The topic of the challenges in the cyber security for the business has been a topic of discussion for some time now. Most of the attention has been focussed on the high profile such as the data breaches as well as the government mandates with little attention to provide possible solution on how to mitigate on these issues (Chen, Chiang and Storey, 2012). Currently the legal framework to manage on the cyber security has been weak with most of the business relying on the proprietary approaches towards the cybersecurity. The concern of the cybersecurity is now one of the primary issue in the company presently, yet few people recognize on the particular needs that are essential to maintain a company along with the information safe from the cyber criminals (Chen, Chiang and Storey, 2012). The general public might appreciate the importance of maintaining the computers along with the data ore secure, the workers might lack more effective working knowledge that is required in order to prevent the falling prey in the direction of the intricacy of the cybercrimes that is happening at work today (Wang, Ye, Xu, Yiu, Hui and Chow, 2010). Breach happens from opening apparently harmless emails to leaving the browsers window open along with the unattended , you will discover small unintentional actions of the workers that could result in the huge issues for the companies of most the sizes (Choo, 2011).The cyber security have been greatest threats to the businesses all around the world. According to the Economic Forum 2016 the global risks reports have estimated that the cost has been around 445 billion dollars worldwide from the cybercrimes. Most of the organization do not realize that they are much vulnerable and they are prone to many risks.
The main objective of the study is to find out the challenges in the Cyber security for the business. In the current business set up there has been an increased in the security concern and the literature on the research has not been insufficient (Jajodia, Liu, Swarup and Wang, 2010). Therefore the need to undertake the research on this topic to explore on the eminent cyber security challenges which the business are encountering.
This research on the challenges of the cyber security in the business will focus on all the organization in all the sector. The cyber security threat affects organization across the globe not limiting to certain sector.
In every business they have their own challenges which are related to the cyber security. With the abundant utilization of the technological innovation in place of work, the cyber criminals might have an array of the vulnerabilities of the organization to benefit from (Gunes, Peter, Givargis and Vahid, 2014). You can find bits of the personal details which can be gathered maliciously from the numerous sources therefore resulting in identity theft, as well as some of the other costly breaches of the security. Nearly any piece of the personal data which is collected from the legitimate reasons of the company could be exploited for the dubious use (Choo, 2011). The customers along with the consumer might not understand the information with regards to the cyber threats, they trust that the business they do business with stay present on any specific new subject and they are much precautionary when it comes to keeping trusted data secure.
According to cybercrime survey which has been done the USA there has been an increase in the cyber-attack threats which increases on the vulnerabilities of adopting to the various means of the information technology (Cárdenas, Amin and Sastry, 2008). Some of the most common vulnerability trends in the business are on the social collaboration, moving of the storage of data to the cloud as well as digitizing of the sensitive information.
In a span of 2 years, the risk which has been posed by the cyber-attack has improved exponentially. In 2014, you will discover tens of millions of the credit card that were stolen from the larger retailers. In 2015, there was clearly bigger detrimental attack that was the social security breach (Wang, Ye, Xu, Yiu, Hui and Chow, 2010). The hackers desired to gain access to a piece of the information which they might not be altered and tens of the millions of the SSNs were misappropriated from the health care organizations. When the security breaches make headline they tend to be catastrophic failures of the technology (Wang, Ye, Xu, Yiu, Hui and Chow, 2010). The role of the insider plays in the vulnerability of the organization has been massive and growing (Cárdenas, Amin and Sastry, 2008). According to the cyber security Intelligence Index in 2016 by IBM, found out that approximately sixty percent of all the attack were carried out by insider individuals in those business. Out of these attack, three quarter they involved malicious intent (Baheti and Gill, 2011). According to the research it further revealed that the business which were mostly under the attack are in the health care, manufacturing, as well as the financial sector.
The challenges which are facing the business today particularly in the current period as follows; one of the challenge is that of DDoS attack. This attack has crippled many business including cloud based internet performance organization Dyn and BBC (Cárdenas, Amin and Sastry, 2008). This kind of the attack occurs when the perpetrator seeks in making of the machine or the resource of the network unavailable to the users through temporarily disrupting on the services of the host which is connected to the internet (Hay, Nance and Bishop, 2011). This is accomplished through the flooding of the targeted machine or the resources with the user of the superfluous requests with the intention of overloading the system as well as preventing all the legitimate requests from being fulfilled (Czosseck and Geers, 2009). This attacks have increased to over ten million attacks, this is according to Phil Everson, who is the United Kingdom cyber risk services at the Deloitte (Elmaghraby and Losavio, 2014). The volume as well as the scale of these breaches would pose as a challenge for many business regardless of the size. Another challenge which many business may face is that of hacktivism. This is the subversive use of the computers as well as the computer networks in order to promote the political agenda or the social change (Elmaghraby and Losavio, 2014). Not all the cyber criminals are for the profit orientation and the rise of the hacktivism highlights that the growing number of the individual who are breaking into the computer systems is for the political and social reasons (Kumar, Srivastava and Lazarevic, 2006). These attacks may be very damaging than the traditional threats since the hacktivists wants to make a statement, in order to make their efforts to be very publicly damaging for the reputation of the organization. There are significant safety concern in the event that hacktivists could override on the safety mechanism or perhaps publish the document that pose a national security risks.
Social engineering is another challenge that the business face today; this challenge is becoming more common against many business and it is also increasing to become sosphicated. The hackers are devising clever methods in order to fool the employees as well as people into handling over valuable data of the company (Hay, Nance and Bishop, 2011). The social engineering involves some form of the psychological manipulation, through fooling unsuspecting users or perhaps the employees into handling over their confidential or the sensitive data. The social engineering hacks are one through use of phishing emails that seek to have you divulge your data or perhaps redirect you to website for example the banking or even the shopping sites that may look legitimate and entice you to provide your information. The threat of the social engineering in the internet of things comprise of hacking into things which are connected in the world (Hay, Nance and Bishop, 2011). This attack in the IOT is a strong kind of the force multiplier as individuals have no control of all the things which are connected.
The business could face the challenge of the fake ad and the feedback. In some of the cases the clients could be bombarded with the advertisements online, there could be proliferation of the fake ads as well as phishing attack which may erode on the trust when it comes to net based marketing collateral (O’Connell, 2012). Additionally, when it comes to the purchased like as well as other forms of the fabricated feedback are exacerbating on the problem, leaving the customers sceptical of the validity to the various online advertising techniques. It is important to note that even the business which are not involved in these activities could find the fake ads as well as other nefarious marketing tactics are affected through their legitimate campaigns (O’Connell, 2012). Other challenge could be on the machine learning; it is important to note that first, the machine learning algorithms are helping on the businesses to perform on the complicated data analysis tasks on the huge quantities of the data at a great speed through use of the minimal manual input (O’Connell, 2012). The technology which is used to detect on the fraud, could predict the success of the marketing campaigns as well as automate on the client’s product suggestions, and a number of various innovative applications. Nonetheless, McAfee have predicted that the machine learning could be leverage to commit the crimes for instance, aiding the fraudsters when it comes to identifying of the high value target among some of the large datasets (Jajodia, Liu, Swarup and Wang, 2010). Another challenge of the cyber security to the business is that of the malware. This occurs everywhere and it is abundant and a number of the cyber criminals uses it in order to achieve their goal. According to research some malware sole purpose is to sit inside the network and lay low (Kumar, Srivastava and Lazarevic, 2006.). The access can be sold to the highest bidder on the underground networks. This kind of the malware can be regarded as the remote access Trojan (Groves, 2003). A malware of such magnitude may raise a challenge to the cyber security professional since it is designed not to be detected by nature (O’Connell, 2012). Moreover, signalling the significance of having of the visibility through use of the technology such as EDR could help in gaining of that visibility which is needed to flush the Trojan from their holes. According to the Kaspersky Lab they revealed recently that the malware attacks has tripled between 2015-2016, with the business identifying more than eight million malicious attacks have been installations.
Many businesses may also incur challenge of the botnets. This challenge is that many of the botnets owners usually design on the systems which are more adaptive as well as redundant than many of the other corporate as well as government networks (Dumitras and Neamtiu, 2011). Additionally, there may be the challenge of the password management (Kumar, Srivastava and Lazarevic, 2006). The challenge of this aspect to the business is putting in place as well as enforcing on a stronger user controlled passwords which are much less likely to be broken (Choo, 2010). Although more than twenty six percent of the organization have not been able to address on the device management there is need to protect them in the workplace. This educational as well as the administrative challenge entails to have a creative solutions as well as enforced policies (Wang, Ye, Xu, Yiu, Hui and Chow, 2010). These results would be encouraging that the companies deploy protection to towards the device management to enable there is security and prevent the attackers from exploiting on the vulnerabilities in the system (Chen, Chiang and Storey, 2012). There has also been rising expectations which pose a challenge in that there has been a shift in the conventional business model to the real time , on the internet , client centric digital model that has resulted in the high client expectations . The customers along with the new prospects need there is an excellent digital experience that has been delivered via the several real period. Moreover, the business many inquire penalties that are imposed by the service level agreements in the event they are not able to meet on the rising expectations. In the cyber security there has been an emerging and advance threats. The cyber security has been a dynamic as well as a difficult problem to solve. There has been malicious actors which are typically unknown, covert, and with very technical specialized skills and funded (Chak, 2015). Their objective is to look for any weak link in the business and exploit on it. Based on history it clearly shows that the cyber criminals are well known on how to exploit on some of these weaknesses almost at the will. Nonetheless, it is important to understand that internet of things and the industrial cybersecurity may pose a challenge to the business (Chen, Chiang and Storey, 2012). The devices which are connected to the internet are one of the pillars when it comes to the digital transformation of the business processes as well as the products which they commercialize, since this connection can enable the organization to obtain on the valuable data for the decision making, and opportunities. The challenge which is posed by this paradigm arises when they are attack by the hackers who target these system (Chen, Chiang and Storey, 2012). The problem which is within the environments are not within the scope of the traditional cyber security business since it is not enough for them to have the cybersecurity measures but rather also on the functionality of these devices and their technicality be understood. In general, the businesses in these industry are much not prepared to face on this huge challenge.
The cyber landscape has become complex and concerning for many business today. Many of these organization are at a loss of what to do. There have been many cyber-attacks in these large and small organization such as the Distributed Denial of services, phishing, hacktivism as well as social engineering aspect. Organization needs to implement the best security measures to prevent these attacks particularly to the system which have become vulnerable for the attackers to exploit. When this has been achieved the challenge of the cyber security concern in the business will be reduced significantly globally.
Baheti, R. and Gill, H., 2011. Cyber-physical systems. The impact of control technology, 12, pp.161-166.
Cárdenas, A.A., Amin, S. and Sastry, S., 2008, July. Research Challenges for the Security of Control Systems. In HotSec.
Chak, S.K., 2015. Managing Cybersecurity as a Business Risk for Small and Medium Enterprises (Doctoral dissertation).
Chen, H., Chiang, R.H. and Storey, V.C., 2012. Business intelligence and analytics: From big data to big impact. MIS quarterly, 36(4).
Choo, K.K.R., 2010. Cloud computing: challenges and future directions. Trends and Issues in Crime and Criminal justice, (400), p.1.
Choo, K.K.R., 2011. The cyber threat landscape: Challenges and future research directions. Computers & Security, 30(8), pp.719-731.
Czosseck, C. and Geers, K., 2009. Borders in cyberspace: can sovereignty adapt to the challenges of cyber security?. The Virtual Battlefield: Perspectives on Cyber Warfare, 3, p.88.
Dumitras, T. and Neamtiu, I., 2011. Experimental Challenges in Cyber Security: A Story of Provenance and Lineage for Malware. CSET, 11, pp.2011-9.
Elmaghraby, A.S. and Losavio, M.M., 2014. Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.
Groves, S., 2003. The unlikely heroes of cyber security. Information Management, 37(3), p.34.
Gunes, V., Peter, S., Givargis, T. and Vahid, F., 2014. A survey on concepts, applications, and challenges in cyber-physical systems. TIIS, 8(12), pp.4242-4268.
Hay, B., Nance, K. and Bishop, M., 2011, January. Storm clouds rising: security challenges for IaaS cloud computing. In System Sciences (HICSS), 2011 44th Hawaii International Conference on (pp. 1-7). IEEE.
Jajodia, S., Liu, P., Swarup, V. and Wang, C., 2010. Cyber situational awareness (Vol. 14). New York, NY: Springer.
Kumar, V., Srivastava, J. and Lazarevic, A. eds., 2006. Managing cyber threats: issues, approaches, and challenges (Vol. 5). Springer Science & Business Media.
O’Connell, M.E., 2012. Cyber security without cyber war. Journal of Conflict and Security Law, 17(2), pp.187-209.
Wang, E.K., Ye, Y., Xu, X., Yiu, S.M., Hui, L.C.K. and Chow, K.P., 2010, December. Security issues and challenges for cyber physical system. In Proceedings of the 2010 IEEE/ACM Int'l Conference on Green Computing and Communications & Int'l Conference on Cyber, Physical and Social Computing (pp. 733-738). IEEE Computer Society.