Western Digital Corporation (WDC) Cyber Threat Intelligence Plan

https://www.WesternDigital.com/ Cameron W
March 11, 2019 CSOL 580
Cyber Threat Intelligence Plan

Executive Summary
This document will cover Western Digital Corporations' security posture, with the goal of identifying possible
risks and provide risk mitigation recommendations. First, it will cover the most common methods of delivery of
attacks. Then the top common cyber threats Western Digital must mitigate. After which the threat actors that
could be behind such attacks will be defined. This will lay the groundwork for the greatest threats to our
business, leading to what are our greatest concerns related to cyber threats. Once these details have been
outlined, its import before any recommendation to discuss the assets Western Digital has to understand why and
what we are trying to protect. The final part of this document will discuss methods in which we can employ to
mitigate the risks Western Digital Corporation faces, as these will act as recommendations to improve our
security posture.

Methods of Delivery
Malware:
Methods of Delivery
 Malware: Using malicious software to steal data from victims.
Social Engineering:
 Social Engineering: Attackers manipulate people into revealing
information or believing a message and clicking on a malicious
link.
Hacking:
 Hacking: Exploiting holes or gaps in software or hardware.
Credential Compromise:
 Credential Compromise: Passwords/managers use common
passwords or are vulnerable to theft.
Malware - 49% Web Attacks:
Social Engineering - 25%
Hacking - 21%  Web Attacks: Attackers exploit websites by stealing information
Credential Compromise - 19% through gaps or holes within the website.
Web Attacks - 18%
DDoS - 5% DDoS:
 DDoS: Attackers attack websites or companies network to shut
down operations.

Cyber Threats
Social Engineering Threats:
 Phishing: A form of Social Engineering that uses email or malicious websites to solicit personal
information from an individual or company by posing as a trustworthy organization or entity.

 Spear Phishing: Spear Phishing is a targeted form of Phishing in which fraudulent emails target specific
organizations to gain access to confidential information.
 Vishing: This telephone version of Phishing is sometimes called Vishing. Vishing relies on "Social
Engineering" techniques to trick you into providing information that others can use to access and use your
important accounts. People can also use this information to assume your identity and open new accounts.

Network Threats:
 Injection: Injection threats happen when malicious input is entered in a, for example, a login field and can
be executed by the application. The attacker can manipulate the application to behave in unusual manners,
often gaining access to information they would not or should not have access to. These threats are
elementary to execute and can cause great harm; however, they are also straightforward to fix, which leads
to them being overlooked by developers.

 Broken Authentication: Broken Authentication happens due to poor application architecture and
development. This means the application is built in a flawed way that allows attackers to access information
such as passwords, user sessions, and maliciously use this information for their gain.

 Sensitive Data Exposure: Sensitive Data Exposure is like Broken Authentication; however, the difference
is that the data that should be protected through encryption is otherwise not. This allows attackers to take the
information in a non-encrypted form.

 Security Misconfiguration: Security Misconfiguration is like the previous two; however, it differs in that it
is one of the most common attack vectors due to lack of security management and implementation. This is
most commonly a result of an application not using standard security practices such as encrypting your web
session.

Threat Actors
Hackers:
 Black Hat Hackers: Like all hackers, black hat hackers usually have extensive knowledge about breaking
into computer networks and bypassing security measures. They are also responsible for writing malware,
which is a method used to gain access to these systems.

 Intentions: Their primary motivation is usually for personal or financial gain, but they can also be involved
in cyber espionage, protest, or perhaps are just addicted to the thrill of cybercrime. Black hat hackers can
range from amateurs getting their feet wet by spreading malware, to experienced hackers that aim to steal
data, specifically, financial information, personal information, and login credentials. Not only do black hat
hackers seek to take data, but they also try to modify or destroy data as well.
Phishers:
 Phishers: A form of social engineering that uses email or malicious websites (among other channels) to
solicit personal information from an individual or company by posing as a trustworthy organization or
entity. Phishing attacks often use email as a vehicle, sending email messages to users that appear to be from
an institution or company that the individual conducts business with, such as a banking or financial
institution, or a web service through which the individual has an account.

 Intentions: The goal of a phishing attempt is to trick the recipient into taking the attacker's desired action,
such as providing login credentials or other sensitive information. For instance, a phishing email appearing
to come from a bank may warn the recipient that their account information has been compromised, directing
the individual to a website where their username and/or password can be reset. This website is also
fraudulent, designed to look legitimate, but exists solely to collect login information from phishing victims.
 Hacktivists:
 Hacktivist: Hacktivism is the act of misusing a computer system or network for a socially or politically
motivated reason. Individuals who perform hacktivism are known as hacktivists.

 Intentions: Hacktivism is meant to call the public's attention to something the hacktivist believes is an
important issue or cause, such as freedom of information or human rights. It can also be a way for the
hacktivists to express their opposition to something by, for instance, displaying messages or images on the
website of an organization they believe is doing something wrong.
Cyber Espionage:
 Cyber Espionage: Is the act of acquiring secrets and information without permission and knowledge of the
owner. This attack is targeted at companies to steal Trade Secrets to know what a rival company is
producing.

 Intentions: Cyber Espionage's goal is to steal what their rivals are doing in the hope that they can either
reproduce their product and compete or improve the product, so they outperform the competitor. However,
the goal is the same, to steal information and use it to further the business.
Insider Threat:
 Insider Threat: An insider threat is most simply defined as a security threat that originates from within the
organization being attacked or targeted, often an employee or officer of an organization or enterprise.

 Intentions: Some intentions are to use their access to sensitive information for personal or financial gain.
Others are because they feel the company wronged them, so they either steal or destroy the information to
get back at the company.

Frequency
Top Challenges
of Attacksin Cyber Concerns to Western Digital
Security
5%
Possiblity
80%
of Breach
Western Digital Greatest Concerns:
40% 70%
60%
40%0.35  Intelligential Property Theft
35% 50% If Western Digital were to suffer a breach, via one of the attack vectors
40% listed above in Threat and Threat Actors, we could incur significant losses
30% 30%
26%
in our intellectual property and expenses (this will be discussed further
20%
55%
25% 10% below). Also, any damage in any R&D secrets could give our competitors a
0% significant edge as well as knowledge of how we conduct internal/external
20% business.
ng

nt

es
di

le

s
un

ty
at
ici
Ta

0.15
il i
re
ol
fF

 Customer/Partner/Employee Data Leak

sib
te

15%
Th
P
ko

ua

Vi
of
te
c

Attacks stay the same

eq

Another primary threat concern Western Digital could suffer from is our
La

en

of
n
d

tio

ck
um
k o Ina

Attacks will Increase

10%
ca

La

sensitive data being leaked or stolen. We have much information on our

oc

isti
fD

Attacks will Decrease

ph

customers, partners, employees that, if leaked, could immensely damage

So

5%
c
La

our reputation as well as cost the company millions in legal fees as well as
0% breach costs.
90 Days 1 Year 3 Years
 Reasons to be Concerned with Cyber Threats
Damage to Company Operations:
 Most companies rely heavily on the data they can collect to be used for intelligence to make educated
business decisions, and this is no different for Western Digital. This data can also be used for customer
dealings, such as a transaction to the exchange of goods. If Western Digital were to be hit by a Cyber
Breach, this could affect the company's operations to conduct business both in making educated business
decisions to better the future of the company but as well as customers/business ability to buy and sell our
products affecting revenue.

Damage to Company Reputation:

 Companies like Western Digital rely on the reputation built through quality products and customer trust. We
keep this reputation for buying practicing good and standard security methods and procedures. If we were to
be breached because of a lack of standard security methods and procedures, all other companies that do keep
that in mind the effect would massively damage our reputation, as a result, would hurt sales and trust. It will
take years to rebuild our reputation and gain back the foothold we have both in business relationships but
also in customer relationships.

Costly Recovery Expenses:

Cost of A Breach - $5,000,000  T

System Downtime - $1,250,000 10% h
4% 25% e
Theft of Information Assets - $1,500,000
8%
IT & End User Productivity Loss - $1,150,000
Reputation Damage - $400,000
Lawsuits, Fines, and Regulatory Actions - $300,000 23%
30%
Damage to Infastructure - $400,000

cost to recover from a breach can be quite extensive because we will lose time and money due to normal
operations being hindered during an investigation plus tracking and finding evidence. However, the costs
will also include reputation costs by which we would have to build a new public relations campaign. On top
of those processes, the lawsuits, fines, and regulatory actions leveraged against Western Digital will ensue
additional cost. It is estimated that a company of our size could lose five million dollars if we were to have a
severe breach. These costs would be in part of the investigation, hiring new IT members to help, overtime of
employees, customer/partner/employee business lost, lawsuits, fines, regulatory actions, as well as
rebuilding our reputation. Any breach can affect a company for over two years after the breach.

Company Assets
Personal Information: Financial Data:
Customer/Partner/Employee data  Consumer Credit Card Data
1) Names (Customers and Partners)  Payment types
2) Email Addresses (Customers and Partners)  Bank Account Information
3) Payment Information (Credit Card Information) Confidential Business Information:
4) Physical Addresses (Home or Business
Addresses)  Non-public Information (Trade Secrets)
5) Billing Information (Transaction History)  Financial Data and Financial Concerns
6) Company Information (Who bought what)  Data that released ill-timed could harm business
Intellectual Property: o Protects Functional or Ornamental Features
 Trade Secrets IT Systems and Infrastructure
o Protects Secret Information  Servers:
 Trademarks  Networking Infrastructure
o Protects Brand  Cloud Assets
 Copyrights Operational Systems:
o Protects work of Authorship
 Patents  System Credentials
 Factory System

Risk Reduction Plan

Deploy within the month:
Implement Cyber Threat Intelligence (CTI):
 Attacks have been evolving every day, and if a Cyber Threat Intelligence plan were to be implemented, it
would significantly improve Western Digital Corporation's security ability because of its ability to identify
and learn the ever-changing cyber world. The current security structure is too labor-intensive, searching for
vulnerabilities, researching new attack vectors, and determining if Western Digital is vulnerable to alleged
attack vectors. If an attack were to happen during non-operation hours, our essential data could be extracted
or tampered with. If an attack were to occur at night or during the weekend, we might not catch it. With
Cyber Threat Intelligence, we could know the attack vector existed in our network and patched beforehand.

 Cyber Threat Intelligence automatically investigate all attacks and learn from the attacks in our network
environment. Threats are analyzed in minutes, empowering our team to outpace the enemy with smarter,
faster responses than without Cyber Threat Intelligence.

 Cyber Threat Intelligence will orchestrate defenses with custom alerts of compromise generated by threats
from our network systems, allowing us to defend against future attacks and current attacks proactively.

 Cyber Threat Intelligence will get ahead of attackers with groundbreaking intelligence provided by the third
party of threat analysts, security researchers, experts, and white hat's to secure our network. Collecting
information from the cyber community, analyzing it into sufficient intelligence we can act on.

Cost of Ownership (TCO):

IT Infrastructure CTI $25,000.00
Licensing CTI $50,000.00
Engineer CTI Cost + Training (75k Salary, 5k Training) $80,000
Total Cost Per Year $155,000
Deploy Network IDS & Host IDS:
 Network Intrusion Detection Systems (NIDS) and Host-Based Intrusion Detection Systems (HIDS) go hand
in hand with a Cyber Threat Intelligence implementation as it's how Cyber Threat Intelligence gains
information and decides on how to act. Implementing more Intrusion Detection Systems will improve our
network as it can watch the whole network or any subsets of the network that is connected to. With an
Intrusion Detection System implemented, we can detect probes, scans, malicious, and anomalous activity
across the whole network providing full coverage of what is going on. An IDS is entirely configurable,
meaning it can be set up to identify general traffic patterns and help aid in debugging the network. As well
as an IDS can employ auto-response mechanisms that can deploy countermeasures if configured to defend
the network. With a combination of Network IDS and Host IDS, we can combat a weakness that Network
IDS. A Network IDS cannot understand what is happening on host systems; however, a Host-Base IDS will
make up for the shortcomings that a Network IDS has. These systems will monitor the network and generate
alerts within the network of any malicious behavior and will be a significant part of any network defense.

Cost of Ownership (TCO):

Network IDS x 4 $40,000.00
Host IDS x 10 $10,000.00
Management Station & MSSP $30,000
Engineer IDS Cost + Training (75k Salary, 5k Training) $80,000
Total Cost Per Year $160,000

Conduct Internal Vulnerability Assessment:

 A Vulnerability Assessment is a process of identifying and listing security vulnerabilities within a network.
Conducting a Vulnerability Assessment takes an in-depth evaluation of your network security position.
Indicating holes and gaps within the network as well as providing the appropriate information to fix and
procedures required to either eliminate those holes and gaps or reduce them to an acceptable level of risk.
Western Digital's network engineers can employ free commercial Vulnerability Assessment tools within the
next time to discover any possible gaps. However, it is recommended that we purchase a commercial
product as the support and service, as well as having a full range of features, will significantly improve our
security posture, and I recommend Nessus Professional.

Cost of Ownership (TCO):

Nessus Professional $2,190
Total Cost Per Year $2,190

Deploy within the 90 days:

Conduct a Third-Party Penetration Test:
 Western Digital should have yearly Penetration Testing issued better to understand the security posture of
our public-facing web pages. Penetration Testing reveals real-world attack vectors and vulnerabilities.
Penetration Testing is done by employing a third party to hack your network in the hopes they will discover
vulnerabilities in your environment before real hackers do. When these tests are done, they provide
information on how to prioritize and tackle the risks of a network breach, as well as the exploitability and
the business impact it could have. When finished, we will be provided with detail instructions on what
happened, what was found, how it was found (the steps to repeat), which can give a better understanding as
well as the means to fix your security gaps to improve our security posture.
Cost of Ownership (TCO):
Penetration Test $100,000
Total Cost Per Year $100,000

Final Statements
It is recommended that Western Digital from the high levels of the company understand the cyber threats it
faces daily. If this plan were to be implemented, it would significantly improve the security posture and help
mitigate any possible attacks that are to come against Western Digital. The cost of a breach dramatically
outweighs the cost to implement standard and proper security policies and practices. Cybersecurity has become
a world concern, and we must protect our assets from harm as well as provide the assurance to our customers
and clients that we take security very seriously through action and not reaction.

References
MITRE (January 10, 2010). Risk Mitigation, Planning, Implementation, and Progress Monitoring. Retrieved at
https://www.mitre.org/publications/systems-engineering-guide/acquisition-systems-engineering/risk-management/risk-
mitigation-planning-implementation-and-progress-monitoring

OCPatentLawyer (2019). Four types of intellectual property you can use to protect your idea and how to use the.
Retrieved at https://ocpatentlawyer.com/four-types-intellectual-property-protect-idea/
Norton (2019). What is the Difference Between Black, White, and Grey Hat Hackers? Retrieved at
https://us.norton.com/internetsecurity-emerging-threats-what-is-the-difference-between-black-white-and-grey-hat-
hackers.html

DigitalGuardian (September 11, 2018). What is a Phishing Attack? Defining and Identifying Different Types of Phishing
Attacks. Retrieved at https://digitalguardian.com/blog/what-phishing-attack-defining-and-identifying-different-types-
phishing-attacks

TrendMicro (June 17, 2012). Hacker, Hacktivist, or Cybercriminal? Retrieved at https://blog.trendmicro.com/whats-the-

difference-between-a-hacker-and-a-cybercriminal/

Wikipedia (February 15, 2019). Cyber Spying. Retrieved at https://en.wikipedia.org/wiki/Cyber_spying

TrendMicro (September 24, 2015). Spear Phishing 101: What is Spear Phishing? Retrieved at
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/spear-phishing-101-what-is-spear-phishing

Graffiti (2016). CIO Top Challenges in Cyber Security. Retrieved at https://beta.grafiti.io/facts/2324

VMWare (March 22, 2016). Protecting the Brand: Cyber-Attacks and the Reputation of the Enterprise. Retrieved at
https://www.vmware.com/radius/cyber-attacks-and-the-reputation-of-the-enterprise/

AlertLogic (February 1, 2018). 10 Must-Know, 2018 Cybersecurity Statistics. Retrieved at https://blog.alertlogic.com/10-

must-know-2018-cybersecurity-statistics/

Symantec (July 18, 2002). Justifying the Expense of IDS, Part One: An Overview of ROIs for IDS. Retrieved at
https://www.symantec.com/connect/articles/justifying-expense-ids-part-one-overview-rois-ids

Tenable, (2019). Purchase Tenable Solutions. Retrieved at https://www.tenable.com/buy

Hitachi-Systems-Security (March 14, 2017). Retrieved at https://www.hitachi-systems-security.com/blog/4-good-

reasons-why-you-need-to-conduct-a-penetration-test/

TechRepublic (October 3, 2018). The six most popular cyberattack methods hackers use to attack your business
Retrieved at https://www.techrepublic.com/article/the-6-most-popular-cyberattack-methods-hackers-use-to-attack-your-
business/