that has a multi-layered authentication for better security.
6. Formulate a response plan and communicate it to the employees.
Unauthorized electronic payments from business bank accounts are a growing concern
for banks, businesses, and even the general public. Users must always be alert to protect all
personal data to prevent it from leaking to any attacks. True enough, with proper knowledge
about these risks and with proper training on how to address them, will result to a safer work
and living environment.
Related documents
IANKIM
IANKIM
BomberJacket Networks - Andover Cybersecurity and IT Support
BomberJacket Networks - Andover Cybersecurity and IT Support
Key Tools in Your Cyber Security Portfolio - Aurora IT
Key Tools in Your Cyber Security Portfolio - Aurora IT
How Cybersecurity Really Works A Hands-On Guide for Total Beginners
How Cybersecurity Really Works A Hands-On Guide for Total Beginners
Download
advertisement