ALLAN TORRECAMPO BSME 2-A

GEE303 Living in the era

ASSIGNMENT No. 2 ENDTERM Period

Question No. 1
How has the threat landscape for cybersecurity evolved over the past decade? What new risks
and vulnerabilities have emerged, and how have attackers adapted their tactics to exploit
them?

The threat landscape for cybersecurity has evolved significantly over the past decade. One of the
biggest changes is the increasing sophistication of attackers, who are now using more advanced
tactics and tools to breach systems and steal data. Some of the new risks and vulnerabilities that
have emerged include
• Cloud-based attacks: With more businesses moving their data and applications to the
cloud, attackers are now targeting cloud-based infrastructure and applications’ attacks:
The proliferation of internet of things (IoT) devices has created new vulnerabilities that
attackers can exploit to gain access to networks and data.
• Insider threats: Employees and contractors with access to sensitive data can also pose a
risk, either intentionally or unintentionally. Supply chain attacks: Attackers are
increasingly targeting third-party vendors and suppliers to gain access to their customers'
systems and data. Attackers have adapted their tactics to exploit these new risks and
vulnerabilities by using more sophisticated malware, leveraging automation to increase
the speed and scale of attacks, and targeting specific industries and individuals using
social engineering techniques.

Question No. 2
In recent years, there have been several high-profile cyberattacks against large organizations
and critical infrastructure. What are the main factors that make these targets particularly
vulnerable, and what steps can be taken to better protect them?

Large organizations and critical infrastructure are particularly vulnerable to cyberattacks due to
several factors, including:
• Complexity: Large organizations and critical infrastructure are often complex and
interconnected, with numerous entry points that can be exploited by attackers.
• High value: These targets often contain valuable data, such as financial information or
intellectual property, that can be sold or used for ransom.
 • Limited resources: These targets may have limited resources to invest in cybersecurity,
making them an attractive target for attackers. To better protect these targets,
organizations can take several steps, including:
• Implementing strong access controls: Limiting access to sensitive data and systems can
help prevent unauthorized access.
• Regularly updating software and systems: Applying security patches and updates can
help close vulnerabilities that attackers may exploit.
Conducting regular security assessments: Regular security assessments can help identify
vulnerabilities and areas of weakness that need to be addressed.
Investing in cybersecurity training: Educating employees on cybersecurity best practices can
help prevent human error that can lead to breaches.

Question No. 3
One of the biggest challenges in cybersecurity is striking the right balance between security
and usability. How can organizations implement effective security measures without
impeding the ability of employees or customers to use their systems and devices?

Balancing security and usability are a challenge for organizations, but it can be achieved through
a combination of technology and policy. Some strategies that organizations can use to implement
effective security measures without impeding usability include:

• Implementing multi-factor authentication: multi-factor authentication can help ensure that

only authorized users can access systems and data.
• Providing user-friendly security tools: Providing easy-to-use security tools, such as
password managers and encryption software, can help users protect their data without
impeding usability.
• Developing clear security policies: Developing clear security policies and guidelines can
help employees understand their responsibilities and the consequences of non-
compliance.
• Conducting regular security awareness training: Regular security awareness training can
help employees stay up-to-date on the latest threats and best practices for staying secure.

Question No. 4
There are many different types of cybersecurity threats, ranging from phishing
attacks and malware infections to DDoS attacks and ransomware. What are the key
differences between these types of threats, and what strategies are most effective in
mitigating them?
Phishing attacks, malware infections, DDoS attacks, and ransomware are all types of
cybersecurity threats, but they differ in their methods and goals.

• Phishing attacks: Phishing attacks use social engineering techniques, such as email or
phone scams, to trick users into divulging sensitive information or installing malware.
• Malware infections: Malware infections occur when malicious software is installed on a
user's device, allowing an attacker to gain access to sensitive data or control the device.
• DDoS attacks: DDoS attacks flood a network or website with traffic, overwhelming it
and making it inaccessible to users.
• Ransomware: Ransomware is a type of malware that encrypts a user's files, making them
inaccessible until a ransom is paid.
Question No. 5
One approach to improving cybersecurity is to rely more heavily on artificial intelligence and
machine learning to detect and respond to threats in real-time. What are the benefits and
limitations of this approach, and what ethical considerations should be taken into account
when deploying these technologies?

• The use of artificial intelligence (AI) and machine learning (ML) in cybersecurity has the
potential to improve detection and response times, as well as to reduce the workload on
security teams. However, there are also limitations and ethical considerations to be taken
into account.
Benefits:
Real-time detection: AI and ML can quickly analyze large volumes of data to identify threats and
respond in real-time.
Improved accuracy: AI and ML can detect patterns and anomalies that may be missed by human
analysts.
Reduced workload: AI and ML can automate routine tasks, freeing up security teams to focus on
more complex threats.
Continuous learning: AI and ML algorithms can continue to learn and improve over time,
adapting to new threats and evolving attack methods.

Limitations:
Lack of context: AI and ML may have difficulty interpreting context and may generate false
positives or false negatives.
Dependence on data: AI and ML algorithms require large amounts of quality data to train
effectively, and may be ineffective if the data is incomplete or biased.
Complexity: AI and ML algorithms can be complex and difficult to understand, making it
difficult for non-experts to interpret their results.

Ethical considerations:
Privacy: The use of AI and ML in cybersecurity raises concerns about data privacy, as these
technologies require access to sensitive information to function effectively.
Bias: AI and ML algorithms may be biased, either due to the data used to train them or due to the
biases of the developers who created them.
Accountability: The use of AI and ML in cybersecurity raises questions about who is responsible
for the decisions made by these technologies, particularly in cases where they result in harm.
References:
2023 Global Threat Report. (n.d.). https://go.crowdstrike.com/2023-global-threat-
report.html?utm_campaign=globalthreatreport&utm_content=crwd-laqu-en-x-tct-sea-psp-x-wht-
gtre-x_x_x_x-
x&utm_medium=sem&utm_source=goog&utm_term=cyber%20threats&gad=1&gclid=EAIaIQ
obChMI1bGO4uHR_gIVAZjCCh1yLwpaEAAYASAAEgKoz_D_BwE

Granville, K. (2015b, February 5). 9 Recent Cyberattacks Against Big Businesses. The New York
Times. https://www.nytimes.com/interactive/2015/02/05/technology/recent-cyberattacks.html

Shea, S. (2023). Top 7 enterprise cybersecurity challenges in

2023. Security. https://www.techtarget.com/searchsecurity/tip/Cybersecurity-challenges-and-
how-to-address-them

Wolff, J. (2022, March 9). How to improve cybersecurity for artificial

intelligence. Brookings. https://www.brookings.edu/research/how-to-improve-cybersecurity-for-
artificial-intelligence/