Introduction
The current report is designed to articulate the cybersecurity breach causes and threats to data safety of the engineering company Sifers-Grayson. The company that starts a new contract with a federal agency is eligible to comply with strict security requirements that must be tested, problems uncovered, and improvements addressed and implemented. For the purpose of the incident outcome assessment, the report presents an analysis of the company’s system penetration by a hired consulting firm. The lessons learned after the firm conducted the testing of Sifers-Grayson current cybersecurity measures and incident response procedures are discussed. Finally, the recommendations, as per the improvement of the incident response capability, are introduced to ensure the elimination of the identified drawbacks and the compliance of the engineering company with the security requirements presented by the federal agency.
Analysis of the Incident
Sifers-Grayson is a company that is operating in the sphere of electronic engineering. The new cooperation opportunity for the company entails integration with a federal agency that necessitates updated and improved cybersecurity measures that comply with the standard guidelines and regulations. The company hired a consulting firm specializing in cybersecurity to enhance compliance with the federal agency’s demands. To allow the consulting company to run their testing, Sifers-Grayson allowed it to inspect the databases in place. The Red Team of the hired consulting agency penetrated Sifers-Grayson’s system and accessed the engineering center, hacked the network, and stole files and documents related to the development and engineering of the AX10 Drone System. This happened because there was no effective technology set up and maintained to provide a sufficient level of security for the engineering system and employee accounts on software, as well as hardware stored information.
In addition, the Red Team managed to steal login information of the employees and was able to enter the facilities by interacting with friendly workers employed at Sifers-Grayson, who welcomed outsiders to the buildings. This occurred due to the unprotected data on the servers used by the company. Also, the lack of employee awareness about the threats of cyber-attacks and outsiders’ presence inside the facilities of the company caused the ease of penetrators’ access to the information and resources. The Red Team used the stolen logins to install malware and disrupt the work of the laboratory. As a result, the Red Team was able to control test vehicle of the drone. This illustrates that cyber criminals have an opportunity to hack into the system and steal both engineered products and the designs, which is significantly dangerous for a business entity (Huang et al., 2018). In addition, the Red Team sent Phishing Emails to employees and successfully obtained their reaction to them, which is how the IP addresses were tracked for further manipulation.
In particular, the analysis shows that the processes at Sifers-Grayson are disconnected from one another, where the IT department is thought to be responsible for cybersecurity, and no other entities on the company team are entitled to protect data from criminals. No clearly introduced a policy that would regulate the algorithm of steps in the case of a security breach or a threat to data and information. People involved in the implementation of cybersecurity are scarce in number and limited in expertise, which disrupts the effectiveness and timely implementation of incident response and incidence prevention strategies. No effective technology is implemented, which is why unprotected network connection exists and allows for hacking opportunities.
Lessons Learned
Based on the checking and testing conducted by the Red Team, Sifers-Grayson obtained a full picture of the weaknesses that their cybersecurity system has and the requirements that the company needs to comply with to maintain a proper level of data safety. Firstly, in regards to the technology domain, Sifers-Grayson’s protective technologies are ineffective in eliminating network connection by external devices. Since the Red Team was able to hack into the system by means of unprotected network connection, there must have been a technological solution that would have prevented such an incident. Also, since there was no additional authentication feature for logging in to the lab database, the Red Team was capable of accessing login information and obtaining control over the testing drone. Therefore, there should have been better and more secure protecting technology in place for the company to avoid the incident.
Secondly, within the realm of people, the limited number of employees working in the IT department does not suffice the requirements of the security guidelines. The incident has demonstrated that the implementation of the technologies was not consistent and was inappropriately used within the context of the company’s business processes. Therefore, the IT department employees should have been more proficient in the execution of their responsibilities when responding to the incident. Nonetheless, not only the competence but the number of employees should have been increased to eliminate the threats to system security. In addition, the lab workers and other employees whose actions related to welcoming outsiders to the facility and responding to insecure emails also contributed to the breach in the data security system. These issues also relate to the policy implementation within the organizational structure at Sifers-Grayson.
Thirdly, the policies pertaining to cybersecurity were ineffective or were completely lacking. Once the Red Team penetrated the network and started conducting criminal actions against the company, a series of steps within the company policies must have been taken. The IT department should have identified the area that has been hacked, and the employees should have been more cautious as per the outsiders on the company territory and the suspicious emails. Fourthly, the processes inside the IT department were not in place according to the necessary policies. No algorithm of response to incidents has been implemented, which ultimately diminished the capability of the company to prevent and respond to the breach in security. A centralized well-aligned team might have increased the company’s chance to timely detect and eliminate the threat.
Conclusion and Recommendations for Improvements to Incident Response Capability
In response to the identified lessons learned and weaknesses detected, the following recommendations for improvements might be introduced. The policy aimed at training the IT department for timely and effective responding to cyber-attacks should be developed and implemented. In addition, the policy should be disseminated to all employees having access to digital information, especially in lad designing and engineering. The knowledge of the employees about the threats and possible ways of cyber intrusion will increase the level of awareness and help to eliminate similar incidents in the future. The development of a centralized team that would be responsible for monitoring the processes inside the network and report the identified inconsistencies to the related entities would improve the incident response capability. The alignment of the processes of detecting and automated reporting of cyber threats would be a beneficial asset to the company’s cybersecurity and lab information protection.
One of the technological solutions that might prevent cyberattacks and protect employee accounts and the overall data related to the company’s engineering processes is the implementation of multi-factor authentication. This solution necessitates the insertion of a one-time code that is uniquely generated per every entry to the system (Lamba, 2019). In addition, another technological solution that might protect the company’s laboratory database from unwanted entries is the intrusion prevention system. By means of two-layer protection from wireless device access, an intrusion prevention system allows for providing the business with a high level of cyber security (Oke et al., 2018). Moreover, an additional option that is capable of protecting the engineering and designing data is introduced by the National Institute of Standards and Technology (2020) and entails role based access control (RBAC). The CEO and the employees at the leading positions at the company in possession of the vulnerable and pertinent information might be assigned specific roles that would allow for additional protection of the data within the provisions of RBAC.
Within the perspective of people’s involvement in the policy, technology, and process implementation, there are several specific recommendations for Sifers-Grayson. In particular, the recruiting of new IT staff members with expertise in cybersecurity is required. Further training of the IT department team for the utilization of the new technologies and the implementation of improved policies is recommended. Finally, the overall company employee cybersecurity awareness-raising interventions and training are necessary to ensure consistency in policy implementation.
References
Huang, K., Siegel, M., & Madnick, S. (2018). Systematically understanding the cyber attack business: A survey. ACM Computing Surveys (CSUR), 51(4), 1-36.
Lamba, A. (2019). API design principles & security best practices – accelerate your business without compromising security. Cybernomics, 1(3), 21-26.
National Institute of Standards and Technology. (2020). Role based access control [Data set].
Oke, J. T., Agajo, J., Nuhu, B. K., Kolo, J. G., & Ajao, L. A. (2018). Two layers trust-based intrusion prevention system for wireless sensor networks. Advances in Electrical and Telecommunication Engineering, 1, 23-29.