Risk Assessment and Mitigation for the Insurance Company
Question
You have been working in the field of network security, and are now a Risk Assessment Analyst. Your daily duties often are diving into networks, and performing on risk assessments to prevent application security defects and vulnerabilities from occurring.
One day, you received a work order showing an Insurance office network needing a risk assessment, since one was done over 10 years ago.
The insurance office network contains the following:
PCI/PCII
5 servers
4 2016 servers
1 2013 server
50 endpoints
45 Windows 10
5 Windows 7
2 branches
5 printers
50 VoIP
35 Employees
Once you have designed a thorough and detailed risk assessment for the company, the Senior Risk Analyst asked you to create a network configuration on how to potentially mitigate the risks that you have identified (in the risk assessment).


Solution
Risk Assessment and
Mitigation for the Insurance Company
An insurance company in the financial
sector handles sensitive data that is a priority target for hackers and
constant cybersecurity threats. They are also a potential target for
unauthorized third parties. Therefore, a resilient data and infrastructure
security model are paramount. Risk assessment and mitigation strategies are
significant due to numerous evolutions on cybersecurity and increased
vulnerabilities in the system over time. Through business interruption, the
plan will prevent network and data breaches, compromised logins, ransomware,
phishing, malware, and reputation damage (EIOPA,
2019). However, a flaw in processes, data, physical location, and
software can lead to vulnerability in the information infrastructure. Therefore,
we require necessary security resources, patched system functionalities, and
user security training in the risk mitigation strategy.
Potential threats and
vulnerabilities for the company
Malware risks
Viruses
A user can infect the system by
copying the network resources. Most viruses can self-replicate to resources in
the network, such as workstations and servers, without users' knowledge (Firch, 2021). The viruses are sent via email
attachments, web downloads, removable storage drives, instant messaging, and
network connections. Viruses are
commonly embedded in files such as .doc/.docx, .exe, .xls/.xlsx, .zip, and
.html. The attacker can use viruses to deliver payloads to the network
infrastructure and resources in the network.
Logic bombs
This malware can deliver payloads to
email servers, data servers, and web servers when triggered by the users in the
network or when a specific date and time reaches (Firch, 2021). It can also be triggered when a user reaches several
attempted logins to the system. Antivirus software such as Kaspersky will
detect logic bombs in the network and computing resources when they are
triggered.
Keyloggers
Keyboard capturing can give an
attacker a log based on user keystrokes without their knowledge. According to a
study, hackers in insurance companies target customer information such as
personal details, credit card information, email addresses, usernames, and
passwords (Deloitte, 2021). They are used
to track activities and steal usernames and passwords. An attacker embeds a
physical wire discretely to input peripherals like a keyboard or uses a trojan.
Trojan horse
These are computer programs usually
disguised as legitimate to the system but hidden to avoid detection. Although
they cannot self-replicate, they allow threat actors to create backdoors into
the network for stealing sensitive data from the system (Firch, 2021). They are commonly spread through email attachments,
instant messaging, and website downloads. An attacker can combine social
engineering to deploy trojan programs and trick users into executing them.
Botnets, rootkits, and spywares
Robot networks are bots attached to a
network after compromise to allow remote system control. For instance, they can
control the printing devices in the network. They can also launch a DDoS attack
by sending large data pieces to webservers, which may take it offline. Spyware and
adware collect users' information such as identification, usernames, and
passwords, and attackers sell the data to unauthorized people. Rootkits are backdoor
control of the computer from a remote location that gives an attacker privilege
for changing system configuration, logging files, and spying on users.
Social engineering threats
A threat actor can bypass
authentication and security protocols through social engineering attacks. The users
will be oblivious of attacks because attackers use tricks and psychological
exploits to force users to surrender sensitive information capable of
compromising the system. Social engineering can occur in various ways,
including phishing, spam, dumpster diving, shoulder surfing, vishing, smishing,
tailgating, and whaling. The most likely vulnerabilities, in this case, include
pharming, vishing, and smishing. Pharming comprises altering the host file or
exploiting a DNS server vulnerability to redirect the URL to a false site.
However, this attack will be mitigated through URL filtering.
Vishing
An attacker can combine phishing and
voice exploits to launch an attack on a VoIP line. Threat actors use specific
VoIP tools to compromise auto-dialers and pass robocalls or messages through a
spoofed VoIP address (Firch, 2021). They
confuse users by pretending to be friendly or threatening them that their
security is compromised. They need to update the passwords.
Smishing
Uses SMS messages to trick users into
giving unauthorized people personal information including credit card numbers,
account names, and passwords. Additionally, the attacker may embed a URL to the
message, invite them to click on the link, and redirect them to a third-party
malicious website.
Unpatched and outdated
software
Unpatched software is a non-physical
network vulnerability that affects Operating systems (OS), data, and other
software installed in the information infrastructure. The software requires updating
with patched versions the reduce risks and vulnerabilities. Microsoft currently
supports Windows 7 OS, which means patches for bugs and OS vulnerabilities
recently detected (Firch, 2021). These
computers are a high-security risk. Therefore, it is significant to upgrade the
five endpoints running windows 7 to windows 10.
Misconfiguration of
firewalls and software
Internal network and server
misconfiguration increases risks to the organization's assets. It enables
threat actors to analyze the network traffic, compromise resources on the network,
and steal sensitive data from the organization and its clients. Misconfiguration
of a network of resources is an avenue for attacks through code injection,
cross-site scripting, brute force, forceful browsing, and buffer overflow. If
the company uses cloud infrastructure, the correct configuration of cloud
resources such as storage is required to minimize risks. Lack of data
encryption and backup strategies also increases the risks of sensitive
information.
Risk mitigation
strategies for the network and information infrastructure
The initial step is identifying and
prioritizing assets in the information system infrastructure. These resources
include the PCI/PCII, five servers, the 50 endpoints, five printers, two
branches, 50 VoIP, and 35 employees. Some of the necessary details to collect
about the assets and information system security architecture include the
software type, hardware components, the purpose of the assets, network
topology, data storage and protection, system users, data, technical security
controls, information flow charts, physical security for the assets. The
details collected give insights on mission-critical assets in the network and
the significance of each asset to the organization. We will use common
categorization to categorize these assets: legal standing, monetary value, and
technical importance to the infrastructure and its security protocols (EIOPA, 2019). The assets will be incorporated
in security policy and classified as either minor, major, or critical to the
infrastructure and organization in general. Threat management is vital to
ensure security on the network.
Insurance companies must share
information with the DHS and NPPD for compliance assessment and data-security
standards analysis. The requirements for PCI include maintenance of firewalls,
protection of passwords, cardholder details, encryption of sensitive data under
the transmission, use of antivirus, updating software, data access restriction
protocols, unique access IDs, and restricting physical access to sensitive
components such as servers (Groot, 2021).
The company will equally be required to maintain access logs into the network
and resources. Proper program handling ensures secure sharing of data between
insurance companies and the government through non-disclosure regulations. In
addition, PCI/PCII requires a regular vulnerability scan on the network at
least quarterly. It is equally significant to conduct scans after changes in
the network, for instance, after adding a new component and upgrading the
previous installations. These tests can be automated to hunt vulnerabilities in
the infrastructure.
Physical protection of assets in the
network is significant in the company network. This organization's network
comprises physical assets, including workstations, servers, and printers. Among
these, the five servers in the network are at higher risk of compromise. To
ensure only authorized access, turnstiles should be used to secure server room
entry points, and individualized access cards together with biometric scanners
should be used to enter server rooms.
According to FCC (2021), user
security training programs to minimize social engineering risks should be a
priority for organizations such as insurance companies. Educating systems users
on cybersecurity is a significant and often overlooked step in network and data
security threat mitigation. Cybercriminals employ ways to trick system users into
providing the sensitive information to launch attacks. In addition, they may
conduct social engineering that puts users at risk when they do not have
adequate training.
References
Deloitt. (2021). Global Cyber Executive Briefing:
Insurance. Retrieved from Deloitte: https://www2.deloitte.com/be/en/pages/risk/articles/insurance.html
EIOPA. (2019, 1 1). Cyber Risk For Insurers– Challenges
And Opportunities. Retrieved from European Insurance and Occupational
Pension Authority: https://www.eiopa.europa.eu/sites/default/files/publications/reports/eiopa_cyber_risk_for_insurers_sept2019.pdf
FCC. (2021). Cyber Security Planning Guide. Retrieved
from Federal Communications Commission (FCC):
https://transition.fcc.gov/cyber/cyberplanner.pdf
Firch, J. (2021, 9 23). Common Types Of Network Security
Vulnerabilities In 2021. Retrieved from Purple Security:
https://purplesec.us/common-network-vulnerabilities/#Unpatched
Groot, J. d. (2021, 8 12). What is PCI Compliance?
Retrieved from Digital Guardian: https://digitalguardian.com/blog/what-pci-compliance



About Author
Tough Essay Due? Hire Tough Essay Writers!
We have subject matter experts ready 24/7 to tackle your specific tasks and deliver them ON TIME, ready to hand in. Our writers have advanced degrees, and they know exactly what’s required to get you the best possible grade.
Find the right expert among 500+
We hire Gradewriters writers from different fields, thoroughly check their credentials, and put them through trials.
View all writers