Nawal.Hamdan. research.paper
docx
keyboard_arrow_up
School
Cleveland State University *
*We aren’t endorsed by this school
Course
321
Subject
Information Systems
Date
Jan 9, 2024
Type
docx
Pages
4
Uploaded by ColonelHornet2591
1
Cybersecurity
Nawal Hamdan
Cleveland State University
IST 321/503 – Fall 2023
Vahid Zardoost
November, 2023
2
Cybersecurity
Introduction
The continued adoption of cloud computing, a rise of remote working, and an increased number of interconnected devices and sensors have enhanced the need for better cybersecurity. According to Li and Liu (2021), cybersecurity refers to the practices taken by individuals and organizations to protect valuable information, computer systems, networks, and applications from infiltration by internal or external threats. Moreover, cybersecurity can be described as technologies used to prevent or mitigate the effects of cyberattacks. Li and Liu (2021) note that by implementing cybersecurity practices, individuals and organizations guarantee critical information confidentiality, integrity, and availability. People and organizations cannot afford to entertain inadequate cybersecurity because of the negative impacts that accompany cyberattacks. According to IBM (n.d.), cyberattacks are very costly, with an average data breach cost already being $4.45 million in 2023. These costs increase over time as businesses that have experienced a data breach lose their customers' confidence and trust, which take them years to build. Individuals and organizations should familiarize themselves with types of cybersecurity, common cybersecurity threats, and cybersecurity practices to protect themselves against cyberattacks. Cybersecurity Domains
Understanding different types of cybersecurity is critical before organizations develop a comprehensive cybersecurity strategy to protect their relevant IT infrastructure against cyberattacks. According to Li and Liu (2021), network security is a type of cybersecurity that protects an organization's
computer network from threats such as malware or hackers. Network security entails software and hardware measures that defend against situations that result in illegal access or network disruption. It is developed and equipped with capabilities to regularly detect, monitor, and react to network-focused cyber
threats. On the other hand, operational security establishes protocols for accessing and monitoring to identify unrecognized activity that could signify a cyberattack to protect systems and data. For example, this type of cybersecurity sets network or processes access permissions specifying who, when, and where data should be stored or shared. Another type of cybersecurity is cloud security, which protects a company's cloud-based services and infrastructure against unauthorized access and malware (Li & Li, 2021). Cloud security is a shared responsibility between companies and cloud service providers who monitor cloud environments. Organizations possess physical and digital data that unauthorized personnel could access, disclose, misuse, delete, or change. According to Ogbanufe (2021), information security helps organizations protect this critical data against these actions to ensure its confidentiality, integrity, and availability when stored and in transit. Endpoint security is another type of cybersecurity that protects
organizational assets such as desktops, laptops, and mobile devices against cyberattacks, considering that they are used as entry points by attackers (IBM, n.d.). Endpoint security ensures that no unauthorized personnel accesses critical information stored in these devices. Network, operational, cloud, information, and endpoint security are the types of cybersecurity organizations must know about for better protection against malicious and accidental threats.
Cybersecurity Threats
Implementing cybersecurity practices is necessary due to the increased probability of experiencing a cybersecurity threat and vulnerability targeting information systems. Malware is a prevalent cybersecurity threat, and it can be described as software programs or a file utilized by cybercriminals to gain unauthorized access to a computer, network, or server to cause damage or disruption (IBM, n.d.). Malware may include computer viruses, worms, and Trojan horses, which, when successfully introduced into computer systems, help cybercriminals gain the access they need to compromise the confidentiality, integrity, and availability of data. Another cybersecurity threat is phishing, where cybercriminals use email, phone, social media, or text to trick people into giving sensitive information (
Alkhalil et al., 2021). One can be a victim of spear phishing, where they receive
3
emails with links that, once clicked, help an attacker obtain sensitive information such as login credentials
or infect a computer system with malware. Moreover, people can experience smishing, where cybercriminals send fraudulent text messages pretending to be a trusted entity, such as a bank, to entice an
individual into sharing passwords or credit card numbers. Organizations may also experience denial-of-
service -attacks (DoS), where cyber criminals overwhelm a network with false requests to halt its normal functioning. The attack aims to crash a website, making it impossible for genuine users to send requests and get the desired response (Cybersecurity and Infrastructure Security Agency, 2022). Additionally, organizations can be affected by insider threats caused by authorized personnel such as employees, contractors, and business associates. In such cases, an authorized person may recklessly allow their accounts to be controlled by cyberattacks or intentionally misuse their legitimate access, colluding with cybercriminals for financial gain after selling a company’s confidential information. Organizations must protect themselves against cybersecurity threats such as malware, phishing, denial-of-service -attacks (DoS), and insider threats by engaging in good cybersecurity practices.
Cybersecurity Best Practices
Good cybersecurity practices help organizations reduce their vulnerability to cyberattacks and improve the chances of recovery following a cyberattack. One of the practices for organizations to implement is security awareness training, where they ensure that authorized users are educated on how to help protect critical assets and data that cybercriminals could target through spearphishing, vishing, or smishing. Security awareness training reduces the likelihood of cyberattacks because authorized users are subjected to a comprehensive program that teaches them how to understand, identify, and avoid cyber threats (
Gardner, 2014). The training inspires authorized users to assume personal responsibility for safeguarding the company's data and assets and enforce security policies developed to protect the company from cyberattacks (
Gardner, 2014). Companies should also try identity and access management (IAM), a cybersecurity practice that helps define responsibilities and access rights for authorized uses. Identity and access management also helps organizations outline conditions where an authorized user may
be granted or denied access to critical information (IBM, n.d.). Some technologies that can help organizations carry out identity and access management include multi-factor authentication, which requires users to present additional credentials to gain access. In addition, organizations should conduct routine audits of their systems and networks to identify unknown vulnerabilities that could allow cybercriminals to gain unauthorized access. Routine audits can identify outdated security software, weak passwords, and the absence of multi-factor authentication, all of which are weak links that cybercriminals could exploit. Organizations should conduct security awareness training, try identity and access management, and conduct routine audits to enhance cybersecurity. Conclusion
Cybersecurity refers to the measures or technologies individuals and organizations take to protect sensitive information and computer systems, networks, and applications against internal or external threats. There are different types of cybersecurity, including network, operational, cloud, information, and
endpoint security, that organizations must be conversant with to develop a comprehensive cybersecurity strategy. Understanding these cybersecurity domains helps firms protect their information and assets against common cybersecurity threats, such as malware, phishing, DoS, and insider threats, which cybercriminals use to obtain sensitive information or disrupt operations of computer networks and systems. Organizations can adopt the best cybersecurity practices, including security awareness training, try identity and access management, and conduct routine system audits to lower the probability of experiencing a cyberattack. In an era where interconnected systems improve an organization’s competitiveness, cybersecurity is a top priority.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
4
References
Alkhalil, Z., Hewage, C., Nawaf, L., & Khan, I. (2021). Phishing attacks: A recent comprehensive study and a new anatomy.
Frontiers in Computer Science
,
3
, 563060. https://doi.org/10.3389/fcomp.2021.563060
. Cybersecurity and Infrastructure Security Agency. (2022, October 28). Understanding and responding to distributed denial-of-service attacks
. https://www.cisa.gov/sites/default/files/publications/understanding-and-responding-to-
ddos-attacks_508c.pdf
. Gardner, B. (2014). Chapter 1-What is a security awareness program.
S): Bill Gardner, Valerie Thomas, building an information security awareness program, syngress
, 1Y8. https://doi.org/10.1016/B978-0-12-419967-5.00001-6
. IBM. (n.d.). What is cybersecurity?
https://www.ibm.com/topics/cybersecurity
. Li, Y., & Liu, Q. (2021). A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments.
Energy Reports
,
7
, 8176-8186. https://doi.org/10.1016/j.egyr.2021.08.126
. Ogbanufe, O. (2021). Enhancing end-user roles in information security: Exploring the setting, situation, and identity.
Computers & Security
,
108
, 102340. https://doi.org/10.1016/j.cose.2021.102340
.