Describe 2 threats this interaction poses to the company. Provide step-by-step instructions on how to mitigate each interaction. Remember, numbered or bulleted steps or guidelines make the document easy for others to follow under potentially stressful situations. Paragraphs can be used to help support the steps or guidelines. Combine this week’s assignment with your revised assignment from week 2 – Apply Malware Attacks sections of your Playbook before you submit. You will be assessed on the content from both weeks in this week’s Playbook submission.

1. Playbook Threats – Threats Posed by Online Interaction

   Phishing

2. Clicking unwarranted emails could possibly lead to phishing.
3. This is a threat in which untrusted parties masquerade as legitimate people to purposely fetch sensitive information.
4. It typically occurs in digital communication and is a major cybersecurity issue.
5. It can either be perpetrated through instant messaging or email spoofing.
6. Email spoofing occurs when one receives an email with a forged address.
7. Once the users click on the email, they might be directed to deceptive websites that seem authentic (Arachchilage, Love & Beznosov, 2016).
8. They are then requested to enter personal details and other pertinent information.
9. By doing so, they end up exposing the firm’s data contrary to the company’s wish.

 References

Arachchilage, N. A. G., Love, S., & Beznosov, K. (2016). Phishing threat avoidance behavior:

An empirical investigation. Computers in Human Behavior, 60, 185-197.

Step by Step Instructions for Mitigating Eavesdropping

This threat mainly manifests where there are low-security measures. Therefore, it can be controlled through the following measures;

• • Encryption – Network, emails, and all forms of communication deserve to be encrypted, including data in motion and rest. By doing so, the encrypted data will be of less significance to the intruder even if it is intercepted. HTTPS should be used in all web-based communications, and WI-FI Protected Access 2 should be used for wireless encryption.
  • Authentication – The incoming data packets should be authenticated to reduce the chances of IP spoofing. Only effective and verified protocols and standards should be utilized for this purpose. The company can consider applying IPsec, TLS, and OpenPGP as the fundamental forms of encryption (Shea, 2020).
  • Network monitoring – The security team must embrace intrusion detection systems to identify unusual activities within the firm’s network. This helps detect and evade potential network vulnerabilities.
  • Network segmentation – Organizational infrastructure should be segmented to ensure that each sector is protected from the guest network. This ascertains that all the sectors are not affected in case of an attack.
  • Security technologies – This involves the application of a wide array of mechanisms such as VPNs, firewalls, and configuration of routers to reject spoofed addresses.

Eavesdropping

Also referred to as Man-in-the-Middle Attack (MITM) or snooping or sniffing. It occurs when a malicious agent intercepts communication between two computers or networks. The original intention is usually to tamper/eavesdrop on the transmitted data for wrongful purposes. Network eavesdropping occurs at the network layer and is designed to capture minor data packets under transit. – The data content is then extracted to provide the necessary information as desired by the attacker (Bighash et al., 2020). This attack can either be through anal or digital voice communication. It occurs on a real-time basis and thus can be used to acquire the most relevant information within an organization. Eavesdropping has occurred several times in the past and is legally prohibited in all jurisdictions for private or commercial reasons.

Step by Step Instructions to Mitigate Phishing

The procedure below can be used to control social engineering attacks.

• Be wary of unsolicited emails, especially from unknown persons.
• Remain diligent when online and exclusively select what you share.
• Verify the sender’s legitimacy before interacting with the email.
• Install technical security measures. – This can be achieved through strategic measures such as creating sustainable websites and installing anti-phishing websites (Gupta, Arachchilage & Psannis, 2018). Such precautious mechanisms ensure that the potential phishing attacks are proactively handled before they exploit fully.
• User training – The company should consider enlightening the employees on the prevailing cybersecurity attacks and how to prevent them. The workers serve in various computer terminals; hence more vulnerable to multiple attacks.