A Framework for Cybersecurity Alert Distribution and Response Network (ADRIAN)

Security Information and Event Management (SIEM) platforms are critical for organizations to monitor and manage their security operations centers. However, organizations using SIEM platforms have several challenges such as inefficiency of alert management and integration with real-time communication tools. These challenges cause delays and cost penalties for organizations in their efforts to resolve the alerts and potential security breaches. This paper introduces a cybersecurity Alert Distribution and Response Network (Adrian) system. Adrian introduces a novel enhancement to SIEM platforms by integrating SIEM functionalities with real-time collaboration platforms. Adrian leverages the uniquity of mobile applications of collaboration platforms to provide real-time alerts, enabling a two-way communication channel that facilitates immediate response to security incidents and efficient SIEM platform management. To demonstrate Adrian’s capabilities, we have introduced a case-study that integrates Wazuh, a SIEM platform, to Slack, a collaboration platform. The case study demonstrates all the functionalities of Adrian including the real-time alert distribution, alert customization, alert categorization, and enablement of management activities, thereby increasing the responsiveness and efficiency of Adrian’s capabilities. The study concludes with a discussion on the potential expansion of Adrian’s capabilities including the incorporation of artificial intelligence (AI) for enhanced alert prioritization and response automation.

ERAD: Enhanced Ransomware Attack Defense System for Healthcare Organizations

Digital integration within healthcare systems exacerbates their vulnerability to sophisticated ransomware threats, leading to severe operational disruptions and data breaches. Current defenses are typically categorized into active and passive measures that struggle to achieve comprehensive threat mitigation and often lack real-time response effectiveness. This paper presents an innovative ransomware defense system, ERAD, designed for healthcare environments that apply the MITRE ATT&CK Matrix to coordinate dynamic, stage-specific countermeasures throughout the ransomware attack lifecycle. By systematically identifying and addressing threats based on indicators of compromise (IOCs), the proposed system proactively disrupts the attack chain before serious damage occurs. Validation is provided through a detailed analysis of a system deployment against LockBit 3.0 ransomware, illustrating significant enhancements in mitigating the impact of the attack, reducing the cost of recovery, and strengthening the cybersecurity framework of healthcare organizations, but also applicable to other non-health sectors of the business world.

Cyber Resilience through Real-Time Threat Analysis in Information Security

This paper examines how cybersecurity is developing and how it relates to more conventional information security. Although information security and cyber security are sometimes used synonymously, this study contends that they are not the same. The concept of cyber security is explored, which goes beyond protecting information resources to include a wider variety of assets, including people [1]. Protecting information assets is the main goal of traditional information security, with consideration to the human element and how people fit into the security process. On the other hand, cyber security adds a new level of complexity, as people might unintentionally contribute to or become targets of cyberattacks. This aspect presents moral questions since it is becoming more widely accepted that society has a duty to protect weaker members of society, including children [1]. The study emphasizes how important cyber security is on a larger scale, with many countries creating plans and laws to counteract cyberattacks. Nevertheless, a lot of these sources frequently neglect to define the differences or the relationship between information security and cyber security [1]. The paper focus on differentiating between cybersecurity and information security on a larger scale. The study also highlights other areas of cybersecurity which includes defending people, social norms, and vital infrastructure from threats that arise from online in addition to information and technology protection. It contends that ethical issues and the human factor are becoming more and more important in protecting assets in the digital age, and that cyber security is a paradigm shift in this regard [1].

Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises

As cyber threats keep changing and business environments adapt, a comprehensive approach to disaster recovery involves more than just defensive measures. This research delves deep into the strategies required to respond to threats and anticipate and mitigate them proactively. Beginning with understanding the critical need for a layered defense and the intricacies of the attacker’s journey, the research offers insights into specialized defense techniques, emphasizing the importance of timely and strategic responses during incidents. Risk management is brought to the forefront, underscoring businesses’ need to adopt mature risk assessment practices and understand the potential risk impact areas. Additionally, the value of threat intelligence is explored, shedding light on the importance of active engagement within sharing communities and the vigilant observation of adversary motivations. “Beyond Defense: Proactive Approaches to Disaster Recovery and Threat Intelligence in Modern Enterprises” is a comprehensive guide for organizations aiming to fortify their cybersecurity posture, marrying best practices in proactive and reactive measures in the ever-challenging digital realm.

Organizational Data Breach:Building Conscious Care Behavior in Incident Response

Organizational and end user data breaches are highly implicated by the role of information security conscious care behavior in respective incident responses.This research study draws upon the literature in the areas of information security,incident response,theory of planned behaviour,and protection motivation theory to expand and empirically validate a modified framework of information security conscious care behaviour formation.The applicability of the theoretical framework is shown through a case study labelled as a cyber-attack of unprecedented scale and sophistication in Singapore’s history to-date,the 2018 SingHealth data breach.The single in-depth case study observed information security awareness,policy,experience,attitude,subjective norms,perceived behavioral control,threat appraisal and self-efficacy as emerging prominently in the framework’s applicability in incident handling.The data analysis did not support threat severity relationship with conscious care behaviour.The findings from the above-mentioned observations are presented as possible key drivers in the shaping information security conscious care behaviour in real-world cyber incident management.

Knowledge Management Strategy for Handling Cyber Attacks in E-Commerce with Computer Security Incident Response Team (CSIRT)

Electronic Commerce (E-Commerce) was created to help expand the market share network through the internet without the boundaries of space and time. However, behind all the benefits obtained, E-Commerce also raises the issue of consumer concerns about the responsibility for personal data that has been recorded and collected by E-Commerce companies. The personal data is in the form of consumer identity names, passwords, debit and credit card numbers, conversations in email, as well as information related to consumer requests. In Indonesia, cyber attacks have occurred several times against 3 major E-Commerce companies in Indonesia. In 2019, users’ personal data in the form of email addresses, telephone numbers, and residential addresses were sold on the deep web at Bukalapak and Tokopedia. Even though E-Commerce affected by the cyber attack already has a Computer Security Incident Response Team (CSIRT) by recruiting various security engineers, both defense and attack, this system still has a weakness, namely that the CSIRT operates in the aspect of handling and experimenting with defense, not yet on how to store data and prepare for forensics. CSIRT will do the same thing again, and so on. This is called an iterative procedure, one day the attack will come back and only be done with technical handling. Previous research has succeeded in revealing that organizations that have Knowledge Management (KM), the organization has succeeded in reducing costs up to four times from the original without using KM in the cyber security operations. The author provides a solution to create a knowledge management strategy for handling cyber incidents in CSIRT E-Commerce in Indonesia. This research resulted in 4 KM Processes and 2 KM Enablers which were then translated into concrete actions. The KM Processes are Knowledge Creation, Knowledge Storing, Knowledge Sharing, and Knowledge Utilizing. While the KM Enabler is Technology Infrastructure and People Competency.

An emerging threat Fileless malware:a survey and research challenges

With the evolution of cybersecurity countermeasures,the threat landscape has also evolved,especially in malware from traditional file-based malware to sophisticated and multifarious fileless malware.Fileless malware does not use traditional executables to carry-out its activities.So,it does not use the file system,thereby evading signature-based detection system.The fileless malware attack is catastrophic for any enterprise because of its persistence,and power to evade any anti-virus solutions.The malware leverages the power of operating systems,trusted tools to accomplish its malicious intent.To analyze such malware,security professionals use forensic tools to trace the attacker,whereas the attacker might use anti-forensics tools to erase their traces.This survey makes a comprehensive analysis of fileless malware and their detection techniques that are available in the literature.We present a process model to handle fileless malware attacks in the incident response process.In the end,the specific research gaps present in the proposed process model are identified,and associated challenges are highlighted.

An emerging threat Fileless malware:a survey and research challenges

With the evolution of cybersecurity countermeasures,the threat landscape has also evolved,especially in malware from traditional file-based malware to sophisticated and multifarious fileless malware.Fileless malware does not use traditional executables to carry-out its activities.So,it does not use the file system,thereby evading signature-based detection system.The fileless malware attack is catastrophic for any enterprise because of its persistence,and power to evade any anti-virus solutions.The malware leverages the power of operating systems,trusted tools to accomplish its malicious intent.To analyze such malware,security professionals use forensic tools to trace the attacker,whereas the attacker might use anti-forensics tools to erase their traces.This survey makes a comprehensive analysis of fileless malware and their detection techniques that are available in the literature.We present a process model to handle fileless malware attacks in the incident response process.In the end,the specific research gaps present in the proposed process model are identified,and associated challenges are highlighted.