To:
From:
Date: 4/20/2022
RE: Insider Threat Vishing
BLUF (Bottom Line Up Front)
A vishing attack is a major insider threat that could result in losses of billions of dollars for an organization because of unauthorized access to corporate systems. Multi-factor authentication mechanisms are the most effective approaches to prevent vishing attacks because they provide a wide range of security tools for an organization.
Background
Insider threat is one of the common issues in the corporate and intelligence world. While it is often a high priority for senior management, the existing definition challenges have made it difficult for many organizations to identify and resolve this issue. According to the National Insider Threat Task Force, insider threat refers to the threat an insider poses to the U.S. national security when he/she uses his/her authorized access knowingly or unknowingly to do harm (Cybersecurity and Infrastructure Security Agency, 2020). However, insider threat extends beyond risks posed to the U.S. national security because it occurs in the corporate and intelligence world. It can include everything from forgetting to lock the computer. This essentially means that an insider threat is a security risk emanating from within the targeted organization through the intentional or unintentional acts of its internal stakeholders.
This organization is facing the risk of vishing, which is a security risk that falls under the general phishing attack. Vishing is a security risk that is carried out against the targeted organization to obtain sensitive information that could be used for identity theft or financial benefit. It entails the use of fraudulent phone numbers, text messages, and voice-altering software to trick users into providing sensitive information (Pangaro, 2020).
As the organization continues to rely on technology, vishing remains an insider threat that could compromise its effective operations and success. If any internal stakeholder in the organization answers a call from a fraudulent phone number, he/she could provide cybercriminals with sensitive information that could result in huge losses. A successful vishing attack could give cybercriminals access to sensitive customer data, financial assets, systems, files, and trade secrets. If an internal stakeholder in the company participates in a successful vishing attack wittingly or unwittingly, the organization could lose at least $58,000. Pangaro (2020) notes that a successful...
…to have more layers of security or protection than limiting VPN connections. VPN connections can be restricted to managed devices, time of day, and monitoring access through installed certificates or hardware checks. On the contrary, MFA mechanisms give a wide range of tools to plug holes into a scammers attack surface. Some of these tools include checking IDs or state licenses to determine the authenticity of the user, picture matching, knowledge-based identification quiz, device assessment, and biometrics. In addition, while VPNs are only for connections and cannot prevent unauthorized access to a system physically, MFA mechanisms offer protection against attempts to access a computer system physically.Conclusions and Recommendations
MFA mechanisms and restricting VPN connections are among the most suitable solutions to preventing vishing attacks against corporate systems. These solutions achieve this by adding extra layers of security to corporate systems. However, MFA mechanisms would be more effective than restricting VPN connections because of a wide range of security tools. Therefore, the order recommendation for the organization is to adopt MFA mechanisms for its corporate systems because of their wide range of security tools. Using MFA mechanisms…
References
Cybersecurity and Infrastructure Agency. (2020). Insider threat mitigation guide. Retrieved from U.S. Department of Homeland Security website: https://www.cisa.gov/sites/default/files/publications/Insider%20Threat%20Mitigation%20Guide_Final_508.pdf
Jang-Jaccard, J. & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993.
Nwabueze, E., Obioha, I. & Onuoha, O. (2017). Enhancing multi-factor authentication in modern computing. Communications and Network, 9, 172-178.
Pangaro, J.J. (2020). The insider threat related to cybercrime. Retrieved April 20, 2022, from https://www.govpilot.com/blog/the-insider-threat-related-to-cybercrime
The operating system faced these issues due to the lackluster approach from Apple to patch their software in time. As a result, it led to risking the data of personal users. It shows that irregularities in the patching of computers affected users adversely without any fault of their own (Daily Tech, 2012). In addition to that, the operating system of Apple is now considered as one of the most favored
Cyber Security/Cloud Computing Consider a recent cyber security breach (specific event) and address the following questions: Describe the circumstances involved Monster Com: Confidential information of 1.3 million job seekers was stolen and used in a phishing fraud Monster.Com, a United States online recruitment site reported in 2008 that hackers broke into the site using password-protected resume library. They used credentials that Monster Worldwide Inc. claims were stolen from some of its clients. Reuters reported
Cybersecurity as an Organizational Strategy: An Ethical and Legal Perspective Cybersecurity as Organizational Strategy Across the board -- in business, society, and government -- the promise of cyber capabilities are matched by potential peril. The cyber environment is never static, but it is perhaps most agile in response to the continual stream of emerging cyber threats and realized cyber attacks ("PCAST," 2007). Cybersecurity must be agile. The challenges that must be met
Cybersecurity Vulnerability What are Vulnerabilities? Hardware attacks because of Vulnerabilities Hardware Data modification / injection The Scientist Argument Secure Coprocessing How organizations can best address its potential impacts Cybersecurity Vulnerability: Hardware Weakness This essay introduces the role that computer hardware weakness opens the door up for attack in cyber-physical systems. Hardware security -- whether for attack or defense -- is not the same as software, network, and data security on account of the nature of hardware. Regularly, hardware
The level and sophistication of this attack on the Department of Defense's systems suggests that professionals conducted this attack with significant resources at their disposal and an interest in the national security secrets of the United States. The data mining operation was so successful that, while detected, still managed to make-off with a significant amount of information. Since the attack, the United States responded in a number of critical ways.
Cyber Security Ethical issues associated with ransomware It is only natural that people who are known to you will send you messages through your email address. It is lost on me how those engaging in ransomware business access information about their potential victims like the email address as to send you messages that have been infected that when opened infect the whole computer. These people engage in irregular activities. For the residents
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now