Literature Review Scope and Objective
The information and communication industry has evolved greatly over the last three decades. Technology has taken control of a significant part of everyday activities, especially in business. At present, all businesses have integrated their operations with the use of information technology. Case in point, when it comes to communication, delivery of services and also manufacturing, information technology takes control in such operations. However, the positive contribution brought forth by the use of technology has invited a myriad, problems with the major one being cyber-attacks (Antonucci, 2017). Most businesses have reiterated that their number one enemy on their network are the sinister individuals who try to intrude their system for altering, exposing or deleting momentous information that has a great value to a company. This means that issues that relate to cyber security will increase as technology advances. The act of business protecting their information communication technology systems is referred to as cyber security (Singer and Friedman, 2014). Cyber security can be an arguably ambiguous term that may mean privacy and surveillance. However, it should be understood that cyber security is precise and that it is a significant tool for business people to protect their privacy and deter unauthorized surveillance into their systems.
The management of risks of the information system is depended on three important factors that include the threat. The threat is who is attacking the system. This is the individual or group of individuals that have ill motives towards a company. They can be disgruntled former employees or any individual. Another factor is vulnerabilities. The weakest points in the system of a company are one of the entry points for the individuals who are seeking to infiltrate into a system (Graham, Howard and Olson, 2011). The third factor is the impact of the cyber-attack. There is an array of expected impact after an occurrence of a cyber-attack such as loss of information and altering of information (Bayuk, 2012). With the above knowledge, managing cyber security in business organizations comes with many challenges that are not limited to data loss, breach indicators, application control among others. This paper focuses and analyzes the available literatures regarding challenges of cyber security in businesses.
Comparative Analysis of the Different Literatures.
Reasons why cyber security is a challenge in business
With the advent of the problem related to cyber networks in business, most businesses have ensured that they have strengthened their cyber security capabilities in the last five years. According to Rajagopal and Behl, (2016) there have been a lot of processes which are used to implement and prioritize information technology security risks and also the development of mitigation strategies to ensure that such mishaps do not happen. This means that a lot of companies have dedicated a significant amount of finances to ensure that their information is protected. Santanam, Sethumadhavan and Virendra, (2011) affirms that desktops environment have been made wide open different from what they were before the proliferation of cyber-attacks. Alexander (2012) believes that as at now, the computers used in organizations have been disabled from their use of USB ports, and also their webmail services have also been disabled. The way business use technology is the reason why protecting the cyber-attacks is becoming more difficult.
At present, a lot of business value has migrated online where digital data has have become more prevalent. For instance, most businesses have ensured that customers can ask for services online also pay through the same media. For this reason, cyber criminals are finding more reason why they should continue with their heinous act. The more the businesses are insisting on the issue to do with online transactions, is another reason that an incentive is created to cyber criminals to tap into systems of businesses. It is an open secret that companies are experiencing more cyber-attacks per hour but unable to speak loudly about the matter as it would scare away their customers (Glasgow, 2003).
Another reason why protecting a business from cyber-attacks is the way customers are expecting the business to be more widely accessible. Customers expect that with the advancement in technology, the business is supposed to make their purchases simpler through the use of mobile application services and the use of portables which prevent the customers from traveling large geographical distance so as to get a service. Case in point, customers expect that they ought to use mobile phones with applications related to the business they seek services from since they use mobile phones in their daily personal lives Forsyth and Kalman, (2013). The customers fail to realize that the increasing use of web-based services increases the insecurity regardless of the simplicity of the services that the internet provides. Hackers use and target devices that are unprotected such as tablet and mobile devices which are used to access to a business network hence gaining access.
The supply chain in business is interconnected greatly to allow customers and suppliers to have streamlined flow of goods and services. Companies are encouraging vendors and Logistics Companies to join their networks for the purpose of increasing their sales. According to Shoemaker and Sigler, (2015) his engagement of interconnected supply chain is putting organization network and system at risk of cyber-attacks. Cyber criminals can pause as one of the individuals in the supply chain thus giving them an opportunity to investigate and find a vulnerability in a system. Tighter integration of business partners is a good course that can increase a performance of business. However, there must be policies and other security measures in place to ensure that the communication network is protected from cyber criminals Bisogni, Cavallini, and Trocchio, (2011). Some companies have reiterated that on-site contractors of the software that is used in sharing information can have access to confidential documents. For this reason, most companies especially the large ones, are against their employees sharing information using web-based services.
The cybercriminals have become more sophisticated as more business has discovered ways to protect their systems from attack. As at now, more cybercriminals act as service providers. They approach businesses as people who are capable of protecting their networks. When they are given an opportunity, they have all the access they need from organizations. This makes it hard for an organization to protect themselves from cyber-attacks since they are not aware of what triggered the attack. Consequently, they are not aware of the vulnerability of their network that acted as a conduit of the attack.
Human Beings as Cyber Security’s Weakest Link
Cyber criminals are more than willing to obtain momentous information from organizations. Case in point, cyber criminals have infiltrated banks by having one of their own within the financial institutions. When cyber criminals have an essentially authorize access to a system they are in a better position to be able to siphon all kinds information they need for their unknown reasons. In many cases, long-term employees also pause risks to an organization system. A lot of times the management of a business usually think that the intrusion of a system is accused by an outside. They fail to realize the same people who work in their organizations may be the risks. This is a clear indication that human beings are the weakest link when it comes to cyber-attacks (Wittkop, 2016).
Vendors are other potentials when it comes to the cyber security of a business. This is because vendors are given unlimited access to very important data that concern organizations. For instance, a vendor that is concerned with the establishment of a database will be trusted with enormous data and files of an organization so that they can feed into their database. If such a vendor poses as a cyber-criminal the access to important information of an organization would not be a problem. Also, it will be impossible for an organization to discern whether the information is stolen from the system.
Human beings in their way are different regarding having their agendas and influences. Human beings trust other human beings especially when it comes to business. It will be a bad show that a management of a company does not trust the employees that are working for that company. When there is trust, it is easy for individuals in an organization to be motivated and achieve optimal performance. However, the issue of trust has been overrated in business. This is because there is no amount of firewalls and security topologies that can withstand an authorized user. This implies that an authorized ill-motivated user is the most dangerous component to the security of a system Borum, Felker, Kern, Dennesen and Feyes (2015).
To mitigate the problem of having employees being the greatest weakness in a cyber-security, measurement is significant. This means that business should formulate ways that track employee behavior both online and the normal individual behaviors which can indicate cyber-crime in progress. For instance, those employees who work after the working hours, those who access customers’ data, and those who register low-performance rates are the ones to look closely at, such behaviors are not normal for any employee in any organization. Cyber security is not necessarily on the technological aspect but also humans play a large role if not the biggest in the realization of cyber-attacks. Through training employees, everyone will have a clue of cyber threats and can act as a watchdog to an organization.
Gaps Identified and Conclusions
Many of the literature regarding cyber security in business fail to talk about the issue of cyber kill chain which is used by intruders as their model in heinous operations. The cyber kill chain seven phases that start from Reconnaissance where the intruders check weak system to infiltrate, Weaponization stage is where an entry point to a system is identified, and the third stage is Delivery where the malware is put into the system. Exploitation, Installation, Command & Control and the action proceed in the remaining stages.
Most authors have failed to explain the type of policies that should be important in ensuring that cyber security is realized. However, the details of cyber security will vary from one department to another in an organization. This means that each head of a department will have a different understanding of cyber security where a leader will pass on to those that one manages (Weiss, 2007). The policies and terms in an organization regarding cyber security should carry a lot regarding information, the members of an organization should be braced with how to detect a cyber-threat and ways to control a cyber-attack to gain access to a system Herath, and Rao, (2009). Businesses should ensure that workshops and training regarding cyber security are conducted on a regular basis. This will ensure that the challenges of cyber security are given an upper hand regarding issues that deal with a business thus become relevant among the employees. It should be noted that each person in an organization is a better position to ensure that the network security of a business is tight. This is because they interact closely among themselves and they are in a position to note that one of their own who is behaving in a very peculiar way.
Expanding the knowledge of the members of an organization assists in ensuring that there is a unified effort in fighting cyber-attacks. Rittinghouse and Hancock, (2003) believes that when an employees acquire skills that help them in programming and prevention a cyber-attack in progress, then it means that even a cyber-criminal who pauses as an employee in such a company will have a difficult time in executing cyber-attack activities. A well-informed team of employees can ensure that they identify unusual activities in a system and they can inform the information technology department of the malicious activities. The information technology will then be able to protect all the systems in an organization at a very first rate this giving no chance to a cyber-criminal.
Businesses should understand that cyber-attacks are inevitable hence resilience is a virtue that they need to uphold. Tremendous technology has proven that business can on a verge of realizing their economic potential. However, the same technology acts as a threat that can be able to bring any business to its knees. Dimase, Collier, Heffner and Linkov (2015) believes that for an organization to achieve resilience the most significant question that they need to ask themselves is the kind information they have to lose and the specific data that are momentous in carrying out their operations. When these questions are understood, businesses will be in a better position to develop a cyber-security posture which will be able to protect the most important data that once they are in unauthorized hands, will be detrimental to a business. It should be noted that cyber-criminals look for critical data in a system of organization in which to gain access to. This will enable them to black mail a business by threatening to realize such information to the public. This means that core data in business should the most protected.
In conclusion, as more values have migrated online, business are coerced to have innovative ways in which they can conduct their businesses and also interact with their customers and other partners such as suppliers. For this reason, cyber-security challenges will continue to increase. Also with advancement and the increase in sophistication of information technology, cyber-criminals are finding new ways in which they are able able to infiltrate networks of organizations. This means that organizations should formulate solutions that cut across strategies, operations and technological functions to be in tandem with the changing technology. To manage the challenges that are brought forth by cyber-security, the management of organizations should make cyber-security an important initiative in an organization. Consequently, human beings have been identified as the prolific contributor to the cyber-attacks. Cyber criminals currently pose as employees who work in organizations thus having authorized access to critical information of the business. The recruitment of employees should be an extremely serious process. Also, it is imperative that a behavior of an employee should be checked on a regular basis so as to keep track of any unusual activity which might be a threat to the system of a company. As long as the technology keeps advancing cyber-security will still be prone to many challenges.
Alexander, D. 2012, "Cyber Threats in the 21st Century", Security, vol. 49, no. 9, pp. 74.
Antonucci, D. (2017). The Cyber Risk Handbook: Creating and Measuring Effective Cybersecurity Capabilities. 1st ed. John Wiley & Sons, p.113.
Bayuk, J. (2012). Cyber security policy guidebook. 1st ed. Hoboken, N.J.: Wiley, p.29.
Bisogni, F., Cavallini, S. & di Trocchio, S. 2011, "Cybersecurity at European Level: The Role of Information Availability", Communications & Strategies, , no. 81, pp. 107
Borum, R., Felker, J., Kern, S., Dennesen, K. & Feyes, T. 2015, "Strategic cyber intelligence", Information and Computer Security, vol. 23, no. 3, pp. 320.
Boss, S.R., Kirsch, L.J., Angermeier, I., Shingler, R.A. & Boss, R.W. 2009, "If someone is watching, I'll do what I'm asked: mandatoriness, control, and information security", European Journal of Information Systems, vol. 18, no. 2, pp. 152.
Dimase, D., Collier, Z.A., Heffner, K. & Linkov, I. 2015, "Systems engineering framework for cyber physical security and resilience", Environment Systems & Decisions, vol. 35, no. 2, pp. 295.
Forsyth, C. & Kalman, L. 2013, "A RISING TIDE", Legal Week, vol. 15, no. 14, pp. 14.
Glasgow, B. (2003). Information technology insights: CIDX moves with cyber security. Chemical Market Reporter, vol. 263, no. 2, 33.
Graham, J., Howard, R. and Olson, R. (2011). Cyber security essentials. 1st ed. Boca Raton, FL: Auerbach Publications, p.51.
Herath, T. & Rao, H.R. 2009, "Protection motivation and deterrence: a framework for security policy compliance in organisations", European Journal of Information Systems, vol. 18, no. 2, pp. 107.
Rajagopal, and Behl, R. (2016). Business analytics and cyber security management in organizations. 1st ed. IGI Global, p.50.
Rittinghouse, J. and Hancock, B. (2003). Cybersecurity operations handbook. 1st ed. Amsterdam: Elsevier Digital Press,p.498.
Santanam, R., Sethumadhavan, M. and Virendra, M. (2011). Cyber security, cyber crime and cyber forensics. 1st ed. Hershey, PA: Information Science Reference, p.33.
Shoemaker, D. and Sigler, K. (2015). Cybersecurity. 1st ed. Stamford, CT: Cengage Learning, p.33.
Singer, P. and Friedman, A. (2014). Cybersecurity. 1st ed. New York: Oxford University Press, p.35.
Wittkop, J. (2016). Building a Comprehensive IT Security Program. 1st ed. Berkeley, CA: Apress, p.89.
Weiss, J. 2007, "Cyber Security in the Control Room", Power Engineering, vol. 111, no. 9, pp. 38-38,40,42,44.