Background
With the advancements of the internet, other information technological innovations and cost effective data storage techniques, it has become easier for the organisations of the 21st century to access the market information. The inflow and the outflow of the information has become an integral part of the business organizations of today. The processing and the storage of the obtained information aids the management in data analysis and dynamic decision-making (Von Solms and Van Niekerk, 2013). The information technology practices aid in the varied areas of business operations ranging from the international trade, finance, marketing, logistics, supply chain, to corporate social responsibility management and the overall strategic planning.
However, with the utilisation of the networks and the systems, comes the responsibility to manage the associated risks in the form of the hacks and the breaches. Thus, the managers must aim for the utilisation of the information security resources while ensuring the confidentiality, integrity, availability and the accountability (Johnson, et. al, 2016). Moreover, the increasing reliance on the innovation, information technology products, practices and pressure from the regulators has made the concept of the cyber security even more critical for today’s organisations and the management.
The report is aimed at describing the various facets of cyber security. It begins with the brief description of the importance of the security of the information technology systems and protocols in the organisations. The report affirms the empirical role of the managers in the cyber security regime of the organisations and further describes the best practices in this field. The report concludes with the set of the recommendations to the top-level management of the organisation, which would aid them to devise the cyber resilience policy at the corporate board level.
Cyber Security refers to the ability to control the access of the systems connected through a network and the range of information shared therein (Gupta, Agrawal and Yamaguchi, 2016). This includes the technologies and processes designed to aid protection of the computers, the hardware, the software, networks, other digital equipment and the data from the unauthorized access so as to avoidance of being misused by the hackers, terrorists and the cyber criminals.
Cyberspace refers to the virtual space that makes use of the electromagnetic spectrums and electronics for the storage, modification and the exchange of information (Hunter, 2017). This is done with the help of the related physical structure and the networked systems. Cyberspace is an intangible framework, better known as virtual environment that helps connect the people across the globe and facilitates the exchange of information and communication.
Need for Cyber Security
Cyber security is a crucial concept from the point of view of the individuals, families and regulators, but also from the point of view of businesses and the organisations. The reason for the same is the potential criminal activities that can take place in the form of production and distribution of child pornography, conspiracies concerning child exploitation, banking and financial frauds, violations of the intellectual property rights, and many more (Elmaghraby and Losavio, 2014). The crimes not only/ lead to the disruption or destruction of essential of the networking and the communication activities, but also lead to a substantial loss to the human and economic development of a nation (Safa, Von Solms and Futcher, 2016).
The role of cyber security in the organisations is empirical. The rationale behind the same is the mounting dependence of the organisations on the computer systems for data procurement, analysis and storage. In addition to this, the various tasks with respect to research, marketing, strategic planning are also performed through the aid of the computer systems and the internet. Failure to ensure the security of the systems might lead to the loss of the important data with respect to the information about patents, copyrights, vital statistics about the customers, employees and much more. In addition to this, the loss of information might lead to the loss of integrity and the public trust on the operations of the entity. Thus, it is important for the organisations to keep the systems, networks and the data secure from the intrusion of the third parties including competitors.
There are various forms of the cyber-crimes, which hold the potential of undermining the economic and financial resources along with the reputation of an entity. Some of them are listed as follows.
- Intellectual Property Theft: The business secrets on the line of researches conducted, models or formulas developed and innovation and the related information are the highly attacked assets of the organisations in the event of the competition. Thus, the organisations must ensure to protect the intellectual properties, patents, trademarks and the vital information from being misused.
- Phishing: It refers to the fraudulent attempt to gain access to the personal and financial information with the help of the email or text messages. The hackers and the cyber criminals gain an access to the list of the suppliers, customers or such and send email that seems to come from the trustworthy sources. The email further asks the vital information with respect to the details like bank account holder name, account number, credit card number, social security number, one-time passwords and more. Thus, in the name of the trustworthy organisations, hacker steal the vital details of the customers, suppliers or such.
- Spoofing: The technique is describes as to have an unauthorized access to the computer, which begins with the sending of the message to a networked computer through an IP address. This involves the modification and the alteration of the trusted host IP address of an entity, in order to use the same on the targeted individuals to extract important details.
- Worms and Viruses: A computer virus when linked with a malicious file or an executable programme can harm the computer systems of an entity and affect the performance. The same is the case with the computer worms. The damage caused by the worms and viruses to the computers are a potential base to extract the information from the systems.
In addition to this, some other crimes are email bombing, identity theft, denial of services attacks, distributed denial of services attacks, cyber stalking and many more. The cybercrimes further hold the potential to engage with the other criminal activities such as money laundering, fraud and terrorism that further lead to severe economic and financial consequences.
There have been many cases across the world, where the hackers and criminals have managed to impede the security of the computers and the systems and the entities have consequently faced the economic and financial losses along with the loss of reputation. Some of the widely known cases have been listed as follows.
- There was a recent breach in the information technology system of the credit-reporting agency Equifax Inc. in the year 2017 (Walker, 2018). The incident affected some 143 million customers belonging to the United States.
- In the year 2013-14, the Internet giant Yahoo was the victim of the biggest ever data breach in which accounts of approximately 3 billion users were affected (Kuchler,2017). The breach resulted in the disclosure of names, addresses, date of birth, and telephone numbers of the users. In addition, to this the breach knocked an estimated $ 350 million from the sale price of the internet business to Verizon.
- Personal information of about 57 million users and the 600000 drivers of Uber were exposed in the late 2016 (Wong, 2017). The leaked information comprised of names, email addresses and the mobile phone numbers of the users. The hackers also exposed the driver license information. The breach resulted in the loss of the reputation as well as the vital information of the company Uber.
Forms of Cyber Crimes in Organizations
The organisationsplay an empirical role in the contribution towards the cyber resilience and thereby benefiting not just the immediate consumers, suppliers and the stakeholders, but also towards nation as a whole. Paying regards to the gravity of the cyber security issues and the long-term impacts of the same, cyber security management can longer be regarded as a prime responsibility of the information technology department (Shrobe, Shrier and Pentland, 2018). The responsibility must flow from top to bottom and the role of the board is crucial in the same.
The directors must possess the basic knowledge of the cyber security concepts such as the nature, scope and the implications of the cyber security risk. The basic knowledge is essential to be able to formulate the policies of the organisations in order to mitigate the risk arising out of the cyber breaches and hacks (Mowbray, 2013).
In addition to the above, the further course of action involves determination of the company’s overall behaviour and the setting up the risk appetite of the entity.
Countering cyber risk is the major challenge faced by the leaders and managers across various industries. However, these challenges are a part of the opportunities presented by the use of the technological advancements in the field of internet and communication. Instead of the implementation of the solutions, post the security breach crisis, the leaders of the organisations must design the cyber security policies in advance (Densham, 2015). The leaders must also oversee the management and the implementation of the cyber security measures, in order to counter the risk of breaches and hacks beforehand and in an efficient manner. Some of the best practices and the recommendations made to the board of the directors of the company are listed as follows.These are in line with the principles of cyber resilience as laid down by the World Economic Forum. The board can incorporate the principles and practices as part of their governance responsibilities (World Economic Forum, 2017).
Discussion of the scope and the responsibilities: It is the ultimate responsibility of the board to design the framework of the cyber security in the entity. The boards can delegate the same to the various committees such as the audit committee or the risk committee of the entity. The responsibilities, access and the authority of the functions must be clearly defined at each operational and executive level.
Regular updating of the current threats and the ongoing hacking practices: The board must update itself regularly with the ongoing practices in the field of the cyber security breaches. In addition to the above, the board must acquaint itself with the industry practices adopted for the resilience. The board may organise a cyber-resilience orientation programme for itself and the employees as well.
Instances of Inadequate Cyber Resilience and the Related Consequences
Setting of the accountability: The board must define the framework of the responsibility and the accountability within the organisation. The designated employees or the accounting officers must have regular board access, sufficient authority, knowledge of the subject, and the relevant experience and resources for the performance of the duties (Knowles, et. al, 2015).
Definition and quantification of the Risk appetite. The board must define and quantify the tolerance level of the risk of the cyber security for the entity (Cavelty, 2014). The board must also ensure that the said risk appetite is consistent with the overall business strategy and the risk appetite in terms of the industry. The risk appetite must be decide taking into account the interest of the shareholder, regulators, customers and external societal perspectives.
Resilience Plans: The board must devise the resilience plans, which should define the best practices to be made use of in the organisation. The plans may use strategies such as the use of firewalls, limited access to systems and passwords, periodical review of the hardware and software. The establishment of policies for the use of the internet and social media, degree of allowance of the third party access to the systems, usage of the internet security programmes, availing of the cyber-crime insurance and more are also some means (Geers, 2011).
Review: It is essential to review the overall cyber security policy from time to time, update the knowledge and the infrastructure and fill the loopholes. The review of the performance of the information technology department, accountable officers and management itself, must be carried on (Graham, Olson and Howard, 2016).
Conclusion
Thus, as per the discussions conducted in the previous parts of the report it can be concluded that with the advancements and the dependence over the technological innovations, networked practices and communications; cyber security has become a major challenge in the 21st century. Larger number of individuals and the organisations are dependent on the cyber space and the networked systems for their various kinds of operations. Thus, it can be said that the issue is crucial not only from the point of view of the individuals, but also from the point of view of organisations. The report describes a few of the instances of the cyber security breaches and the related activities, which have cost the entities loss of the reputation as well as the financial and the economic losses. Even the largest of the companies have not been spared from the threat of the cyber security breach. The report further describes the various ways in which the criminals or the hackers may interrupt with the working of the organisations and can harm the infrastructures. Some of the popular means are spoofing, email bombing, violation of the intellectual property rights, phishing and more. In order to counter the issue, the report describes the role of the management. On evaluation, it is found that management of the enterprise holds great potential as well as the responsibility to address the cyber security within the organisation. The report suggests various best practices and the recommendations that can be integrated by the management in the strategic planning of the entities to counter the cyber-attacks and resulting losses. Some of the means as suggested are definition of roles and responsibilities, delegation of authority, designing of the resilience plan, definition of the risk appetite, risk assessment and reporting, and review of the risk plan. Thus, the integration of the cyber resilience and management is the key to addressing the issues of cyber security in the organisations.
References
Cavelty, M. D. (2014) Breaking the cyber-security dilemma: Aligning security needs and removing vulnerabilities. Science and engineering ethics, 20(3), pp.701-715.
Densham, B. (2015)Three cyber-security strategies to mitigate the impact of a data breach. Network Security, 2015(1), pp.5-8.
Elmaghraby, A. S. and Losavio, M. M. (2014) Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.
Geers, K. (2011)Strategic cyber security. Estonia: CCD COE Publication.
Graham, J., Olson, R. and Howard, R.(2016)Cyber security essentials. New York: Auerbach Publications.
Gupta, B., Agrawal, D. P. and Yamaguchi, S. eds., (2016)Handbook of research on modern cryptographic solutions for computer and cyber security. United States: IGI Global.
Hunter, D.(2017) Cyberspace as Place and the Tragedy of the Digital Anti commons. In Law and Society Approaches to Cyberspace, Oxon: Routledge. pp. 59-139.
Johnson, C., Badger, L., Waltermire, D., Snyder, J. and Skorupka, C.(2016) Guide to cyber threat information sharing. NIST special publication, 800, p.150.
Knowles, W., Prince, D., Hutchison, D., Disso, J.F. P. and Jones, K.(2015) A survey of cyber security management in industrial control systems. International journal of critical infrastructure protection, 9, pp.52-80.
Kuchler, H. (2017) Yahoo says 2013 cyber breach affected all 3bn accounts. [online] Available from:https://www.ft.com/content/9412c2b0-a87c-11e7-93c5-648314d2c72c[Accessed on 31/08/2018].
Mowbray, T. J. (2013) Cybersecurity: Managing Systems, Conducting Testing, and Investigating Intrusions. UK: John Wiley & Sons.
Safa, N.S., Von Solms, R. and Futcher, L. (2016) Human aspects of information security in organisations. Computer Fraud & Security, 2016(2), pp.15-18.
Shrobe, H., Shrier, D. L. and Pentland, A. eds., (2018)New Solutions for Cybersecurity. Cambridge: MIT Press.
Von Solms, R. and Van Niekerk, J. (2013)From information security to cyber security. computers& security, 38, pp.97-102.
Walker, D. (2018) Equifax data breach: Equifax admits even more data was stolen than previously thought. [online] Available from:https://www.itpro.co.uk/data-breaches/29418/equifax-data-breach-equifax-admits-even-more-data-was-stolen-than-previously[Accessed on 31/08/2018].
Wong, J. C. (2017) Uber concealed massive hack that exposed data of 57m users and drivers. [online] Available from: https://www.theguardian.com/technology/2017/nov/21/uber-data-hack-cyber-attack [Accessed on 31/08/2018].
World Economic Forum. (2017) Advancing Cyber Resilience Principles and Tools for Boards. [online] Available from: https://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf [Accessed on 31/08/2018].
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
