Important of Cyber Security for Business Free-Samples for Students

Question: What is the Important of Cyber Security for Business. Answer: Introduction Security measures are of utmost importance to any business as safety and reliability of a business depends on the same. In order to combat the situation of cyber threat, we need to consider many factors such as losses, risk and danger associated with loss, tangible and intangible factors etc. Considering these factors, a strict action is required to terminate the threat. There are certain parameters which need to be covered and to be secured in order to ensure cyber safety. These are: safety of network connections, firewall, intruder detection applications, and network maintenance and telecom issues. These factors are intra and interrelated to each other. In todays age of information development and digitalization, the focus of an organization, for the purpose of business dealing is shifting towards cyberspace which is rapidly becoming an important aspect for the business security. As many organizations are connected via cyberspace, there is a dramatic increase in the risk of national security. The threat to business security is growing. Computer systems at banks, colleges, universities are the hardest hit as they are the ones which store the most sensitive data and are an easy target for a hacker(Luminet, 2017). The most preferred way to steal any information and to breach a network is by installing malware in the targeted system, phishing, social network targeting and cyber stalking. In majority of financial institutions and in universities, the data is easily accessible though in the campus network which makes them vulnerable to security breaches that may result in losses and expose an institution to other risks(No Bullying, 2015). Cyber Security Attacks A cyber attack is a deliberate way of exploiting the data via computer systems of enterprises and technology dependent institutions. Cyber-attackers use malicious software and codes to alter or to steal any data which may compromise the data and it also affects the entities which are related to the organizations under attack and other entities related to them. A cyber attack has adverse effect on the reputation and the goodwill of a firm as the stakeholders and the investors lose interest and confidence in an organization. The institute for Security Technology Studies at Dartmouth university investigated the cyber-attack issues and is focusing on development of data security by development of software, which will help in IP tracing, real-time interception, data analysis and national data sharing (Techopedia, 2017). Below is the stat of the type of organizations which has been targeted by the cyber attackers in the year 2016. The table shows which industry has been affected the most a nd has been under the constant attacks: Software 45% Hotel and hospitality 8% Video Games 7% E-Commerce 7% Environment 6% Web hosting 12% Internet services 10% Restaurant 2% Rural 2% Others 1% On the basis of a survey conducted of 500 IT security managers of critical data handling organizations, the survey showed that the risk factor has increased to almost 37% and many think, that it will continue to grow and will touch the figure of about 45% in the next 5 years. Only one fifth of the respondents believed that their sector is safe from these attacks. The database of a company faces about 100 attacks per day of which 10% may be successful(Hulme, 2011). The biggest threat of data breach is a knowledgeable insider, one of such cases has been recorded in Queensland, Australia in February 2000, where an employee of water-utility works deliberately released about one million litres of sewage water into freshwater which cost the organization a huge amount(Marsh, 2006). Lu, Jen, Chang, Chou, (2006) found out the demographic characteristics of cyber attackers. According to their research report, 81% of the attackers are male, 45% high school students, 63% independent hackers and 23% university students. The findings show that the high number of students is being involved in these criminal activities which are a matter of concern for the society as the future of a nation depends on its youth. In a survey conducted in the UK it has been found that out of many organizations which are dealing with the problem of cyber threat, financial and IT sector are the only ones who have invested in the development of their security programmes and have been able to protect their data more effectively as compared to government sectors, educational sectors and telecom industry. According to a survey conducted by a local institute in the year 2011, it was found out that many organizations have been under constant threat and 60% of them have experienced at least two successful attacks in the same year of study conducted. The average cost of a cyber attack on the organizations participating in the survey was found out to be whooping $7.2 million and the average cost of one cyber attack was about $6.4 million(Ponemon Institute, 2011). Another survey conducted in the year 2008 showed that out of all computer security organizations in the US, 522 of them were investing only 5% or less of their budget in the area of their cyber security development. The most common way used by these organizations were anti-viruses, VPN networks, firewalls and anti-spyware programs(Richardson, 2008). The report of Computer Security Institute conducted by FBI stated that out of all the organizations which faced a security breach, only 66% of them responded and also about 72% of the organizations have no insurance policies or any strict measure to deal with the risk of cyber threats and breaches. The report also showed that 90% of the organizations face a security breach every year of which, average cost was about 2 million dollars (Gordon et al., 2006). The main reason for this was the companys investment in the sector of information security. An average company invests about 1% of its budget in the field of information security. It is important to realize that cyber terrorism doesnt only affects the profitability figures of an organization but can also challenge and change political and social issues. It is necessary to realize that cyber terrorism can be used to achieve broader objectives. Jeffrey R. DiBiasi(DiBiasi, 2007) in his study analysed that Code Red Worm and the Slammer worm were found out to be highly destructive and have the capability to spread fastest in comparison to other worms. Italso has the capability to compromise the security network and damage can be significant. He also stated the example of the infamous Aurora attack in his report in which the researchers of Department of Energy in Idaho lab hacked into the parallel power system of the plant which put many lives at risk and caused trouble on a huge level. Ensuring Cyber Safety Today, every business relies on some kind of information and this information is best preserved in the form of electronic data. This information can be classified on the basis of their importance to an organization which can have high, moderate or low impact on the working of a business. This information is generally stored in computers which make it necessary to secure these systems and the data stored in them. According to Steffani A. Burds study(Burd, 2006), stated below are the most common/ preferred methods used by companies to secure their data: Type of Method Organizations Firewalls 94% Role-based access 86% Physical Separation 83% Encryption of data 69% Identity management 69% Encryption of backup data 63% Monitor use of backup data 36% Advanced techniques of perimeter control, firewall technology, data encryption, use of data loss prevention tools, security intelligence systems and policy, management techniques were the tools used by these organizations to prevent and secure their data. According to the views of DiBiasi (2007) on cyber security, it is necessary for an organization to check that all the measures are being taken and if not, then the company needs to revise its security standards. Cyber security acts as a second layer of protection for any company and guarantees safety against internet frauds, cyber crimes, malicious mails etc. Not only the measures of cyber security of a company needs to be developed but also the cyber laws should come into play and ensure proper provisions and policies are enacted to guarantee the safety of citizens from cyber crime. Another researcher Udoeyop (2010) in his case study Cyber profiling for Insider Threat Detection introduced a method for detection of abnormal behaviours of users over a network, which may pose a threat to others and may compromise with the safety of other users. He developed a mechanism of reading the behaviour of a normal user and then by using that normal profile he then identifies abnormal behaviours by monitoring activity of a user. According to him, not only ensuring safety from cyber threat is not the only measure to protect an organization from cyber crime and hence, counterattacking should also be done as it is said Offence is the best defence. Effective counterattacking strategies are the need of the hour. Cyber Security Measures Protecting private and sensitive data is the priority and the need of an organization. Protection to ensure cyber safety can be done by firewall, anti-virus programs, malware protection, password protection, file encryption, vulnerability assessment etc.(Experian, 2017). An organization which works on the base of information exchange has a regular inflow and outflow of sensitive information on a daily basis so it is required that the information is completely safe and thus, the safety parameters are needs to be checked. Employees require some sort of permission/access to work on a network so it is required that some procedures needs to be followed. The access granted should not be to the sensitive information and some sort of security standard is needed to be maintained to maintain the integrity of a network. The network security should not be weak and should be strong enough to withstand the attempts of unauthorised access. It should be checked that the firewall and anti-virus programmes are working according to the latest standards and are up-to-date; these programs require proper update from time-to-time. Intruder detection programmes should be capable enough to notice even the slightest of any abnormal behaviour and, the activity log of the users working over the network should be reviewed from time to time. Proper encryption of data is needed to be done to ensure the safe inflow and outflow of information without any threat or and hindrance and this is of the utmost importance if in a case the information is sensitive. The data if being transferred via portable devices like USBs, hard disks, mobiles, cameras etc should be properly encrypted. To guarantee the safety of these kinds of devices, they should be chained to the security network of a company and they should carry a tracer with them so that their exact route and location is always available ensuring the safety of the data.(Security Haven, 2017) Conclusion In this literature review, weve found out that in the era of development and modernization where the people prefer a digital lifestyle, many large organizations are still lagging behind in terms of cyber security. Weve concluded that irrespective of any sector, there is a constant need to develop and introduce new measure of ensuring safety of an organization by proper implementation of cyber security techniques. It is not an option to compromise with the reputation and the goodwill of the company, so cyber security is a practice every organization must follow. References Burd, S.A., 2006. The Impact of Information Security in Academic Institutions on Public Safety and Security. Assessing the and Developing Solutions for Policy and Practice, pp.21-20. DiBiasi, J.R., 2007. Cyberterrorism: Cyber Prevention vs. Cyber Recovery. Dudley Knox Library. Experian, 2017. Cyber Security Tips. [Online] Available at: https://www.protectmyid.com/cyber-security [Accessed 22 April 2017]. Gordon, L.A., Loeb, M.P., Lucyshyn, W. Richardson, R., 2006. ComputerCrime and Security Survey. Computer Security Institute. Hulme, G.V., 2011. SCADA Insecurity-Stuxnet put the Spotlight on critical infrastructure protection but will efforts to improve it. Information Security Magazine, 13(1), pp.38-44. Lu, C., Jen, W., Chang, W. Chou, S., 2006. Cybercrime Cybercriminals: An Overview of the Taiwan Experience. Journal of computers, 1(6), pp.11-18. Luminet, 2017. The Importance of cyber security. [Online] Available at: https://luminet.co.uk/importance-cyber-security/ [Accessed 23 April 2017]. Marsh, P., 2006. Controlling Threats. IET Computing Control Engineering, pp.12-17. No Bullying, 2015. About Phishing, Spamming and Cyberstalking. [Online] Available at: https://nobullying.com/about-phishing-and-cyberstalking/ [Accessed 22 April 2017]. Ponemon Institute, 2011. Perceptions about Network Security. Ponemon Institute. Richardson, R., 2008. CSI Computer Crime Security Survey. MIEL e-Security Pvt. Ltd. Security Haven, 2017. The Importance of Cyber Security to Protect Your Business. [Online] Available at: https://www.securityhaven.com/cyber-security-consultant/importance-cyber-security-protect-business/ [Accessed 23 April 2017]. Techopedia, 2017. Cyberattack. [Online] [Accessed 22 April 2017]. Udoeyop, A.W., 2010. Cyber Profiling for Insider Threat Detection. [Online] Available at: https://trace.tennessee.edu/utk_gradthes/756/ [Accessed 22 April 2017].