Discuss about the Cyber Threat Assessment for Emirates Online.
Cyber attacks and cyber threats are possibly the most pressing issue that has concerned the cyber-law enforcement agencies around the globe for past few years. Reports of cyber attacks have continued to occupy the headlines of every newspaper worldwide. The cyber law-breakers are always coming up with innovative methods and technologies to cause havoc in the cyber world and keep busy the guardians of cyber security (Singer and Friedman 2014). The agencies that are responsible for the protection of the cyber world are always involved in developing new strategies, methods and technologies to disrupt the actions of the cyber criminals. However, the cyber criminals seem to outdo the protectors every time at every instance (Robinson et al. 2013).
This report serves the objective of informing Emirates Airlines regarding the cyber threats that are concerning the cyber vigilantes for the past two years. It also analyses and provides details on the impacts that such cyber threats may have on the organisation and its operations. Finally, the report provides suggestions on possible risk management measures that can be undertaken by the organisation to protect itself from such cyber assaults.
The past few years has seen an intense level of activity in cyber attacks around the globe that caused damage ranging from organisational to global. There has been an exponential growth in the frequency of cyber attacks lately. The attacks were carried out with different methods and technology that had different effects and results (Andress and Winterfeld 2013). The global law-enforcement organisations constantly analyse these attacks and compare their complexities with other types of attack. Based on the final report the most threatening attacks are identified every year. In 2015, the top 5 cyber security threats were identified to be ransomware, cyber risk related to the use of Internet of Things, Cyber espionage, Cyber theft, risks in BYOD (Choucri, Madnick and Ferwerda 2014). In 2016, the top 5 cyber threats were identified to be mobile payments and banking hacks, next-generation heartbleed, advanced phishing attacks, cyber election fraud and risks related to cyber insurance (Choucri, Madnick and Ferwerda 2014). In the year of 2017, the top five cyber threats has been identified as nation-state cyber attacks, ransomware attacks, distributed-denial-of-service attack, risks related to Internet of Things, Social Engineering and Human Error (Choucri, Madnick and Ferwerda 2014). Therefore, it is evident from the statement above that with the face of cyber threat changing rapidly each year, the list of top cyber threats is also inconsistent.
However, some cyber threats are constantly bothering the cyber protectors for the last few years. The magnitude of impact of the cyber threats depend on the type of business it is affecting. In case of organisations dealing in airlines transport business such as the Emirates Airlines, certain cyber threats are identified that can cause the most damage to the business of the organisation. Five greatest cyber threats to organisations like Emirates are as given below.
The most damage that can be caused to organisations like Emirates Airline is through coordinating a successful ransomware attack. A ransomware is a sort of malware that is designed specifically to prevent access of a user to a computer and demand ransoms in exchange of restoring the system to its previous state (Pathak and Nanded 2016). Most of the airline manufacturing organisations supply completely digitally equipped advanced airlines nowadays. Therefore, all of the airlines that are used by Emirates Airlines are digitally equipped that are used by the pilots to control the aircraft as well as establish contact with the Air Traffic Control (ATC) of the airfields (Brewer 2016). Now if a ransomware attack is coordinated on the organisation that prevents the pilots to communicate with the ATC while landing or taking off from the airfield or prevents them from controlling the aircraft, then the craft can suffer massive accident that can cause large amount of life loss as well as financial and reputational damage to the organisation.
The connectivity of all digital devices to the internet can sometimes prove to be fatal, especially in aviation industries. All the devices that are used in an aviation industry from the airlines to the offices of the organisation needs to stay connected with each other as communication is vital in an aviation business (Jing et al. 2014). In case a cyber attack is coordinated by releasing, a malware within the network to which all the devices are connected that disrupt the communication among the offices and the aircrafts; it can raise many issues from delay in services to compensating the affected passengers (Jing et al. 2014).
A phishing attack is generally used to retrieve sensitive information from a system that can be used for the benefit of the attacker in another instance. A phishing attack coordinated on the data centres or systems of the organisation can retrieve sensitive official information that can fuel criminal activities at a later instance (Hong 2012). The data may contain details of the aircrafts that are presently used and their conditions and security features that can be used by terrorist or criminal organisations to conduct criminal activities such as hijacking the crafts. This can lead to huge financial loss to Emirates as well as may endanger the lives of many passengers (Hong 2012).
The purpose of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attack is to deny a user to use the network services by flooding the network with repeated requests and congesting the network traffic (Bhuyan et al. 2013). A DoS or DDoS attack can congest the network in which the organisation maintains communication among its other departments. As a result, the communication will be disrupted within the organisation, which may cause in several operational issues (Bhuyan et al. 2013).
Cyber espionage is similar to the phishing attack as it also serves the purpose of illegally obtaining confidential information from organisations or governments by using the network (Lewis and Baker 2013). Such attacks can retrieve sensitive information of the organisation like the details of the employees working in the organisation and their bank account details, which can be used for causing potential damage to the organisation or its people in terms of finance and reputation.
To mitigate the threats mentioned above the organisation needs to make certain reforms to the current IT infrastructure as well as implement some new methods and technologies for the same purpose.
Initially, the organisation need to use updated systems with latest operating system and software that has lesser amount of bugs that can be exploited by malwares like ransomware to breach the system and take control of the same (Hua and Bapna 2012).
The devices that are connected to a network need to have sophisticated security tools implemented so that it becomes difficult for the hackers to gain entry to the devices easily. This will mitigate the risks related to internet of things (Lewis and Baker 2013).
The network to which the systems are connected in the organisation needs to have strong firewall incorporated, which will scan and detect any malicious package within the network and prevent it from entering any system. This will prevent attacks like phishing and cyber espionage.
The Emirates can consider purchasing an enormous amount of bandwidth in the network of the organisation, which will reduce the possibility of DoS or DDoS attacks (Bhuyan et al. 2013). This is because, the more bandwidth the organisation have the more difficult it will become for the attacker to congest all the network traffic at the same time. In addition to this, the organisation can implement certain software services that provide products that can detect DoS and DDoS attacks.
The Emirates can recruit third-party service providers who provide application suites that help in providing complete risk management solutions along with detailed information on the types of threats that can affect the organisation and their impact on the same (Hong 2012).
Finally, the organisation needs to train its employees with proper knowledge of identifying the threats and what steps should be taken at the event of a cyber attack (Hua and Bapna 2012). Employee awareness is vital to fighting the threats to cyber security in any organisation. Sometimes, an attempt of cyber attack can be prevented by the timely action taken by an employee who is well informed about the mode of the attack and its preventive measures.
The Emirates is an aviation industry that stores sensitive business information, which if exposed to cyber attackers, can cause great financial and reputational damage to the organisation. Some information can also fuel future criminal activities. That is why; the protection of the information assets of the company is of utmost priority for safeguarding the interest of the same. Some measures can be taken to ensure the security of the information assets as provided below:
Conclusion
The report reaches the conclusion that an aviation company like the Emirates needs to defend their hard-earned reputation heavily from the cyber attackers whose actions can affect it severely. To do so, the organisation needs to make certain changes as well as undertake certain new measures to fight the threats to cyber security.
References
Andress, J. and Winterfeld, S., 2013. Cyber warfare: techniques, tactics and tools for security practitioners. Elsevier.
Bhuyan, M.H., Kashyap, H.J., Bhattacharyya, D.K. and Kalita, J.K., 2013. Detecting distributed denial of service attacks: methods, tools and future directions. The Computer Journal, 57(4), pp.537-556.
Brewer, R., 2016. Ransomware attacks: detection, prevention and cure. Network Security, 2016(9), pp.5-9.
Choucri, N., Madnick, S. and Ferwerda, J., 2014. Institutions for cyber security: International responses and global imperatives. Information Technology for Development, 20(2), pp.96-121.
Hong, J., 2012. The state of phishing attacks. Communications of the ACM, 55(1), pp.74-81.
Hua, J. and Bapna, S., 2012. How can we deter cyber terrorism?. Information Security Journal: A Global Perspective, 21(2), pp.102-114.
Jing, Q., Vasilakos, A.V., Wan, J., Lu, J. and Qiu, D., 2014. Security of the internet of things: Perspectives and challenges. Wireless Networks, 20(8), pp.2481-2501.
Lewis, J. and Baker, S., 2013. The economic impact of cybercrime and cyber espionage. McAfee.
Pathak, D.P. and Nanded, Y.M., 2016. A dangerous trend of cybercrime: ransomware growing challenge. International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume, 5.
Peltier, T.R., 2013. Information security fundamentals. CRC Press.
Robinson, N., Gribbon, L., Horvath, V. and Cox, K., 2013. Cyber-security threat characterisation.
Singer, P.W. and Friedman, A., 2014. Cybersecurity: What Everyone Needs to Know. Oxford University Press.
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.
Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order form
Once we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignment
As soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download