Cyber security is a growing technology problem which need to be approached in a more technical way. It has be approached in a more dynamic way by all stakeholders because it is a global problem rather than an organizational level issue. Businesses have been faced with challenges of solving cyber security problems ranging from organizational compliance program to international standards compliance programs. In cyber security, privacy and data protection is of more concern and has to be enforced to make sure organizational data is not exposed to intruders who may end up sabotaging organizational systems (HASIB 2014, p. 112). The norm of just keeping organizational data is gone and organizations are investing heavily on security of their information since it has become a very valuable asset for any organization. Hacking has been of major concern and business have been compromised through various ways. To organizations that work online and most of its transactions are done through an online system, security must be enforced to secure both organizational and customers data. Recently, credit card transactions have shot up with increases in online transaction and hackers have taken that privilege to compromise such transaction to steal from organizations and innocent customers. Customers have found themselves as a soft target since they are being billed fraudulent charges without their knowledge.
The main objective of the paper is to address cyber security challenges that organizations have been facing. Important to note is that, such challenges might be considered at organizational level but they are mainly global oriented. After addressing security challenges, it will focus on how these challenges have been created and best alternatives in solving cyber security lapses.
To address cyber security challenges, it will be important to focus on both international market and organizational level compliance programs which are meant to solve cyber security. Next, data protection and privacy of organization is very sensitive when addressing data breach and hacking. Lack of defined procedure and processes on how to solve cyber security issues has to be clearly outlined in order to help in creating awareness on what organizational level must implement to curb security problems.
Compliance is an act getting in line with what is required in order to be able to solve cyber security challenges that organizations and small business operators are facing in the market today (MINICK 2016, p. 57). This brings out aspect of laying down good foundation to facilitate business growth by meeting all core elements related to set compliance programs. Effective compliance structures are created by creating very high notch code of conduct to help in understanding the stipulated roles of conduct in organization and setting out required building blocks for compliance program. Important to note is that various security compliance programs are unique from each other and have various levels of attaining maturity. Security compliance maturity is mostly determined by level of risk each challenge is presenting to organizations in the market (SMITH & COCKBURN 2014, p. 19). Compliance programs are mainly determined by code of ethics that are prescribed by a particular organization. Compliance program set out to mitigate cyber security challenges might be set out in regard to organizational prescribed code of conduct, code of ethics in existence and above all rules and regulations that are set out by specific organizational management. Since compliance programs are set out in accordance with roles and responsibilities, it is good to be more aware of organizational ethical practices. When organization sets up compliance programs, it has to make sure its compliance program is more than making its employees follow rules. It has to be aimed at making organizational success a reality. Finally, according to SUBRAMANIAN (2008, p. 135), the tone in which this compliance program is passed to organizational employees and stakeholders is of values. The highest tone is very important since it defines success of the organization.
According to ICGS3 et al (2015, p. 256), some of the compliance in cyber security are; IT Audit and compliance, IT policies and governance and IT risk assessment and management. A good example can be observed from Cisco and InfoSec Companies which have been working together in order to facilitate global business production by protecting organizational systems and data from either internal or external threats emanating from cyber security. Though a lot of compliance has been put on both hardware and software, the two Companies have taken very holistic approach in securing organizational data. Some of these approaches include; implementing market focused policies and processes that makes sure organizations comply with cyber security set policies and procedures (ADOMI 201, p. 10). This is done through creating policies that govern how organizations that use products from these companies such as hardware and software must follow if they have to benefit from their products. Next, these organizations have gone an extra mile to implement security in their infrastructure before distributing them to consumers. Further, DONALDSON et al (2015, p. 27) argues that, Cisco and InfoSec have been fostering security conscious culture with aim of reducing attacks and fostering good security in business. Finally, regarding organizational policies and procedure, these two companies have created processes and procedures to be followed when implementing security measures in their business by use of their products. This demonstrates that, compliance with requirements and specifications is very important as it helps in making sure challenges faced in cyber security are solved.
Privacy and data protection
Privacy of organizational data is of paramount and has to be kept as a secret asset for the subject organization (SCHU?NEMANN & BAUMANN 2017, p. 5). In today’s business, data has become one of most important asset since it is being used to make critical decision regarding organizational operations and next course of action in business activities. The main question that has been of concern is, why protect organizational data more than any other asset of the organization? This reason behind data privacy and protection is because of its value when accessed by competing firms. CYBERICS et al (2015, p.6) stipulates that, data offers competitive advantage in the market and if accessed by unauthorized people, it can be used to reveal organizational operational procedures which may later be used to plan competitive strategies against subject organization. This makes organizations make decisions that are more on protecting data rather than putting perimeter security against organizational data. In privacy terms, storing more sensitive information in one database may mean more harm if an attacker gains access to the system. A good example that many organizations have been facing is storing their customers’ credit card numbers together with their expiry date. This has been the norm but with increasing cyber security data breaches around the world, it has become a major concern because it has been realized that, when a hacker compromises the system, hefty fraudulent transactions can be done (MOORE 2017, p. 198). Further, connecting to websites using organizational computers by employees have been exposing organizational data in to risks because once they get connected to these websites, a lot of information is left. They may be used to collect very sensitive information which can be used to break into organizational data.
The most issues of concern with organization is how to do away with cyber security challenges. Data security challenges can be addressed by organizations by limiting the number of people who have privileges to access areas such as server rooms and data centers (WONG 2013, p. 25). Having achieved this, it is important to put data security measures such as strong authentication and authorization measures against unauthorized users of the system. Most important of all aspect is implementing data encryption measures to secure data from its use even after attackers gain access into the system. Failing to encrypt data puts it at risk of being compromised for personal gain. Though it is a good measure, the main issue has been on technology required to implement such security measures. Hackers are more skilled and experienced since they are the same technocrats that organizations has been employing to safeguard organizational data (SOTTO 2016, p. 978). Due to wide experience of skills they possess, they have been learning various systems and their mode of operations then ditch organizations in order to get a good chance to compromise their of target system. Therefore, with so many lapses that exist in data privacy and protection of organizational data, it has become a great challenge to meet all requirements of securing organizational data from access by hackers from outside and access by unauthorized employees. KHURANA & AGGARWAL (2013, p. 168) argues that, data security has become a topmost issue and organizations are investing heavily on security of their data more than ever.
Managing third party data
In today’s technological market, organizations have been opting for third party services such as cloud computing services in order to reduce cost of managing data on their own (TURUK 2016, p. 89). Due to cost involved in managing data, going for a third becomes the alternative but the major issues is on integrity of data. Is the security of data guaranteed under third party? Taking an example of cloud services, organizational data is hosted remotely in the cloud without coming into conduct with hosting firm (LECLAIR 2013, p. 251). Organizational data can be accessed by employees remotely but without knowledge of where data is hosted. In such a scenario, organization employees is not aware of who has access to the data and what security lapses exist. In this case, organizational IT experts are aware on how data is managed rather than offering technical assistance to users. Though it is the responsibility of the hosting company to put in place all security parameters, it becomes a challenge when company’s hosting services spans to a large geographical area, especially worldwide. Imposing regulatory policies that span over the whole world by any technology company is very challenging because different jurisdictions have diverse rules. In this regard, security teams must be very vigilant to monitor and give priority to challenges facing cyber security. According to KHAJURIA (2017, p. 175), organizational security teams must make sure all security missions regarding organization are in line with its mission and vision of the firm.
Lack of operational processes and procedures
Cyber security lapses are emerging at an alarming rate and need to be considered in order to be able to come up long lasting solution. There has been increase in number of cyber security attacks ranging from small business to large organizations. In order to solve cyber security challenges, there is need to have clear defined procedures to on how security problems would be solved once they arise (MEHAN 2014, p. 316). It is very clear that, there is no prescribed procedure to use when solving cyber security problems when they occur. Due to lack of administrative right management, it has been difficult to come up with the right rules governing cyber security. RICHET (2015, p. 112) stipulates that, IT professionals should come with procedures to be followed when organizations are faced with data breach. A good example is can be deduced from Ransomeware attacker which occurred May of this year and affected many counties and large organizations. In such a scenario, there was a problem in solving this major security attacker which affected entire world. If there could be a well-defined procedure follow when organizations are faced with cyber security, it would be very easy to mitigate data security issues. The main challenge which has hindered development of cyber security procures is diverse nature of attackers and ever changing technology which need to be revised (SMITH 2014, p. 12). It would be very difficult to plan for cyber security mitigation plan where technology is growing so fast.
Rapid technology growth
With need for specialized cyber security trained personnel in ever growing technological businesses, data security continue to present itself in a dynamic way. Technology growth is coming up with more sophisticated needs and new skills is required to handle technological need (KAPLAN et al 2015, p. 49). Due to this demand, organizations are taking all measures to ensure they protect their data from being compromised by either unauthorized people. To cater for growing technology, they are taking their IT professionals for specialized training in order to equip them with needed skills which in turn would be used to safeguard organizational data from any kind of breach. Once these IT professionals are fully equipped with skills that is not very diverse in the market, they feel more equipped for the business. They fail to new their contractual terms with subject companies. To organization, this turns to be total tragedy since the very resourceful personnel in the organization has turned t be a very big threat after ditching out the company (RAJAGOPAL & BEHL 2016, p. 50). At this point, the subject company is left dilemma of evaluating what is will happen to their most sensitive organizational assets, the data. The main challenge in this scenario is, does organization owe IT professionals ethical code of conduct once they resign? They have been equipped with very sophisticated skills owing to the factor that they will be very valuable to the organization. According to IEEE professional code of conduct, privacy of personal information is paramount and all IT professional must abide by the rule of law by keeping organizational mode of operations and sensitive data privacy (TRYFONAS 2017, p. 524). Though this is what is expected from them, once they leave the subject organization, they are ready and prepared to benefit from the acquired skills through hacking. Instead of being valuable assets in fighting cyber security, they turn to be threat in cyber security. Ethical hackers turn to be unethical hackers and start posing a lot of threats to organizations.
Cyber security has turned to be a global technological war and if not well fought it might technology into war against business. There is every need for organization to come up with compliance programs which would bring together all technical aspects that has to be fulfilled by businesses in terms of cyber security measures to be followed. Compliance is very important because cyber security risks cannot be one organizational goals. Privacy protection and data security must be done in regard to international set standards in order to make sure all aspects are met. Measures must be put in place to make sure all data is kept secure and safe. Breaches to privacy and security measures put by organization must be dealt with as a crime. Additionally, third party management must be well managed in order to make sure all privacy and security of data is at its topmost. With emerging technology on cloud computing, third party data management is of important but there are professional issues which must be met regardless of where data is hosted. Consequently, there are no cyber security pre-defined procedures which can be followed when solving technological problems. This leaves cyber security to be an open problem which can be solved by approaching it in a personal way which in turn might pose risk to other businesses. Finally, technological growth which has been coupled with ethical hacking which later turn to unethical hacking menace to organizations.
ADOMI, E. E. (2010) Frameworks for ICT policy: government, social and legal issues. Hershey, Information Science Reference.
CYBERICS (WORKSHOP), BE?CUE, A., CUPPENS-BOULAHIA, N., CUPPENS, F., KATSIKAS, S. K., & LAMBRINOUDAKIS, C. (2016). Security of industrial control systems and cyber physical systems: first Workshop, CyberICS 2015 and First Workshop, WOS-CPS 2015 Vienna.
DONALDSON, S. E., SIEGEL, S. G., WILLIAMS, C. K., & ASLAM, A. (2015) Enterprise cybersecurity: how to build a successful cyberdefense program against advanced threats.
HASIB, M. (2014) Cybersecurity leadership: powering the modern organization.
ICGS3 (CONFERENCE), JAHANKHANI, H., CARLILE OF BERRIEW, AKHGAR, B., TAAL, A., HESSAMI, A. G., & HOSSEINIAN-FAR, A. (2015) Global security, safety and sustainability: tomorrow's challenges of cyber security: 10th International Conference, ICGS3 2015, London, UK.
KAPLAN, J. M., BAILEY, T., REZEK, C., O'HALLORAN, D., & MARCUS, A. (2015) Beyond cybersecurity: protecting your digital business.
KHAJURIA, S. (2017) Cybersecurity and privacy - bridging the gap. River Publishers.
KHURANA, R., & AGGARWAL, R. (2013) Interdisciplinary perspectives on business convergence, computing, and legality.
LECLAIR, J. (2013). Protecting our future, volume 1: educating a cybersecurity workforce. Bookbaby.
MEHAN, J. E. (2014) Cyberwar, cyberterror, cybercrime and cyberactivism: an in-depth guide to the role of standards in the cybersecurity environment.
MINICK, B. (2016) Facing cyber threats head on: protecting yourself and your business.
MOORE, M. (2017) Cybersecurity breaches and issues surrounding online threat protection.
RAJAGOPAL, & BEHL, R. (2016) Business analytics and cyber security management in organizations. Hershey, Business Science Reference.
RICHET, J.-L. (2015) Cybersecurity policies and strategies for cyberwarfare prevention.
SCHU?NEMANN, W. J., & BAUMANN, M.-O. (2017) Privacy, data protection and cybersecurity in Europe.
SMITH, P. A. C., & COCKBURN, T. (2014) Impact of emerging digital technologies on leadership in global business.
SMITH, R. (2014) CYBERCRIME - A CLEAR AND PRESENT DANGER THE CEO'S GUIDE TO CYBER SECURITY. [S.l.], LULU PRESS INC.
SOTTO, L. J. (2016) Privacy and data security law deskbook. Wolters Kluwer Law & Bus.
SUBRAMANIAN, R. (2008) Computer security, privacy, and politics: current issues, challenges, and solutions. Hershey, IRM Press.
TRYFONAS, T. (2017) Human aspects of information security, privacy and trust: 5th International Conference, HAS 2017, held as part of HCI International 2017, Vancouver, BC, Canada.
TURUK, A. K. (2016) Resource Management and Efficiency in Cloud Computing Environments. Hershey, UNITED STATES, Information Science Reference.WONG, R. (2013) Data security breaches and privacy in Europe. London, Sp