Cybersecurity is an important aspect of the National Security of every country, no matter its size, wealth, or political orientation. A faulty cybersecurity system can lead to such negative effects as disturbances in the work of critical infrastructure providers, such as food supply and medical provision. Cyber-attacks can also target and disrupt educational institutions, banks, and insurers. Certain measures can be taken to prevent these consequences, and these specifications consider the government and civilian citizens. The major tech companies can influence the nation’s cybersecurity by expanding zero-trust programs, integrating cybersecurity into systems, and providing education and training in internal security awareness.
The Current Cybersecurity Crisis
The current situation in the space of cybersecurity provides a significant example of how complicated this area of National Security and its influence on foreign politics can be. According to China’s National Computer Network Emergency Response Technical Team/Coordination Center (CNCNERT), since late February, cybersecurity breaches have been detected among Chinese Internet users.1 These breaches were undertaken mainly by people with US Internet addresses in order to target Russia, Ukraine, and Belarus. During the investigation carried out by the Chinese cybersecurity agency, it was found that the attackers were mostly from the United States. Ten of the attackers were identified as being from the state of New York. In addition, the agency detected Internet addresses from Germany and the Netherlands. Eighty-seven of the performed attacks targeted Russian infrastructures.2 Still, more attention and investigations are required to examine the conditions under which attacks are organized.
Cyber-Attacks Examples
For the sake of National Security, the sources of cyber-attacks need to be traced since it essentially makes China the scapegoat in this situation. According to Fang Xingdong, the founder of the technology ChanaLabs, the usage of third-world countries’ devices is not unusual in hacking.3 China can easily become the victim of the attacks due to its great number of computers and ongoing Internet transactions. Another significant piece of information is that since February, cyber-attacks on Ukraine have increased greatly.4 These examples prove that cybersecurity is breached on all levels of the current military conflict.
The offered example can also be a case of an intent coming not from the standpoint of foreign politics but rather from a human civilian perspective. It is possible to say that these attacks were the product of an organization that is not affiliated with any government. Many believe that experts’ participation in the field should not be ignored. Examples of such organizations are Anonymous and Ghost Squad Hackers, who proclaim themselves as hacktivists (using Internet hacking as a form of activism). It is unknown whether the attackers intentionally chose China as their scapegoat to mar its position or whether it was the candidate deemed the most convenient.
Conclusion
Cybersecurity in the current times is in a highly precarious position. The disturbances in cybersecurity lead to faulty work of important infrastructure providers, such as food and medicine, and influence the social disposition of a country. Several nations have been heavily involved in the cyber crisis, including cyber-attacks using devices in third-world countries, such as China and Russia. This, inevitably, makes most international figures, used in this way a scapegoat for these actions. It remains unclear if these threats come from the government or are rooted in a civilian-run activist organization.
Nowadays, “data breaches are increasing in volume and scope” (Holtfreter and Harrington 1). Cybercriminals become able to steal billions from organizations and compromise private information. The major factors that define the thriving of cyber ganging are the insufficient level of employees’ competence, the lack of knowledge about the technical side of information protection, and non-compliance with safety standards.
Main text
Researchers usually distinguish three major groups of data breaches according to their causal factors: internal, external, and non-traceable (Holtfreter and Harrington 3). The number of internal factors of data breaches is the biggest. This category includes improper protection of data, theft, or hacking by employees with a high or a low probability of fraudulent intent, and unintentional loss of data.
The external factors include theft, hacking, or loss by the individuals who are not related to the organization. Non-employees, third parties, and hackers are responsible for most of the compromised records (over 70%), and the higher amount of data breaches. But although the number of compromised data cases happen due to the external factors more often (47% comparing to 38% of data breaches caused by the internal factors), employees’ actions and misconduct have greater significance in this regard and are associated with far more important implications for organizations than the actions performed by the third parties.
The mentioned internal casual factors indicate the lack of employees’ competence, the inefficiency of HR practices, the underdevelopment of corporate culture that enforces ineffective safety policies, or fails to ensure information sharing among all team members.
It is observed that many data breaches occur because organizations use inefficient and outdated data encryption standards. At the same time, the implementation of the improved versions of standards, e.g. 128-bit Advanced Encrypted Standard, may impede breaking key codes and minimize the risks of identity theft (Holtfreter and Harrington 3). It is possible to say that all external factors of any data breach case are, to some extent, interrelated with the internal factors.
For example, theft or loss of data by the third party is often induced by an improper exposal or disposal of information, i.e. employees’ inattentiveness or lack of knowledge (Holtfreter and Harrington 4). A data breach can happen accidentally, unintentionally, because an employee did not pay a lot of attention to security measures and did not consider potential risks of a data carrier stealing and loss. Thus, an individual employee may actually be regarded as the weakest link in data protection management. However, organizations can and should undertake measures to reduce potential security risks.
As it is observed by Holtfreter and Harrington, hackers are more skilled at what they do and often can access organizational networks without significant difficulties. However, a great number of both internal and external factors associated with employee involvement in data breach occurrence represent serious threats to corporate welfare, as well as personal data and identities of all related companies’ stakeholders.
Conclusion
First of all, leaders need to encourage proper data disposal by developing an adequate safety culture and educating employees. Moreover, they should prevent unauthorized intrusion through the adoption of more strict regulatory measures and implementation of advanced security technology. In this way, it may become possible to maintain the desired professional behavior and significantly reduce risks of data breaches or compromised records.
Works Cited
Holtfreter, Robert, and Adrian Harrington. “Employees Are the Weakest Links, Part 1: Data Breaches and Untrained Workers.” Fraud Magazine. 2016. Web.
The current digital revolution, commonly known as the fourth industrial revolution, has brought about new technological innovations that change the world in every aspect. COVID-19 saw organizations shift to working from home to cope with government restrictions to curb its effects. However, the ongoing digitization of society and the increasingly online nature of life have created opportunities for phishers, hackers, extortionists, and scammers. Hence, organizations are researching new technological innovations to address the growing online threat and protect company and customer data. This essay will investigate emerging cyber security advancements such as Blockchain, artificial intelligence (AI), machine learning and deep learning, behavioral analytics, IoT protection, embedded hardware authentication, and the zero-trust model.
AI, Machine Learning, and Deep Learning
Today, AI and deep learning are gaining traction in areas of cybersecurity. AI is now used in a similar way to how it is used in financial systems to detect fraud through the identification of unusual behavior patterns. As the scale and diversity of cyberattacks increase, artificial intelligence is assisting inadequately funded security operations specialists in staying ahead of the curve (Bonfanti). Unlike traditional software-driven methodologies, enterprises use AI and machine learning to automate risk detection and efficiently respond to threats.
According to Bonfanti, AI and machine learning in cybersecurity can be used both for offensive and defensive purposes. The characteristics that make AI and machine learning suitable for cybersecurity can also be applied to cyber offenses. Based on this view, we could see AI and machine learning adopted on a large scale for both offensive and defensive purposes in the near future. On the offensive side, we may see AI and AI tools utilized by cybercriminals to compromise targets’ security systems. Organizations are adopting AI-driven solutions to mitigate both AI and human-driven attacks.
Deep learning is one area of AI and machine learning gaining traction in recent years. Deep learning is a machine learning specialty in which machine algorithms learn independently, unsupervised, through their parameters to conclude, unlike machine learning inside intelligence, which is reliant on supervision for the machine to learn based on statistical models (Chen et al). These algorithms rely on neural networks and layers, which act as mini-brains (Bradley) Owing to the fast-evolving and increasingly innovative developments available to cyber-criminals, the need for deep learning in cybersecurity has become essential. Today, traditional cyber threat intelligence is not enough to handle these threats. Hence, organizations rely on the deep learning strength of behavioral biometrics to make it possible to learn from its dynamism and develop new classification criteria without human intervention.
Behavioral Analytics
Behavioral analytics leverages machine learning, artificial intelligence, big data, and analytics to identify dangerous behavior by studying normal, daily behavior variances. This strategy is widely used to target a specific population for social media and digital marketing, but it’s also being used to develop better cyber security technologies (Wells). Cyber threats are always present and can come from outside the organization or within. Without competent security or analytical solution, an organization may not be able to detect a breach at the appropriate time. These technologies monitor and identify malware and hackers, but they also track user activities. Emerging technologies such as AI combined with machine learning algorithms and statistical analysis work together to discover abnormalities, irregularities, and out-of-pattern behaviors.
Blockchain and IoT Security
Internet of Things (IoT) is a physical object embedded with sensors and other technologies to exchange data with other devices on a network. IoT devices are gaining momentum, however, they face security challenges. As such, Blockchain, as one of the newest technologies, is gaining popularity and interest in cyber security. A Blockchain is a peer-to-peer network that allows two transacting parties to verify their identities during a transaction. Once it was recognized as the underpinning of Bitcoin, Blockchain became linked with cryptocurrencies (Wylde). Other technologies, like Ethereum, have embraced it over time for various applications, including smart contracts, decentralized software, and decentralized banking, to name a few. Because of its decentralized, consensus-driven, and trust-free nature, Blockchain is inherently resistant to exploitation (Kamal et al.). Thus, to corrupt a ledger transaction, Blockchain systems that use proof of work validation techniques (bitcoins) need hackers to take control of most nodes, which is a costly procedure by design. This computational cost may be used for different security activities, obviating the necessity for a trusted central authority.
Blockchain’s decentralized nature is fundamental to IoT device security. For cybercriminals, the IoT has been and continues to be a key target. IoT devices’ growing popularity and minimal security features make them an attractive target for hackers, who need to purchase a botnet kit from the dark web to gain access. Concerns have been expressed about the Internet of Things’ ability to safeguard billions of linked devices due to vulnerabilities. To solve this issue, Blockchain promises to close the security vulnerabilities by lowering the chance of IoT devices being breached by a central authority and increasing the scalability of IoT deployments (Li et al.). In theory, it would allow IoT networks to be protected in various ways, including by creating a group agreement on suspicious network behavior and isolating any nodes operating unusually. Organizations like Touted, which is regarded as the first of its type, are already offering Blockchain-enabled IoT to stakeholders in charge of the consensus and enhancing system redundancy.
Embedded Hardware Authentication
Perhaps one of today’s numerous embedded design issues is guaranteeing that a device is legitimate without resorting to an unnecessarily complicated and costly system. Original equipment manufacturers (OEMs) face increasing challenges in safeguarding electronic systems from counterfeiting. With the shift to outsourced manufacturing for household electronics and computer accessories, protecting and preventing the unlawful creation of products bearing an OEM mark is becoming increasingly complex (Greenfield.). As such, embedded hardware authentication offers a solution to this problem.
Zero Trust Model
The model is based on the assumption that a network has already been compromised. According to this paradigm, a company cannot be trusted since security risks might come from inside and outside the company, necessitating increased security measures. When security risks are constantly growing in today’s digital transition, the framework is excellent for safeguarding organizations (Li et al.). This strategy is unique since it is based on contemporary business concerns such as working from home, ransomware attacks, hybrid-cloud environments, and other modern security threats.
Conclusion
The growing threat to organization network security is evolving at an unprecedented rate, necessitating the development of new methods to protect these systems. The area of AI has brought new techniques to keep networks safe from attacks. Coupled with behavioral analytics through deep learning, network security is evolving. In IoT, Blockchain is being utilized to protect connected devices through decentralization and encryption, adding to the evolving nature of system security. The growing threat of counterfeiting continues to threaten organizations. Hence, the utilization of embedded security adds a much-needed solution arising from third-party manufacturers. The ever-changing nature of network threats has resulted in a zero-tolerance model in which organizations assume the network is compromised because threats can be internal or external.
Works Cited
Bonfanti, Matteo E. “Artificial Intelligence and the Offence-Defence Balance in Cyber Security.” Cyber Security: Socio-Technological Uncertainty and Political Fragmentation. London: Routledge, 2022, Web.
The problem in the first article was the area of IT security as it relates to social networks within an organization. Recently, there have been many trends the security of information and communication technologies, in particular, due to the expansion of the reach of social media which increase the size of social network, which has taken the rates sharing personal and working information to very high levels and also posed increased risks to data networks. One note is that this article does not specifically analyze social media networks, but more so social networks. Within this, every growing data intensive environment, there is the unique need to secure enterprise data within this environment. This gap poses new increased risks. Social media networks which could pose some increases risks, however, could prove some advantages in increasing the stretch or mixing the diversity of the social networks, due to the intense popularity of social networking service and it mediums. The use of this services by employees within the organization, and the need or desire to share information across social media mediums could expand the present stretch of social networks within an organization. Thus, access to readily available information and the need to connect to others yields both benefits and undesirable consequences within an organization. (Dang-Pham, Pittayachawan, & Bruno, 2016)
Employees remain the biggest risk within the organization to IT security. However, employees can also be a significant asset to reduce the risks that are related to information security. Understanding compliance behavior remains crucial for organizations to secure its data by leveraging their human capital resources. The general problem is that technology-based solutions do not sufficiently address gaps in information security compliance. The study posits that employees’ outcome beliefs shape the employees’ views about conformity with compliance. Intrinsic benefit shapes benefits of conformity, any rewards that are received, the benefits of any conformity while intrinsic value forms the costs of compliance to the employee, the vulnerability of resources, and any sanctions that could be levied. Ths problem area looks at the risk of noncompliance with IT security policy to the business and evaluates the implementation of training and IT programs. (Bulgurcu, Cavusoglu, & Benbasat, 2010)
Comprisals within IT security and vulnerabilities have resulted in the increase in ransomware attacks and other types of cybercrime including, financial fraud, stalking, and blackmai(Gradon, 2013). There is a lot of literature that covers these areas and many of the theories which evolve around this subject matter of security as it relates to the business enterprise. As this area in an area of increasing vulnerability, I would like to extent the research into this area. For this reason, and much more, my contribution within this area has significant worth. One item that was unique, within the research model, what that the article used network analysis.
So many emerging behavioural security studies focus on ways to improve compliance within the security arena by fear, and newly by looking at the intrinsic beliefs and social relationships between individuals. How do we relate the structural patterns and integrate them into the organization to the benefit of security? One of the most critical issues in the research field remains that many end-users in organisations do not possess the sufficient knowledge to mitigate information security risks (Rocha Flores, Antonsen, & Ekstedt, 2014). Many areas look at fear to spur compliance and also look at security training as a check the block mechanism to spur compliance. A gap that remains how do you spur interest in the subject area, or within information technology fields in general. Does fear longterm create legitimate compliance or only short term benefit? How do employees interpret conflicting information from varying sources, some who agree with their interpretations and some and disagree with their interpretations of security beliefs? How do we resolve internal conflict between a close colleague and an expert within the field? Can we use the structural patterns between individuals, experts, and non-specialists, to garner interest? What happens if that garnered interest conflict with intrinsic belief? How do we prevent the dissemination of incorrect information across these mediums?
The research questions involved in this article posed are why employees willing to share information security advice and secondly what are the structural patterns of the information security advice sharing networks are. The research within these two articles revolves around these two questions. The literary review looks at what motivates employees to share security advice and looks at particular behaviours could have some influence. The reason this is studied is that active security knowledge sharing helps to develop self efficacy and complaince and helps to prevent the redevelopment of new security practices that may already be commonplace. The article poses that many of the prior works looked at intributes of individuals, however, did not look at how these attritubutes interact together in a social media forum with connects people how may be very different, from different organizations and separate geographically.
These are several areas that are studied in many prior works. These draw upon many theories including the Theory of Planned Behavior and Motivational Theory which is prevalant in many security works. The first three hypotheses were developed from this theory. The Theory of Planned Behavior has been looked as an antecedent ot compliance. This article looks at the sharing activity itself. These are based on the premise subjective norms motivate an individual’s intention to share security knowledge, percieved behavioural control, and attitude. This is included and extended in many works and the literature review surrounded these these works. This article also looked at personality relationships and how they relate to their perceptions of security. Prior studies looking at traits which affect the perception on security studies.
The article reviewed the Accountablity Theory and developed the second hypotheses from this theory. Within this theory, accountability is attached to the self image, and this motivates inviduals to comply. This theory remains a fairly new theory introduced in 2015 and has been introduced by many different security domains. This theory looks at the not only at how the individual looks at the compliance of the individual but how that accountability relates to organizaitonal accounatability amd there desire to share security advice.
The IVs, independent variables, in the study were the attitude towards performing information security behaviors, subjective norm, perceived behavioural control, perceived accountability, the occurrence of giving work related advice ties, the occurrence of interpersonal trust ties, and the occurrence of giving security troubleshooting ties. These were divided into different categories of the node effects, or source of security advice, and network effects. The study looked at how security knowledge was transfered though the network effects between different nodes.
The dependent variable within the article is the occurrence of giving security advice ties between two randon employees. The article further analyzes the connections that allow the dissimination of security related information.
This study looked at network analysis to determine how individuals in the organization, based on how these social networks developed, would dissiminate this information. One interesting finding in work is that employees are perceiving subjective norms about performing security behaviours are less likely to give security advise to others. One reason that the article meantioned this is that individuals could add social pressure on these individuals. I pose that this could be negative pressue as well, even though this was not mentioned within the article. So, an employee’s behavioural norm could remain in conflict with the organization culture. This area of study is one area that was not revieweded and is an area that we could review further.
Literature Review
The problems of the modern day cyber security are as urgent as never before. With enterprises relying on computer and internet networks more and more often, IT security faces a significant number of issues. Researchers determine the nature of such problems in different ways. For example, Grau and Kennedy (2014) define such problems as “common threats faced today, such as malware, physical attacks, social engineering, social media, misuse, errors, and environmental effects” (p. 53). Moreover, the problems are approached from the perspective of their relation to different strata of society (e. g. citizens, governments, banks, and key infrastructures). The authors then note that the problems are caused by various “actors.” These are “the criminal,” “the hactivist,” and “the nation-state” (Grau and Kennedy 2014, p. 54).
Based on these findings, authors present the current trends and trends that are in development as of now. There are six current trends of interest. Firstly, the man-in-the-browser attacks, which are characterized by the criminal’s attempting to emulate a believable browser experience to gather information on security details (logins, passwords, etc.). Secondly, the ransomware is emerging; it is a malware that is embedded in the operational system as an anti-virus or any other type of malware protecting software. The goal of this malware is also to gather sensitive or compromising data. The third trend is the development of polymorphisms. This is a sophisticated malware that is generated for each user while remaining equal functionality-wise. Remaining trends drawn out by the authors include other types of malware (package exploit kits, new-generation botnets) and methods of causing network malfunctions (DDoS)
Other researchers focus on different topics; some may argue that these subjects are based on more general problems. Chin, Kaplan and Weinberg (2014) concentrate on the general problems that the current cybersecurity units face. These include insufficient cyberattacks protection, minimal efforts of improving cyber security in various institutions, and low engagement of senior leaders of public and private institutions in the problems of cyber security. Another article by Tisdale (2015) suggests that, despite the widespread problems which seem to take over the cybersecurity efforts, it is wrong to approach the solution search in technical, and information technology connected way. Instead, Tisdale argues, recent researches in cyber security call for a “comprehensive approach that considers business objectives, governance, and risk management along with organizational psychology and other factors such as those described in the Clinger-Cohen Act” (p. 191).
Thus, the trends may be perceived in different ways and via different approaches. Some argue that the cyber security efforts must be focused on fighting off the new-generation malware developed en masse by various criminals and criminal collectives across the world. Others call for developing a new perspective that would alter the approach to cyber security with taking different nuances into account. As of right now, there is no way to tell which approach will be the most beneficial one. However, while some tend to focus on developing the methods to fight off malware and cyber attacks, other researchers create new-generation tools that allow ensuring a higher quality of cyber security. For example, Fielder, Panaousis, Malacaria, Hankin and Smeraldi (2016) in their article provide “an analysis of a hybrid game-theoretic and optimisation approach to the allocation of an SME’s cyber security budget” (p. 22).
Another example of approaching cyber security is, for instance, an article by Craigen, Diakun-Thibault and Purse (2014) that has a goal of providing a more precise definition of what the cybersecurity must be. The authors conclude that “the more inclusive, unifying definition presented in this article aims to facilitate interdisciplinary approaches to cybersecurity” (Craigen, Diakun-Thibault & Purse 2014, p. 18). Thus, a more sophisticated theoretical approach is taken to represent the goals of cyber security. This allows for clearer understanding of the primary focuses that the cyber security units must preserve.
On the other hand, some researchers tend to concentrate on identifying practical approaches either undertaken by some organizations, or the approaches that are still being developed. For example, Nelson and Madnick (2017) provide a “list of approaches around cyber-security measurement and reporting” (p. 12). These approaches include measures of cyber-security compliance, tracking of risk based on business models, and cyber-risk activities tracking. Thus, it is evident that there is a focus on both theoretical and practical aspects of the problem.
The proposed study is going to consider both the theoretical and practical aspects of cyber security and apply the resulting information to social networks in an attempt to determine the factors that tend to affect the level of security in social networks. Social networks are becoming exceedingly popular with some of them being made for recreation and others for business (Saridakis, Benson, Ezingeard, & Tennakoon, 2016). As for network security, it is a complex and costly activity, which, however, is necessary to protect the shared data and users’ privacy (Jang-Jaccard & Nepal, 2014). A preliminary research implies that cyber security in social networks is a relatively understudied topic, but it is apparently significant because of the above-mentioned issues and the legal and ethical requirements to protect the information and privacy of the users (Jabee & Alam, 2016; Jang-Jaccard & Nepal, 2014). Moreover, it has been established that improved security is also a factor that the users take into account when choosing to employ a social network (Jabee & Alam, 2016; Kwon, Park, & Kim, 2014). In other words, legal, ethical, and survival reasons make cyber security a modern challenge for networks, which calls for extensive research. The proposed study will attempt to find and possibly explain the patterns in the development of network security. The specific research question that the proposed study intends to consider can be phrased as follows: do the size (number of users) and purpose of a social network affect its security level?
Research Model
The research model discusses the following variables. The independent variables include the size and purpose of the social networks that are going to be studied. The size is going to be operationalized as the number of users; the upcoming research will indicate which networks can be viewed as relatively big or small. The purpose is going to include business and recreation purposes. The dependent variable is the security level of the social networks. It is going to be operationalized through the number of safeguards employed by the networks and their relative effectiveness (Jabee & Alam, 2016). The specific criteria will be developed with the help of the literature on the topic. The mediating variable that is expected to limit or expand the effect of the independent variable on the dependent one is the funding (resource availability) of the networks. The future research will demonstrate if it is possible to find the information one the networks’ funding, which will help to operationalize the variable. When the specifics of the variables’ operationalization are apparent, an appropriate statistical analysis tool will be chosen.
Hypotheses
Four hypotheses that consider the relationships between variables can be proposed.
H1: the level of security of social networks depends on the purpose of these networks.
The first hypothesis implies that the purpose of the networks can define the sensitivity of the data used, which may call for additional safeguards. As a result, the following sub-hypotheses are offered.
H1a: the level of security increases for business-related networks.
H1b: the level of security decreases for recreation-related networks.
H2: the level of security of social networks depends on the size (number of users) of these networks.
The second hypothesis implies that a bigger number of the users can either result from greater security or call for better protection of the users (as follows from the literature review). As a result, the following sub-hypotheses can be offered.
H2a: the level of security increases for larger networks.
H2b: the level of security decreases for smaller networks.
It is also noteworthy that, as shown in the literature review, the security of networks is a complicated and costly phenomenon. It can be suggested that the availability of resources can limit or improve the ability of a network to ensure security. Thus, two additional hypotheses discuss the mediating variable.
H3: the relationship between the purpose of the network and its level of security is mediated by the funding of the network.
H4: the relationship between the size of the network and its level of security is mediated by the funding of the network.
The hypotheses and the variables are shown in Figure 1.
Figure 1. The relationship between variables and hypotheses.
Sample
The sampling strategy is going to use quota sampling to cover all the required “types” of networks, including big, small, business-related, and recreational ones. The coverage will improve the sampling validity (Terrell, 2015, p. 87). Apart from that, the size of the sample needs to be considered to ensure reliable results; this aspect can be calculated after a more or less comprehensive information on the currently existing social networks that fit the search criteria is gathered.
Limitations
Some of the limitations of the proposed study can be determined at this stage. In particular, some problems with attaining the information on the funding of social networks can be anticipated. Also, the choice of business-related networks is expected to be more limited than that of the recreational ones. Finally, the current operationalization efforts suggest that the criteria for the dependent variable need to be very carefully considered to provide an objective relative assessment of the level of security in networks. The first two issues imply the possibility of inefficient sampling, which will be limited by the availability of the information; the last issue suggests that the quality of research will depend on the quality of the criteria for the dependent variable. In other words, the latter issue may but does not have to result in limitations. Other limitations will become more apparent as more information on the research is gathered.
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining Cybersecurity. Technology Innovation Management Review, 4(10), 13-21.
Fielder, A., Panaousis, E., Malacaria, P., Hankin, C., & Smeraldi, F. (2016). Decision support approaches for cyber security investment. Decision Support Systems, 86, 13-23.
Grau, D., & Kennedy, C. (2014). TIM lecture series – the business of cybersecurity. Technology Innovation Management Review, 4(4), 53-57.
Jabee, R., & Alam, M. A. (2016). Issues and challenges of cyber security for social networking sites (Facebook). International Journal of Computer Applications, 144(3), 36-40.
Terrell, S. (2015). Writing a proposal for your dissertation. New York, NY: Guilford Publications.
Tisdale, S. M. (2015). Cybersecurity: Challenges from a systems, complexity, knowledge management and business intelligence perspective. Issues in Information Systems, 16(3), 191-198.
Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010, September). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548.
Dang-Pham, D., Pittayachawan, S., & Bruno, V. (2016). Why employees share information security advice? Exploring the contributing factors and structural patterns of security advice sharing in the workplace. Computers in Human Behaviors, 196-206.
Gradon, K. (2013). Crime science and the Internet battlefield: securing the analog world from digitial crime. Secur Priv, 93-95.
Jabee, R., & Alam, M. A. (2016). Issues and challenges of cyber security for social networking sites (Facebook). International Journal of Computer Applications, 144(3), 36-40.
Rocha Flores, W., Antonsen, E., & Ekstedt, M. (2014). Information security knowledge sharing organizations: Investigating the efect of behavioral information security governance and national culture. Computers & Security, 43, 90-100.
As cyber security threats continue to increase and evolve in complexity in the 21st century, all organizations globally are finding antivirus installation necessary. Among the most cyber threats affecting computer systems of most organizations today is ransomware. Ransomware is a computer virus that modern cybercriminals use to limit users from full or partial access to their computers. Until the victim pays a specific amount of money to the attackers within a particular time, cybercriminals can use the virus mentioned above to access the user’s sensitive personal or organizational information. They can temporarily block computer screens or specific files and send threats to information owners to get conditional payments. Ransomware is a 20th-century invention that continues to pose a threat to many computer users globally today. This essay will explore the historical overview of ransomware cyber threats’ functioning, evolution, and prevention.
Historical Overview
Ransomware was invented and implemented by Young and Yung at Columbia University and presented in 1996 at the IEEE security and privacy conference. The first version of the virus was AIDS Trojan, which happened in 1989 (Richardson & North, 2017). Since then, the ransomware scam has grown globally, and victims have lost millions of money. A Trojan is disguised as a legitimate file that the user can download or open when it arrives as a notification. Cyber-attacks have risen and evolved over the past few years. Payment is usually the attackers’ goal, and the victim is forced to pay to get back their files. The attacker has a convenient paying system that is hard to trace.
How Ransomware Works
Although ransomware attackers mainly target individual users, they might start targeting organizations soon, considering the speed with which cybercrime is evolving and increasing recently. Noteworthy, ransomware can enter a computer through messages and emails claiming to contain files with essential details sent from fake sources. These files can entice the user to download and click on specific links or botnets, after which the computer becomes infected with the ransomware. This malware can occur in two forms, either encrypting or locker ransomware (Srinivasan, 2017). The former contains complex algorithms that block users’ system files and demand a ransom for decryption keys. Examples of encrypted Ransomware include Locky, Cryptowall, and crypto locker. The latter ransomware limits the user’s complete access to their operating system by locking their apps or files. Although cybercriminals do not close the computer files or apps through encryption, they still demand a ransom payment. Common examples of locker ransomware viruses include win locker or police-themed ransomware.
Characteristics of Ransomware
Ransomware has several unique features that differentiate it from other malware. For instance, the victim cannot decrypt encrypted ransomware because the attacker owns and controls the access keys. Further, the Ransomware virus can affect all computer files, including pictures, documents, audio, and videos. Ransomware can shuffle the victims’ computer files, making it difficult to differentiate between safe and infected ones. This virus ensures the victim knows there is an encryption attack on their information and that they have to pay the required amount to access their files (Richardson & North, 2017). In addition, the users of the attacked computers face the risk of losing their data or paying more ransom if they make payments within the given timelines. Since the attacked computers are incorporated into the botnets, the attackers have more infrastructure to conduct more cyber-attacks in the future. Ransomware can spread to other computers using the same network, thereby damaging more operating systems. Ransomware can give cybercriminals access to sensitive information saved in the victim’s computer. Sometimes, the virus can send ransom messages to the victim in their national language, where the attack is geographical.
Method of Transfer and Execution of Ransomware
Successful entry and execution of a ransom virus in a target computer consists of a process of five phases. The infection and exploitation phase occurs after the successful installation of the ransomware in the target computer. Then, attackers execute the ransomware virus in the target computer through an exploit kit and Phishing techniques. The next phase involves delivering executable forms of malware into the victim’s operating system to enable a cyber-attack. In phase 3, the virus removes any backup folders or files in the computer system to prevent the victim from restoring the target information after the execution of an attack. After deleting the backup files, the target data in the computer system is encrypted using Ransom keys to limit the victim’s access (Mohurle, & Patil, 2017). After completing the above four phases, the notifications demanding ransom payments with a specific timeline display on the victim’s computer screen. If the victim exceeds the given timeframe, the ransom increases, or the attackers destroy the data.
Evolution of the Ransomware Threat
Recently, the threat of ransomware has been gradually changing targets and modes of execution. The transfer of ransomware with time thus has evolved, and it aims in desktop computers and less on mobile phones. Crypto-ransomware transfers data, thus restricting the user from accessing their data. File encryption ransomware involves symmetric encryption and asymmetric for decryption (Maurya et al.2018). The transfer is not only based on applications and emails but also activated in offline systems. Over the past few years, organizations that are not IT-based, such as hospitals. Such organizations are becoming attractive to cybercriminals because they have less knowledge about cybersecurity. In addition, the methods of transferring ransomware are evolving. Today, clicking on online adverts exposes one’s device to the threat of ransomware.
Preventive Measures
Ransomware threats are on the rise and affect people and organizations adversely. Detection alone is not an adequate measure in recognizing and cubing these effects, and thus, people should ensure responsible and secure use of computers and smartphones. Since ransomware works to achieve the aim of stealing data from computers, it is challenging to detect. Therefore, one should avoid clicking on links from unknown websites and disclosing personal information to stay safe. Those who plan the ransomware attacks try to access one’s personal information by calling or sending messages to the target users. When one notices such statements or receives such calls, they should avoid sharing any information from an unknown source (Richardson & North, 2017). Constantly update the programs and operating systems up to date to prevent cybercriminals from taking advantage of the vulnerability of the systems. It is safer to refrain from only downloading programs, files or adhering to messages from suspicious sources. When using public Wi-Fi, the computer is more vulnerable to cyber-attacks. Therefore, one should secure their computers with VPN services or avoid using public networks.
Conclusion
Finally, ransomware is increasingly becoming a typical cyber threat to individual and organizational computer systems. Since the first version of the malware mentioned above, organizations and personal computer users have lost valuable information and millions of money to cybercriminals since the invention and introduction. Ransoware makes personal or organizational information inaccessible to the owners by either blocking or locking the files or applications through encryption keys. After successful encryption, the attackers use the malware to extort money from the victim to exchange the encryption keys. In the past, personal computers were the main targets of ransomware attacks, but today operating systems of organizations and smartphones are vulnerable to this cyber threat. Therefore, people and organizations ought to take some preventive measures to stay cyber-safe, including refraining from downloading or clicking links from suspicious sources.
References
Maurya, A. K., Kumar, N., Agrawal, A., & Khan, R. A. (2018). Ransomware: evolution, target and safety measures. International Journal of Computer Sciences and Engineering, 6(1), 80-85.
Mohurle, S., & Patil, M. (2017). A brief study of wannacry threat: Ransomware attack 2017. International Journal of Advanced Research in Computer Science, 8(5), 1938-1940.
Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation and prevention. International Management Review, 13(1), 10.
Srinivasan, C. R. (2017). Hobby hackers to billion-dollar industry: the evolution of ransomware. Computer Fraud & Security, 2017(11), 7-9.
The Padgett-Beale Merger & Acquisition (M&A) has necessitated the implementation of a cybersecurity management plan. Since the acquisition, several developments have taken place, which will need to be taken into consideration in the development of a new high-level plan. The cybersecurity management plan is designed to allow Padgett-Beale Financial Services (PBI-FS) to begin operations on a new on-island location. Additionally, the new plan seeks to comply with U.S. banking laws, standards, and regulations. Most importantly, the plan highlights such recommendations as risk mitigation, security controls, and replacements for outdated software and hardware.
Before developing the cybersecurity management plan, it is important to highlight the key elements that will need to be secured against the cybersecurity risk. According to Vincent and Trussel (2019), cybersecurity is not a single risk but a collection of risks based on such aspects as the firm’s processes, culture, and actors. For the PBI-FS, the key risk areas include telecommunications, workstations, network equipment, electronic mail, public web server, banking applications and servers, and data backups and recoveries. All these items will need to be safe to void future problems, including any breaches and non-compliance to regulations. Therefore, the current plan will define the objectives, goals, and objectives, and scope of the implementation. Additionally, assumptions, constraints, project management plan, strategy implementation, and enterprise IT architecture will be detailed.
Goals and Objectives
The implementation of the cybersecurity management plan pursues both business and project goals and objectives. The difference between the two is the fact that the business goals and objectives have a broader scope that covers the entire company. Project goals and objectives are narrower and are specific to the cybersecurity plan. Each of these categories is a necessity for the success of implementation. The specific goals and objectives are described in detail in the sections below.
Business Goals and Objectives
Offer more secure banking services and improve the PBI-FS. The sole need for a cybersecurity plan is to secure all IT infrastructure deemed critical to a business. for the PBI-FS, a name ruined through money laundering may need to be addressed with the promise of transparency and greater security.
To improve the confidentiality of the stakeholders, especially the customers. The merger may offer better experiences to consumers and revive a dying business. However, it is the stakeholders who need reassurance that their confidentiality will be restored.
To improve the current state of security for the company information system. The merger and acquisition may present certain security challenges to the entire business. Therefore, the current plan seeks to boost the security of the entire business.
Project Goals and Objectives
To build the framework for the company’s cybersecurity framework based on safety culture. The cybersecurity management plan is built on policies and plans for all employees.
To develop an action plan for incident response by outlining specific actions to be undertaken in terms of security breaches. The plan is both preventive and reactive, which means it seeks to prevent incidences and offer effective responses to those that occur.
To build a platform for data security, which will ensure the privacy of all private financial information.
To forge cooperation between the stakeholders to facilitate the accomplishment of the M&A.
Scope
The scope of the cybersecurity management implementation plan is broad since it covers both the project and the business. From a business perspective, the cybersecurity management plan affects the information system (IS) integration in the M&A. Studies show that businesses have become pervasively dependent on the ISs, which now play a vital role in the value of M&As (Henningsson et al., 2018). The current M&A poses the same issues because it necessitates the implementation of mechanisms to protect its information system as part of the broader IT infrastructure. The cybersecurity management plan focuses on the actions of the entire company regarding the security of the new systems. Once the businesses have become one, stakeholders across the entire firm can affect the security outcomes. Therefore, the broader scope is to protect the company from any breaches in its IT infrastructure following the M&A.
The narrower scope focuses on the project itself, where the primary focus is to implement cybersecurity plans. The main purpose of a cybersecurity plan is to prevent information and other breaches. The effects of these incidences on the performance of businesses have been extensively explored with a key observation being that data breaches cause both financial and non-financial losses (Juma’h & Alnsour, 2020). The current project seeks to provide a framework on which these issues will be addressed. The cybersecurity plan is based on the fact that the M&A operates and ‘internet of things’, as characterized by multiple networks, hardware, and software, which need to be protected from digital attacks (Salam, 2021). Therefore, the scope includes data storage and retrieval, assessment and correction of vulnerabilities, compliance with the regulations, and data backups. As indicated on the project goals and objectives, the scope also extends to the building and maintenance of a cybersecurity culture through joint efforts of all the stakeholders.
However, several items are beyond the scope of this project. Examples include the actions of the other M&A teams assigned to different tasks. The cybersecurity team may operate autonomously from the rest but all the stakeholders will have different implications on the outcomes of the cybersecurity implementation. Other success factors may also be beyond the scope, which may include such external aspects as changes in IT legislation and compliance guidelines.
Assumptions
The primary assumption made in this project is that the IT infrastructure will remain vulnerable to both internal and external threats. The rationale is that a financial institution would be inherently prone to targeted attempts by hackers and other malicious intentions. Therefore, the primary aim would be to protect the company finances and, most importantly, the money and information about the clients. This assumption is further backed by the idea that financial institutions’ weakest points are their networks and other shared IT resources, which can be accessed remotely. Based on these assumptions, the cybersecurity management plan targets to strengthen all the weak points and to design them to raise the necessary red flags once attempts have been made.
Constraints
Project Constraints
The main project constraint is the fast-changing technologies and the emergence of new and disruptive ones. The current project involved the development of technical aspects to support and protect the current and new hardware and software. However, rapid development means that the current solutions could become obsolete within a short time.
The second constraint is time, which affects all projects and hampers their progress. The M&A has to be accomplished within a defined timeframe, which means that the team tasked with cybersecurity management will have limited time. Additionally, the fact that there will be new hardware and software to replace old ones means time will be consumed in configuration attempts, as well as any tests needed.
Legal compliance is another constraint that will affect all the project efforts. With new developments in technology, new laws are emerging, most of which are intended to safeguard the interests of the consumers (Selby, 2017). The implementation of the cybersecurity plan will be bound by these legal constraints that must be incorporated into the project tasks.
Barriers to Success
The greatest barrier to the success of the project is the incompatibility of the systems, especially with the new industry 4.0 transformation. According to Tripathi and Gupta (2019), industry 4.0 transformations cover such dimensions as organization culture, strategy, innovation, data availability, agility, and smart analytics. The M&A will have this consideration to make, which means that the cybersecurity team will have to give priority to any potential developments in this regard. The main argument is that companies are increasingly becoming interested in the new applications of recent technologies (Horvath & Szabo, 2019; Herceg et al., 2020). Therefore, the environment in which the cybersecurity management plan will need to work is extremely uncertain. New security requirements, most of which may still be under development, will be needed. If the team fails to anticipate the new needs and requirements, the security plans will fail to achieve the desired effects in terms of cybersecurity.
Another potential barrier to the success of the project is financing. It is important to consider that the current project is being implemented as part of a broader undertaking involving the M&A. therefore, limited finances may be allocated to the team, which might make its accomplishment difficult. As mentioned earlier, the fact that novel technologies may need to be considered means that it could be necessary to test certain aspects over time before full implementation. Such tests can be hampered by inadequate finances and, hence, the success of the project. However, it can be argued that the primary focus will be on existing IT infrastructure, which may alleviate the need for novel solutions.
Project Management Plan
Projects involving IT tend to constitute considerable investments that are intended to continue growing as a business seeks to improve operational efficiency. Therefore, firms have to learn how to leverage people, processes, and technology in the mitigation of IT project risks (Maruping et al., 2019). The cybersecurity project takes the form of a digital transformation where several factors are to be considered. People, process, and technology are the key dimensions in this project management plan where the main activities are outlined below.
People
People comprise the stakeholders who will be using the systems and who affect their security. The cybersecurity plan is intended to adopt a risk-based approach as described by Boehm et al. (2019), which begins with the governance of people and their activities. This dimension involves protecting the IT infrastructure from such incidences as unauthorized access and malicious activity from both internal and external stakeholders. Therefore, the plan for the people dimension in this cybersecurity management implementation includes the following:
Access control – one of the best initiatives in cybersecurity is controlling the access of the IT systems and the shared IT resources. Access control means restricting and authorizing access to the infrastructure, which is achieved through such means as passwords and other forms of protection. The fact that cybersecurity seeks the protection of financial information means that effective restrictions need to be implemented where only a few people can access sensitive data.
Data policy – a data policy dictates how data can or cannot be used in an organization. The cybersecurity management plan takes into consideration the fact that the previous protections were inadequate and that they made it possible for users to launder money. Strict data policy seeks to prevent such usage of data in addition to protecting any sensitive information.
Safety culture – in cybersecurity, a safety culture can be referred to as a cybersecurity culture (CSC). According to Corradini, (2020), CSC is unique to organizations because it cannot be replicated by others in terms of people’s values, processes, and technologies. The CSC is intended to create the necessary values that are currently lacking regarding the safe use of the IT infrastructure. In other words, the cybersecurity plan teaches people that security will not merely be an IT department problem but a collective effort from all organizational members.
Accountability – in cybersecurity, accountability can be described as the principle that all individuals entrusted to safeguard and control the IT infrastructure are answerable to the proper authority in case of such incidences as loss or misuse of the information or other key IT material. Holding people accountable begins by highlighting what people will be responsible for and how they are expected to handle the systems.
Processes
The dimension of the process involves outlining the activities within the systems. In the cybersecurity management plan, the process entails the specific actions intended to protect the IT infrastructure. The plan seeks to address several problems that have been observed with the previous security efforts, including fraud and money laundering. The processes that should help to protect IT systems and prevent the occurrence of these acts are summarized as follows:
Fraud prevention – the cybersecurity management plan monitors all transactions, their sources, and the parties involved to help prevent fraudulent activity. Verifications for each transaction will be required regardless of the amount, which should help ensure the people initiating them are validated.
Authentications for online banking – the M&A will be involved in online banking services, one of the most vulnerable operations for any financial institution. As a further effort to prevent fraud, the cybersecurity plan implements a mechanism for authenticating both the users and the transactions. The authentication protocols will be continuously updated as the online banking environment remains highly dynamic.
Restricting access to personal information – fraud and theft in online banking are often facilitated by the ability of authorized users to access the personal information of the customers. Therefore, the key protection process will involve an access protocol to be followed when such access is required. Most importantly, only account holders and the selected company personnel will be allowed access, all of whom will need to be accountable for both the access and use of the data.
Technologies
Artificial intelligence and deep learning – these new technologies will be used in access control and restrictions to personal data access. Artificial intelligence can be applied in such processes as two-factor authentication, which is intended to confirm the users’ identities based on two or three parameters. Deep learning can also be useful in data analysis, including such aspects as real-time communications, transactions, and logs. The data analysis from deep learning serves the purpose of detecting threats and unwarranted activities.
Embedded hardware authentication – PINs and passwords have proven inadequate because they do not offer foolproof protection to hardware. Embedded hardware authenticators are emerging technologies that can be used to verify users’ identities. Examples include Intel’s Sith-generation vPro Chips, which have been designed to revolutionize authentication security. Banking systems and their inherent vulnerability requires that such extreme steps be taken to protect even the hardware.
Data encryption – data shared across the networks will need to be encrypted to prevent hackers from easily copying and reading it. Decryption codes will only be available at the destination of the data, which means that only the intended recipients will be able to read it.
Firewalls – firewalls remain one of the basic security technologies used to filter incoming packets from the internet. The primary purpose is to prevent unauthorized communications into and from the system. The online banking systems will be particularly vulnerable and the cybersecurity management will ensure adequate firewalls for packet filters, stateful inspection, and network addressing translation.
Strategy Implementation
Security Controls
Baseline Controls
Strict authentication protocols – authentication protocols will be necessary for access to the shared resources and all access points. Internal access will require access controls for both hardware and software. For external users, two-factor authentication will be the primary security control, which will be accompanied by such measures as firewalls.
Data encryption – all sensitive data shared across the networks will be encrypted to prevent malicious attempts to copy and read information.
Data backup – a backup infrastructure will be created to caution against any system failures. All user data will be backed up and regularly updated to allow access when needed.
Firewalls – firewalls will be used as the primary perimeter defense, especially for all access points over the internet. The firewalls will filter all internet packets to control who accesses the systems and specific data.
Recovery and response plans – the recovery plan is intended to support the data backup operations in case of system failures. The recovery plan provided a guide on how to respond to any incident, especially after a system failure. The response plan handles all other incidences and seeks to address problems as hacking or other malicious activity.
System Development Life Cycle/Schedule
The system development life cycle comprises seven stages, as shown in Figure 1: planning, requirements or analysis, design, development, testing, deployment or integration, and maintenance. PBI-FS will use this framework in the implementation of the cybersecurity management plan, especially because new security systems will be developed and implemented. The planning stage helps define the problem and scope of activities. Additionally, the planning stage determines the objectives of the new systems and helps secure the necessary funding. PBI-FS requires new security systems for the IT infrastructure to facilitate the M&A. Among the problems identified include the lack of a formal IT security platform and the loopholes that have been exploited to facilitate fraud and money laundering. The planning stage clarifies that these problems are to be resolved and helps to accomplish the second stage: the requirements analysis. In this phase, both software and hardware requirements are outlined, as well as any potential alternative solutions identified in stage 1. Research and analysis will determine the security needs of all end-users, which will be used in the creation of a requirement specification document.
Figure 1: System development life cycle (Preston, 2021).
The design stage outlines the details for the overall system implementation. In the cybersecurity plan, the design stage will involve specific aspects of the security infrastructure, including security controls for both hardware and software. In other words, the design state covers the requirement specification document into a more logical structure that can be developed in a programing language or other system applications. The development phase follows the design stage where all the coding and applications are built to mirror the designs and to meet the specifications. In the cybersecurity management plan, the actual security platform is built, including all controls and frameworks. The technologies are either developed or applied to the security infrastructure as necessary.
Once the development is complete, the stage that follows is testing, which is done to assess whether the problem is solved. The testing phase is critical because it helps the team assess whether the design works as desires or whether it meets the requirements. Any challenges, deficiencies, and defects are monitored and corrected until the system perfectly solves the problem. When the testing is successful, the deployment or integration step is carried out, which means the actual installation of the security infrastructure. All modules and items in the framework are integrated and configured and protocols implemented.
The last phase of the system development life cycle is the maintenance stage, which can be a one-off activity or a continuous process. As a one-off activity, the maintenance stage entails addressing any residual bugs not covered during implementation. Additionally, any changes that might be necessitated by such processes as the configuration are implemented at this stage. As a continuous process, the maintenance stage involves continually monitoring and updating the system as necessary. This is because cybersecurity does not end with the implementation of a plan and technologies. The rationale is that technological development means that new requirements emerge, which necessitates new updates on the existing IT security infrastructure.
Milestones
Milestones in project management are critical because they help inform the progress of the project. According to Eik-Andresen et al. (2016), milestones can also be used as performance indicators depending on the nature of the project. The system development life cycle can be used to derive critical milestones involving the strategy implementation, including requirement specifications, prototype developments, and a fully functioning system or actual deployment. The success of the cybersecurity management plan depends on the development of a cybersecurity infrastructure to address the current problems. Therefore, the key milestones will include problem identification, proposed solution and alternatives, prototypes and testing, and solution implementation. The problem identification simply involves an analysis of all security issues that need to be addressed, and its achievement can be evidenced by a requirement specifications document. Solutions and alternatives can involve designing potential solutions and any suitable alternatives. The actual development will begin with prototypes that will be tested before they can be implemented as a solution. When the system is online and fully functional, it will mark the final project milestone.
Resource Requirements
The resource requirements for the cybersecurity management plan help outline what will be needed to facilitate the accomplishment of the project. As in all projects, the key resources are people and finances. People include the project team and any other personnel hired throughout the project. In this case, cybersecurity experts, program developers and designers, and other IT personnel will be engaged throughout the project. Finances are used to make purchases and payments for services, including the labor offered by people. In this project, some systems will be purchased rather than developed, especially the hardware. Software vendors may also offer ready-made alternatives which will also be considered. The amount of money will depend on the labor costs and prices of both hardware and software purchased.
Enterprise IT Architecture 1000
Figure 2: Overview diagram of enterprise IT infrastructure
Hardware
The cybersecurity plan seeks to implement massive changes to the current security infrastructure, which includes various hardware resources. As indicated in Figure 2 above, servers form much of the internal networks for which the company must protect. The hardware will also include computers used by the company staff to access the IT systems. Other forms of hardware may also be considered, for instance, laptops, phones, and printers. It is important to acknowledge that the cybersecurity plan seeks to update some of the hardware. The fact that the current IT security infrastructure is outsourced means that the M&A will have to invest huge sums of money on new hardware for both the active system and the backups.
Regarding the servers, the cybersecurity team must have to make critical decisions, including which servers to use and how to protect them. According to Aaron (2019), different server hardware is available for businesses, whose primary purpose is to manage networks and their shared resources. Additionally, the servers provide services to users, both internal and external. Due to the different functionalities, the cybersecurity groups will need to examine the current servers and their efficacy for servicing the current user needs. Replacement or updates will be made depending on several factors determined by the team as outlined in the requirement specifications. Besides the servers, internal computers, laptops, printers, and phones are to be updated or replaced accordingly. Such issues as usability, capacity, and scalability of capacity will be used to determine the course of action.
Software
The IT architecture can be described as an internet of things (IoT) because it connects systems, data storage, applications, and services. According to Ullah et al. (2019), all these interconnected elements can be gateways for cyber-attacks, which means that they are also the targeted areas in cybersecurity planning. In addition to the protection of hardware, much of the security aspects will cover the software elements and access points to the network servers. Firewall software will be a key element, especially one tied to external access points. The internet will be a key access point to the internal IT infrastructure, which means a perimeter defense will need to be established. Such aspects as two-factor authentication and deep learning software will be used to monitor any activity from the internet.
In the internal network, multiple software applications will be used, including databases and analytics. All software will be protected using the relevant antivirus applications, which will be among the items purchased from external servers. Depending on the developers, the type of antivirus will depend on whether the applications come with integrated antivirus offers alongside the software by the vendors. Alternatively, software without an embedded antivirus will be protected using a purchased antivirus from trusted vendors. The fact that the business offers web-based mobile banking means that mobile applications will be developed. These represent vulnerable software and a critical external access point that will need protection. These will integrate artificial intelligence and firewalls to achieve utmost security.
Network Infrastructure
Network infrastructure entails all resources of a network, including internet connectivity, business operations, communication, and management of applications, users, devices, and services. Internally, the network infrastructure comprises the servers and the interconnected devices. Examples include routers, desktops, laptops, printers, and phones, which will be attached to databases and other shared resources. The cybersecurity plan involves protecting these networks from malicious activity. The concept of network infrastructure security involves the process by which the network infrastructure is protected through preventive measures. Therefore, the security measures will include access control, firewall, virtual private networks, behavioral analytics, wireless security, and intrusion prevention systems.
Multiple approaches to network infrastructure security are available for PBI-FS, from which the best will be selected. Examples include segmenting and segregating functions and networks. This can be achieved through the use of such hardware as routers, whose primary function is to filter broadcast traffic. Another approach is the limitation of unnecessary lateral communications, especially peer-to-peer interactions. The company handles sensitive user data whose communication across a network should be highly restricted. Hardening network devices is another mechanism, which is focused on making sure industry standards are maintained regarding such aspects as available services, restricting physical access, network encryption, protecting routers, and use of strong passwords. Lastly, network infrastructure security can be achieved through securing access to infrastructure devices. The security options for the infrastructure hardware have been explored, and these tend to protect even the network’s access points.
Cybersecurity Defenses
Data encryption at every point – one of the best cybersecurity defenses is data encryption, which should be implemented at all points. This defense seeks to protect all sensitive data that is in use, transit, or at rest. Therefore, PBI-FS should focus on purchasing software with the necessary encryption capabilities.
Cyber threat awareness – PBI-FS will be faced with both generalized and specific cyber threats. The generalized category comprises ransomware, data breaches, and malware, which should all be addressed. The specific category of cyber threats includes specific intensities of the generalized threats. For example, data breaches may involve access to sensitive data, deletion, or copying or manipulation of information within the storage devices. Cyber threats awareness is a defense that focuses on raising red flags and alarms when these threats occur.
Threat intelligence – the use of artificial intelligence is growing rapidly, which means that the nature of threats is also continually evolving. Threat intelligence entails the use of artificial intelligence systems to assess unexpected applications, data, and user behaviors. Most importantly threat intelligence should help isolate and contain suspicious activity using early warning.
Cybersecurity awareness training – the employees working for the company can also pose a threat to IT security. Therefore, a good cybersecurity defense should include training all users regarding security matters and equipping them with the ability to detect threats. The workers can be taught how to avoid infections and which red flags to look for within the network.
Boehm, J., Curcio, N., Merath, P., Shenton, L., & Stähle, T. (2019). The risk-based approach to cybersecurity. McKinsey & Company.
Corradini, I. (2020). Building cybersecurity culture. In Building a Cybersecurity Culture in Organizations. Studies in Systems, Decision and Control (pp. 63-86). Springer.
Salam, A. (2021). “Internet of things for sustainability: Perspectives in privacy, cybersecurity, and future trends. In Internet of Things for Sustainable Community Development. Internet of Things (Technology, Communications and Computing) (pp. 299-327). Springer.
Tripathi, S., & Gupta, M. (2019). Impact of barriers on Industry 4.0 transformation dimensions. International Conference on Precision, Meso, Micro and Nano Engineering, (pp. 1-6). Copenhagen.
Learning about privacy breach issues and the means of managing them in different settings to protect the affected party has been an exceptionally important part of understanding the intricate details of privacy management laws. Having recognized the complexity and the essential aspects of managing data security breaches in the organizational setting, I will be able to ensure that the data management framework within my workplace setting functions impeccably. Moreover, additional tools for mitigating the effects of a possible information security breach will be introduced and implemented effectively.
Two legal principles studied during this course have been of particular importance to me. Namely, the principal standard of the HIPAA, as well as the concept of cybersecurity, have proven to factor into some of the key aspects of my professional and personal life. For instance, taking retrospect on some of the events that have taken place in my life, I will have to admit that knowing the principles of managing information security would have been of great help. For instance, having a clear understanding of HIPAA would have allowed me to recognize the challenges of maintaining safety when seeking healthcare services (Cohen & Mello, 2018). As a result, I would have been more considerate when choosing what information to disclose to the healthcare practitioner.
Similarly, learning about the principles of data breach notification would have prompted me to be more careful with trusting my personal data to companies that seemed rather inconspicuous at first but turned out to be a source of multiple complications with addressing the issue of information leakage. Overall, the course has provided crucial information that should be applied both to professional and personal settings to safeguard vulnerable information from third parties.
Customer data management is a challenging and complicated task, especially in the contemporary digital context, where exposure to emergent threats and cyberattacks is huge. Therefore, creating a system of customer notification in case of a cyberattack, with detailed instructions for the further course of actions to secure one’s personal data, must be introduced in any organization.
Moreover, security issues may occur even in the situations that could seem as fairly standard and mostly safe procedures. Namely, the use of credit cards could turn out to be compromised due to exposure to third parties, which is why learning about the PCI DSS (Payment Card Industry Data Security Standard) was vital in understanding how the rights of consumers could be further protected. Remarkably, a range of people tend to neglect some of the vital security measures, such as setting two-factor authentication, which is critical according to the PCI DSS standards (Wilson et al., 2018). Therefore, promoting active education for general audiences regarding the safe use of digital services and the related tools is essential to enhancing information security, particularly, in the business context.
However, education about data security management is often fraught with numerous complications even in the workplace setting. Being under the pressure of multiple factors, employees tend to select the solutions that provide results as fast as possible, which is why some of the security measures may be neglected, leading to customers’ personal data exposure. To protect the target population from a potential cyberattack, a company must reinforce the importance of complying with the set standards, as well as educate employees on the topic of information safety management. Thus, major issues such as data breaches will be avoided successfully.
Wilson, D., Roman, E., & Beierly, I. (2018). PCI DSS and card brands: Standards, compliance and enforcement. Cyber Security: A Peer-Reviewed Journal, 2(1), 73-82.
Is hacking an internationally accepted concept? Can hacking be positive for security systems of different corporations and how? How the global community can encourage hackers to cooperate in improvement of security systems? What are the main goals of hackers when they break security systems of international corporations? What are potential threats of hacking if it is performed by competitors/enemies/terrorists?
Working thesis
The possible advantage of cooperating with hackers for security systems mangers of international organizations and governmental organizations is the probability to recruit them and use their knowledge to empower different organizations to improve their security systems to prevent vulnerability of these systems and possible leakage of information with regard to the threat of terrorist attack.
Problem Statement
The problem concerning hacking exists since the late twentieth century but now it is based on the lack of knowledge and skills in professional system engineers who work for international corporations and governmental organizations.
As such, investigation should include assessment of the technological basis of the organizations and their knowledge management and recruitment strategies opposed to advanced level of hackers who crack security systems all over the world. Besides, possible cooperation of hackers with terrorists and other organizations and people that impose potential threat on security systems of the countries should be excluded by recruiting hackers by government agencies and international corporations.
Rationale for Study
The reason for conducting the research is the emerging number of technological innovations that increase the possibility for security system invasions and the hypothetical ideas of recruiting hackers so that they work for privately own and governmental organizations. In this respect, hackers can be hired on legal basis to cooperate with security system managers to improve the measures adapted to these systems.
Methodology
Method of inquiry
The method for the research includes analysis of secondary sources as the research questions are not aimed at evaluating the possibility for cooperation and percentage of hackers that may agree to work for government. Besides, assessment of research questions is planned to be performed with the help of previous researches conducted on the concept of hacking and their motivations and ethical issues.
Previous research
The previous researches concerned the development of hacking in different periods, namely, 1980s and 1990s when this was perceived in different ways by the community, non-governmental and governmental organizations. In other word, different authors attempted to label hackers as crackers or advocate for the positive influence of hacking as it contributes positively to analysis of gaps in security systems of different organizations.
Literature Review
The resources reviewed for this research proposal include articles from scholarly journals and conference proceedings. For instance, Roberts and Webber (2002) elaborate on the ethical issues and importance of practical experimentation in analyzing vulnerability systems.
So, this study advocates the hackers’ activity while the report by Stockwell (2008) is aimed at dwelling on the role of hackers in society with regard to the propaganda of democratic ideas and beliefs and the nature of hacking and their ethos for knowledge and desire to examine their skills.
Expected Outcomes and Limitations
It is expected to review the sources available on the issue of hacking in terms of positive and negative perception of this social phenomenon. The limitation includes inability to demonstrate cooperation of hackers with government in practice due to theoretical nature of the research.
Reference List
Roberts, P., & Webber, J. (2002). Virtuous hackers: Developing ethical sensitivity in a community of practice. Australasian Journal of Information Systems, 9(2), 172-177.
Stockwell, S. (2008). We’re all hackers now: Doing global democracy. Proceedings of the CreateWorld08 Conference, 7-10 December, 21-20. Web.
Analysis of the practice of investigating high-tech crimes shows that, in most cases, the information contained in electronic media is used as evidence in criminal cases. The latter is most often seized in the course of investigative inspections, seizures, searches, other investigative actions, and operational and investigative activities. Objects of forensic science are storage mediums that are not part of other devices and which fulfill the function of information storage as the main one. These include external hard disk drives, including those connected via USB interface; optical data storage media (CD, DVD, Blu-ray disks); various designs of flash memory cards (Lehto and Neittaanmäki 44). In the course of investigative actions, such as almost obsolete data carriers such as floppy disks (flexible magnetic disk drives), magnetic tape drives (streamer cassettes), magneto-optical disks, and disks for Zip-drives may also be found. In addition, electronic data carriers are internal hard magnetic disk drives installed using computer technology. It is on such devices, which are part of the servers of companies and employees’ personal computers that there is most often information of particular interest for the investigation.
Recently, storage of large volumes of computer data in so-called cloud storages, located on remote network servers, has become increasingly widespread, which must be taken into account when searching for forensically relevant information. It is also necessary to keep in mind that most modern electronic digital devices are equipped with various types of flash memory cards. Criminals may intentionally conceal relevant information by writing it to a flash card placed in a device that may not recognize the information. For example, a photo frame hanging on the wall may have a memory card on which, along with photo files, other files not playable by this device are recorded. Textual information may be encrypted or covertly placed in other types of files using steganography methods, which will require the use of cryptanalysis and steganalysis algorithms in laboratory conditions during specialized expertise.
Criminalistics distinguishes four stages in the handling of digital data in the process of investigation: identification, collection, retrieval, and preservation of the information acquired. The first step involves finding and recognizing relevant evidence and documenting it. This stage prioritizes the collection of evidence-based on the value and variability of the evidence. The second step consists of collecting the devices containing digital data that may serve as evidence. These media are then analyzed in a forensic laboratory or agency to collect and analyze digital evidence (Lehto and Neittaanmäki 67). This process is referred to as a collection of static data. The basic principle behind the implementation of the third stage is that digital data must be retrieved as an integral massive. As part of the preservation phase, it is essential to ensure the integrity of the digital data by means of an evidence preservation system. Additional steps in the media handling are analysis with specialized programs as well as reporting of the work performed.
As part of this investigation, computer analysis was performed on copies of hard drives seized from the laboratories. The computer forensics was conducted under the U.S. Attorney’s Office’s supervision per all accepted computer forensics methodologies. As a result of the examination, a report was drawn up describing all the crimes identified during the work with the seized information. In this case, the specialists performed all the necessary steps in working with digital evidence, including the identification, collection, acquisition, and storage of information and its analysis and report writing.
Work Cited
Lehto, Martti, and Pekka Neittaanmäki. Cyber Security: Critical Infrastructure Protection (Computational Methods in Applied Sciences). Springer, 2022.
Over the past twenty years, cyberspace has become an integral part of people’s lives in many developing countries. Gcaza and Von Solms (2017) note that “nowadays, having Internet access is deemed to be a basic human right” (p. 1). The economies and politics of developing countries have also undergone partial digitalization. It has lifted tens of millions of people out of poverty and strengthened the economic positions of many developing nations in the world arena. However, it would be unwise to believe that cyberspace is where only honest and kind people do business for personal or public benefit. Along with the expansion of cyberspace, cybercrime has emerged and spread widely. The actions committed by cybercriminals in the online space threaten the lives and well-being of ordinary people in real life. According to Schjølberg (2018), “if digital systems are insufficiently secured, this may result in cyberattacks that can destabilize governments, electoral systems, economic systems, media spheres and public debate” (para. 10). Therefore, one of the critical tasks of developing nations today should be developing their cybersecurity workforce.
The lack of a cybersecurity workforce sometimes creates problems for underdeveloped nations that foreign professionals from wealthy countries cannot solve. For example, “inadequate legislation on cybercrime contributes to making countries of the Global South attractive hiding places for criminals” (Schjølberg, 2018, para. 11). The increased crime situation in the online space and real life threatens people’s lives, monetary assets, and personal data. It also discourages international global business actors from interacting with emergent nations’ markets. Therefore, the cybersecurity workforce is crucial for the healthy economic development of developing countries.
Digitalization and globalization have allowed many people in underdeveloped countries to acquire digital and information technologies such as personal computers and smartphones. The problem is that many of them start using these devices both in their personal lives and in their workplaces, being uneducated about the basics and nuances of cybersecurity due to the lack of a cybersecurity workforce in these countries. It threatens the security of Internet users in these cyberspaces. The fact that cybersecurity is only taught at universities only exacerbates the situation (Venter et al., 2019). The lack of education in cybersecurity primarily affects the female population (Venter et al., 2019). The cybersecurity workforce will enable developing nations to create an effective cybersecurity education program that will provide the necessary knowledge for the population.
The lack of help from developed countries in the training and education of a cybersecurity workforce for developing nations can negatively affect the former. One of such negative consequences is the growing activity of cyber terrorists and cybercriminals in the online space of wealthy countries. Cooperation and collaboration between all actors of the global network are essential to ensure the safety of users on the Internet (Wanglai, 2018). It is impossible to achieve without qualified specialists in national cyberspaces with knowledge of linguistic, religious, and cultural characteristics. It is in the interest of all political and economic players in developed nations to help developing partners build a professional cybersecurity workforce.
The ignorance on the part of advanced countries of the opportunity to help emergent nations create a cybersecurity workforce could lead to the latter’s cyberspaces becoming safe spaces for actual terrorists and radicals. It is no secret that recruiting new members to terrorist organizations and the hiring of mercenaries, the targets of which are often the population of developed countries, takes place on the territory of developing ones. The cybersecurity workforce allows the governments of underdeveloped countries to effectively protect “cyberspace from becoming a platform for terrorists to recruit members and disseminate radical ideologies” (Wanglai, 2018, p. 130). Training and education assistance from wealthy nations means global security.
Assistance from developed countries in building a cybersecurity workforce accelerates the development of developing partners’ competencies in cyberspace governance. It is challenging for two international actors to agree on a particular subject in disputes involving cyberspace issues without this. Lack of consensus can lead to cessation of cooperation, sanctions by a stronger actor, and even confrontation. Wealthy countries should help emergent nations to train cyberspace workforce for global security and economic cooperation. It is also worth noting that knowledge by all international actors of cyberspace governance accelerates the development of common Internet legislation (Wanglai, 2018). It would allow harmonizing many processes in the global online space.
Public and private organizations also contribute to the development of cybersecurity in developing countries. For example, the Commonwealth Telecommunications Organization promotes “a culture of cybersecurity and effective cyber governance through the establishment of cybersecurity frameworks, standards and guidelines” in Africa, Asia, and South America (Commonwealth Telecommunications Organization, 2017, para. 4). The Anti-Phishing Working Group coordinates the response of governments, other non-governmental organizations (NGO), and private actors to cybercrimes and conducts cybersecurity research (About us, n.d.). Many other NGOs that operate on the Internet could also act as intermediaries and consultants on cybersecurity issues to achieve overall security and well-being. Inaction on the topic of cybersecurity can lead to problems that humanity has never faced before.
