INCREASING RESILIENCE

• According to the US Department of Energy, there is an award of up to $28 million that will be used in support of the development of next-generation tools which will be used to improve the cybersecurity and resilience of different government infrastructures. The funding is expected to help developers come up with systems that will help prevent, detect and mitigate cyber-attacks. 
• Companies in the energy sector are increasing their resilience by offering forensic training to their IT personnel and working towards improving their incidence response as a way of mitigating attacks.
• Energy companies carry out regular drills on cybersecurity in conjunction with their key suppliers and partners to test their response capability to cyber-attacks.
• These companies ensure that their IT protocols are up to date for them to be able to protect the daily operation of their businesses.
• Companies in the energy sector are also enhancing their resilience by being prepared against any attack on them or their partners through developing backups in case of attacks.
• The energy companies have also identified alternative suppliers with compatible technology in case their primary suppliers are attacked to ensure continuity of their business operations.

INCREASING VIGILANCE

• There have been a variety of conversations between companies that work in the energy sector towards ensuring cyber attacks are mitigated swiftly without delays.
• Energy companies have been able to be vigilant by not only training IT personnel but also other employees on matters that relate to security.
• Another key way that energy corporations are increasing their vigilance is by investing in insurance policies that would protect them in case of a cyber-attack.
• Energy companies have also increased their vigilance by ensuring they have reliable suppliers risk intelligence which will help them develop their security measures.
• The increase in vigilance has been enhanced through constantly looking for potential cyber-attacks incidences and finding ways to address the issues.
• The energy companies have ensured that they stay updated on the current cybersecurity operations as a way of increasing their vigilance.
• There has also been an increase in vigilance as a way of mitigating risk against cyber attack by using automated software that can detect an attempted attack on the energy companies’ IT infrastructure.
• Most energy companies have followed the US Department of Energy's advice of combating cyber-attacks as one party to increase their success, a method referred to as "One Team, One Fight."

INCREASING SECURITY

• Energy companies have been able to increase their cybersecurity by ensuring the employees that work in their infrastructure are screened to avoid having malicious actors working in their companies.
• The energy companies have been able to secure their infrastructure and reduce cyber attacks by minimizing the number of suppliers that work within their daily operations.
• Additionally, the security of energy companies against cyber attacks has been enhanced by using unique rather than default password to access different infrastructures facilities.
• Internet of things (IoT) is capable of being compromised by hackers. As a result, energy companies separate their high-risk processes from their low-risk plant level internet operations to mitigate against this threat.

CLOUD-BASED SYSTEMS — Financial Industry

• Description: The use of cloud services in financial institutions help to reduce expenses and boost system uptime; however, the company's data face a constant risk of being exposed by human errors like a misconfigured settings of the cloud server. An example includes the human error in Verizon that allowed access to data of more than 60 million people in 2017.
• Potential impact if the threat took place: The impact of being unprepared for a cloud system's data leak can carry the risk of exposing the data of millions of company customers to undesirable people. In the case of financial companies, the exposed data can translate into money laundering or fraudulent transactions.
• Probability-to-occur: High, the rising popularity of cloud usage creates a huge responsibility for company employees to safeguard their systems.
• Potential counter measures: The human-error continues being one of the leading weakness factors that permit easy access of financial data to undesirable people. The primary counter measure can be an employee cybersecurity education session.

RANSOMWARE ATTACKS — Retail Industry

• Description: A ransomware is a malicious software or malware that can be used to create a data breach by a cyber-criminal. It is estimated that in 2017 the ransomware attacks nearly doubled. It is estimated that a ransomware can attack the critical systems that encrypt file servers or databases in a retail system.
• Potential impact if the threat took place: For a retail company, the impact is catastrophic and can even trigger the failure of the company.
• Probability-to-occur: High, one of the most prevalent varieties of malicious software is ransomware; it was found in 39% of malware-related cases assessed in 2017.
• Potential counter measures: Some recommendations to prevent ransomware attacks include the change of log files to get an early warning of a security breach; training of staff to spot the early warning signs; access restricted to selected employees; patch promptly to guard against attacks; encryption of sensitive data; and by using a two-factor authentication.

SQL INJECTION — E-commerce Industry

• Description: Different e-commerce platforms like Prestashop, OpenCart, Magento have been vulnerable to SQL injection at some point of the time. Many plugs and extensions are vulnerable to it and can compromise the e-commerce database.
• Potential impact if the threat took place: An SQLi attack can steal the complete database with sensitive information like the clients' transaction history or credit card information. The great majority of information stolen from e-commerce is currently linked to being sold in the black market.
• Probability-to-occur: High, the vulnerability is widespread as many of the plugins are still vulnerable to it.
• Potential counter measures: An input validation should be used to assume that all user-submitted data is evil. Functions like MySQL's mysql_real_escape_string() can be used to ensure that any dangerous characters are not passed to a SQL query in the data. Additionally, measures to avoid the use of dynamic SQL and construct queries with user input should be implemented. Also, it is advisable to regularly update system and use firewall as it can catch most of the SQL intrusions through web channels.

PHISHING — Hospitality and Finance Industry

• Description: Phishing is embedding a link to an e-mail where the employee is redirected to an untrusted site where sensitive information can be asked. The installation of a Trojan via a malicious email attachment can enable the intruder to exploit loopholes and obtain sensitive information. The main objective of the phishing email is to gain access to otherwise protected data or networks of the company.
• Potential impact if the threat took place: In 2018, the Radisson Hotel Group suffered a cyber-attack. In the data breach, the personal information for about 10% of their loyalty group members was exposed. The company recommends its members to be aware of phishing e-mails; this further led to the damage of trust for the clients and the company.
• Probability-to-occur: High, phishing attacks are one of the most commonly reported security breaches in the world.
• Potential countermeasures: The employee´s education is the main way to avoid phishing; the use of a SPAM filter can detect phishing emails and block malicious websites. Additionally, converting HTML emails into text-only messages or disabling HTML email messages are effective ways of protection against phishing.

BAD BOT — Finance, E-commerce, Healthcare, and Travel Industry

• Description: The bad bots are created by cybercriminals to mimic human behavior, make online transactions, and obtain company employee data. According to a report by Distil Networks, the bad bot activity accounted for nearly 21% of all internet activity in 2018.
• Potential impact if the threat took place: They can steal important data like financial data or other sensitive information. The bots can be used to directly damage a company by the use of account takeover, account creation, credit card fraud, denial of service, denial of inventory, price scrapping, and content scraping.
• Probability-to-occur: High, the damage by bad bots in e-commerce and financial sectors in 2018 were: 22.9% and 24.7% respectively.
• Potential counter measures: Some recommendations to avoid an attack includes blocking outdated browsers, blocking proxy and hosting services, evaluation of traffic sources, investigating traffic spikes, monitoring login attempts, and evaluation of a bot mitigation system.

RESEARCH STRATEGY

#1: XSS ATTACKS (E-COMMERCE INDUSTRY)

DESCRIPTION:

• XSS attacks in the e-commerce sector are so frequent and crucial that internet giants like Google have been victims of this type of threat.
• It consists of executing malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application (like OpenCart, Prestashop).
• The most common vehicles to perform XSS attacks are forums, web applications, message boards, and web pages that allow comments.

POTENTIAL IMPACT:

• This attack could happen when there exists a lack of user input sanitization and filtering.
• A successful XSS attack can compromise the admin account of an e-commerce store and create havoc, which translates to economic losses to the store owner.

PROBABILITY OF OCCURRENCE:

• Its likelihood of occurring is medium.
• The attack will depend on whether the e-commerce web application uses forms, a search bar, or allows comments, for example.
• Also, if the correct "sanitization tools" are in place to avoid this kind of attack, it'd be somewhat easy to defend an e-commerce store from XSS attacks.

POTENTIAL COUNTERMEASURES:

• In order to ensure safety from XSS, input in web applications must be sanitized.
• The application code should never output data received as input directly to the browser without checking it for malicious code.

#2: IOT BOTNETS (HEALTHCARE INDUSTRY)

DESCRIPTION:

• An IoT botnet is a network of devices (not only computers) that can include cellphones, security cameras, or a device to monitor a patient's heart attack.
• A central server could command any device connected to an IoT technology in a network.
• The ultimate objective of this tech threat is to convert the device to a "zombie" that does the hacker's bidding.

POTENTIAL IMPACT:

• Based on predictions, IoT attacks will account for 30% of cybersecurity incidents in 2019, including the healthcare industry sector.
• It presents a high potential for damage since the hackers can take control of devices like healthcare monitors, compromising the health of a patient, or control a company's cameras with the aim of extortion.

PROBABILITY OF OCCURRENCE:

• It has a high risk of occurrence.
• In the last two years, IoT botnet attacks have risen from 50,000 in 2017 to an estimated 300,000 in 2019.

POTENTIAL COUNTERMEASURES:

• Conducting a risk assessment of the IoT system in the company
• Ensuring that IoT gadgets have the latest version of their firmware installed
•  Educating employees about all security policies and procedures, including proper password etiquette and data backups.

#3: VULNERABLE E-COMMERCE PAYMENT APPLICATIONS (E-COMMERCE, HOSPITALITY, AND RETAIL INDUSTRIES)

DESCRIPTION:

• The attack targets payment applications where debit or credit card data is entered.
• The cybercriminal capitalizes on the cross-site request forgery (CSRF) vulnerability, which can result in a compromise of the payment application or the underlying web server itself.
• After installing a malicious web shell, they introduce a couple of malicious modifications that automatically capture and write card data to files on the web servers, after which they retrieve the data.

POTENTIAL IMPACT:

• The typical consequence of the use of the card data stolen by cybercriminals is fraud; the info can be sold in the black market or used by the cybercriminal — the result is fraudulent payment card activity.
• The consequences directly related to the company are losing reliability, then losing the customer, and consequently, their turnover.

PROBABILITY OF OCCURRENCE:

• The likelihood of occurrence is high.
• With the greatly expanded use of credit or debit cards for payment, cybercriminals are focused on finding new vulnerabilities in payment applications.

POTENTIAL COUNTERMEASURES:

• The first countermeasure is to follow the Payment Card Industry Data Security Standard (PCI DSS) requirements. Implementing these points could prevent a company from a payment application attack.
• Other countermeasures include constructing and operationalizing a threat intelligence team, application whitelisting on POS systems, and implementing a secure payment technology including EMV, tokenization, and encryption.

#4: CREDENTIAL STUFFING (FINANCIAL INDUSTRY)

DESCRIPTION:

• This tech threat involves taking advantage of giant data breaches, with hackers making billions of unique username and password combinations freely available to the public.
• These combinations are tested against numerous different websites to gain access to their systems.
• They use credential stuffing tools available on malicious platforms like "proxy lists" and "defeating captchas" tools.

POTENTIAL IMPACT:

• Once cybercriminals are inside a company's system, they can access different data like personal data, money, gift card balances, credit card numbers, loyalty members' sensitive data, which they then monetize in different ways like extortion, selling in the black market.
• The company loses credibility and trustworthiness.

PROBABILITY OF OCCURRENCE:

• The likelihood of occurrence is high.
• The vast amount of breached data available to cybercriminals and the reuse of usernames and passwords give a high probability that a company could be a credential stuffing target.

POTENTIAL COUNTERMEASURES:

• One important recommendation is not to reuse passwords, ever.
• Also, two-factor authentication should be implemented whenever possible to help combat credential stuffing.

#5: ZERO-DAY FLAWS (E-COMMERCE INDUSTRY)

DESCRIPTION:

• When a software user detects that a software program contains a potential security vulnerability, the person notifies the software company, and a patch will be released; meanwhile, other users are in severe potential damage.
• If a cybercriminal discovers the vulnerability before the software company releases the patch, he/she can take advantage of this issue to evade the security system of the company and enter the system.

POTENTIAL IMPACT:

• A zero-day flaw can cause considerable damage for a company that couldn't patch a vulnerability before the official patch release. The ultimate consequence could be a significant breach of a company's data.

PROBABILITY OF OCCURRENCE:

• The likelihood of occurrence is relatively low.
• Zero-day vulnerabilities in open-source e-commerce solutions are patched fast because anybody can audit them.

POTENTIAL COUNTERMEASURES:

• The primary countermeasure to acquire security software from a reliable and reputable company.
• Implement IPsec, the IP security protocol for applying encryption and authentication to network traffic.
• Perform regular vulnerability scanning against enterprise networks and lockdown any vulnerabilities that are discovered.

RESEARCH STRATEGY