Challenges Faced By Corporations Regarding Cybersecurity

The Role of Technology in Business

Discuss about the Analyse of The Growing Risk Of Cyber-Attacks On Companies.

In previous few years, the role of technology has grown substantially between companies with the increase in the number of internet users and smartphones. Organisations focus on adopting a digital strategy for their business in order to improve the efficiency and effectiveness of their operations. The role of the internet has grown in each sector, and it has enabled people to innovate new products, services and processes for tackling different issues. However, along with benefits, the risks associated with the internet have increased as well. According to Genge, Kiss and Haller (2015), the number of cyber-attacks on organisations and people has increased considerably in past few years. The increase in the number of cyber-attacks is a serious issue because companies face serious financial and economic consequences due to the breach of their confidential data. Shackelford (2014) provided that the growing risk of cyber-attacks has increased the importance of cybersecurity among companies, and they invest in the latest technologies to protect their data from cybercriminals. However, corporations face a number of challenges while implementing cybersecurity policies. This report will focus on challenges faced by corporations regarding cybersecurity and how cybercriminals use different ways to breach the data of enterprises. This report will discuss examples of different companies to understand the impact of cyber-attacks. Further, this report will provide recommendations for companies to improve their cybersecurity for protecting themselves from cyber-attacks.

The main objective of this report is to critically evaluate different studies on the topic to understand the view of experts on challenges faces by companies regarding cybersecurity. This report will analyse the growing risk of cyber-attacks on companies and evaluate how it is affecting their profitability. The secondary objective of this report is to provide recommendations to companies for addressing the challenges faced by them regarding cybersecurity.

This report will conduct secondary research on the topic of cybersecurity in order to understand the challenges faced by companies regarding the security of their data. The scope of this report includes examples from different organisations to understand the risk of cyber-attacks and how cybercriminals use different tools to breach the data of companies. The scope of this report will not include primary research on the topic.

Amit and Zott (2012) stated that a large number of companies have emerged in the market and gained a competitive advantage over incumbents by effectively utilising the internet-based services. The expansion in the number of internet users has provided a new market for companies such as Uber, Google, Facebook and others. These companies are one of the largest enterprises in the world in terms of revenues, and they have sustained their growth based on internet-based services. The success of these enterprises has encouraged many small and medium companies to use online based services for performing various business functions which result in improving the efficiency and effectiveness of their operations. An online based system enables enterprises to expand their operations by reaching a wider audience. As per Mansell (2012), it also assists them while communicating with their customers to create strong relationships and collect valuable data that can be used during development of business strategies. The corporations are competing with each other to quickly adapt the latest technologies and innovations in order to generate a competitive advantage over their competitors. Currently, there are over 5 billion unique smartphone users and organisations target them by developing mobile applications to offer their products and services directly to their smartphones (Kemp, 2017) (Figure 1). Moreover, the use of social media sites has increased between people and companies as well. While using social media sites, people share their personal data on the internet which can be accessed by an unauthorised person to gain an unfair advantage. The technologies such as mobile wallet, automatic ordering, and NFC payments are making online banking more accessible and easier for people. However, while using online-based services, corporations face a number of challenges relating to cyber security which can negatively affect their overall profitability.

Challenges Faced by Corporations Regarding Cybersecurity

In order to compete with others, corporations are quickly adopting the latest technologies for improving their services and expanding their customer base. Elmaghraby and Losavio (2014) provided that it increases the cybersecurity challenges faced by the enterprises because they did not focus on the security of their services. In order to generate a competitive advantage, companies did not prioritise the security of their online based services which resulted in increasing the risk of cyber-attacks. In the past few years, the number of cyber-attacks has increased considerably which increases concerns regarding the importance of cyber security because the financial consequences of cyber-attacks are worsening as well (Accenture, 2017) (Figure 2). Similarly, the popularity of social media sites has become a huge concern for cyber security because a large number of people share their personal data on these websites and cybercriminals hack them to blackmail their victims. However, despite major security concern both public and corporations around the world are using social media sites because of their advantages. Along with social media sites, the growing popularity of online banking services is a major challenge for cyber security. Wang and Lu (2013) provided that banking corporations across the globe are focusing on attracting more customers by implementing the latest technologies for performing banking functions. In recent years, no one preferred to go to the bank, and everyone uses online banking services to check their balance, transfer money, collect payments or perform other banking related functions. The popularity of mobile wallets such as PayPal, Apple Pay, Amazon Pay and Google Wallet, has become considerably popular. Wells et al. (2014) stated that in order to quickly offers these services to customers, organisations take shortcuts by did not focus on the security of software. The lack of security guidelines makes it easier for cybercriminals and hacks and breaches the data of these online based services. These factors show the challenges face by the corporations regarding cyber security.

Yan et al. (2012) argued that organisations avoid taking appropriate actions to improve the security of their software which increases the chance of data breach. However, even if companies want to improve the security of their software, they face a number of challenges. One of the primary challenges of cyber security is lack of capital. Large organisations such as Google, Facebook, Apple, Microsoft, and others invest billions of dollars in order to improve their cyber security. However, small and medium enterprises face monetary challenges while implementing appropriate cyber security policies. As per Li et al. (2012), technologies which improve the cyber security of enterprises are expensive, and companies have to hire IT specialists to use them properly which increase their overall expenses. Furthermore, in order to improve security of mobile applications, rigorous testing of the software is crucial which requires a significant amount of time and resources. O’Connell (2012) provided that in order to avoid these issues corporations take shortcuts and launch their software without proper testing which increases the risk of cyber-attacks. On the other hand, small enterprises which use online based services for business use avoid making necessary investments to improve their cyber security due to low budget.

DDoS Attack: A Major Cybersecurity Challenge

The lack of resources makes them an easier target for cyber criminals, and they can easily breach their data. The number of cyber-attacks on small and medium enterprises has increased considerably from 34 percent to 43 percent (Figure 3). Furthermore, the lack of awareness regarding the risk of cyber-attacks resulted in increasing the challenges of cyber security. As per Harris and Patten (2014), most small and medium organisations are not aware of the risk of cyber-attacks, or they avoid taking precautionary measure because of the high cost of cyber security. They think that they are too small to get attacked by cyber criminals (Figure 4). On the other hand, people did not take their security seriously due to lack of awareness regarding the risk of cyber-attacks. Sangani and Vijayakumar (2012) stated that people avoid using strong passwords while using social media sites which make them an easy target for cyber criminals. Furthermore, while using mobile wallets, people often avoid taking proper security measures which increase the risk of cyber-attacks. These cyber security challenges make it difficult for organisations and people to protect their privacy online.

The number of cyber-attacks on the organisation is increasing continuously, and cyber criminals are finding new ways to hack into the data of businesses. One of the most common ways of cyber-attack is a DDoS attack or Distributed Denial of Service attack. Zargar, Joshi and Tipper (2013) stated that in this attack, hackers make an online service available by sending a large amount of traffic from multiple sources. The data servers of large enterprises such as Amazon, Facebook, YouTube and Google are able to handle a significant amount of traffic on their servers which makes it difficult for cyber criminals to hack their services. However, other small and medium enterprises which do not require large data servers can be hacked by cyber criminals. According to Yan et al. (2016), small and medium organisations have limited bandwidth that can be stopped due to a large amount of traffic. The primary reason for cyber criminals to send large traffic to a server is to stop and hack its data. Cyber criminals send a large amount of traffic to the servers of a company which result in stopping its operations. Yan and Yu (2015) argued that the lack of investment and awareness regarding cyber security issues makes it easier for cyber criminals to hack into the data of small and medium enterprises. Recent examples of DDoS attack include an attack on the election campaign of President Donald Trump which resulted in hampering the online campaign (Rayome, 2016). Further, the DDoS attack on DYN is a good example in which the attack leveraged a Mirai botnet which consists 100,000 infected devices. It resulted in stopping of multiple high profile websites for hours including Twitter, Spotify, Github and Etsy (Woolf, 2016).

Recommendations for Corporations

Other than outside risk of cyber-attacks, insider threats are one of the primary reasons due to which companies face challenges relating to cyber-attacks. Wall (2013) defined insider threat as a malicious threat to a company which comes from people working within a firm such as employees, business associates, or former workers. Studies have shown that more than 60 percent of the cyber-attacks are caused due to insider threat which increases the challenges of cyber security face by employees (Figure 5). The lack of investment in cyber security applications and awareness regarding security issues makes it easier for insiders to breach the security of an enterprise. Furthermore, the growing popularity of ‘internet of things’ or IoT devices increase the challenges of cyber security as well. As per Miorandi et al. (2012), smart appliance market is relatively new, and organisations are competing with each other for launching new products to capture the market. However, they did not focus on the security of the software which makes it easier for cyber criminals to hack into their data. The IoT devices are connected on a single network, and breach of any of the device makes it easier for cyber criminals to hack other as well. These factors increase the challenges faced by enterprises relating to cyber security, and they face huge financial losses.

Furthermore, the increasing rate of smartphone users makes them a potential target for cyber criminals. Imgraben, Engelbrecht and Choo (2014) provided that cybercriminals attack people smartphones because they contain private data of their owner such as personal pictures, videos, banking information, passwords and others. The number of mobile malware and smartphone-related cyber-attacks has increased. Cyber criminals target smartphone applications of users in order to collect personal data of their users. Mobile malware such as Ikee, DroneKungFu and Commwarrior are becoming popular, and hackers use them to breach the data of users. Organisations also face the risk of mobile malware because cyber criminals hack the smartphones of their employees or senior level managers which resulted in leaking confidential data regarding the enterprise. Moreover, the popularity of Hacktivism creates new challenges for organisations as well. As per Kelly (2012), the hacktivists are cybercriminals that attack large organisations for political or social reasons. These attacks are dangerous because the main motive of hacktivists is to decrease the reputation of an enterprise rather than personal gain. The Panama Papers leak incident is a good example in which over 11.5 million files were leaked by hackers which contains information regarding tax evasion of celebrities and political figures from all across the globe (BBC, 2016). Moreover, Sittig and Singh (2016) stated that Ransomware is a common cyber-attack in which cyber criminals’ hack and control the computer system of an individual or organisation, and they ask for ransom in return to give the access back to its user. WannaCry and CryptoLocker are examples of Ransomware attack. Cyber criminals are finding new ways to attack organisation in order to gain an unfair advantage which increases the challenges face by corporations regarding their cyber security.

Conclusion

Many precautionary measures and security policies can be implemented by organisations to address the issue of cyber security. Firstly, corporations should use encryption in order to protect their data while transferring because data is highly vulnerable during transferring. Encryption is referred to converting of the data into a code which can only be accessed by a specific key in order to prevent unauthorised access. Li et al. (2013) argued that especially in IoT devices, encryption is a must because each IoT device is connected with others, and they continuously share private data in order to improve their services. Furthermore, organisations should increase the awareness regarding cyber security at the workplace, especially small and medium enterprises. As per McGettrick (2013), employees should understand how important cyber security is what actions can they take to avoid the risk of cyber-attacks. The companies should provide training to its employees to teach them regarding the importance of cyber security and avoid any mistakes that can lead to the breach of their data. The top-level managerial personnel should also take cyber security more seriously, and they should increase the investment in cyber security of the enterprise. According to Jenkins et al. (2014), physical securing of the computer system and data servers is also necessary because insider threat is the primary reason which resulted in cyber-attacks. The companies should issue proper identification to employees, and they should go through security checks to ensure that they did not indulge in any activity that could increase the risk of cyber-attacks. People and organisation should use protection such as antivirus, firewalls and others to protect themselves from cyber-attacks. These factors improve the cyber security of organisations and reduce its challenges which protect them from data breaches and cyber-attacks.

Conclusion

In conclusion, the use of the internet and online based services by people and organisations has increased substantially which creates new business opportunities for enterprises. In order to generate a competitive advantage, corporations are using modern technologies to provide better products and services to their customers. However, along with the use of the internet, the vulnerability of companies against cyber-attacks has increased as well. Organisations face a number of challenges while implementing policies regarding cyber security in order to protect themselves from cybercriminals. The challenges relating to cyber security has increased because cyber criminals use different methods to attack the data of companies such as Ransomware, Insider threat, Mobile malware, Internet of things, DDoS attacks and others. The corporations also face difficulties due to lack of cyber security budget and awareness regarding the issues. The companies can take appropriate steps to improve their cyber security such as physically securing the local hardware, encrypted data, proper training and others. These recommendations assist enterprises in addressing the issues relating to cyber security by improving their current security which result in sustaining their future growth.

References

Accenture. (2017) Cost of Cyber Crime Study. [PDF] Accenture. Available at: https://www.accenture.com/t20170926T072837Z__w__/us-en/_acnmedia/PDF-61/Accenture-2017-CostCyberCrimeStudy.pdf [Accessed 25^th April 2018].

Amit, R. and Zott, C. (2012) Creating value through business model innovation. MIT Sloan Management Review, 53(3), p.41.

Armstrong, M. (2016) Most Cyber Attacks Are An Inside Job. [Online] Statista. Available at: https://www.statista.com/chart/4994/most-cyber-attacks-are-an-inside-job/ [Accessed 25^th April 2018].

BBC. (2016) Panama Papers: Leak firm Mossack Fonseca 'victim of hack'. [Online] BBC. Available at: https://www.bbc.com/news/world-latin-america-35975503 [Accessed 25^th April 2018].

Elmaghraby, A.S. and Losavio, M.M. (2014) Cyber security challenges in Smart Cities: Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.

Fibernet. (2018) Cyber Security Services: Threats, Breaches & Prevention. [Online] Fibernet. Available at: https://www.fiber.net/cyber-security-services/ [Accessed 25^th April 2018].

Genge, B., Kiss, I. and Haller, P. (2015) A system dynamics approach for assessing the impact of cyber attacks on critical infrastructures. International Journal of Critical Infrastructure Protection, 10, pp.3-17.

Harris, M. and Patten, K. (2014) Mobile device security considerations for small-and medium-sized enterprise business mobility. Information Management & Computer Security, 22(1), pp.97-114.

Imgraben, J., Engelbrecht, A. and Choo, K.K.R. (2014) Always connected, but are smart mobile users getting more security savvy? A survey of smart mobile device users. Behaviour & Information Technology, 33(12), pp.1347-1360.

Jenkins, J.L., Grimes, M., Proudfoot, J.G. and Lowry, P.B. (2014) Improving password cybersecurity through inexpensive and minimally invasive means: Detecting and deterring password reuse through keystroke-dynamics monitoring and just-in-time fear appeals. Information Technology for Development, 20(2), pp.196-213.

Kelly, B.B. (2012) Investing in a centralized cybersecurity infrastructure: Why hacktivism can and should influence cybersecurity reform. BUL Rev., 92, p.1663.

Kemp, S. (2017) Facebook active users decline, mobile usage hits 5 billion and more. [Online] TNW. Available at: https://thenextweb.com/contributors/2017/06/14/global-digital-stats-june-2017-facebook-active-users-decline-mobile-usage-hits-5-billion/ [Accessed 25^th April 2018].

Li, M., Yu, S., Zheng, Y., Ren, K. and Lou, W. (2013) Scalable and secure sharing of personal health records in cloud computing using attribute-based encryption. IEEE transactions on parallel and distributed systems, 24(1), pp.131-143.

Li, X., Liang, X., Lu, R., Shen, X., Lin, X. and Zhu, H. (2012) Securing smart grid: cyber attacks, countermeasures, and challenges. IEEE Communications Magazine, 50(8).

Mansell, R. (2012) Imagining the Internet: Communication, innovation, and governance. England: Oxford University Press.

McGettrick, A. (2013) Toward effective cybersecurity education. IEEE Security & Privacy, 11(6), pp.66-68.

Miorandi, D., Sicari, S., De Pellegrini, F. and Chlamtac, I. (2012) Internet of things: Vision, applications and research challenges. Ad hoc networks, 10(7), pp.1497-1516.

O’Connell, M.E. (2012) Cyber security without cyber war. Journal of Conflict and Security Law, 17(2), pp.187-209.

QuadMetrics. (2015) Why Should Your Small Business Care About Cybersecurity?. [Online] QuadMetrics. Available at: https://www.quadmetrics.com/blog/posts/small-business-cybersecurity [Accessed 25^th April 2018].

Rayome, A.D. (2016) Hackers attempt DDoS attacks on Clinton and Trump campaign websites using Mirai botnet. [Online] Tech Republic. Available at: https://www.techrepublic.com/article/hackers-attempt-ddos-attacks-on-clinton-and-trump-campaign-websites-using-mirai-botnet/ [Accessed 25^th April 2018].

Renda, A. (2013) Cybersecurity and Internet Governance. [Online] Council of Councils. Available at: https://www.cfr.org/councilofcouncils/global_memos/p32414 [Accessed 25^th April 2018].

Sangani, N.K. and Vijayakumar, B. (2012) Cyber security scenarios and control for small and medium enterprises. Informatica Economica, 16(2), p.58.

Shackelford, S.J. (2014) Managing cyber attacks in international law, business, and relations: In search of cyber peace. England: Cambridge University Press.

Sittig, D.F. and Singh, H. (2016) A socio-technical approach to preventing, mitigating, and recovering from ransomware attacks. Applied clinical informatics, 7(2), p.624.

Wall, D.S. (2013) Enemies within: Redefining the insider threat in organizational security policy. Security Journal, 26(2), pp.107-124.

Wang, W. and Lu, Z. (2013) Cyber security in the smart grid: Survey and challenges. Computer Networks, 57(5), pp.1344-1371.

Wells, L.J., Camelio, J.A., Williams, C.B. and White, J. (2014) Cyber-physical security challenges in manufacturing systems. Manufacturing Letters, 2(2), pp.74-77.

Woolf, N. (2016) DDoS attack that disrupted internet was largest of its kind in history, experts say. [Online] The Guardian. Available at: https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet [Accessed 25^th April 2018].

Yan, Q. and Yu, F.R. (2015) Distributed denial of service attacks in software-defined networking with cloud computing. IEEE Communications Magazine, 53(4), pp.52-59.

Yan, Q., Yu, F.R., Gong, Q. and Li, J. (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), pp.602-622.

Yan, Y., Qian, Y., Sharif, H. and Tipper, D. (2012) A survey on cyber security for smart grid communications. IEEE Communications Surveys and Tutorials, 14(4), pp.998-1010.

Zargar, S.T., Joshi, J. and Tipper, D. (2013) A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), pp.2046-2069.