Table of Contents
CHAPTER 1 3
Introduction 3
Background. 3
Significance of the study 4
Theoretical Foundations 5
Researcher’s Positionality 8
Purpose of the Study 9
Research Questions 10
Definition of the Terms 10
A. Cyber Security 10
B. Threats 11
C. Business Data 11
D. Attacks 11
E. Firewall 11
F. Authentication 11
G. Data Encryption 11
H. Hacker 11
I. Incident response plan 12
Summary and Organization of the Remainder of the Study 12
Chapter 1 12
Chapter 2 12
Chapter 3 12
CHAPTER 2 LITERATURE REVIEW 13
Introduction 13
CHAPTER 3 18
Research Methodology 19
Research Design 20
Study Population 22
Data Collection Methods 23
A. Face to face interviews 23
B. Telephone surveys 23
C. Online surveys 24
Data Analysis and Procedures 24
Limitations in data collection and analyzation 24
Validity and Reliability of the Study. 26
Trustworthiness of the Study 28
Ethical Considerations 29
CHAPTER 4 30
Results 30
CHAPTER 5 31
Conclusion 31
References 33
CHAPTER 1
Introduction
Organizations are facing an increase in challenges with the rapid increase of security threats and attacks with the advancement of technology. Internet user are prey for cyber criminals who release malicious malware and links. Personal information found on different media streams also makes it easy for cyber criminals to target their prey. Cyber security is a term sitting in the centre of many minds as malicious attacks damage continuously corporations and companies. Cyber attacks not only destroy the corporate bottom lines.
Cyber threats negatively impact all businesses that use modern technology (Hinde, 2001). Cyber-attacks come through phishing, malware, spear-phishing, brute force, credential stuffing, ransomware, and so on. Some of these threats include social engineering, third-party software, vulnerabilities due to cloud computing, and challenges in handling corporate security. Some organizations struggle still to treat cyber security like business ending, bottom line financial threat.
The first chapter of this paper is the introduction, which includes the background, problem statement, significance of the selected topic, conceptual framework, research questions, and the purpose of this study. The second chapter offers the literature review of the topic. The third chapter explains the methodology, and the final chapter provides the research paper’s summary and conclusion.
Background.
We live in a digital era that has seen change in the way certain things are done. Changes have come about in the way we watch movies, apartment renting, buying clothes, booking flights, learning, research, communication, and e-commerce. Most of the things needed are just but a click away, brought about by the internet and electronic media.
Due to the growth of the use of the technology, innumerable incidents of security breaches, fraud, malicious attacks have become rampant. For the safety of all internet users, there is need for cybersecurity. Cybersecurity is deemed to protect one from criminals, fraudsters, hackers, and anybody with the intent of harm either financially, mentally, or theft of data online. If one is not cautious enough, fraudsters hack and obtain personal information or data of organizations for personal gain.
.Problem Statement
Every business organization aims to successfully conduct its business by achieving all its business goals and objectives without facing any disturbances. This is mainly because many organizations are not aware of analysing the cyber-attacks or threats effectively and successfully. So, to get awareness, every business organization must have the potential knowledge about the cause of the various cyber-attacks and threats. /Are you saying that organizations require knowledge of attack-deterring technology.
Significance of the study
Our dependency on the internet has become immense. It is wrong to assume one’s safety in the sense that only big organizations are more susceptible to hackers. A normal consumer connected to the internet if not vigilant enough is at the risk of getting trapped easily. Cyber infiltrators have developed many ways of hacking into systems. In this day and era, cyber security helps maintain order, and keep the internet safe for users. The current digital era has influenced change in the ways we buy things, bills get paid, watch movies, how people pay mortgages and rent houses just to mention but a few. Incidents of security breaches are widely reported as well as fraud, malicious cyber-attacks, fraud, hacking, cyber-bullying making it necessary for the need of cyber security.
People globally are connected through a connection of devices resulting from the fast development of technology. With the emergence of the dark web, cybercrime activities have been on the rise. Criminals compromise computers and obtain personal data and information illegally as most people are universally reliant on information and communication technology. Cyber security minimizes your exposure to threats and helps one stand a chance against these threats.
Theoretical Foundations
Cybersecurity means protecting and securing programs, networks, data, and other confidential information from unattended or unauthorized access, change, or destruction. China and the U.S, India have more internet users in the current world. The rise of modern technologies mainly ranges from Big Data and IoT to machine learning and artificial intelligence. Based on that, technology has transformed how all organizations evolve, compete, and operate. combine these two sentences to make a point of some Strategically deployed, competitive technology help businesses enjoy better control of their cyber safety and profitability
The changing nature of every digital environment keeps hackers increasingly aggressive with more dangerous tools and larger attack surfaces. Many vulnerable endpoints of artificial intelligence can operate employee credentials from the networks related to the Internet of Things. Additionally, the evolution of every workplace technology improves the refinement of cyberattacks. The increase of companies will be proportional to the increase of data breaches stakes. Economic cybercrime can destabilize the economy of the country, transaction systems, and banking security through credit or debit and financial theft. All these cyber-attacks are almost connected to devices, and they can be an accessible medium for spreading viruses. One of the common attacks is a denial of service. It is a problem that attempts to make a network resource or machine unavailable to various intended users. It can easily suspect different services connected to the network that may be permanent or temporary. So, hindering the other operations of a service or website through data destruction and alterations will be helpful to avoid attacks. The current situations of harming someone’s reputation, inferring a fake identity, and threatening email can lead to mental challenges for those people. Moreover, misusing social media advantages can also create tolerances to provoke riots.
As business companies become more reliant on the digital world, their exposure to cyber-attacks or threats also increases. It certainly does not imply that all organizations go for critical investments. If they did, then their potential surface should be aware of dangers and issues. The specific environment of the IoT networks can boost reliance on the particular cloud, and its problems are internally linked to how companies operate on present business. For instance, IoT networks mainly functioned by way of hundred connected network devices distributed across the office building, supply chain, and most importantly, workspace. These devices can be connected to the WAN, and cyber attackers can easily manage them to compromise an individual’s assets to breach the rest of the organization’s network.
Relating to that, investing more could increase the company’s risks in processing and storing proprietary offsite data. Generally, the expansion of this cloud computing can also enable many benefits that include cost savings and greater organizational flexibility. It relies on different clouds such as hybrid, private, or public that primarily require the detailed protocol for cybersecurity. Some providers come under the third party because they may or may not be responsible for cloud security. So, cloud computing and IoT networks are not alone in relating to many companies because they are the only new range for the issues in cybersecurity. Artificial Intelligence, Machine learning, DevOps, Blockchain, and other emerging technologies will take a better interest in the digital environment security. However, these technologies should reap many advantages of modern technologies in mitigating cybersecurity issues.
The development of modern capabilities and platforms leads to many competitive organizations’ critical vulnerabilities. Managed service providers must analyse what tactics cybercriminals will use to benefit the unprotected and unprepared organizations. Ransomware, DDoS attacks, and Botnets are some types of digital weapons that cyber attackers will use to compromise confidential information and breach networks. Even though many strategies exist, the latest wave in the innovative workplace is increasing the specific environment of cloud computing, and IoT networks make these attacks more accessible and more devastating.
Preventing a system and the breach of its network requires adequate protection against various cyber threats and cyberattacks. The proper countermeasures should be used or deployed to deter it from influencing a weakness or vulnerability for every incident. The first-line defenders in an organization should focus on implementing and assessing adequate security controls. Then some of the best ways to prevent cyber threats or issues will include anti-malware software, installing spam filters, implementing security awareness training, expanding cybersecurity policies, installing endpoint response & detection, and deploying better generation firewalls. For better measures, businesses should also utilize various cybersecurity measures to maintain their cash flow, business data, and customer data safely online.
Due to all these high internet penetrations and cyber threats or issues, cybersecurity technology is becoming the world’s most significant necessity because the threats and cybersecurity issues are too dangerous to the country’s security and successful business organizations. For this security, the companies, governments, and citizens must spread awareness in society to update better network security to the system settings to properly utilize the antivirus software so that every network and system security settings will stay malware and virus free.
Researcher’s Positionality
The internet in many ways has vastly helped in the way people go about their daily livelihoods and communicate. Nations, individuals, companies, and organizations are intertwined as different avenues for businesses are introduced, and governing through various platforms by the government is made easier. Despite the positives and the endless list of services and opportunities available, many risks emerge most of which are not known to the consumer.
Companies suffer losses of millions as most of the company’s data is stored online which in itself is a vulnerability to cyber hacks and thieves. Cyber security cost is high when dealing with cyber thieves, costs which sometimes trickle down to compensation to consumers or losing money to cyber-crime. The safety of many businesses is not guaranteed more so companies in the sectors concerned with technology, financial services, energy, and manufacturing. Firms incur extra costs in trying to manage cybercrimes ranging from cyber security technology expertise, public relations support, ransomware, and insurance premiums. Further, companies are hit with indirect costs from cyberattacks such as the interruptions in the normal operations which decreases output and results in revenue loss which may in some instances lead to damage to a company’s reputation.
Anybody and any business are a potential target of a cyber-attack. Criminals identify with key assets of interest to them from which they can exploit. Exploits range from financial information, personal information of staff and customers, or the infrastructure of the business. Once one understands why cyberattacks happen, one understands better the risk one faces and how best to go about it. Mostly, cyber-attacks are propagated by financial gain but others are influenced by other reasons. Cyber attackers may either be from the inside or the outside of an organization. Insiders mostly have remote access to the organization and its assets a good example being that of employees either trusted, careless, disgruntled, or malicious insiders.
Cyber security is important as having a robust security solution is deemed essential. The risks cannot be simply ignored as there are too many threats out there that could cost one his livelihood making prevention key. Training of staff is essential as employees are aware of the most common ways cybercriminals use to access information. Updating software and systems help minimize weaknesses to one’s network. Patch management systems are a wise investment where the software is managed and kept up to date. For remotely bridged devices, endpoint protection is recommended for the protection of networks. Phones, tablets, and laptops which are connected to the corporate network often give access paths to security with the protection of specific endpoint protection software. Firewalls are also one of the most effective ways of defense from cyber-attacks. Brute force attacks are protected by the firewall before they cause any irreversible damage
Purpose of the Study
In the last decade, the significance and attention towards cybersecurity have increased due to various cyber threats and attacks. The primary purpose of this study is to conduct a significant and practical analysis of cybersecurity issues, attacks, and threats. Thus, the most valuable information is provided by selecting the practical conceptual framework to make the research successful by fulfilling all the research objectives and goals. Every business organization aims to expand its business successfully worldwide by increasing its business reputation and brand value. However, this cannot be achieved when there is any cause of the cyber threats and attacks within the organization, leading to a decrease in their business reputation within the global market, and it will not be easy to expand their business successfully. To avoid this, organizations need to have the potential knowledge about the various cyber-attacks, threats, and issues that result in their business failure. Therefore, this proposal seeks to discuss key aspects to obtain practical analysis related to the various cyber-attacks and threats. First, the significance of cybersecurity is provided, then the different types of cyber-attacks and threats, effects, significant reasons for these cyber-attacks and threats; finally, the measures that the business organizations can adopt to reduce the occurrence of these cube attacks and threats to the maximum extent.
Research Questions
● What role does cybersecurity play in today’s world?
● What are the effects that business organizations face due to cyber-attacks and threats?
● What are the primary reasons that cause these attacks and threats within the organizations?
● What measures can business organizations adopt to reduce these cyber-attacks and threats?
Definition of the Terms
The key terms in this field are cybersecurity, threats, data, attacks, firewall, authentication, encryption, hacker, etc. Apart from these consistent and most common factors, there are still many major ones for the current study.
A. Cyber Security
Cybersecurity is defined as protection, which ensures security for computer systems from cyber-attacks. It is considered a required field in managing security aspects in the business. Therefore, most companies tend to use cybersecurity principles in business activities for development methodologies.
B. Threats
Threats are referred to as the faults or damaged actions attacked in the business companies. It can either be internal or external ones where internal ones would occur because of its employees.
C. Business Data
Data in business companies in the powerful instinct that regulates work concerns. It is the most critical asset in making business activities get executed successfully.
D. Attacks
Attacks in the business are known as the preceding view of threats where both seem to be the general cause of damage exemption in the workplace.
E. Firewall
A firewall is system software that works with the idea of protection. A firewall is an intermediary system between the internet and the user’s computer. It works as a protective interface that helps the business world to address security concerns and provide security.
F. Authentication
Authentication is a security factor that every organization prefers to ensure customer segmentation for business security. This would check in all the perceptions and work for the business benefits.
G. Data Encryption
It is the process through which data changes its form from one point to another through which the visibility of the data and the integrity can be ensured positively.
H. Hacker
Hacker is a person who can be referred to in two ways, one is positive and the other negative. This means that the positive one would help work for the insights caused in the business systems. However, at the same time, the negative ones use knowledge to hack other systems and imply fraud actions.
I. Incident response plan
An incident response plan in the business is referred to as the pre-existing plan to be maintained by companies to work with technical and network security issues. This helps in working with unfortunate incidents and balances the business conditions.
These are the various terms used in regulating the business modules to be secured by implying the cybersecurity issues in being proactive in the organizational views.
Summary and Organization of the Remainder of the Study
This section of the current view summarizes the concept used and the mentioned insights as per the assignment. This includes various headers used in completing the assignment and their contribution towards the successful end of the procedures.
Chapter 1 makes a compelling case is made of the problem under investigation, th purpose of this study, and research questions to be investigated. Where applicable, theoretical or conceptual framework upon which the dissertation is based should also be introduced. The significance, the purpose of the view taken, the study presented for the topic, the definition of each term used in the contextual understanding of the dissertation are also looked at.
Chapter 2 deals with review of literature where summaries of what is known, and what is unknown is identified about the topic of the dissertation study. The chapter serves as the foundation which the study is built. Major findings and relevant methodological issues are included. Relevant examples of research that reports findings that do no support the case being made for the dissertation should also be included. Literature review
Chapter 3 reviews the methodology used. The design of the research is described in detail in this chapter paving a clear understanding for the readers of how the study is conducted, and helps future researchers are made aware of what procedures to follow should they want to replicate this study.
CHAPTER 2 LITERATURE REVIEW
Introduction
The first computer worm came about in the year 1988. A student at Cornell University created a string of code that spread from one computer to the next leading to consumption of memory and later shut down. Approximation by the security officers was that the worm knocked down 10 percent of the internet despite no harm being intended by the offender causing thousands of dollars in damages. Programmers from Berkley and Prude eventually came up with solutions to stop the worm. The perpetrator was convicted under the Computer Fraud and Abuse Act later on sentenced to three years in prison with a probation of 400 hours of community service and a US$10000 fine. The cyber threat landscape has considerably changed since then.
Jaccard & Nepal (2014) argue that cyber-attacks have resulted from the vast growth of the interconnections of the internet. Malicious intents carried out by malware are the primary means by which attacks are instigated through cyberspace, either by the exploitation of the vulnerabilities that emerge propelled by the different characteristics of the different technologies. It’s an urgent requirement for the development of more effective and more so innovative mechanisms for the defense mechanisms deemed urgent in the cybersecurity community. With the increase in dependency on technology, cyber attacks have grown in numbers. The economy and critical infrastructures such as hospitals financial institutions all depend on the internet and computer networks. Companies suffer the most with the time lost by companies in recovering from these attacks when counted estimates the total cost of cyber attacks to reach a staggering $385 billion.
Cyber attacks are rampant as they are convenient, cheaper, and contain less risk than physical attacks. Only a few expenses beyond a reliable internet and a computer are required. Cyber attacks are not restricted to distance or geography and can’t be easily identified or prosecuted as a result of their anonymous nature. The number of attacks is estimated to grow as information attack is lucrative and very attractive. According to many cybersecurity experts, malware is the key choice o weaponry used to execute malicious intends aimed at the breach of cybersecurity. Malware is loaded into the system without the knowledge of the owner because of compromising the system to an adversary’s benefit. Some prime examples of malware include; Trojan horses, spyware, and bot executables. Malware keeps evolving taking new forms as the emerging technologies mask themselves and avoid detection (Jaccard & Nepal, 2014).
Interchangeably the word cyber security can also be used to mean information security. These two terms concepts can be compared to each other despite there being a substantial overlap. Cyber security in its meaning not only relates to the protection of information but further of other assets such as individuals themselves (Jaccard & Nepal, 2014).). All the technologies and practices deemed to keep the computer systems safe and data in an era where online usage has become a social norm. the Cyber Security and Infrastructure Security Agency (CISA) hold that cyber security ensures confidentiality, integrity, and information availability (Patterson, 2021).
Getting hacked goes beyond the threat of personal information or a company’s data as it ruins the relationship with clients creating legal jeopardy. Nowadays technological advancement has seen everything rely on technology ranging from self-driving cars to homes enabled with internet control systems and security systems. The demand for cyber security practitioners is high as almost all businesses today have an online presence as the need for protection of data and information is paramount. Organizations with valuable customer data, individuals’ personal information, and governments need to protect state secrets adopt a measure for cyber security to prevent the compromise of their databases. In 2017, 147.9 million people’s information through breach of credit was compromised (Patterson, 2021).
Malicious software known s malware is intrusive software developed by criminals or by the dark web to damage and destroy computers and computer systems according to CISCO. This malware exfiltrates large amounts of data examples being viruses, worms, trojan viruses, spyware, adware, and ransomware (Ursillo & Arnold, 2019). Phishing attacks communicate fraudulently masking themselves as reputable sources through emails or mobile phones. The aim is to obtain information such as financial information or the log-ins to different individual amenities such as bank logins (Patterson, 2021). Ransomware renders files and systems unusable through encryption followed by ransom in exchange for decryption.
Tunggal (2021) holds that cybercrime is profitable with the demand for information being on the high. With the advancement of technology and software development information theft is on a tremendous rise. Identity information mostly found on cloud services makes it easy for hackers. Energy grids and controls to industries are destroyed causing disruptions. Cyber-attacks also are aimed to control the integrity of organizations by either destroying or changing the data the easiest form of cyber-attacks is social engineering which is the easiest mode of entry. There is practice of poor cyber security practices as ransomware, spyware, and phishing are among the easiest way of gaining entry.
Cyber threats may emerge from within an organization at any level. One might argue that training is not recommendable and is not wise to employees within an organization. All businesses are small industries, highly regulated industries with the perfect example of the health industries, or large organizations that are heavily affected by data breaches as there is heavy reliance on computer systems daily. This paired with poor cloud service security creates a vulnerability that was non-existent a few years ago (Tunggal, 2021).
Cybercrimes are getting government recognition globally with the GDPR as a good example. All organizations operating in the EU as a means of increasing reputational damage are forced to; “amply convey and communicate data breaches, anonymize data for privacy, appoint a data protection officer, and require consent to process information” (Tunggal, 2021). Public disclosure is not only limited to Europe. In all the 50 states in the U.S there are data breach laws with the commonalities being;” the requirement to notify the affected soonest possible, let the government know as soon as possible, and pay some sort of fine” (Tunggal, 2021).
(Tunggal, 2021) s of the view that cybercriminals are finding nowadays more sophisticated methods of obtaining information, as they have changed their targets, their effect on organizations, and the mode of attack they use for the different systems of security in place. The Ninth Annual Cost of Cybercrime Study from Accenture and the Ponemon Institute states that there has been an increase in the average cost of cybercrime in an organization by $1.4 million to $13.0 million within the last year and breaches in data rising by 11 percent to 145 averagely. This creates the need for the management of information risk.
Tunggal (2021) holds that information obtained from data breaches includes; financial information such as credit card numbers, details of bank accounts, protected health information (PHI), personal identifiable information, (PII), trade secrets, intellectual property, and other industrial espionage. The vast distribution of the nature of the internet, the difficulty in policing as cybercriminals attack outside targets of their jurisdiction, the profitable nature of the dark web, and the mobile gadgets proliferation and the Internet of Things are some factors fuelling the growth in cybercrime.
Damages to businesses damage businesses in a range of ways which include economic costs, reputational costs, and regulatory costs. Economic costs include intellectual property theft, theft of corporate information, trading disruptions, and damaged systems repairs. The reputation cost is where consumers lose trust in the organization which leads to loos of customers present and in the future, and poor media coverage. Regulatory costs are costs where organizations may be subjected to regulatory fines or sanctions resulting from cybercrimes. Staff must have the know-how of all the possible threats and the measures to take when they are faced with threats. Training the employees helps minimize the risk of data leaks or the risk of breach. It is difficult however to detect and understand the direct and indirect costs of the security breaches. It does not necessarily mean that the reputational damage or a small breach in data is not large (Tunggal, 2021).
The governance of cybersecurity and the management program risk because of the organization’s size should be established. The cyber security risk is a risk that needs to be considered as a significant business risk in line with the other risk assessments in place an example being operational, compliance, financial, and reputational risk. Some frameworks are voluntary and are used to consider the assessment risk best-related practices. The National Institute of Standards and Technology NIST Cybersecurity Framework includes five functions which are continuous and concurrent;
Identify; come up with an understanding in the organization to handle cybersecurity risk to the systems, assets, people capabilities, and data.
Protect: Make safeguards appropriate for the insurance delivery of the critical services
Detect: Put in place activities for the identification of an event of cybersecurity.
Respond: set up activities for action taking regarding the detection of incidents of cybersecurity
Recover: Manage appropriate activities for the maintenance of resilience plans and the restoration of any capabilities or services impaired as a result of the incident of cybersecurity.
CHAPTER 3
Methodology
Introduction
Cybersecurity is defined as the type of process for protecting computer systems, mobile’s, valuable data from attacks, and many other electronic devices (Iqbal et al., 2019). Cybersecurity is also called electronic or information security. Cybersecurity is applicable in many contexts, such as from business to mobile computing, and it can be divided into some categories. Network, application, information, and operational security are some categories. Cybersecurity has gained attention due to its ability to protect data against different types of threats. Information technology is developing at high speed, so there is an impact on the issues and threats to cybersecurity (King et al., 2018).
Cybersecurity is still struggling to address the detail about multidimensional cyberattacks gaining an advantage due to increased sophistication (Iqbal et al., 2019). The main problem with cybersecurity is global because it mainly depends upon technology and culture. The factors related to the different types of threats and issues will vary according to the specific extent. Cybersecurity faces many issues due to different types of attacks such as IoT, cloud, phishing, Ransomware, and many different types of attacks (Lykou,2018).
Cybersecurity is critical because it will protect different data types from threats or damage. Cybersecurity protects valuable data, personally identified information, intellectual property, governmental and industrial information systems. The usage of cybersecurity can help organizations and business from data breaches, identity theft and prevents different types of cyberattacks. Cybersecurity will prevent the systems and data from unauthorized access, unauthorized deletion of data, and unauthorized data modification.
Statement of the Problem
Protecting privacy and security and data in computer systems has always been the biggest challenge in recent days (Iqbal et al., 2019). Every organization and business is always trying to conduct the work effectively by achieving the organization’s goals or the business without any issues. The security issues that organizations are facing are increasing every day at a rapid speed. The technologies used by the attackers are increasing rapidly, so organizations should adopt new technologies to protect themselves from many challenges or issues.
Organizations should also find the cause of the cyber-attacks because it will help prevent them from happening again. The increase in online traffic has increased the total number of vulnerabilities (Loi et al., 2019).
The owners of organizations should make effective security plans by considering different attacks to prevent cyber-attacks from happening. Nowadays, most small and large organizations store their valuable data in the cloud.
Therefore, business owners need to make best practices and regulations surrounded by valuable data. The vulnerability that abounds for small and large-scale organizations in the present world has increased (MelwinSyafrizal et al., 2020). Understanding a hacker’s methodology will help mitigate the threats of having the data stolen. Staying ahead in the cybersecurity game will prevent the damage that results in data breaches.
Research Methodology
The qualitative research method aims at obtaining data through open-ended conversational communication. This method is not only about what people think but also about why they thin so. It allows for in-depth and further probing questioning the respondents based on their responses, with the interviewer and the researcher trying to understand the motivation the participant has and their feelings ( ).
This model is designed that helps reveal the behaviors and the perceptions of the targeted audience with reference to a particular topic. The different ways to conduct qualitative analysis include an in-depth focus in interviews, research, case study research usually used. The results of qualitative methods are more descriptive with the inferences easily drawn from the available data. In a world where it is difficult to understand what people think and the different perceptions, qualitative research methods made it easier to understand as it more communicative and descriptive ( ).
Research Design
The selected qualitative methodology is applied effectively to make the research successful by fulfilling all the research aims and objectives and the research design.
Due to the increase of many advanced technologies in this modern world, many business organizations are adopting these technologies to improve their business operations and functions to the maximum extent. However, many cyber attackers or hackers are involved in causing cyber threats or cyber-attacks to affect business organizations by losing their sensitive information regarding their business and customers (Rantos et al., 2020). To know more about these cyber threats and issues, effective browsing has been done from the following information.
Many cybersecurity experts have concluded that some cyber threats make business organizations face more significant losses, mainly from cyber attackers. Malware is considered the most common cyber threat faced by the organization at which the attackers aim to cause malware mainly to compromise the particular system within the organization and gain complete control over the system without knowing the system owner. This malware has been classified majorly into the following types: Trojan horses, spyware, worms, viruses, and many more. The main reason for malware attacks is the lack of cybersecurity within organizations.
Due to the occurrence of cyber-attacks, the reputation of the business organization is reducing within the business organization. With this effect, the potential customers towards the specific business organization are reduced (Robles-Gómez2020). Also, the efficiency of the business organization is found to be decreased to a greater extent as many pieces of evidence prove that the business efficiency and the reputation of the organization are found to be decreased, and due to this, the more significant loss has to be faced by the entire business management (Rios et al., 2019).
Then the significance of adopting and following the legal mechanisms by every business organization is very beneficial to ensure the safety and the success of the business, especially while handling cybercrimes. Business organizations can maintain their business reputation to the expected level and improve the business efficiency to the greater level if they follow the legal mechanisms without failures, especially in handling cybercrimes within their organizations. Also, with this, it is possible to identify the specific number of attackers responsible for the cause of the attack, and also this helps to make the potential customers retain within the organization. Every business management needs to know the leading causes of cyber threats or attacks within the organizations.
Some of the most common causes that lead to cyber threats within the organization are if the specific organization does not identify the significance of enhancing effective cybersecurity if effective authentication is not ensured for the systems within the organization if the proper access controls were not maintained within the organization. Such having the potential knowledge regarding cybersecurity and the cyber threats for the business organization will be helpful to protect their business from the cause of the cyber-attacks or cyber threats.
Therefore, it is the primary responsibility of the business management to offer practical training for all the employees so that it will be possible to bring complete awareness regarding cybersecurity, cyber threats, attacks so that the employees can be able to detect when there is an occurrence of such situations within the business organization. Offering practical training to all the employees will be very advantageous to the organization in managing and preventing all cybercrimes, attacks, and threats to the maximum extent.
Also, the following are some of the adequate security measures that help ensure the business organizations effective cybersecurity within their business by protecting all the business information safely from all security concerns. Some of these include setting adequate logging credentials for all the users to access the systems within the organization; effective authentication systems must be adopted, proper firewalls and other security software must be implemented within the organization. All the above aspects ensure the business organizations or the learners know more about the significance of cybersecurity, cyber threats, cyber-attacks that are essential to be known by them to achieve their business success to the possible extent.
Study Population
The targeted population is mostly the victims of corporations and organizations who have experienced loss of data. The general public also will be questioned on their awareness of breaches of cyber security. Experts will be questioned on the cyber security measures, breaches and measures adopted for protection of data.
Data Collection Methods
A. Face to face interviews
Face-to-face surveys about how different people were affected by cyber security breaches either directly or indirectly. The victims of cyber security breaches were asked how they were affected and the extreme to which the breach affected them personally. The victims shared what measures they took either in reporting or the legal action taken against the organizations to which they had entrusted their data. Questions on whether there was awarding of damages or compensation were asked with the victims detailing how they handled the experience personally. Follow-up questions on the facial and behavioral cues that seem at odds with what the participants were explicitly saying were also introduced in the survey an example being of how they have never seen adverts cautioning against downloading content that pop-ups while using the internet. The pop-ups mostly mask themselves while in the real sense they are malware and viruses. Questions were asked of whether or not while in high school there was an education about cyber security and measures one adopts when there is a breach of cyber security.
The face-to-face surveys were recorded in order to maintain the integrity of the interviews as human recollection cannot be trusted. The targeted members for the face-to-face survey were mostly the victims of Twitter Spear Phishing Attack 2020 and the Zoom credential hack. Members of the general public were also questioned about the hacking of the voting systems in the US.
B. Telephone surveys
Due to the restrictions associated with the pandemic, some victims of the breach of cyber security preferred telephone calls to questionnaires or face-to-face-to-face surveys. Similar questions to face-to-face surveys were asked. These interviews were also recorded with experts being the main target of telephone surveys.
C. Online surveys
Surveys through social media with open-ended questions were tabled to participants in written format through emails with similar questions to face-to-face surveys as well telephone surveys. The participants were required to respond to the questions in text in a detailed.
Limitations. Written questions were issued to the participants in form of questionnaires.
Data Analysis and Procedures
The secondary analysis of data is analysed in the research. In this data analysis process, the various processes include cleaning, modelling, and the transformation of the information to discover the important information for the decision making which relates to the research study. Only significant data will be extracted as well as make the decisions based on the analysis of the data.
Journals, articles, videos, websites, interviews, past research from the various sources available. As soon as the critical data is collected the processed information and record the detailed notes on the things that stuck out in the analysis, the tie or details of the date, and the highlights from the interaction. The data recorded is recorded as soon as possible to avoid misappropriations of the data as they are freshly recorded and accurately recorded.
Limitations in data collection and analyzation
Hand-written notes were time-consuming as they needed to be transcribed for digital study, protect the information in case of destruction, and physically filed or kept for reference. There was a misinterpretation especially with the online surveys that could not be corrected at the time. Some questions were not properly answered as participants argued that some research questions were misleading eliciting answers not core to the subject of the research. Audios were time-consuming too as they took a lot of time to transcribe. When starting the surveys at first, surveys were left incomplete as the interviewers were not well equipped with training in carrying out the survey.
The social and technical elements of cybersecurity and cyberwarfare. At a tactical and technical level, cyber security is deemed relevant s well as strategic on the international level. The methods to deterrence, traditional in nature, and sovereignty are called into question when dealing with cyber security. Cybersecurity and cyberwarfare are comprised of many elements both technical and social requiring the multidisciplinary approach to fully comprehend it creating many challenges in the research field.
The lack of cybersecurity skills is a problem universally experienced. There is a shortage of just about 3 million positions. There is heavy competition from the various stakeholders for recruitment from the small number of cyber security professionals. It is hard to find a researcher in this field to the extent that some universities struggle to find and retain researchers and lecturers.
Discipline is inadequate amongst the researchers which contribute to the lack of awareness. In 2015, Raytheon and the National Cybersecurity Alliance published a study result showing that 67% of men and 77% of women in the US and 62% of men and 75% of women globally lacked any awareness in high schools or secondary schools on careers in cybersecurity (Florentine, 2015).
There is stereotype bias towards women in the field as women are discriminated and more octenyl than not when carrying out research women’s ideas and opinions are undervalued by the employers.
. There is a lack of flexibility in the research hours and the long periods required to carry out the research is a primary obstacle.
Availability of data is a problem when conducting the research. Governments and big corporations are unwilling to give out the information or give partial detail on successful cyber-attacks. Getting relevant and useful information more so for testing new algorithms is very difficult. Where the law requires that breaches be reported, accessibility of the said information is easy as public announcements are made often. There is no legal mandate for breach of information which is personal therefore not requiring the public to be notified of other cyber-attacks that are not affected by the data. There is even less data on cyberattacks against industrial systems posing as an obstacle in investigating these areas.
The cleanliness of data is problematic and the consistency of data. The categorization of data often differs in turn limiting the accuracy of data analyses according to vendor and computer security incident response team (CSIRT). Change in categorization by some vendors posing as another challenge (Pretorius, 2016). There is heavy reliance on secrecy and deception when conducting research making it necessary for one to filter through erroneous reports. Data collection based on human perception is questionable and needs to be considered more example of a person without the knowledge of a cyberattack affecting his or her organization giving the wrong information that he has never experienced a cyberattack (Van Niekerk, 2011).
Validity and Reliability of the Study.
As with any research project, the collection of data plays the biggest role and is incredibly important. Several aspects come into play in the process of collecting data. The cost, efficiency and accuracy of the data collected are the factors that influence most the reliability and validity of the research. Face to face and mobile surveys, as used in this research, still remain the most popular data collection method.
Online surveys help reach vast numbers of people over a large geographical area. Online surveys are convenient more so in this pandemic times. The potential disadvantage it has compared to face-to-face surveys cannot be overlooked. Online surveys cannot be trusted in the manner as face-to-face surveys as the increase in error in the stimulation of each stimulus is more. Time is saved, there is flexibility in that the respondents can fill the survey whenever they feel best which in turn increases the response rate. The incentive to lie is minimized as people tend to be honest as they feel that there is more anonymity. Most people especially those with unconventional views are more honest online as they are not affected either by te intonation of the interviewer or their personality.
Face to face interviews help with accurate screening as the interviewee mostly cannot provide false information or the interviewer is able to distinguish and clarify facts that are true and untrue. One is able to capture the verbal and non-verbal ques an example of the body language when one becomes uncomfortable with a question asked. The interviewer has control over the interview and keeps the interviewer focused and on track. Technological distractions are avoided validating the information provided more. An interviewee’s emotions and behaviours are captured by the interviewer.
Like the online surveys, phone surveys provide a high response rate. They are more so accessible, they provide anonymity which some participants prefer, they are prompt as data is managed easily and processed faster, good interviewers can brin out more thorough and substantial responses through telephone surveys. Telephone surveys are better for the public opinion as data is collected through telephone interviews.
Trustworthiness of the Study
Cyberspace depends on data technologies to negotiate associations between several species across various transmission formats and prevails reliant on financing technology. These interchanges commonly arise without manual locality, and those helping to rely on cyber systems must prevail, eligible to expect the all-around human specialized networks that benefit cyberspace. A comprehensive conversation of cybersecurity agreement would stand expanded by comprising faith as a key-key significance to encourage direct agreement conversations.
Further, beneficial cyber systems must retain stability formulated into them. This paper asserts that trustworthy cyber systems are crucial aspects of resilient networks and accordingly prevail substance to cybersecurity agreement. The journal accentuates the significance of dependability for resilient cyber systems. The influence of relinquishing faith prevails to underpin the assertion that a resilient cyber system ought to formulate dependability. The journal shuts by illustrating a comprehensive pair of program significance from the distinction between confidence, trustworthiness, and solidity for helpful cybersecurity.
Trustworthiness stands for a theory that includes: intimacy, dependability, soundness, insurance, and protection. Competent of existing commissioned to achieve whatever significant provisions may prevail desired for a specific ingredient, subsystem, procedure, format, plea, exploration, company process, industry, or additional commodity. The level to which a data strategy can live is anticipated to protect the intimacy, quality, and availability of the data fabric distilled, stocked, or communicated by the procedure across a vast expanse of risks.
A reliable data procedure occurs in a speculated network to stand eligible for operating within defined categories of stake despite the environmental upheavals, mortal mistakes, structural downfalls, and calculated invasions that exist anticipated to transpire in its climate of policy. Computer hardware, software, and techniques: live relatively comfortably from intrusion and mishandling; furnish an acceptable category of availability, dependability, and appropriate procedure; rather conform to accomplishing their conscious tasks, and adhere to typically approved protection.
Competent prevailing expected to conform whatever important provisions may occur desired for a particular element, subsystem, technique, configuration, request, journey, industry, or additional commodity. A trustworthy strategy occurs in a policy that satisfies specific withdrawal provisions in expansion to important additional provisions from a secrecy standpoint.
Cybersecurity prevails in the process of upholding computers, waiters, portable appliances, electronic techniques, formats, and data from hostile invasions. Information safety maintains the quality and intimacy of data, both in warehouses and in transit. Trustworthiness pertains to a communication strategy’s responsibility and proficiency in delivering durable and valid advice and contracts. We preferred the phrase trustworthy because it signifies innocence, proficiency, loyalty, and enthusiasm. We intend reliability to characterize data strategy faults.
Data circulated by the nation occurs both existing and established on immediate analysis if no one creator is recorded. In standard, print magazines with writers and listed references prevail because they furnish references that texts can substantiate. You can constantly learn data from any basis.
Ethical Considerations
In any business field of implying various applicable acts and decisions as part of the overall procedures made in the business, ethics need to be balanced in every activity executed. Ethical standards and management of each of these standards are more vital for business decisions and security management within the scope and need of the business activities. Considering ethics as a primary factor in the management of any business activity related to any business domain tends to be crucial as the resulting actions are always beneficial towards the work culture of the organizational environment.
By following the ethical standards as part of the business, organizations usually make profits out of it and hence work to develop business more informative and efficient. In cybersecurity and business management, standards utilizing the work preferences need to be worked on such that it gives out a view on the satisfaction with the need to integrate the business activities. The ethical considerations that are made in the current research are, mainly in data collection, we are to choose people based on one vital factor such that the need and ethical management are satisfied.
The other scenarios where ethical considerations are implied are to use articles that priorly satisfy the requirement but are not based on any other factor. Having standards that are more general and likely to be preferred in the business are coherent, and hence business would always imply a decision based on which each of the scenarios is meant to be known and worked equally.
CHAPTER 4
Results
Approximately 132 participants were provided with the link to complete the questionnaires online. The survey was open for a week and after automatically closed where no more survey responses were allowed. There was a reasonable number of results with 57 responses received. This result together with the phone interviews and the face-to-face surveys was used to get the people’s perception of cyber security and online policy. 85% of the respondents were aged between the age of 39 and 49. 30 of the respondents were well equipped with measures to counter cyber security while 40 would rather not share any information online. More than 95% people were concerned with the amount of information they share online, 3% not so much but to a certain extent while 2%did not care at all.
When questioned about their preferred preference when browsing the internet, 98 % agreed to their personal information remained private and secure and not shared with third parties or the general public as the remaining 2% did not care if their information remained private or not.
The questions of the people’s perception on different statements to online privacy and cyber security in relation to whether their information, despite keeping it private was secure seemed to bring an equal dispersal of agreement. All were in agreement that keeping online personal private doesn’t guarantee its security. Most were in agreement that preventing a breach in cyber security is almost inevitable but one ought to take measures to make it harder for cyber criminals to gain access to personal or corporations’ networks. 95% agreed that there need be for awareness to workers or individuals of the measures one can take in order to protect their networks. 65% percent of the participants had no prior training or knowledge of the different ways criminals introduce malwares into their devices.
75% of company officials maintain that an increase in cyber security is paramount and resources are allocated annually for cyber security to help prevent attacks. Majority of company’s prepare for when cyber attacks occur not if. Only one third of the companies interviewed are completely confident in the security of their information and even less confident about the security measures of their business partners.
CHAPTER 5
Conclusion
Computer security is a vast topic gaining importance due to the high rate at which the word is becoming interconnected. Nowadays networks carry out critical transactions. Security of information diverges yearly as does cybercrimes. Organizations are getting challenged on how to secure their information with the disruptive technologies along with new cyber tools emerging. There is no perfect solution for cybercrimes but we should try our level best to minimize them in order to have a safe and secure future in cyber space.
References
Bradshaw, S. (2015). Combating Cyber Threats: CSIRTs and Fostering International Cooperation on Cybersecurity. SSRN Electronic Journal. DOI: 10.2139/ssrn.2700899
CYBERSECURITY VULNERABILITY ANALYSIS VIA VIRTUALIZATION. (2017). Issues In Information Systems. DOI: 10.48009/4_iis_2017_91-98
Ham, J. (2021). Toward a Better Understanding of “Cybersecurity.” Digital Threats: Research And Practice, 2(3), 1-3. DOI: 10.1145/3442445
HOW FINANCIAL INSTITUTIONS ADDRESS CYBERSECURITY THREATS: A CRITICAL ANALYSIS. (2021). Issues In Information Systems. DOI: 10.48009/1_iis_2021_63-74
Hinde, S. (2001). Cyberthreats: Perceptions, Reality, and Protection. Computers & Security, 20(5), 364-371. DOI: 10.1016/s0167-4048(01)00503-x
Interorganizational Information Sharing: Collaboration during Cybersecurity Threats. (2021). Public Administration Quarterly, 105-122. DOI: 10.37808/paq.45.1.5
Iqbal, A., Gunn, L. J., Guo, M., Ali Babar, M., & Abbott, D. (2019). Game Theoretical Modelling of Network/Cybersecurity. IEEE Access, 7, 154167–154179. https://doi.org/10.1109/ACCESS.2019.2948356
Katzan, H. (2016). Contemporary Issues in Cybersecurity. Journal Of Cybersecurity Research (JCR), 1(1), 1-6. DOI: 10.19030/jcr.v1i1.9745
King, Z. M., Henshel, D. S., Flora, L., Cains, M. G., Hoffman, B., & Sample, C. (2018). Characterizing and Measuring Maliciousness for Cybersecurity Risk Assessment. Frontiers in Psychology, 9, 39–39. https://doi.org/10.3389/fpsyg.2018.00039
Loi, M., Christen, M., Kleine, N., & Weber, K. (2019). Cybersecurity in health – disentangling value tensions. Journal of Information, Communication & Ethics in Society (Online), 17(2), 229–245. https://doi.org/10.1108/JICES-12-2018-0095
Lykou, G., Anagnostopoulou, A., &Gritzalis, D. (2018). Smart Airport Cybersecurity: Threat Mitigation and Cyber Resilience Controls. Sensors (Basel, Switzerland), 19(1), 19–. https://doi.org/10.3390/s19010019
Mednikarov, B., Tsonev, Y., &Lazarov, A. (2020). Analysis of Cybersecurity Issues in the Maritime Industry. Information & Security: An International Journal, 47(1), 27-43. DOI: 10.11610/isij.4702
MelwinSyafrizal, Siti RahayuSelamat, & Nurul Azma Zakaria. (2020). Analysis of Cybersecurity Standard and Framework Components. International Journal of Communication Networks and Information Security, 12(3), 417–432.
Nieto, A., Acien, A., & Fernandez, G. (2019). Crowdsourcing Analysis in 5G IoT: Cybersecurity Threats and Mitigation. Mobile Networks and Applications, 24(3), 881–889. https://doi.org/10.1007/s11036-018-1146-4
Pranggono, B., &Arabo, A. (2021). COVID‐19 pandemic cybersecurity issues. Internet Technology Letters, 4(2). https://doi.org/10.1002/itl2.247
Rantos, K., Spyros, A., Papanikolaou, A., Kritsas, A., Ilioudis, C., &Katos, V. (2020). Interoperability Challenges in the Cybersecurity Information Sharing Ecosystem. Computers (Basel), 9(1), 18–. https://doi.org/10.3390/computers9010018
Robles-Gómez, A., Tobarra, L., Pastor-Vargas, R., Hernández, R., & Cano, J. (2020). Emulating and Evaluating Virtual Remote Laboratories for Cybersecurity. Sensors (Basel, Switzerland), 20(11), 3011–. https://doi.org/10.3390/s20113011
Rios Insua, D., Couce-Vieira, A., Rubio, J. A., Pieters, W., Labunets, K., & G. Rasines, D. (2019). An Adversarial Risk Analysis Framework for Cybersecurity. Risk Analysis, 41(1), 16–36. https://doi.org/10.1111/risa.13331
Sarker, I. H., Kayes, A. S. M., Badsha, S., Alqahtani, H., Watters, P., & Ng, A. (2020). Cybersecurity data science: an overview from m machine learning perspective. Journal of Big Data, 7(1), 1–29. https://doi.org/10.1186/s40537-020-00318-5
Škiljić, A. (2020). Cybersecurity and remote working: Croatia’s (non-)response to increased cyber threats. International Cybersecurity Law Review, 1(1-2), 51-61. DOI: 10.1365/s43439-020-00014-3
Suo, D., Siegel, J. E., &Sarma, S. E. (2018). Merging safety and cybersecurity analysis in product design. IET Intelligent Transport Systems, 12(9), 1103–1109. https://doi.org/10.1049/iet-its.2018.5323
WHAT IS CYBERSECURITY AND WHAT CYBERSECURITY SKILLS ARE EMPLOYERS SEEKING?. (2019). Issues In Information Systems. DOI: 10.48009/2_iis_2019_62-72
Ulven, J. B., & Wangen, G. (2021). A Systematic Review of Cybersecurity Risks in Higher Education. Future Internet, 13(2), 39–. https://doi.org/10.3390/fi13020039