CYBER RISK AND CYBERSECURITY CHALLENGES 1

CYBER RISK AND CYBERSECURITY CHALLENGES 1

Cyber Risk and Cybersecurity Issues

Ankitha Pagadala

University of Cumberlands

Chapter Two

Review of Literature

Introduction

Over 50% of small, mid-, and giant companies experience cyber-attacks and cyber risks at some point in their business operations. According to a survey conducted by Alahmari & Duncan (2020) on cyber security risk management in small and medium-sized business entities, it has been established that cyber-attacks cost companies over $149000 in downtime, out-of-pocket expenses such as ransom and other costs associated with recovery services. Studies on statistics on the exponential increase of cyber-attacks indicated that cybercrimes rose from 15% in previous years before 2014 to 50% in 2020 alone (SÜZEN, 2023). Other studies show that since 2014, there have been over 3809448 records stolen by cybercriminals through breaches on an everyday basis. This data on violations indicates that in every single hour, there are over 158727 data breaches recorded, while 2645 and 44 data breaches are reported every minute and second, respectively (SÜZEN, 2023). Alharbi et al. (2021) research findings indicate that 2019 cybercrime cost business entities over $2 trillion. Studies show that the global annual cost of cybercrime is approximately over $8 trillion annually. According to its survey conducted by ANDREIANU (2023) on the need for an organization to adopt reliable techniques for protecting their e-commerce from potential cybercrimes, the most notorious and common types of cyber-attacks include malware attacks, which encompasses a wide range of cyber threats such as backdoor, worms, viruses and trojans (STANCIU, 2023). Other common cyber threats and risks include ransomware, where hackers gain access and lock a company’s sensitive data, which is integral in facilitating daily operations (SANDU, 2023). There have also been third-party and supply chain attacks, phishing scams, mobile ware, and IoT-associated threats.

Scope

The exponential rise in cyber threats and their impacts have raised world concerns over the cost associated with such Impacts. Cyber security is a crucial aspect in the face of technology since it allows organizations to be aware of the threats and vulnerabilities within their IT assets. This study aims to create security awareness, which most target organizations overlook but finally causes excellent havoc. Insights collected from a wide range of evidence-based sources on the detrimental effects of various types of cyber threats will be used to generate policies that form the basis for developing employee training programs on cyber security issues. The report will further provide extensively analyzed data that could also educate organizations about potential cyber threats, best cybersecurity practices for protecting sensitive data, and how to effectively respond to cybersecurity incidences whenever they are reported or suspected (Möller, 2023). The study also aims to provide suggestions and recommendations on best security practices that will enable organizations to continually monitor, detect, and prevent data breaches and common cyber threats such as phishing. Finally, the report will objectively discuss creating a cyber security culture to bolster technological cyber defense against potential cyber threats.

Overview

As mentioned, the cost of cyber threats and the rate of crimes reported daily are alarming and worrying. According to a report generated by Evans (2022), cyber security issues have raised the cost of operating businesses because of ransomware attacks and continuous disruption of business activities (Liu et al., 2022). The need for more effective incident response and the increased complexity of tools used by hackers to strike cyber-attacks have thwarted efforts put forth by organizations to deal with cyber threats. In recent years, technology applications for e-commerce have become one of the primary targets of cybercriminals (Liu et al., 2022). Although e-commerce has made it possible for the business community and consumers to enjoy the efficiency and reliability of doing business using online-based platforms and technologies, studies have shown that since e-commerce gained popularity, there has been a simultaneous increase of cyber-attacks targeting e-commerce technology and applications (Liu et al., 2022). Other than e-commerce technology, healthcare facilities, the banking industry, and learning institutions have also been identified as the most targeted institutions by cybercriminals (Gupta & Dahiya, 2021). Cyber security issues come in a wide range of types and forms; using an amalgamation of quantitative and qualitative research methodology, this study will focus on cyber threats such as spoofing, identify-based attacks, supply chain attacks, code injection attacks, insider threats, and denial of service attacks. Network security theory will also be applied in assessing the interrelations between IT systems and the vulnerable issues affecting such systems (Leelasankar et al., 2021).

Types of cyber risk, attacks, threats, and cybersecurity issues impacting organizations and reasons why there has been an exponential rise of cyber attacks

Major cyber threats impacting businesses and organizations today include Identity-Based Attacks and Code Injection Attacks. According to data analyzed by Salim & Madnick (2018) on the management of cybersecurity, it should be known that identify-based attacks contribute to over 80% of all data breaches that utilize compromised identities. These attacks are the most difficult to detect and can take over 250 days to discover (Gupta & Dahiya, 2021). Examples of common identity-based attacks include Kerberoasting- a post-exploitation attack approach that attempts to crack and obtain passwords or logins of a service account. There is also a silver ticket attack, a forged authentication ticket generated after a hacker has stolen account logins or passwords (Gupta & Dahiya, 2021).

Another type of cyber threat that cyber attackers notoriously deploy is Code Injection Attacks. This type of cyber threat is associated with attackers injecting malicious code into susceptible and vulnerable systems or software to disrupt services rendered by the system (Gawade & Shekokar, 2022). Multiple types of code injection attacks include advertising, where attackers use more than one attack technique by breaching third-party servers and then using them to inject malicious code in the form of display ads, which, when executed by target victims, install malware on the IT systems. Additionally, SQL injection is a code injection attack involving leveraging system vulnerabilities and injection of malicious SQL statements into a database system (Gawade & Shekokar, 2022). This aspect allows cybercriminals to access data and extract valuable information for malicious use.

Studies have also shown that supply chain attacks and phishing have become standard tools for cybercriminals since they are practical and challenging for people without an adequate understanding of cybersecurity issues to detect (Falco & Rosenbach, 2021). Supply chain attacks entail attacks that often target trusted third-party vendors who provide services such as software updates and maintenance, which are vital to the supply chain. Insider attacks are also associated with current or former employees with a clear picture of the organization’s IT system. Other attacks, such as DNS tunneling, have also been identified as a typical cyber threat that leverages domain name system -DNS responses and queries to overcome traditional security measures. The tunnel allowed cybercriminals to unleash malware to extract sensitive and confidential data (Falco & Rosenbach, 2021).

Having identified a wide range of threats and how hackers use them to gain access or compromise IT systems, it is good to assess and identify reasons for increased cyber-attacks to create awareness among business entities on dealing with the identified issues to manage cyber threats. According to research conducted by Salim & Madnick (2018), inadequate implementation of data protection policies, lack of compliance to data privacy and system security, and use of obsolete software with ignorance of the importance of progressively updating such systems have been regarded as the key contributors to rising many incidences of otherwise preventable cyber security issues (Evans, 2022). Studies also indicate that increased use of cloud storage and Internet of Things- interconnected devices have exacerbated the increase of cyber-attacks. Given that most organizations cannot afford cyber insurance, the progressive worsening of world economy performance and rapidly expanding attack surface have been termed primary risk factors for the continuous rise in cyber security issues (Evans, 2022).

Major impacts of cyber-attacks on business and vulnerable organization

One of the major repercussions of cyber-attacks is reputation damage and loss of vital business data. This impacts the organization’s productivity and erodes the trust of customers, investors, and other key stakeholders. Cyber-attacks may also result in financial losses in various ways. Studies have shown that increased ransomware attacks cost organizations over 6% of their revenue. Financial losses may be incurred in various ways (Cremer et al., 2022). Cybercrime is a brutal reality that strikes organizations of all sizes, including small and medium-sized organizations (Chen & Jai, 2019). This reality claims large sums of money, ranging from lost revenue due to business operations and service disruptions to huge amounts utilized to facilitate recovery processes and legal fees due to incompliance with existing data breach regulations (Cremer et al., 2022). Cybercrime activities also impact businesses or organizations by disrupting operations and altering business practices. Cybercrime handcuffs an organization’s normal operations by infecting computer systems with various malicious codes that extract and erase high-value information. This blocks a company from running vital processes or providing essential client services.

An example can be attributed to the infamous 2010 WikiLeaks retaliated cyber-attacks that temporarily crashed the company’s website, disrupting company services to the public (Ur-Rehman et al., 2019). These attacks also lead to the loss of intellectual property (Chen & Jai, 2019). Valuable assets in any business-oriented organization include business secrets, which entail product designs, technologies, and go-to-market strategies. These assets are primarily stored in the cloud, and therefore, any cyber-attacks that could seize, compromise, and handcuff such valuable assets will disrupt business activities (ANDREIANU, 2023).

Various strategies that can be employed to reduce cyber risk and cybersecurity issues

Upon understanding major cyber threats and their impacts on business and other organizations, it is highly recommended that organizations adopt strategies and techniques that could help prevent such attacks. Some recommended approaches include developing and implementing a robust cybersecurity policy. This helps employees and IT specialists to be aware of the organization’s comprehensive information security practices. Securing the company’s perimeter and IoT connections is also necessary. This can be achieved by installing security cameras and protecting border routers (ANDREIANU, 2023). Also, the company should consider combining conventional protection strategies like VPNs and firewalls with a trust model, which effectively provides adequate protection to critical IT assets (Alharbi et al., 2021). There is a need to employ staff that is cyber security-centric. This ensures the organization’s cyber security culture and progressive training on detecting and reporting cyber-attacks are nurtured. Other strategies include enforcing policies that control access to sensitive data using the principle of least prevalence. Finally, organization data should be encrypted using secure techniques and IT asset passwords wisely and ensure progressive monitoring of the activities of privileged and third-party users (Alahmari & Duncan, 2020).

Summary

In summary, knowledge of cybercrime is essential to small and medium businesses since it creates awareness of creating an incident response plan that helps prevent data breaches and other forms of cyber threats. It also creates an influential culture of cyber security to facilitate each stakeholder within an organization to play a significant role in reporting and preventing cyber-attacks.

References

Alahmari, A., & Duncan, B. (2020). Cybersecurity risk management in small and medium-sized enterprises: A systematic review of recent evidence. 
2020 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). 

https://doi.org/10.1109/cybersa49311.2020.9139638

Alharbi, F., Alsulami, M., AL-Solami, A., Al-Otaibi, Y., Al-Osimi, M., Al-Qanor, F., & Al-Otaibi, K. (2021). The impact of cybersecurity practices on cyberattack damage: The perspective of small enterprises in Saudi Arabia. 
Sensors, 
21(20), 6901. 

https://doi.org/10.3390/s21206901

ANDREIANU, G. (2023). Protecting your e-Commerce business. Analysis on cyber security threats. 
Proceedings of the International Conference on Cybersecurity and Cybercrime (IC3). 

https://doi.org/10.19107/cybercon.2023.17

Chen, H. S., & Jai, T. (. (2019). Cyber alarm: Determining the impacts of hotel’s data breach messages. 
International Journal of Hospitality Management, 
82, 326-334. 

https://doi.org/10.1016/j.ijhm.2018.10.002

Cremer, F., Sheehan, B., Fortmann, M., Kia, A. N., Mullins, M., Murphy, F., & Materne, S. (2022). undefined. 
The Geneva Papers on Risk and Insurance – Issues and Practice, 
47(3), 698-736. 

https://doi.org/10.1057/s41288-022-00266-6

Evans, A. (2022). Cybersecurity control assessments and cyber risk. 
Enterprise Cybersecurity in Digital Business, 309-318. 

https://doi.org/10.4324/9781003052616-30

Falco, G., & Rosenbach, E. (2021). Who is responsible for cybersecurity? 
Confronting Cyber Risk, 79-103. 

https://doi.org/10.1093/oso/9780197526545.003.0005

Gawade, A., & Shekokar, N. M. (2022). undefined. 
Cyber Security Threats and Challenges Facing Human Life, 71-80. 

https://doi.org/10.1201/9781003218555-8

Gupta, B. B., & Dahiya, A. (2021). Fundamentals of DDoS attack: Evolution and challenges. 
Distributed Denial of Service (DDoS) Attacks, 1-18. 

https://doi.org/10.1201/9781003107354-1

Leelasankar, K., C., C., & P., S. (2021). Successful computer forensics analysis on the cyber-attack Botnet. 
Research Anthology on Combating Denial-of-Service Attacks, 151-166. 

https://doi.org/10.4018/978-1-7998-5348-0.ch008

Li, L., Thakur, K., & Ali, M. L. (2020). Potential development on cyberattack and prospect analysis for cybersecurity. 
2020 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS). 

https://doi.org/10.1109/iemtronics51293.2020.9216374

Liu, X., Ahmad, S. F., Anser, M. K., Ke, J., Irshad, M., Ul-Haq, J., & Abbas, S. (2022). Cyber security threats: A never-ending challenge for e-Commerce. 
Frontiers in Psychology, 
13. 

https://doi.org/10.3389/fpsyg.2022.927398

Möller, D. P. (2023). Cyberattacker profiles, cyberattack models and scenarios, and cybersecurity ontology. 
Advances in Information Security, 181-229. 

https://doi.org/10.1007/978-3-031-26845-8_4

Salim, H., & Madnick, S. (2018). Cybersafety: A systems theory approach to managing cybersecurity risks—Applied to TJX cyberattack. 
New Solutions for Cybersecurity, 81-112. 

https://doi.org/10.7551/mitpress/11636.003.0004

SANDU, E. (2023). Prevention of widespread ransomware cyber-attacks through the SEAP platform. 
Proceedings of the International Conference on Cybersecurity and Cybercrime (IC3). 

https://doi.org/10.19107/cybercon.2023.31

STANCIU, A. (2023). Data management plan for healthcare: Following FAIR principles and addressing cybersecurity aspects. A systematic review using InstructGPT. 
Romanian Cyber Security Journal, 
5(1), 23-43. 

https://doi.org/10.54851/v5i1y202303

SÜZEN, A. A. (2023). Cyber attacks for data breach and possible defense strategies in internet of healthcare things ecosystem. 
International Journal of 3D Printing Technologies and Digital Industry, 
7(1), 55-63. 

https://doi.org/10.46519/ij3dptdi.1240743

Ur-Rehman, O., Wallraf, G., Holderbaum, B., & Jentges, M. (2019). undefined. 
ELIV 2019, 407-418. 

https://doi.org/10.51202/9783181023570-407