This research paper will lay out some important strategies of the awareness and the

defense in depth to detect emerging threats and strengthen countermeasures. If one think about it,

the whole analog space has moved into digital space over the past few years and the beginning of

this futuristic theme with AI (Artificial Intelligence) and advanced protocols has shown

exponential growth. However, we did not calculate the cost of risk and threats coming along with

these advanced technologies of digital world which can be frightening for the national

infrastructure. As people do not have proper awareness of the threats and measures to identify the

cyber security issues, they are not able to take appropriate actions to deal with it. Keeping this

situation and some alarming cyber-attacks in mind, this paper aims to make one aware about

some critical threats and advanced techniques to circumspect the situation along with possible

counter steps against the threat.

Several threats like Botnet (bots in a botnet behave like human and key platform for

many cyber-attacks.), DDoS, SQL injection, Cross-site scripting are some smart attacks which

we have to deal with smart techniques. Also, by using a combination of machine learning, speech

recognition and natural language processing (NLP), the quality of phishing emails or other smart

attack techniques could become much more humanlike and effective. In addition, there are some

session hijack and credential reuse kind of common attacks for which the attacker develops new

methods every time, as needed. For example, targeting the New York Times, an attacker

penetrated into the site through scanning and then stole more than 3000 social security numbers.

Get quality help now
Bella Hamilton

Proficient in: Computer Networking

5 (234)

“ Very organized ,I enjoyed and Loved every bit of our professional interaction ”

+84 relevant experts are online
Hire writer

To gauge such risk, number of analysis can be performed. Dr. Endsley has developed a cyber-

model SA (Situational Awareness) model which is based on intelligent information fusion engine

(IIFE). This engine, in cyber domain, can be useful in improving our national infrastructure of

Awareness and Defense in Depth 3

cyber defense capabilities. Another tool called Intrusion detection system (IDS) is a program that

alerts defenders of possible network threats. Further to defense in depth, the techniques used for

threat detection and defense can be either network-based or host-based. Host based technique –

API hook detects malicious codes, which evades the effect of the packers, polymorphic and

deformation technology of the malicious threat. Network based technique – Honeypot-based

approach, Network traffic-based analysis, Active & passive monitoring, Signature-based

technique, Anomaly-based detection. Further, using these models and techniques we can be

aware of different stages with different factors causing the threats and would be able to take

action in the real time to treat these threats.

Cyber security have been a challenging research area in the domain of security

surveillance applications. In this paper I have presented an overview of awareness and detection

techniques along with the defense in depth as a common strategy to protect critical resources on

enterprise networks as well as Supervisory Control and Data Acquisition (SCADA) and other

process control subnets. Furthermore, there are some more countermeasures which can be taken

to guard against software vulnerabilities: Block malicious links / IP addresses, all unnecessary

ports at the Firewall and Host, stay current with all operating system service/software patches,

NEVER share your password Comply with the measures in your organization’s policies,

including the Technology Control Plan (TCP), Conduct frequent computer audits – Ideally: Daily

– At minimum: Weekly, Report intrusion attempts, disconnect computer system temporarily in

the event of a severe attack.

Awareness and Defense in Depth 4


Bruijn, H. Janssen, M. (2017). Building cybersecurity awareness: The need for evidence-based

framing strategies

Wyman, R. (2017). Consider the consequences: A powerful approach for reducing ICS cyber risk

Yang, S. Wang, J. Zhang, J. (2016). Cyber Threat Detection and Application Analysis.

UC Library -Common Cyber Threats: Indicators and Countermeasures


Tadda, G. Salerno, J. (2009). Overview of Cyber Situation Awareness

Foltyn, T. (2018). US government report highlights gaps in battle against botnets

Adrian Lamo Charged with Computer Crimes, [online] Available:

Defense-in-Depth and Awareness Techniques


Term: Summer 2019

Emerging threats & Countermeas

Vamshi Krishna Martha

University of the Cumberlands


In the modern technological world as technology grows, security is of major concern. Organizations should be aware of the security breaches and should have effective defensive and enhanced protection strategies in place. Defense in depth and awareness are commonly seen together in many organizations for proper protection of their internal systems. Implementing both the strategies together enhances the protection strategy and has higher security. Many Organizations are implementing defense-in-depth strategy but it has to go with awareness by training and employees about whereabouts and security measures.

Defense-in-depth strategy is one of the powerful technique/mechanisms for protecting the valuable information and data.

National Institute of Standards and Technology (NIST) defines information security awareness as “Awareness is not training. The purposes of awareness presentations are simple to focus attention on security. Awareness presentations are intended to allow individuals to recognize IT security concerns and respond”. Implementing this mechanism improves overall security of the organization infrastructure. This may serve as effective way to communicate security policies and seriousness of the issue to the employees in the organization. One has to identify that Information security awareness is not about training but a strategy to change organization’s employee behavior. (Kolb, N., & Abdullah, F, 2009).

Security Awareness and defense-in-depth should work together with IT hardware and software to overcome threats to the organization. In defense-in-depth mechanism to safeguard company’s assets, security awareness training is one of the defense layers implemented to educate end-users about IT security threats. (Korpela, K, 2015).


The information security environment is constantly changing and there are possible threats being in the market that may have adverse effect. There may be potential data loss due to these type of threats with the compromise on implementing protection strategies. Thus, one of the best approach to mitigate the risks is constantly informing end-users about the emerging threats.


Kolb, N., & Abdullah, F. (2009). Developing an information security awareness program for a non-profit organization. International Management Review, 5(2), 103-107. Retrieved from: K. (2015). Improving cyber security awareness and training programs with data analytics. Information Security Journal: A Global Perspective, 24(1-3), 72-77. Retrieved from:

Cite this page

ET&C. (2019, Dec 17). Retrieved from

Let’s chat?  We're online 24/7