Identifying Potential Risk, Response and Recovery: Malware Attack - Paper Example

Malware attack being the first threat to the organization in the company there are a few ways for the company to handle such an attack. First a brief introduction on what a malware could be in the organization's system, this is simply a program code which will still information or data from the system without the knowledge of the organization or destroy some things within the organization's system. The malware included different cyber threats such as viruses, worms and Trojans. The best strategy for avoiding such a malicious attack is risk avoidance. This is a process which involves the avoidance of the malware attack by ensuring that any action that may result in the malware installing within the system is avoided (Baumgartner et al., 2015). This can be achieved through informing the members of the organization to avoid the clicking or the download of different and unknown links received from unknown senders. Also, the organization can deploy a robust and an updated firewall within the organization's system which prevents the transfer of large data files over the company's network in the intent to weed out such attachments that may contain malware. It is also imperative for the enterprise to ensure that the company computers are running an updated security programs which run frequently to address any weak points within the computer.

Denial of Services attack (DOS) is an attack which interrupts the services of the organization's network. The attacker sends high volumes of data or traffic within the network to the point the network gets overloaded and can no longer function. The best strategy to address the associated risk is avoidance. This is due to the fact that in cases such an attack affects the network there is no best way to mitigate or solve the problem. Hence avoidance of the problem is via avoidance of the attack before it happens (Williams et al., 2014). The best way to handle the attack is through detective control where the company's network administrator monitors the network traffic in case of any abnormal activity within the network. Any spike in the traffic can be realized before such an attack happens. Also, regular software updates are significant within the system so as to ensure that the security of the system is alert in case of an attempt of an intruder into the network who may have malicious intentions in the network. This also calls for the physical monitoring of the connections within the organization's network in case an intruder may be physically connected to the system (Almasizadeh & Azgomi, 2014). In case such an attack is to happen then physically cutting the cable that connects the website servers of the organization to the internet can be a solution to the attack.

Malvertising is one of the most common attacks currently for many organizations since very few users know how to handle them. This is an attack which involves the compromising of the system via malicious code that gets downloaded into the organization's system when a user clicks on an ad which is affected. Affected ads are ads that have been designed by attackers and then uploaded on different online sites using the ad network. The minute the user clicks on such ads unknowingly the code is downloaded into the system (Almasizadeh & Azgomi, 2014).

The best strategy for the associated risk is risk avoidance. This is due to the cost associated with the other strategies. In case such an attack manages to get into the organization's system the level of damage that it may cause cannot be managed hence the conclusion to the risk avoidance strategy. Administrative control and preventative control on this attack help a lot in avoiding this particular attack. Users of the organization's system need to be taught the different kinds of ads on the internet as well as how to avoid malvertising. Some ads which do not look realistic such as, ads claiming you have won a trip to the Bahamas or you have won three laptops happen to be ads which come with different attacks to the system (Williams et al., 2014). The use of common sense is applicable to this kind of attack also since the user personally can identify unrealistic ads.

The amount of data and information that runs within the organization needs to be secure from potential attackers who may want to access the data or compromise the company's information. This is the main reason for carrying out risk management. This help prepares the organization in case any risk is to emerge at some point hence the company has some laid down protocol to follow in such a situation. The absence of risk management this would imply that in case the organization is faced with an attack it stands no chance against the situation since the company has never anticipated such a situation to happen.

Control identification comes after risk management where for example an attack can be identified and managed. This also helps build a better defense strategy in case the organization is in a position where its system gets compromised by an attack. Risk management, control identification and selection process become more important since the help the organization realize most of the possible threats the company faces which may not be realized at the moment but with the above, the organization is able to be prepared in case of such threats or attacks which may not have been predicted in case risk management was not in place.

Executive Summary

For the organization in the line of work the company is operating on attackers are much likely to try and compromise the system so as to access the relevant information within the company so as to get a competitive advantage or to sabotage the company's projects at hand. This is one of the main reason for the understanding of the different possible attacks on the organization. To avoid this, a security system for the organization's data and information should be put in place so as to prevent any kind of an attack. Users of the system should be educated on different types of cyber threats that they may be facing such as the malvertising attack which targets the users who may not be aware of the threat. Security protocols should be put in place and followed to the end such as security software updates.

All the security software running in the organization should be up to date so as to intensify the organizations safety. Other network monitoring practices need to be followed continuously so as to ensure no suspicious activity happening within the network. The network administrator should generate a report detailing all the activities happening within the organization's network which in return ensures the consistent network monitoring. Systems passwords need to be updated continuously so as to block out any intruder who may have logged in to any of the organization's system or network. The security of the system starts with how well such policies are followed.

References

Almasizadeh, J., & Azgomi, M. A. (2014). Mean privacy: A metric for security of computer systems. Computer Communications, 52, 47-59.

Baumgartner, L., Strack, C., Hossbach, B., Seidemann, M., Seeger, B., & Freisleben, B. (2015, June). Complex event processing for reactive security monitoring in virtualized computer systems. In Proceedings of the 9th ACM International Conference on Distributed Event-Based Systems (pp. 22-33). ACM.

Williams, J., Dabirsiaghi, A., & Sheridan, E. (2014). U.S. Patent No. 8,844,043. Washington, DC: U.S. Patent and Trademark Office.