Running head: INFORMATION SECURITY 1

Network Security Risks and Social Engineering

Name

Institution

Course

Tutor
INFORMATION SECURITY 2

Network Security Risks

Q1. Although the network security risks are not new to many organizations, an increase

in mobile device usage and the advent of technology has resulted in the network security risks

becoming more dangerous. This paper discusses three major security issues and how

administrators can prevent them. First off, ransomware is becoming popular through blockchain

technology. The cybercriminal can anonymously demand payment over the dark web. Besides,

they can avoid prosecution. Many small and medium-sized businesses in the United States have

lost over seventy-five billion dollars each year. However, administrators can defend against

ransomware by replicating and backing their data in multiple locations. Besides, the programs

and applications need to be frequently updated across all devices by an administrator. Lastly, the

staff must be taught how to recognize phishing since they are the primary target.

Secondly, botnets refer to a single hacker controlling an army of computers. The device

becomes part of the botnet once malware infects it; This mostly occurs when a pirated or

outdated software is either downloaded or run (Administrator, 2017). Hence, an attacker aims at

acquiring as many devices as possible to establish a mass-scale attack. An administrator can

prevent botnet by configuring the network to block invaders. Also, automatically updating

applications is effective. Lastly, an administrator should teach the staff against clicking or

downloading suspicious popups or programs. The third security issue is distributed denial of

service (DDoS), which is increasingly becoming popular due to the devices increasing in the

workplace.

In the instance of DDoS, an online service acquires a massive amount of web traffic due

to an attacker directing thousands of IP addresses. Huge traffic causes the service to slow down
INFORMATION SECURITY 3

and become unstable. Hence, ecommerce businesses or anyone using online or cloud services

platforms are affected. DDoS is dangerous since it can lead to the loss of millions of dollars of

revenue one day. Therefore, an administrator can protect against DDoS by purchasing more

bandwidth and ensuring that the server with load balancing is distributed across multiple data

centers.

A Social Engineering Scenario

Q2. In security, it is important to know who to trust. Therefore, it is essential to establish

whether the person is who they say they are when sharing information. An email from a friend is

a good scenario where an individual share too much of their personal information unknowingly

to a stranger. An attacker, either social engineers or hacks the email password and accesses that

person's contact list (What Is Social Engineering?, n.d.). Moreover, the attacker can access this

person's social network contacts since many people use the same password everywhere.

Therefore, an attacker uses this information to send an email to the person's contacts. They may

also message all their friends on the social networking pages.

However, few easy guidelines can be followed to prevent an individual from sharing too

much personal information unknowingly to a stranger. First off, an individual should delete any

request for financial information or passwords because it is usually a scam. Secondly, an

individual should refuse any offers of help or requests for help; this is because companies

considered legitimate do not contact an individual to provide help. In addition, the information is

considered a scam if one does not specifically request doe assistance from the sender.

Consequently, one should delete a request from a charity to help that one has no established
INFORMATION SECURITY 4

relationship immediately. It is much better to seek reputable charitable companies when one

needs to give to avoid becoming a victim of a fraud.

Moreover, oversharing to a stranger can be avoided by setting the spam high. Since all

email programs have filters, an individual can access them through settings options. Searching

the provider's name can help look for a step-by-step guide on setting the spam filters. Lastly, an

individual can avoid oversharing by securing the computing devices; This is achieved by

installing anti-virus software, email filter, and firewalls. Besides, it is important to set the

operating system to automatic update. Applying the anti-phishing tool in a third party or web

browser can alert an individual of the risks.

Social Engineering Experiment

Q3. The information collected from a target individual of a bank provides the employees'

positions, the terminology of the bank company, names, and much other information that the

target likely to have mentioned from the questions that l interviewed. Acquiring this knowledge

allows an attacker to appear more believable; This creates trust from the target and contributes to

them asking few questions. However, some of the information gathered of the target does not

sound sensitive to an average person. Nonetheless, they are invaluable in a social engineering

experiment. Examples of such information include birthdates, current and outdated phone lists,

and organizational charts from a company. This information is regarded as non-sensitive and

which is eventually discarded, simplifies an attacker's job. The reason is that they are discarded

without a second and taking any security precautions.

The information are gathered to provide a social engineer the next step of the cycle.

Hence, the information provides by the target needs to be increased; This is achieved by looking
INFORMATION SECURITY 5

up the information on the company’s website and web searching for news articles, videos, blogs,

and any other information linked to the financial institution (Long, 2013). Consequently, asking

staff for the bank information provides enough hints necessary to dig deeper into the banking

institution. Therefore, examining the financial institution is done to learn the less available

information.

Some of the information gathering techniques include asking for favors, impersonating,

simple requests, reverse social engineering, and some instances of contriving situations.

Therefore, the techniques give a closer examination of basic information gathered from the

interaction with the bank staff to learn names, which software is used, and learning about phone

numbers of the managers and the rest of the staff. Therefore, this phase in the research findings

marks the next stage, which involves developing relationships. With the information gathered,

the attacker can use it to develop relationships with the organization's staff. This stage ultimately

leads to exploitations of the staff.

INFORMATION SECURITY 6

References

Administrator, N. H. P. (2017, October 24). What are the main security threats to today’s

networks? New Horizons Worldwide. https://www.newhorizons.com/article/what-are-

the-main-security-threats-to-todays-networks

Long, R. M. (2013). Using phishing to test social engineering awareness of financial employees

[Eastern Washington University]. https://dc.ewu.edu/theses/156/

What is Social Engineering? (n.d.). Retrieved March 28, 2021, from

https://www.webroot.com/us/en/resources/tips-articles/what-is-social-engineering