Digitalisation has increased the number of smartphone and online services that are used by people and corporations; it has become substantially easier for individuals to access internet and online services directly through their smartphone. People use internet-based services for performing various functions, like, banking activities, entertainment, shopping, communication, and others. Modern companies take advantage of this opportunity and offer their services and product directly to people’s smartphones which eliminates the middleman and other costs. The growing popularity of Internet-based services increases the security risk faced by individuals and corporations. Cybercriminals attack people and companies to gain an unfair advantage which increases the requirement of cybersecurity software. This report will focus on evaluating the challenges faced by modern organisation regarding cybersecurity. Further, the report will provide few recommendations that can improve the cybersecurity of corporations.
The primary objective is to evaluate the challenges faces by modern firms regarding cybersecurity due to increase in popularity of the internet and online based facilities, and conduct a literature review on the topic. The report will understand the issue from the example of various companies that faces cyber-attacks. The secondary objective is suggesting few recommendations that can assist corporations in improving their cybersecurity.
The report will examine the vulnerability of corporations regarding cyber-attacks and challenges faced by them regarding cybersecurity. The report will evaluate various theories provided by experts on the topic and examine various recommendations to improve cybersecurity.
In past decade, the role of internet and online services has grown substantially between modern companies; the popularity of internet has enabled firms to provide their service through online platforms. As per Lenhart et al. (2010), people are able to access services such as banking, entertainment, news, stock market, and shopping directly through their smartphones and computers. The rate of internet users are growing due to the increase in popularity of social media sites, and it also attracts companies on online platforms as well. Howard and Mazaheri (2009) stated that modern companies use online platforms to perform various business functions such as recruitment, marketing, conducting survey, interacting with customers and many others. The growing use of internet provides new business opportunities to entrepreneurs and smaller firms because it provides them a platform to connect with billions of people.
According to Edelman and Geradin (2015), many companies use online services to improve the quality of their services, and many firms have based their entire business on internet such as Uber, Airbnb, Facebook and many others. These companies are entirely based on online platforms, and they gain a competitive advantage due to popularity and ease of internet use among people. Hunton (2009) provided that the rapidly growing rate of internet users increases the requirement of cybersecurity spending because the rate of cybercrimes is increasing as well (Figure 6). Most of the cybercriminals attack online servers of corporations because they are easier to hack due to lack of security guidelines. The cybercriminals focus on gaining unwanted access to personal accounts of internet users or companies’ servers to collect sensitive data can destroy the reputation of a firm.
As per Sanchez, Levin and Del Riego (2012), the rate of cybercrimes is increasing due to the popularity of social media sites; the number of worldwide social media users has grown from 1.22 billion to 2.46 billion from 2011 to 2017. By 2021, it is estimated that the number of social media users will be 3.02 billion (Figure 3). A large number of users attract modern corporations towards social media sites, and they use these websites to connect and interact with their customers. Many corporations have successfully implemented social media marketing strategy into their business operations that gained them a competitive advantage such as Oreo, Starbucks, and Old Spice. Many companies has also faced the issues of cyber-attack such as HBO, Yahoo, DYN, BBC, and Sony.
As per Islam, Islam and Mazumder (2010), the popularity of mobile application also increases the risk of cyber-attacks; most of the corporations provide their services on mobile applications that improve the experience of customers. The increase in number of smartphones resulted in expanding the growth of mobile application; the number of smartphones grows from 1.57 billion to 2.32 billion between 2014 t0 2017. The number is expected to be grown up to 2.87 billion by 2020 (Figure 1). The increase in smartphones users make companies, such as Uber, Facebook, and Whatsapp, targets of cybercriminals; they attack these firms to collect personal data of people. Wright, Dawson and Omar (2012) mentioned that most smartphone users did not know about cybersecurity, or they avoid security feature due to their complexity such as two-step verification, difficulty passwords, and others. These reasons contribute to increase in cyber-attacks on businesses and individuals which create new cybersecurity challenges. Cybercriminals use new methods to hack into the database of the corporation to collect their information; following are some examples of online security challenges faced by modern firms.
As per Zargar, Joshi and Tipper (2013), increase in the number of online users enhances the amount of internet traffic for companies, and cybercriminals use this opportunity to send Distributed Denial of Service or DDoS attack on the firm’s servers (Figure 4). In this attack, the hackers send a large number of internet traffic to company’s servers that result in its failure, and it stops to perform some actions. Cybercriminals then gain access to such computer and hack the entire system to collect sensitive data.
Internet of Things (IoT)
According to Covington and Carskadden (2013), the popularity of internet has increased the number of devices that are connected to the internet; people in developed countries have the option to convert their house into smart home which is connected to the internet. Companies make smart home devices and appliance which uses internet system to collect and share data with each other that improves the usability of devices. Ning, Liu and Yang (2013), the gadgets and devices which connected through the internet are called internet of things, and they increase the risk of cybersecurity because cybercriminals have the option to hack any one of the devices to gain excess to the entire house. Smart security cameras, automatic doors, and connected cars are the example of IoT devices.
According to Felt et al. (2011), the number of smartphones is growing in the world which also increased the number of mobile malware; cybercriminals directly attack the phone of people since it contains personal and sensitive data of user such as banking details, financial statements, personal photo and many others. As per Wang, Streff and Raman (2012), the hackers can access such data and blackmail a company executive to gain them access to a firm’s computer system or gain access to company’s secret files. Plankton and DroneKungFu are a good example of Android malware which collects the data of smartphone and sends it to the cybercriminals.
Kelly (2012) stated that Hacktivism is a modern method of protesting that is conducted by hacktivists through online platforms. Hacktivists focus on protesting against political agendas or large corporations, and they hack their account to show the world their true nature and destroy their reputation. Many experts consider these attacks as more dangerous because the main motive is to destroy a company’s both financially and socially. The example of Hacktivism includes attack on Sony Corporation and Bank of America by hacktivist organisation ‘Anonymous’. The leaking of Panama Papers and Wikileaks are also the example of hacktivists attacks.
Luo and Liao (2009) provided that Ransomware is a malware gain access of a person or company’s computer and asks for a ransom to provide back the access; there is no guarantee that the user will get his computer and data back after paying the ransom money. There are multiple Ransomware malware available in the market that increases the cybersecurity challenges for companies such as Locky, WannaCry and Crypto Locker. Many large companies such as FedEx and Nissan have been affected by the attack of Ransomware.
The growth in technology leads to disruptive innovations that change the existing use of products and services; Machine learning is one of such innovation. Many companies such as Google and Facebook are promoting machine learning technology to improve their products and services. For example, Google incorporates machine learning on their smartphone, smart home appliance and online services which collect the data of users and provide them recommendations based on such learning. According to Buczak and Guven (2016), the data collected by machine can be hacked by cyber criminals and can easily gain access to a person’s entire life. For example, they can control self-driving cars which can be dangerous to the public. It increases the requirement for companies to establish strong security algorithms into their products which is not possible for smaller companies; therefore, most cybercriminals attack small or medium corporations and entrepreneurs.
As per a study by IBM (2016), more than 60 percent of cybercrimes are conducted through or with the help of company’s insider employees; hackers use the access of employees to gain control over a corporation’s system and collect their sensitive data (Figure 2). Warkentin and Willison (2009) mentioned that the employees unintentionally or intentionally give access to cybercriminals due to lack of security guidelines which result in significant loss to the company. The secret information about CIA’s spy program leaked by Edward Snowden is a good example of insider threat.
There are a number of malware available in the market that is used by cybercriminals to gain access to a company’s accounts. For example, Botnet is a network of software robots that is spread by cyber criminals into a firm’s servers, and these bots automatically hack into their system. Many hackers also use Zombie computer, it is a computer system which is hacked by cybercriminals, and they use such computer to spread malware into the entire system.
Holm, Flores and Ericsson (2013), Phishing attacks are considerably popular among the online community (Figure 5); in this attack, the victim receives an email with a link to a particular website. Clicking on such link takes the user to a website which asks for his/her details and then such details is used by cybercriminals to hack the account of such users. Over the years, the Phishing attacks started to become more sophisticated which make it difficult for users to understand the difference between authentic or fake websites.
These attacks increase the challenges of cybersecurity for modern corporations and make them vulnerable towards cyber-attacks. The companies can implement an effective cybersecurity policy to ensure that their data is protected against cyber-attacks. Following are few recommendations that can be implemented by the firms to address the challenges of cybersecurity.
- Nemati (2010) stated that the companies should use encryption to protect their data while transmitting since it is difficult for cybercriminals to gain access to encrypted data. Many corporations such as Whatsapp provide end to end encryption facility to its users that assist in securing their information. A company which provides its services through online platforms should use encryption to protect themselves from the cyber-attacks.
- According to Sridhar, Hahn and Govindarasu (2012) provided that the corporations which have a large number of computer systems and servers should ensure that they are physically secured from third-party access. Proper security measure should be taken by a company to ensure that employees are not able to provide access to hackers into their system. Organisation can use security cameras, biometric locks, ID checks, and scanners to ensure that their servers and computer systems are protected from third-party access.
- Modern firms should create a separate budget dedicated to cybersecurity investment since it is substantially important for company’s security. Lack of security software may result in huge financial or reputational loss for the enterprise; therefore, proper investment in antivirus and firewalls is required by the firms.
- The company should embrace an organisation culture that promotes and support cybersecurity, for example, using difficult passwords, routinely changing passwords, and encryption of data. The company can establish a strict code of conduct for securing the data, and they can also provide training to their employees, so they are able to contribute to company’s cybersecurity.
In conclusion, the popularity of internet has attracted billions of users to the online platforms which create business opportunities for companies to provide their services through internet. The growing number of corporations and internet users has increased the requirement of cybersecurity policies because the number of cyber crimes has grown as well. Modern companies have to face new cyber challenges such as Ransomware, mobile malware, DDoS, Hacktivism, insider threat and many others. Many firms have faced the cyber-attacks due to lack of security such as HBO, Yahoo, DYN, BBC, Sony and many others. The organisations have to implement effective cybersecurity measure to tackle these issues such as the use of encryption to protect data while transmitting, physically security the servers, using strong passwords and many others. The corporations should understand the importance of cybersecurity and implement appropriate measure to ensure they are protected against cyber-attacks.
Buczak, A.L. and Guven, E., 2016. A survey of data mining and machine learning methods for cyber security intrusion detection. IEEE Communications Surveys & Tutorials, 18(2), pp.1153-1176.
Covington, M.J. and Carskadden, R., 2013, June. Threat implications of the internet of things. In Cyber Conflict (CyCon), 2013 5th International Conference on (pp. 1-12). IEEE.
Crowe, J., 2016. Phishing by the Numbers: Must-Know Phishing Statistics 2016. [Online] Barkly. Available at: https://blog.barkly.com/phishing-statistics-2016 [Accessed on 10/12/2017]
Dourado, E. and O’Sullivan, A., 2015. Federal Cybersecurity Breaches Mount Despite Increased Spending. [Online] Mercatus Center. Available at: https://www.mercatus.org/publication/federal-cybersecurity-breaches-mount-despite-increased-spending [Accessed on 10/12/2017]
Edelman, B.G. and Geradin, D., 2015. Efficiencies and regulatory shortcuts: How should we regulate companies like Airbnb and Uber. Stan. Tech. L. Rev., 19, p.293.
Felt, A.P., Finifter, M., Chin, E., Hanna, S. and Wagner, D., 2011, October. A survey of mobile malware in the wild. In Proceedings of the 1st ACM workshop on Security and privacy in smartphones and mobile devices (pp. 3-14). ACM.
Holm, H., Flores, W.R. and Ericsson, G., 2013, October. Cyber security for a smart grid-what about phishing?. In Innovative Smart Grid Technologies Europe (ISGT EUROPE), 2013 4th IEEE/PES (pp. 1-5). IEEE.
Howard, P.N. and Mazaheri, N., 2009. Telecommunications reform, Internet use and mobile phone adoption in the developing world. World Development, 37(7), pp.1159-1169.
Hunton, P., 2009. The growing phenomenon of crime and the internet: A cybercrime execution and analysis model. Computer Law & Security Review, 25(6), pp.528-535.
IBM., 2016. An integrated approach to insider threat protection. [Online] IBM. Available at: https://www-05.ibm.com/services/europe/digital-whitepaper/security/growing_threats.html [Accessed on 10/12/2017]
Islam, R., Islam, R. and Mazumder, T., 2010. Mobile application and its global impact. International Journal of Engineering & Technology (IJEST), 10(6), pp.72-78.
Kanishk., 2017. What Businesses In India Can Learn From Recent DDoS Attacks. [Online] HaltDos Blogs. Available at: https://blogs.haltdos.com/2017/02/22/businesses-india-can-learn-recent-ddos-attacks/ [Accessed on 10/12/2017]
Kelly, B.B., 2012. Investing in a centralized cybersecurity infrastructure: Why hacktivism can and should influence cybersecurity reform. BUL Rev., 92, p.1663.
Lenhart, A., Purcell, K., Smith, A. and Zickuhr, K., 2010. Social Media & Mobile Internet Use among Teens and Young Adults. Millennials. Pew internet & American life project.
Live Safe., 2017. Using your employees to prevent insider cyber threats. [Online] Live Safe. Available at: https://www.livesafemobile.com/prevent-insider-threats/ [Accessed on 10/12/2017]
Luo, X. and Liao, Q., 2009. Ransomware: a new cyber hijacking threat to enterprises. In Handbook of research on information security and assurance (pp. 1-6). IGI Global.
Nemati, H.R. ed., 2010. Applied Cryptography for Cyber Security and Defense: Information Encryption and Cyphering: Information Encryption and Cyphering. IGI Global.
Ning, H., Liu, H. and Yang, L.T., 2013. Cyberentity security in the internet of things. Computer, 46(4), pp.46-53.
Sánchez Abril, P., Levin, A. and Del Riego, A., 2012. Blurred boundaries: Social media privacy and the twenty?first?century employee. American Business Law Journal, 49(1), pp.63-124.
Sridhar, S., Hahn, A. and Govindarasu, M., 2012. Cyber–physical system security for the electric power grid. Proceedings of the IEEE, 100(1), pp.210-224.
Wang, Y., Streff, K. and Raman, S., 2012. Smartphone security challenges. Computer, 45(12), pp.52-58.
Warkentin, M. and Willison, R., 2009. Behavioral and policy issues in information systems security: the insider threat. European Journal of Information Systems, 18(2), pp.101-105.
Wright, J., Dawson, M.E. and Omar, M., 2012. Cyber security and mobile threats: The need for antivirus applications for smart phones. Journal of Information Systems Technology and Planning, 5(14), pp.40-60.
Zargar, S.T., Joshi, J. and Tipper, D., 2013. A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks. IEEE communications surveys & tutorials, 15(4), pp.2046-2069.