Discuss about the Challenges in Cyber Security for Business for ICT Sector.
Cyber security was never a concern before the emergence of the internet. Cyber-crime began when many computers started to connect to the internet. The breach of security was as a result if malicious individuals are wanting to test their skills by bringing the internet down stealing data from other computers and sending viruses to those computers connected to the internet(Ashibani and Mahmoud, 2017).
Business success is vital for the economy of a county’s long-term sustainable growth (Bingham and j Bector, 2017). These businesses with time have incorporated the ICT sector, which has seen them improve the efficiency in ways of obtaining information and its effective use (Carayannis, Campbell and Euthymiopoulos, 2013). Studies done in the past supported that the ICT sector presents many opportunities to the business community in the developing countries (Christou, 2014). Due to this, more emphasis has been put on developing business models that incorporate the information communication technology (ACS Cybersecurity Guide, 2017). The model is designed in such a way that it incorporates the security features.
(Czosseck and Geers, 2015) argues that the service providers have realized the value of business ICT solution and are now focused on providing business models that have security features, with some providing the full range technological services as well as security solutions (TechRepublic, 2017). (Jabee and Afshar, 2016), states that businesses experience cyber security challenges due to interconnections,which expose the businesses to malware and hackers. Moreover, these businesses are still exposed to administrative and operational overheads once they procure the security solutions.
In most cases, networks that are poorly secured pose a potential link to cyber security chain (Johnson, 2013). These weak links come about due to, outdated virus protection or an outdated firewall (Kalaimannan et al., 2016). For instance, if a malware virus finds its way into a computer system can become a botnet through which other systems are attacked(Lehto, 2013). Madnick et al (2014) argued that internet service providers are not in identification and removal of botnets as they have a high-cost implication, this makes the businesses to under invest.
The Cyber Security Policy and Regulations
Powers, (2014) states that the availability of the internet almost everywhere for businesses in both developed and developing countries, complements the human effort to search for information and provide communication. Some argue that the cyberspace growth should not be monitored through regulations and ought to grow without government interventions. Others give a different perspective and champion the monitoring of the growth in the cyberspace should be regulated using both domestic and international laws. The second lot that acknowledges the idea of regulating the cyberspace argue that failure to implement these regulations, may limit the current growth and development gains. Before, the cyber security threats were treated as mostly technological problems (Robinson, Jones and Janicke, 2015). Recently, the perspective has changed to incorporate the economic issues and aspects of user’s behavior. Singh (2012) emphasized that there is a need to come up with a strategy that considers the disparities in the legal system and the fragmented policies. He continues to say that interconnectivity has become one of the key infrastructures in business communication, and the need to maintain information confidentiality, integrity and availability require the enactment of laws that are drafted for cyber security purpose. However, Fortune.com, (2017) explains that security is never foolproof as some security technologies are developed as attack technologies. These technologies include password crackers and software that scan networks for vulnerabilities are some of the examples. While the original intention of developing such technologies is to test the strength and stability of the existing network, malicious users, use these tools to find security holes, which are then used during the attack. Tracy (2014) acknowledges that the cyberspace knows no national borders and also that interconnected network is a disaggregated realm in which various components of threats and response may influence several networks on a broader scale where regulations is still a concept rather than the rule.
The Nature of Cybercrime Threats
Cybercrime assumes many forms ranging from denial of services, manipulation, extortion blackmail, and destruction. Moreover, the tools used to conduct this crime are as well many such as social engineering, spyware, ransomware, malware and alteration of physical devices such as ATM skimmers (Voeller, 2014). This shows that the attack surface presents a lot of possible attacks from vulnerable hardware and software. For instance, if a hacker targets the attack on Apple product such as the iPhone and everyone in your neighborhood happens to own one, the attack surface can range from dozens to thousands depending on the size of the population that own the iPhone. In the case where the attack is more severe in that it attacks, the iPhone product regardless of the geographical region. Then the attack surface increases up to millions of I phones worldwide. The threat is further escalated in cases where hardware and software might provide multiple vectors for attacks. During an attack, the iPhone might be having multiple vulnerabilities that could lead to its exploitation in an event there is an attack. In some cases, multiple exploits might be used simultaneously to hack the device, a case presented by the FBI when they hacked San Bernardino shooter’s iPhone. In cases where the attacks are launched on a plant that power, the infrastructure the case can be life threatening when an attack hits a power station and shuts it down. Apart from the power plants, the attacks might target the stock and currency exchange firms, which might result in global financial crisis and even war (Singh, 2012). The funny thing about cybercrime is that it is constantly taking place even when one is using a modem to connect to the internet. The modem is continuously feeding answers to questions that will help identify whether there are loopholes in your IP address, which will virtually allow the software to communicate to and from computers and networks. According to Fortinet, a network security service company, in every 5 minutes, there are 500.000 attacks that occur on their network. At this point, it is clear that anything controllable by technology is vulnerable to cybercrime as hackers have demonstrated they can attack just about anything, from cars where they remotely turned a jeep off on a highway to medical devices by sending fatal dose to drug pumps. This, therefore, calls for the importance of cyber-security that will counter the new types of threats for the government, industries, and at the individual level.
Cyber Security Implications
The degree of networking makes virtually every element in the cyber space to be at risk. These elements at times make it difficult to estimate the extent of security measures (Tracy, 2014). In many cases, it is very hard to estimate the true cost of a security incident. As a result,companies focus on fixing the damage caused by the security incident rather than tracking the incident or assessing the cost. It is evident that the effect of the botnet is expected to grow as powerful networks continue to emerge and interconnectivity continues to thrive. However, through the advancement of technologies, more advanced defenses can be introduced, Voeller (2014) posit that the cause of cyber security situation is because of adverse inter- connectivity. Studies should therefore in the future focus on mitigating the uncertainties and shift focus on improving the vulnerability measurement.
As the technology continues to advance, the number of new threats also continues to increase. The network attacks take place both internationally and locally, due to the cross-border nature of cyber security. This makes it difficult to scrutinize the emerging cyber threats through the efforts of stakeholders (Robinson, Jones and Janicke, 2015). This problem can be solved through working together of all the stakeholders, to enable each state to protect their interests, which will be similar to how regional integration takes place in other sectors, only that it will be for the cyber-space. According to Powers, (2014) threats can come from entities such as state agencies or private corporations against each other from any part of the world.
Cyber Security and the Stakeholders’ Perception
According to Madnick et al (2014), the decision made on internal and external risks are largely dependent on stakeholder’s perception, and this has a major impact on the cyber-security. Lehto (2013) posit that, that the decision makers perception has a great correlation with the roles they play and their actions, which influences their cyber security strategy. However, in some cases, the perceived risks are predictable and quantifiable (Kalaimannan et al., 2016). The main aim of interconnectivity is to provide the end user with extensive socio-economic benefits, although in the process of accessing this benefits there are some potential threats associated. These threats reduce the confidence of the user, while the lack of privacy and security breaks the users trust (Johnson, 2013). Therefore, the stakeholders need to be well informed on the relevance of a secure internet and its benefits. To attain this, a holistic approach that encompasses regulatory, legislative law enforcement on the technological field is required (Jabee and Afshar, 2016).TechRepublic, (2017), states that there should be an integrated perception on how risk is handled the benefits derived as well as the incentives, to help develop a framework that aligns the perceptions of stakeholders of cyber security risks.
The opportunities Cyber Security
The internet presents many vulnerabilities to our computing system due to the continuous advancement of technology. However, the threats of attacks from the internet are continuously teasing us and make us to develop new ideas, new ways and new products that aim to curb cyber security. The rise of the threats also gives rise to new economic opportunities, and new ways of conducting business (Czosseck and Geers, 2015).
The opportunities that are driven by cyber security include
The Data-Driven Economy
In the recent times, data has become king from machine learning to the internet of things. The analysis of this data from every aspect of life is what will lead to new insights and products. This is evident due to the advancement of local information system industries e.g. the Fin-tech sector. However, more opportunities involving data will start to emerge exponentially once the products and services involving data are unveiled. According to ACS Cyber security Guide, (2017), new ways are already in place that helps to mine data and produce new services e.g. the robot lawyer.
With the help of cyber security as the building block, the level of investment and development in technology business will be guaranteed of prosperity (Christou, 2014).
The advancement in technology has led to increased wealth for over a decade, with household names such as Google, Facebook and Apple dominating the market. This has led to the creation of internet of things that involve cars, fridges and even televisions. This has presented a fruitful opportunity for the ICT sector. However, for all this to be possible, it requires cyber security will be required to form the basis of every new technology for the future (Carayannis, Campbell and Euthymiopoulos, 2013).
Cyber Security as Job Growth
According to Bingham and Bector, (2017), duties in cyber security are very much in demand, which has a growth of 57% in the last year only. The roles in cybersecurity include the chief information security officer, security engineer, security architect and the security analyst. All these opportunities are developing a workforce.
The Future of Cyber Security
According to Surf Watch labs, 2016 was the year that hacking went mainstream. However, 2017 will be the year that hackers get innovative with increased creative hacks. In the past, cybersecurity was regarded as the duty of the IT departments. Right now, it is no longer their realm as smart companies continue to integrate security into their systems and the same time the hackers are evolving. According to the studies, cyber criminals follow money trails. This is the reason why ransomware attacks grew quickly because it is easy to operate. Due to this, smart companies should embrace proactive policies to curb such threats (Ashibani and Mahmoud, 2017).
The world is quickly evolving into a world of internet things at breakneck speed. The evolution has been so rampant that devices and products are being discovered daily. The evolution has managed to create a lot of business opportunities as well as threats. The most impacted sector by the development of technology is the business sector. This sector has evolved to the extent that it relies on the support of the information technology to run its activities. The over reliance has created a platform where cyber security issues have marred the benefits that are derived from this sector. Cyber security has largely affected businesses as well as the individual level ranging from identity theft to stealing of data and fraud. The cyber security concern has led to the evolution of ways which business models are now developed in that they incorporate the security measures that help reduce threats and attacks on the company websites and its networks. However, cyber security has also helped in discovering new ways of dealing with malicious software as well as created job and investment opportunities in the economy. The challenges in cyber security have triggered the advancement of technology in cyber security such as the security measure that has ensured that the internet will never be brought down again.
Ashibani, Y. and Mahmoud, Q. (2017). Cyber physical systems security: Analysis, challenges and solutions. Computers & Security, 68, pp.81-97.
-Bingham, R. and j Bector, R. (2017). EVOLVING CHALLENGES IN CYBER RISK MANAGEMENT. [online] Global-Risk-Center. Available at: https://www.mmc.com/content/dam/mmc-web/Global-Risk-Center/Files/MMC%20GRC%20-%20Evolving%20challenges%20in%20cyber%20risk%20management%20-%202016.pdf [Accessed 26 Apr. 2017].
Carayannis, E., Campbell, D. and Euthymiopoulos, M. (2013). Cyber-development, cyber-democracy and cyber defense. 1st ed.
Christou, G. (2014). Cyber security in the European Union. 1st ed.
ACS Cybersecurity Guide. (2017). Cybersecurity Threats Challenges Opportunities. [online] Available at: https://www.acs.org.au/content/dam/acs/acs-publications/ACS_Cybersecurity_Guide.pdf [Accessed 26 Apr. 2017].
Czosseck, C. and Geers, K. (2015). The virtual battlefield. 1st ed. Amsterdam: Ios Press.
TechRepublic. (2017). Experts predict 2017's biggest cybersecurity threats - TechRepublic. [online] Available at: https://www.techrepublic.com/article/experts-predict-2017s-biggest-cybersecurity-threats/ [Accessed 26 Apr. 2017].
Jabee, R. and Afshar, M. (2016). Issues and Challenges of Cyber Security for Social Networking Sites (Facebook). International Journal of Computer Applications, 144(3), pp.36-40.
Johnson, M. (2013). Cyber crime, security and digital intelligence. 1st ed. Farnham, Surrey: Gower Pub. Ltd.
Kalaimannan, E., John, S., DuBose, T. and Pinto, A. (2016). Influences on ransomware’s evolution and predictions for the future challenges. Journal of Cyber Security Technology, 1(1), pp.23-31.
Lehto, M. (2013). The Cyberspace Threats and Cyber Security Objectives in the Cyber Security Strategies. International Journal of Cyber Warfare and Terrorism, 3(3), pp.1-18.
Madnick, S., Choucri, N. and Ferwerda, J. (2014). Institutional Foundations for Cyber Security: Current Responses and New Challenges. SSRN Electronic Journal.
Powers, G. (2014). U.S. national cybersecurity. 1st ed.
Robinson, M., Jones, K. and Janicke, H. (2015). Cyber warfare: Issues and challenges. Computers & Security, 49, pp.70-94.
Singh, T. (2012). Emerging Challenges to Cyber Security-Internet Monitoring with Specific reference to National Security. International Journal of Scientific Research, 1(2), pp.129-131.
Fortune.com. (2017). The Cybersecurity Challenge Every Business Should Prepare for. [online] Available at: https://fortune.com/2016/01/26/davos-cybersecurity-challenge-business/ [Accessed 26 Apr. 2017].
Tracy, R. (2014). IT Security Management and Business Process Automation: Challenges, Approaches, and Rewards. Information Systems Security, 16(2), pp.114-122.
Voeller, J. (2014). Cyber Security. 1st ed. Wiley.