8. Consider the current threat status and make possible recommendations based upon cyber threat inte

Case study: Cyber threat analysis and Recommendations for Talkative The facts: Talkative, a social media platform, primarily targets users aged 13-21. The platform allows users to share photos, post status updates, engage in private messaging, play games and make in-app purchases. Records of all posts and photos are stored on a cloud server. This company employs 50 staff members who use company-issued laptops and phone for remote work. They access the office using lanyards with a staff pass. Staff have received emails outlining best cyber security practices. No checks or training are in place in terms of cyber security. Current cyber security threats Talkative is facing: There are several threats. The storage of user generated content on a cloud server is a risk as it makes the company an attractive target for cybercriminals who may deploy ransomware or steal sensitive data, potentially resulting in GDRP violations and fines. Employees using company issued devices remotely face threats from unsecured networks, shoulder surfing or even having their devices stolen. The physical security within the office is lacking, while lanyards are required upon entry, there are no further checks once in the building, allowing unauthorised access to sensitive data areas. The insufficient IT security training are yet another threat for the company. As employees are ill prepared to identify and mitigate threats such as phishing or social engineering. To address these issues, the company should take these steps. Data stored in the cloud should be encrypted both at rest(when stored) and in transit (when being sent from one place to another). Strict access control must be enforced so that only authorised personnel can access the data. Regular checkups should be in place to verify how effective these measures are. Employees working remotely should be required to use Virtual Private networks (VPN) to secure their connection. Mobile Device Management software should be in place to monitor and safeguard corporate devices, in case the device is stolen, sensitive data remains protected. Inside the office, additional measures should be implemented, such as key cards or biometric scans, especially in areas where sensitive data is handled or stored. Just as important is the introduction of comprehensive cybersecurity training program for all employees. This program should cover essential topics such as recognising phishing attempts, securing devices, and following the best practices for data protection. Regular assessments should involve simulated phishing attacks to ensure employees retain this knowledge and remain vigilant. If the employee falls to the simulated phishing attack, they should be required to retake the cyber security training. To further improve security, the company should implement continuous threat monitoring through regular vulnerability assessments and pentesting. A robust incident response plan will also make sure the organisation is prepared to handle any potential attacks. By taking these proactive steps, Talkative can greatly the risk of cybersecurity threats. This will help with ensuring the protection of user data and compliance with GDPR. All this will help with the company's reputation and maintain the trust and confidence of its user base.