© 2024 Rainshtaryl chan-nel. Created for free using WordPress and Kubio

Cybersecurity Group Project 3

June 25, 2024 | 14:19

20 min presentation + 5 page report

Part of this is by gpt4o

Asset analysis

  • Huawei is a leading global provider of information and communications technology (ICT) infrastructure and smart devices. The company operates in several key domains including telecom networks, IT, smart devices, and cloud services. In 2023, Huawei continued to excel in its ICT infrastructure business, maintained steady growth in its consumer business, expanded its cloud computing and digital power businesses, and began large-scale delivery in its intelligent automotive solution domain. Huawei also played a significant role in advancing 5G technology and supporting the digitalization of industries through innovative applications and infrastructure improvements.
  • In this project I am mainly focusing on the cloud service part of this company, because of it’s active expansion in this area.
  • Main Information Technology (IT) and Information Systems (IS) Used:
    • Company-wise management softwares (stores ops data):
      • ERP
      • HRM
    • Network infrastructure (server & stores user data)
      • 5G
      • IoT
      • SDN
    • Specific self-developed ecosystems (server)
      • Cloud computing: Huawei Cloud
      • Pangu Models 3.0: AI models tailored for various industries to enhance productivity and efficiency.
      • Kunpeng and Ascend ecosystems: Supporting AI models and applications, attracting millions of developers and partners.
  • Asset Analysis to Identify Critical Assets:
    • Physical Assets: Manufacturing facilities, buildings, human resource
    • Operational Data: Employee records, Financials, internal reports
    • Customer Data: Within Huawei Cloud servers. Can be highly sensitive
    • IT Infrastructure: Global data centers, Computing centers, 5G infrastructures

We can see that it’s highly cloud-oriented. So although the business model of Huawei involves software, hardware and cloud services, the below analysis will only include cloud parts.

Threat Analysis and BIA

  • Potential threats:cir Mention of geopolitical factors
    • To operational & user data: Have the greatest potential impact, shake the confidentiality
      • Phishing
        • Criminals use social engieering methods to trick employees into giving out sensitive info
      • Insider threats
        • Opponents, bribary to steal internal data and help competitors to gain advantage
        • -> malwares
      • SQL injections
        • Extraction of confidential data
    • To servers and systems holding those data (particularly for telecom):
      • Creates service disruptions, impacting availability and integrity of data
        • DDoS attacks
          • Severely impact service, make them unusable
        • Ransomware
          • Lock out service from running normally
          • In worse cases, lead to leakage of data, causing huge financial loss
        • MitM attacks
          • Eavesdropping of server communications to steal credentials and gain access
      • Supply chain attacks from software provider
      • “Living off the land”: deprecated credentials
  • Vulnerabilities & Attack vectors:
    • Vulnerabilities:
      • not adequately protected data
      • (greatest) cloud based servers that are supporting ecosystems
      • personnels
    • Attack vectors:
      • To servers:
        • C: Use methods described above to get credentials and gain access to sensitive info, including operational data and user data
        • I: SQL injections
        • A: Use ransomwares and DDoS attacks to cause service to go down
      • To personnels: make them to steal data from server, whether being insider or victim of phishing attack
  • BIA: Threats Assets affected Ops impact Fin impact Repu impact Social enginnering (Phishing etc) Ops & Cus data C Fraud transactions Loss of public trust for their security practice. Can be crutial for cloud service providers, if they can’t even protect their own data, let alone their customers’. Credential farming Ops & Cus data C Fraud transactions – Insider threat All CIA Competitive disadvantage – Ransomware All CIA Loss of sales, payment of ransom, recovery of service, payment of compensations – DDoS Infrastructure Likely A Recovery of service, loss of sales – 0 Day exploits Not sure, can be anything C, A Additional cost for investigation of other exploits – Supply chain attacks Infrastructure Likely A Additional cost for finding new suppliers –

Qualitative and Quantitative Risk analysis

  • Qualitative Analysis (matrix):
Likelihood\SeverityNegligibleMinorModerateSignificantSevere
Very likelySocial Engineering
LikelyDDoSRansomware
PossibleInsider threat, 0 dayCredential Farming
UnlikelyPhishingSupply chain attacks
Very unlikely
  • Quantitative Analysis:
  1. Phishing
    • Cost of stolen employee data: $1-3 million (based on the extent of data breached)
    • Service recovery cost: $500k-2 million (IT support, security measures)
    • Loss of sales: $2-5 million (due to reduced trust)
    • Potential compensations: $1-3 million (to affected individuals and businesses)
    Total: $4.5-13 million
  2. Credential Farming
    • Cost of stolen user data: $5-10 million (based on the volume and sensitivity of data)
    • Service recovery cost: $1-2 million
    • Loss of sales: $3-7 million
    • Potential compensations: $3-6 million
    Total: $12-25 million
  3. Insider Threat
    • Cost of stolen or compromised data: $10-20 million (can vary greatly depending on data type)
    • Service recovery cost: $2-5 million
    • Loss of sales: $5-10 million
    • Potential compensations: $5-10 million
    Total: $22-45 million
  4. Ransomware
    • Ransom payment: $1-5 million (if paid)
    • Service recovery cost: $5-10 million
    • Loss of sales: $5-15 million
    • Potential compensations: $2-5 million
    Total: $13-35 million
  5. DDoS
    • Service downtime cost: $1-5 million (lost revenue during downtime)
    • Service recovery cost: $1-2 million
    • Loss of sales: $2-5 million
    • Potential compensations: $1-3 million
    Total: $5-15 million
  6. Zero-Day Attack
    • Cost of patching and recovery: $5-10 million
    • Loss of sales: $5-10 million
    • Potential compensations: $2-5 million
    Total: $12-25 million
  7. Supply Chain Attack
  • Cost of compromised data or systems: $10-20 million
  • Service recovery cost: $5-10 million
  • Loss of sales: $5-15 million
  • Potential compensations: $5-10 million Total: $25-55 million

Proper protective measures to mitigate or minimize risks

  • Security goal: keep cloud servers safe
  • Risk mitigation & minimization vector:
    • Individual level:
      • Keep employees aware of the latest phishing and social engineering tricks
      • Ensure AAA, especially strict access control, of each personnel within the company
    • Organizational level:
      • Adoption of regulatory framework (GDPR, PIAA etc) to make sure everything have a thing to follow
      • Establish cyber governance system to make sure there is someone responsible for this
      • Development contingency plan when an attack happens to make sure that someone know what to do:
        • Identify, defend, recovery, monitoring
      • Periodical meeting w/ stakeholders to raise their awareness to justify spendings
      • If possible, do this whole thing to suppliers as well
    • Industry & Landscape level
      • Keep an eye out for latest attacks in the wild
      • Use best practices in the industry, latest encryption techniques, data workflows etc.

Potential future problems and a proper disaster recovery or business continuity plans

  1. Anticipate potential future problems such as challenges in implementing and maintaining suggested security controls, evolving cybersecurity threats, regulatory changes, and natural disasters. 
  2. Propose disaster recovery and business continuity plans to ensure the organization can effectively respond to security incidents and maintain critical business operations. 
  3. data backup, system redundancy, incident response procedures, and employee training in the proposed plans.
  • Before the attack:
    • Defensive strategies
      • Data backup and system redundancy to ensure that the services are impacted at a minimum level
      • Rigorous auditing of user activities to timely identify suspicious entries
      • Development of incident response procedures
      • Employee awareness and training
    • Offensive strategies
      • Keep an eye out for latest attacks
      • Do internal case study about latest attacks and see what can be done in the company
  • During the attack: follow incident response procedures
    • Identify the nature of the attack and initiate corresponding resources
    • Swift definition of roles and responsibilities in the pre-organized response group and get everyone to work
    • Establishment of a secured communication channels between personnels, can be physical or other softwares
    • Follow the procedures and implement methods to eliminate or contain the risk
    • After the attack is contained, recover the service and product
    • Collect evidences and activities relating to the attack
  • After the attack: Post-Incident analysis frin evidences & activities, find vulnerabilities and do “before attack” part
  • Obstacles:
    • Maintaining of a large access control database
    • Evolving cybersecurity threats, especially ransomware powered by blockchain tech and GAI
    • Worsening global climate, more extreme weathers cause physical servers to be unstable
    • Regulatory climate also change too, more people are getting awared of cybersecurity, might cause heightened bar to cross

SRC

Post Views: 57

Tags:

No tags
Previous
Next

Comments are closed

Latest Comments

© 2024 Rainshtaryl chan-nel. Created for free using WordPress and Kubio