Preparing for the Cyber-security future needs

27 Sep Preparing for the Cyber-security future needs

Introduction

In current times, cybersecurity becomes an essential means for minimizing the harmful character attacks that degrade the organization’s importance and performance. Well-planned data security sustenance organization to create trust in their employee and sequentially, it enhances company performance. Enormous data is getting generated by the Internet of Things (IoT) devices used by humans for their personal and professional day to day life. For example, people use a fitness device that tracks their health data, including how much they walk, their heartbeat, blood pressure, their intake and exercise time, and many more. Such devices used in households like google home, smartphone, smart Television, and at work use biometric devices to track employees in and out time. So, protecting individual and organization, sensitive data is essential [9]. To do so, every organization has an information security department that looks after data security.

Data security describes a defining technology concern for any company. Companies require robust information technology (IT) and security approaches to protect against data damage or business means. Although, the standard crucial protection against invasion is a familiarized and informed user. Data violations that induce millions of dollars in losses to people, organizations, or the administration have become familiar. The internet was initially invented for computers to transport data quickly and transfer in and out of a network system. In the ancient times of the internet, protection was limited to more than a reconsideration [16].

Without law or rules, the web presented possibilities for media, websites, and business applications, each with their vulnerabilities and deficiencies. As the internet grows, data that is frequently useful in the real purpose or wrong purpose support has available in some quantity. Thus far, the explication has been a constant stream of fixes and patches, with new application software and hardware sometimes shifting the perspective of power back into companies and users’ support, albeit provisionally. Every organization wants to secure their information and assets from cyber-attack; consequently, they have to practice different ways to protect their data and assets. This blog post demonstrates how an organization can prepare for the future need for data security means.

About Cybersecurity: Cybersecurity or information security is a board subject. Recognize that cybersecurity methods should be prepared to obtain future risks. Cybersecurity is the custom of protecting networks, servers, portable gadgets, applications, computerized systems, communication systems, network interfaces, and data from malicious interventions—cybersecurity, known as information technology and data security [17].

Cybersecurity is a necessary process that ensures companies’ data is protected from intrusions that may come from inside or externally through flawed characters. Cybersecurity comprises a collection of tools and applications, methods, systems, compositions, and different approaches to defending an organization’s computer systems, networks, applications, information, and data from illegal admittance or destruction [10].

Why cybersecurity needed?

The pervasiveness and rising demand of the Internet of Things (IoT) have produced IoT devices a robust amplifying stage for cyberattacks. Given the current headline-making hardness and regular recurrence of protection events, including such things, they have become the modern most vulnerable link in modern machine networks’ defense series. IoT devices might be the weak associate of desktop operations, yet they lack the computational abilities they gain in products. Furthermore, because they are always compared to the internet and penetrated with defects—in several instances, the consequence of original protection arrangements constitutes low-hanging commodities for hackers. The considerable amplification, pervasiveness, and high vulnerability of IoT methods have brought many dangerous characters, especially those arranging dispersed denial-of-service (DDoS) interventions [11].

Conventional frameworks for risk evaluation do not operate adequately for cloud computing. While modern work has frequently concentrated on the risks covered by firms choosing or adopting cloud services, there has been limited investigation on how cloud providers might evaluate their assistance. This blog post uses in-depth analysis of the existing article to highlight common risk evaluation frameworks and vulnerabilities. We think its intentions, the risk evaluation method, resolutions, security challenges, and security best practices for future needs. Corresponding future needs are crucial for well-organized cybersecurity resolutions because of the information technology (IT) infrastructure’s long-term lifecycles.

Nevertheless, this means can further succeed in overdesign concerning the modern resolution. Technology archivists have recognized many dynamics in determining this pressure between the present and future needs [12]. The plan aims to establish a vision for the foundation design to make better decisions and utilize resources. For measuring existing meriting, analysis is practiced examining favored form strategies upon other options and best practices also, how an organization can prepare for future needs.

Cybersecurity challenges

Cybersecurity challenges are varies based on the industry and environment, and their risk and mitigation approaches. The below information demonstrate some challenges faced by the industry.

Many distributed denial of service (DDoS) attacks’ constraints usually rests with the end-users who follow weak security practices and IT system administrators who neglect to use enough security measures to protect infrastructure. The DDoS attack is a cyber-attack in which the wrong actor attempts to produce a machine or network means inaccessible to its expected users by momentarily or generally interrupting a host’s services joined to the network known as the internet [11].

Nevertheless, specific to IoT devices, device manufacture has to consider the reliability for openly sharing their products with inadequate security, such as default login ID and password and remote access capabilities. IoT vendors are a further individual in implementing automatic security updates that would approach the problem. Resolutions that need standard interference, such as periodically updating passwords, are unreliable in the IoT field, wherever multiple agents need to be self-adjusting. Everything we require now is the scientific medians to implement security, well-known computer systems, and robust security measures for IoT things [13].

Internet of Things (IoT) has continued prediction as to the significant development in the area of Information and Communication Technology. Modern research proves the continuous improvement in smart devices’ spread, automatically communicating and collecting information using network (internet) connections. This development encourages companies to develop devices and make available to the market, which overlooked cybersecurity risk and security measures in the device, leading to failure of the technologies currently produced for the IoT domain. For solving the problem appropriately, IoT applications must be protected for their beginning, and proper security evaluation tools should be produced accessible [9].

A most common cause for cybersecurity attacks:

There are common causes for cybersecurity attacks, such as end-user negligence, insufficient security, inadequate maintenance, etc. The detailed information is below.

• End-user negligence: Individual neglect is one of the primary cause for cybersecurity attacks, as they do not follow security best practices taught by IT; their negligence including, setting the default or most common password, end-user do not change their password on time or set as never expired, not updating operating system security or software updates, while browsing internet visiting unsecured sites, and many more.
• Inadequate maintenance: The majority of IoT devices following the setup-and-forget strategies subsequently installed them up, end-users and network system operators overlook them except they stop operating accurately [6].
• Insufficient security: Another cause is to comprehend the IoT market; various device vendors overlook protection in support of easy to use and usefulness.
• Minimally interactive user interfaces. Because IoT things manage to demand the least user interference, infections are further likely to go overlooked. Moreover, when noticed, the user has no straightforward way to address them short of returning the equipment [6].

Security best practices that could help the organization to secure their data and assets and can easily follow:

Cybersecurity best practices are different for each business industry; however, some security practices are universally implemented and can be applied to individual and organization level. Security best practices must be used as a collective instead of a peak and chose. Figure 1 shows the most common and ideal security practices with a combined approach; it is essential to develop a systematic approach; in this approach, humans play a central role in security measures. Security-related decisions and actions, such as using a strong password by setting policies that limit password hacking as part ID/password management operation, allow the legitimate device to access organization information. Additionally, file access management helps stop file-sharing fraud, remote access management protects the organization data access remotely, and all the information security team’s policies as part of a systematic approach [14].

Figure 1. Security practice with human role

No matter how the IT organization implements comprehensive security tools and policies, if an end-user does not follow these policies, there is not much these security tools and policies can do to prevent cybercrimes. Cybercriminals target the organization and individuals who do not apply comprehensive security arrangements and cloud to infiltrate. Security best practices that could help the organization to secure their data and assets and can easily follow:

1. Awareness of data protection: As an individual, we may protect our personal information, including financial information (bank accounts), Social security number, educational and personal documents (transcript or birth certificates), etc. but when it comes to the professional or organizational related information, they takes more casual approach as they thing the organization has all the security measured applied which will protect the information. So information protection awareness is highly important to let end-user know when comes to data security follow the security guidelines and protect organization data by not leaking organization data, report any, properly discard unused document, secure organization sensitive information (tread secrete or product code), or intellectual property. For example, if sharing an image online that displays a whiteboard or workstation screen in the background could inadvertently expose information, someone outside the organization should not view [8].
2. Utilize strong password: The first line of defense is the strong identification and password. So, practicing the [from] complex passwords can help stop cyber thieves from accessing company information. Simple passwords can make access easy. If a cybercriminal figures out a password, it could give them access to the company’s network. The creating unique, complex passwords are essential. It is essential to implement strong password policies for user and admin credentials and implement all network devices, servers, or other network devices [3].
3. Protect authentication using Multifactor authentication: Utilizing the multifactor authentication mechanism provides the additional layer of protection. When cybercriminals figure out the login password, they still have to pass another layer before accessing the data. So safeguarding authentication using multifactor authentication is highly recommended. There are additional steps to perform in this authentication type by using push notification on the device or ending unique code that sends via email or phone device or individual key generation device, etc. [3].
4. Always connect to a secure wireless network: Corporate wireless network is a managed network; hence it is more reliable because it is not shown to the public, but when connecting to a public (external) wireless network, make sure to connect known and password-protected wireless network only. As a public wireless network can be dangerous and make your data vulnerable to being intercepted [14].
5. Secure end-points and handheld devices: Most of the time, when designing the organization information security strategy, end-points and handheld devices are neglected as thinking that when the organization network secured, all the devices automatically get secured. However, when preparing for future security needs, we must secure each entry point and apply and access resources [5].
6. Secure all entry points with security standard devices: It is highly recommended and useful to deploy the standard firewall devices for the organization network, and at home network is the first line of defense in assisting defend data against cyberattacks. Firewalls stop unauthorized users from retrieving websites, email services, and other data sources that can be accessed from the website [15].
7. Adopt and practice security framework: Planning for an inclusive security approach that includes each network device, end-point devices, authentication, databases, application, data backup, and so on. It is required to adopt a security framework that provides comprehensive coverage for the organization’s security. The cybersecurity framework consists of standards, guidelines, and best practices to manage cybersecurity risk. The most used frameworks are International Standards Organization (ISO) 27K, NZISM Protective Security Requirements (PSR) Framework, Australian Signals Directorate (ASD) Essential 8, Control Objectives for Information and Related Technology (COBIT), US National Institute of Standards and Technology (NIST) and there are many Industry-Specific Standards as well [1].
8. Use modern technology: IT organizations can use cloud computing as infrastructure to securely store and access their application with high availability and more significant expansion. A cloud computing considers an intelligent way of organizing the in changing the area. In these businesses, the program as a service (PaaS), the infrastructure service (IaaS), and software as a Service (SaaS) have been operated as standard taxonomy in cloud computing. Since 2009, the enterprise has remained concentrated on discussing business, technological, methodological, and administration with enhanced security as a future need [15].

In conclusion, as an organization, we have to prepare for data security needs in the future. The comprehensive way is to use an inclusive approach for the data security needs for the future, such as spreading the awareness of data protection, implementing strong password policies and practicing the same as a user, implementing new authentication method such as multifactor authentication to protect authentication, secure end-points and handheld device, and adopt and practice security framework. 

References

[1] Agarwal, N. (2019). Cyber Security Trends to watch out in 2019. CYBERNETICS, 1(1), 28-29. Retrieved from https://www.cybernomics.in/index.php/cnm/article/view/15.

[2] Akinrolabu, O., Nurse, J. R. C., Martin, A., & New, S. (2019). Cyber risk assessment in cloud provider environments: Current models and future needs. Computers & Security, 87. https://doi-org.proxy1.ncu.edu/10.1016/j.cose.2019.101600.

[3] Bezzateev, S. & Fomicheva, S. (2020). Soft Multifactor Authentication. 1-7. DOI:10.1109/WECONF48837.2020.9131537.

[4] Cha, S., Baek, S., Kang, S., & Kim, S. (2018). Security Evaluation Framework for Military IoT Devices. Security & Communication Networks, 1–12. https://doi-org.proxy1.ncu.edu/10.1155/2018/6135845.

[5] Deylami, H. (2018). Building Security That Thinks Cybersecurity Best Practices and Expectations for the Future.

[6] Douzet, F. (2018). Cyber-security challenges. DOI:10.1093/oso/9780198790501.003.0031.

[7] Deutscher, S. & Dobrygowski, D. (2020).5 ways business leaders can prepare for the future of cybersecurity. Retrieved from https://www.weforum.org/agenda/2020/01/future-of-cybersecurity/.

[8] eMazzanti.(2019). Shares 7 Cyber-security Best Practices for Business. PR Newswire, NA. https://link-gale-com.proxy1.ncu.edu/apps/doc/A607600586/AONE?u=pres1571&sid=AONE&xid=428a0455.

[9] Furfaro, A. & Argento, L. &  Parise, A. & Piccolo, A. (2017). Using virtual environments for the assessment of cybersecurity issues in IoT scenarios, Simulation Modelling Practice, and Theory, Volume 73, 2017, Pages 43-54, ISSN 1569-190X, https://doi.org/10.1016/j.simpat.2016.09.007.

[10] Kapalidis, P. (2020). Cybersecurity at Sea. DOI:10.1007/978-3-030-34630-0_8.

[11] Kolias, C. & Kambourakis, G. & Stavrou, A. & Voas, J. (2017). “DDoS in the IoT: Mirai and Other Botnets,” in Computer, vol. 50, no. 7, pp. 80-84, 2017, DOI: 10.1109/MC.2017.201.

[12] Li, Z. & Liao, L. (2018). Economic solutions to improve the cybersecurity of governments and smart cities via vulnerability markets, Government Information Quarterly, Volume 35, Issue 1, 2018, Pages 151-160, ISSN 0740-624X, https://doi.org/10.1016/j.giq.2017.10.006.

[13] Sameer, A. (2020). Internet of Things (IoT) Security. DOI:10.1109/NTICT.2020.P20.

[14] Szumski, O. (2018). Cybersecurity best practices among Polish students. Procedia Computer Science. 126. 1271-1280. DOI:10.1016/j.procs.2018.08.070.

[15] Van der Kleut, V. (2020). Ten cybersecurity best practices that every employee should know. Retrieved from https://us.norton.com/internetsecurity-how-to-cyber-security-best-practices-for-employees.html

[16] Wilkinson, J. (2020). The Internet of Things. 10.4324/9780367817398-26.

[17] Williams, T. D. (2020). Epistemological Questions for Cybersecurity. 2020 International Conference on Cyber Security and Protection of Digital Services (Cyber Security), Cyber Security and Protection of Digital Services (Cyber Security), 2020 International Conference On, 1–4. https://doi-org.proxy1.ncu.edu/10.1109/CyberSecurity49315.2020.9138884.