The Threat from Malware and Viruses
Question:
Discuss about the Challenges in Cyber Security for Business.
There has been threat from malware and viruses since the inception of computing in the modern world. It was seen that there was no awareness regarding the security of the data that were stored in the machines until there was a splurge in the use of the internet. The internet provided a huge platform for the machines so that it can be capable of doing other things as well rather than just storing the data. It also saw the rise in the population of the hackers who were skilled enough to steal the data that was stored in these machines along with committing fraudulent activities. This is what is known as cybercrime in the recent world (Van der Berg et al., 2014).
Since the inception of the internet and penetrating in to the common household, it was seen that there was around 3.4 billion users who actually took advantage of the World Wide Web due to commercial or personal reasons. The way of tackling these situations is an affair that is based on multiple disciplines, which spans across the software and hardware so that it can help in fighting the cybercrime along with minimizing its impact. The process of cyber security is evolving on a constant manner and is trying to eliminate the threats that are coming up in the world of technology on a daily basis (Elmaghraby & Losavio, 2014).
The main objectives of the project will be to evaluate the challenges that are present in the cyber security when it is applied in the businesses. The major harm is done by the hackers to the business organization, as they try to extract out the information so that the companies can be blackmailed for monetary benefits (Sadeghi, Wachsmann & Waidner, 2015). It can be seen that the rise in the information and communication technology will enable the world to operate in an automated manner where the societies will be running cars and planes in an automatic way. These advancements in the technologies will help in bringing greater efficiency, which will result in lowering of the congestion of traffic and pollution as well (Tisdale, 2015). With these advancements, it would require just a cyber attack, which will bring the entire technology to a complete halt. The compromisation of the central network will result in the halt of the entire network, which would result in the loss of human lives as well. The fall in the essential services will result in the chaos in the particular countries, as the social and economic tensions will rise in those areas due to an external force (Sharma & Tandekar, 2016).
The level of awareness is increasing in the recent period but there are instances where the devices can be bought, which has poor measures of security, as there are no built-in security accessories within those devices. These devices can be used for fraudulent activities, which may help in increasing the wreckage of the devices that are meant to protect the machines. The crimes that are related to cyber security come in different formats, which range from denying the user to access the websites that are important to them along with blackmails. It is also inclusive of the manipulation of data, destruction of evidences and the extortion of important information from the different websites of the companies. To do this, the hackers use various types of tools as well, which includes spyware, ransom ware, and malwares along with the alteration that can be done in the devices physically.
The Evolving Process of Cyber Security
It can be said that the scope of the cyber attacks are huge and the rise in the problems is known as attack surface, which is the size of the vulnerability that can be presented in the software and hardware. It can be further stated that the software along with the hardware can be compounded, as there are provisions of multiple vectors, which will instigate the attacks. The attacks are more targeted towards the infrastructures that provide facilities such as communications, electricity and transport so that it can be possible to bring down the entire network and bring the place to a halt. This will lead to greater amount of repercussions, as the shutting down of the electrical grids will result in the economic loss and have consequences that can be life-threatening.
Ransom ware and crypto ware
The easy access to the tools that are responsible for extortion of money is increasing on a daily basis, which has given the cyber criminals an upper hand in carrying out the fraudulent activities. Crypto ware aims at targeting the individuals and the enterprises by asking them for a payment when they try to open any files that are encrypted. The most well-known of this software is known as Cryptolocker that has earned more than $3 million before it was stopped by the security vendors in the United States and the United Kingdom (Scully, 2014). In reality, these kind of ransom will not be paid, which encourages them in extorting it using the models that are available in the business. Most of the victims try to restore the data rather than backing it up, which is not always practical. This is a real-time situation for the companies where they lose the record of their productivity and are denied access to the data, which is sometimes higher than the ransom (Cherdantseva et al., 2016).
Another program is the Ranscam, which asks for a payment for the decryption key, which consists of the files that are encrypted. The owners simply have to make a payment for the files that have been deleted earlier. This type of program destroys the trust of the victim regarding the recovery of the data (Reddy & Reddy, 2014).
Multi-vector attacks
There are different mechanisms that a single attacker may target so that they can penetrate the organization in various levels to get an access to the various data that is available within the organization. The primary aim is to secure the information that is financially connected so that the malware cannot help in extracting that information. An example of this is the scam that was done towards Leoni AG in August, which accounted for a loss of €40 million, as the financial officer transferred the entire amount in to the wrong account leading to the loss within the company (Gunes et al., 2014).
Identify theft
It is the kind of theft that many of the individual do not recognize it until it happens with them in a real-life scenario. According to a research that was conducted by Javelin Strategy and Research, it was seen that during the year 2014 12.7 million customers lost around $16 billion due to the theft of identity (Best, Endert & Kidwell, 2014). The theft of identity is not merely a fraud that is related to financial activities but is the main pillar in the activities that are related to cyber crimes. Once the impersonation of the individual is done, it can help in gaining access to their account and perform various types of frauds in their name and access all the important information that is related to them (Kumar, Pandey & Punia, 2014).
Evaluating the Challenges in Cyber Security for Businesses
Cyber security scene mapping
Protection of critical information structure (CIIP) is a platform that supports the infrastructure in the modern society, which are essential and is inclusive of finance, energy, water and communications. It helps in the protection of these resources, as the vulnerability of the internet is increasing on a daily manner (Rawat & Bajracharya, 2015).
Cyber crime is committed through the computer systems and the internet, which is inclusive of the crimes that are traditional in nature such as the various fraudulent activities due to the advancement of the technology. The new crimes that have come up in the internet are the frauds related to pay per click and Denial of Service (DoS) attacks. The tools that are used to commit this cyber crime also result in botnets as well. These areas have to be developed with the help of cooperation in an international manner, which is missing on a global manner. The black market that is present on a global manner has helped in the outsourcing of the criminal services, as the digital weapons that are easy to use can be accessed easily from anywhere (McGettrick et al., 2014).
The focus on cyber terrorism has increased since the attacks of 9/11, as the weapons were developed for criminal purposes that were used by the cyber terrorists in a different manner. The criminals get motivated due to the financial gains that they would receive and the disruption and chaos that they would do in the lives of the innocent people. The attempts to stop them from committing these crimes can result in the violation of human rights (Mendel, 2017).
Conflicts that result from cyber actives are also known as cyber wars have high visibility in the media but maintain a low rate in the factor of policies and reflections that are based on legal procedures. These conflicts can be divided in to three areas, which include the conduct of the cyber conflicts that can be applied in the cyber space. The next area is the weapons and disarmament where the weapons related to cyber activities can help in the process of disarmament and the third area is humanitarian law, which has to be applied in the Geneva conventions (Baylon, 2014).
Threats
The persons who are responsible in performing these cyber attacks mainly do it due to the monetary benefits that they will gain from the extortion and the theft. They also act as spies who are responsible in stealing the useful information so that it can supplied to the respective government of the countries (Jajodia et al., 2015). They have developed the capabilities so that the cyber attacks can be undertaken by taking in to consideration the strategic objectives of the country. These type of hackers do not perform the act for monetary gains but helps in sponsoring the warfare between the states and the nations or on an international level (Reddy, 2015).
Vulnerabilities
Cyber security is in much way directly linked to the race between the defenders and the attackers. The use of the information and communication technology is complex in nature and the attackers are on a constant search for the weaknesses that are present in the system. The defenders on the other hand try to protect the weaknesses so that the systems cannot be hacked by the attackers. These challenges can be intentionally passed on by the insiders who have access to the system, which may increase the vulnerability by inserting the malicious software in to the program. There are possible remedies that can be implemented to protect the vulnerabilities but the organizations are reluctant in doing it due to the operational and budgetary constraints that they have for the system (Drissi et al., 2015).
The Rise of Cyber Attacks and Their Impact on Society
Impacts
The attacks that will be successful will help in compromising the integrity and the confidentiality of the information and communication technology that is available for handling the information. The theft or espionage due to the cyber activities will result in the stealing of the personal information along with financial and proprietary from where the attacker can be beneficial by not letting the victim be aware of it (Komninos, Philippou & Pitsillides, 2014). The attack, which is known as Denial-of-service will prevent the legitimate user from accessing the system that is claimed to be personal or for official purpose. The malware that is known as botnet will provide the attacker a chance to have command over the system so that the system can be used for fraudulent activities. The attack on the system that is used to control the industry will result in the disruption of the equipments that are being controlled by the system such as the centrifuges, generators and the pumps (Kuypers, Maillart & Pate-Cornell, 2016).
Most of the attacks that happen due to cyber activities have a limited impact on some of the infrastructure that are critical in nature, as they are owned by the private sectors and have a significant impact on the economy, livelihood and the security on a national level, which could hamper the national citizens. Therefore, the attack that has a high level of impact is rare where it poses a large amount of risk, as most of it has a low level of impact (Jabee & Alam, 2016).
The cyber attacks can be costly as well, as it varies from organizations to individuals and the impact on the economy is difficult to measure and the estimation of its impact varies on a wider scale. It can be seen that to stop the cyber crime on a global basis, the estimated cost is around $400 billion and it may continue to rise due to the expansion and development of the information and communication technology. Therefore, the cost of espionage related to cyber security is difficult to measure but is substantial in nature (Karim & Phoha, 2014).
The risks that are related to cyber attacks are inclusive of the removal of the source of the threat, which can be done by shutting down the botnets. The second risk is to address the vulnerabilities that are related to the hardening of the assets present in the information and communication technology, which can be done by giving proper training to the employees. The third risk is by mitigating the damage and the functions that are related to restoring by having a backup plan for the operation to continue in case of an attack (Vande Putte & Verhelst, 2014).
The experts in this field are of the view that for the security to be effective in nature, the information and communication technology has to be built through a better design. The developers of the program have even stated that their focus is more in the features that are included in the system rather than on the security due to the economic reasons. It is also a fact that the threats that may be present in the future cannot be predicted earlier, which is also acts as a challenge for the designers (Komninos, Philippou & Pitsillides, 2014).
The Need for Awareness in Cyber Security
The structure of incentive that is related to cyber security is distorted and is termed to be cheap yet profitable, which according to the criminals is safe. In contrast to this, it can be said that the cyber security is expensive and the return in investing in these systems are unsure (jabee & Alam, 2016).
The concept of cyber security is interpreted in various ways by different stakeholders who agree on the implementation and the risks in a nominal way. There is an existence of substantial amount of impediments that are present in the culture and within the sectors and organizations as well. Thus, the approaches that are traditional in nature is insufficient within the environment that is hyper connected in the cyber space (Reddy, 2015).
Figure 1: Major actors
(Source: Mendel, 2017)
The graph helps in providing an explanation regarding the major actors with respect to the governance and the cyber security, which is inclusive of the responsibilities and the duties of the stakeholders and the government. It can be seen that one side of the business sector has a model that is non-governmental in nature and encourages strong participation within the sector. Countries like China and Russia can be seen that they want governance of the internet at an international level by the organizations that are inter-governmental (Cavelty & Mauer, 2016).
The governments need to have the ability to decide the policies so that the resources at an operational level can be shared as well as defended. The primary responsibility will not to militarize the cyberspace through various policies and cyber armament but will help in creating an environment that will chalk out the roles and the responsibilities for the various stakeholders for them to carry out those roles (Baylon, 2014).
The business sector plays an important role in the network of cyber security on an operational level, as it helps in developing the services that are needed for infrastructure of the internet. The protection of these networks can be done through the active participation of the private companies so that it can be responsible for managing the cyber security on a global level (Gunes et al., 2014).
Conclusion
Thus it can be concluded that there has been an increase in the activities related to cyber crime and is estimated that it will keep on rising at an alarming rate in the near future. The hacking tools are easily accessible to the professionals, which has led to the rise in these activities. The organizations have to maintain a strict code of policies and procedures so that it can help in saving the information, which will protect the confidential information as well. The operational activities that are being carried out within the organization has to be guarded closely and the information regarding the financial activities have to be protected in a well manner too so that outside individuals do not get access to it.
The organizations have to be aware regarding the latest technologies that are being available in the market and have to upgrade the security so that it can help in the better protection of the data. The senior management of the organization has to keep the identity of the individuals confidential so that it can help in storing the data in a proper way. The use of better training programs have to be encourages so that it can help in increasing the level of knowledge among the employees regarding safe guarding of their identities. This will help the companies in protecting their employees. The opening of any programs in the internet needs to be monitored closely so that the malicious programs can be avoided by them. This will also result in protecting the information of the people by not allowing the programs to extort the information regarding the company.
Different Formats of Cyber Security Crimes
Reference List
Baylon, C. (2014). Challenges at the Intersection of Cyber Security and Space Security. International Security.
Best, D. M., Endert, A., & Kidwell, D. (2014, November). 7 key challenges for visualization in cyber network defense. In Proceedings of the Eleventh Workshop on Visualization for Cyber Security (pp. 33-40). ACM.
Cavelty, M. D., & Mauer, V. (2016). Power and security in the information age: Investigating the role of the state in cyberspace. Routledge.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., & Stoddart, K. (2016). A review of cyber security risk assessment methods for SCADA systems. computers & security, 56, 1-27.
Drissi, Y., Rick, A. H. I., Harrison, C. G., Kouloheris, J. L., Pattnaik, P. C., Rao, J. R., & Li, C. S. (2015). U.S. Patent No. 9,129,108. Washington, DC: U.S. Patent and Trademark Office.
Elmaghraby, A. S., & Losavio, M. M. (2014). Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), 491-497.
Gunes, V., Peter, S., Givargis, T., & Vahid, F. (2014). A survey on concepts, applications, and challenges in cyber-physical systems. TIIS, 8(12), 4242-4268.
Jabee, R., & Alam, M. A. (2016). Issues and Challenges of Cyber Security for Social Networking Sites (Facebook). International Journal of Computer Applications, 144(3).
Jajodia, S., Shakarian, P., Subrahmanian, V. S., Swarup, V., & Wang, C. (Eds.). (2015). Cyber Warfare: Building the Scientific Foundation (Vol. 56). Springer.
Karim, M. E., & Phoha, V. V. (2014). Cyber-physical systems security. In Applied Cyber-Physical Systems (pp. 75-83). Springer, New York, NY.
Komninos, N., Philippou, E., & Pitsillides, A. (2014). Survey in smart grid and smart home security: Issues, challenges and countermeasures. IEEE Communications Surveys & Tutorials, 16(4), 1933-1954.
Kumar, V. A., Pandey, K. K., & Punia, D. K. (2014). Cyber security threats in the power sector: Need for a domain specific regulatory framework in India. Energy Policy, 65, 126-133.
Kuypers, M. A., Maillart, T., & Paté-Cornell, E. (2016). An Empirical Analysis of Cyber Security Incidents at a Large Organization. Department of Management Science and Engineering, Stanford University, School of Information, UC Berkeley, https://fsi. stanford. edu/sites/default/files/kuypersweis_v7. pdf, accessed July, 30.
McGettrick, A., Cassel, L. N., Dark, M., Hawthorne, E. K., & Impagliazzo, J. (2014, March). Toward curricular guidelines for cybersecurity. In Proceedings of the 45th ACM technical symposium on Computer science education (pp. 81-82). ACM.
Mendel, J. (2017). Smart Grid Cyber Security Challenges: Overview and Classification. e-mentor, (1 (68)), 55-66.
Rawat, D. B., & Bajracharya, C. (2015, April). Cyber security for smart grid systems: Status, challenges and perspectives. In SoutheastCon 2015 (pp. 1-6). IEEE.
Reddy, G. N., & Reddy, G. J. (2014). A Study of Cyber Security Challenges and its emerging trends on latest technologies. arXiv preprint arXiv:1402.1842.
Reddy, Y. B. (2015, April). Security and design challenges in cyber-physical systems. In Information Technology-New Generations (ITNG), 2015 12th International Conference on(pp. 200-205). IEEE.
Sadeghi, A. R., Wachsmann, C., & Waidner, M. (2015, June). Security and privacy challenges in industrial internet of things. In Design Automation Conference (DAC), 2015 52nd ACM/EDAC/IEEE (pp. 1-6). IEEE.
Scully, T. (2014). The cyber security threat stops in the boardroom. Journal of business continuity & emergency planning, 7(2), 138-148.
Sharma, A., & Tandekar, P. (2016). Cyber Security and Business Growth. Business Analytics and Cyber Security Management in Organizations, 14.
Tisdale, S. M. (2015). CYBERSECURITY: CHALLENGES FROM A SYSTEMS, COMPLEXITY, KNOWLEDGE MANAGEMENT AND BUSINESS INTELLIGENCE PERSPECTIVE. Issues in Information Systems, 16(3).
Van den Berg, J., Van Zoggel, J., Snels, M., Van Leeuwen, M., Boeke, S., van de Koppen, L., … & De Bos, T. (2014). On (the Emergence of) Cyber Security Science and its Challenges for Cyber Security Education. In Proceedings of the NATO IST-122 Cyber Security Science and Engineering Symposium (pp. 13-14).
Vande Putte, D., & Verhelst, M. (2014). Cyber crime: Can a standard risk analysis help in the challenges facing business continuity managers?. Journal of business continuity & emergency planning, 7(2), 126-13
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
