Cyber security is an application of the processes, technologies, and controls for protecting the networks, devices, data, and systems from any cyber-attack. The purpose of cyber security is to reduce or eliminate the risks of cyber-attacks as well as to protect against any cyber-attack like unauthorized exploitation of the network, technologies, and system [1]. For this study, the recent ransomware attack that has been chosen is the Kaseya ransomware attack.
The key reason for the Kaseya ransomware attack is the high-level trust in the customer devices. The attacker was the REvil ransomware service, which attacked the VSA SaaS platform of Kaseya using the zero-day exploits for gaining access as well as distributing the malicious software to the system and the customers of Kaseya [2]. Various other organizations like Kaseya, Quanta, HX5, and JBS Meats were also targeted in this attack.
Confidentiality, integrity, and availability are very vital in the context of the Kaseya ransomware attack. Confidentiality in Kaseya is very important as this involves the efforts of the company for ensuring that the business data is kept private and secret. Confidentiality is required for accomplishing security and access to the organizational data should be controlled for preventing unauthorized data access [3]. Integrity in the organization involves ensuring that the information free from any type of tampering and trustworthy. The integrity of information of Kaseya helps in maintaining the data by ensuring that the data is reliable, accurate, and authenticate. Even if the integrity is maintained and the data is kept confidential, the data will be useless if the data is not available to the organization and the clients. Availability helps the organization to use the redundant network, application, and server, which is helpful in addressing the ransomware attack.
With the five fundamental security measures, the Kaseya ransomware can be prevented effectively. Layering will provide the comprehensive protection of Kaseya and will add more security layers. Limiting will help the organization authorize the information and the information will be used only for any necessary tasks. The limiting principle will also make the access restricted for the users [4]. Diversity will be related to layering. If the organization uses a security layer then the organization must use different types of security for the layers. Obscurity will make access to the data for the outsider much more difficult so that the outsider cannot identify what is happing inside. Simplicity will make the security system of Kaseya hard and will make the users, which will lead to the creation of a bypass method.
Cyber security hygiene is very important for individuals, organizations, or any institute as this helped in keeping sensitive and confidential data protected and secured from cyber-attacks [5]. Cyber security hygiene is a shared responsibility, which all the users and departments should prioritize. With this approach, the users can maintain proper cyber hygiene by following the best security practices like creating unique passwords, avoiding any public wifi, and making access restricted for the users. By maintaining good cyber security hygiene, organizations or individual will be able to reduce the risks related to data loss, data compromise, or operational interruption.
References for Network Security Fundamentals
M. Zwilling, G. Klien, D. Lesjak, L. Wiechetek, F. Cetin and H.N. Basim, Cyber security awareness, knowledge and behavior: a comparative study, Journal of Computer Information Systems, 62(1), pp.82-97, 2022.
L. Phiri and S. Tembo, Evaluating the Security Posture and Protection of Critical Assets of Industrial Control Systems in Zambia, 2022.
M. Droppa and M. Harakaľ, Analysis of Cybersecurity in the Real Environment, In 2021 Communication and Information Technologies (KIT) (pp. 1-7), IEEE, 2021, October.
S. Bhattarai and Y. Wang, End-to-end trust and security for Internet of Things applications, Computer, 51(4), pp.20-27, 2018.
M. Souppaya, K. Stine, M. Simos, S. Sweeney and K. Scarfone, Critical cybersecurity hygiene: patching the enterprise, National Institute of Standards and Technology, 2018.
