Overview of Cyber Crime and Cyber Security

Internet is a place that is completely saturated with various information and by means of this, these information are easily accessible to any human being. In today’s era of continuous development and growth in the field of science and technology, safety and security has become of core importance in each and every sector. The expansion and the progress of the field of IT and worldwide network has also been one of the key factors behind the growth of issues such as violation of the information security, the virus attacks and hacking. The cyber related crimes are rapidly increasing all across the globe. Viruses and hacking in order to steal the essential personal information and data has become a common thing. Hence, a good understanding of the cyber-crimes has become essential in order to understand in what ways the criminals could use the internet in order to commit several crimes and what more could be done in order to prevent this from happening (Abomhara and Koien 2015). There is nothing that could be said to be impossible for the human hand. Hence, security is of utmost importance. This report will elaborate on the importance of cyber security policy and the company could best integrate its cyber security and resilience protocols in order to ensure that there is a continued corporate survival and improved business performance. Furthermore, this report will also present some set of examples of the best practices and a clear set of suggestions and recommendations on how this company should initiate a cyber-resilience at the corporate board level.

In order to understand what cyber security is, the very first thing to understand is what cyber-crime is. It is to note that cybercrime is any such activity that is illicit and is performed on the internet or any of the network based product or device. Some of the examples of such crimes include- cyber stalking, phishing, identity theft, hacking and viruses. However, the cyber security refers to the set of procedures that are been used for protecting the integrity of the networks, data and programs from further damage, attack and from any unauthorised external access. As per Sahu (2015), it is expected that the international security market would reach 170 billion by the year 2020. Such a rapid growth of market is being fuelled by a wide range of technological trends comprising of the onslaught of the initiatives with the ever evolving requirements of security such as the BYOD (Bring Your Own Device) as well as the internet of things (IoT) (Dhingra 2016). With the same, it is also been fueled by the increase in adoption of the traditional data centre as well as the stringent data protection mandates like the General Data Protection Regulation of the European Union as well as the NIST (National Institute of Security Technology) Cybersecurity Framework (Shackelford and Brady 2017). There can be several sources of such cyber attacks and this could be from the part of the terrorist groups, from the competitors, from the targeted nation states and from the thrill seekers as well.

Benefits of Having a Strong Cyber Security System

It is to note that the cyber criminals are continuously looking for various different methods in order to get an access of each and every private information and happenings in the businesses. Many of them have succeeded as well. Hence, a good security system that could protect the Information Technology (IT) for the business is the best defence this company could have against the prevailing cyber-security threats (Gorab and Dalal 2016). There are several benefits of having an updated cyber-security in a business. It is also to mention that the vitality of cyber-security for the company is not just limited to the fact that its details and information would be safe and secured and being protected from external hands but also the information about the customers and the employees would also be protected. A company has a huge range of data and information about their various different systems. This fact adds to the importance of security, whether it is data security, cyber security or information security. After all there is no business who would want to become a victim of a cyber-attack in any terms.

The most significant function of the cyber security is to protect the information and the systems from the major cyber threats (Li, Da Xu and Zhao 2015). Such cyber threats might take several forms such as malware, application attacks, exploiting kits, ransom ware and phishing. However, unfortunately the cyber adversaries have learned how to launch the sophisticated and automated attacks by making use of these processes at lower costs. This has resulted in challenges for keeping a pace with the strategy of cyber security and operations, especially in the enterprise and the government networks. With the same, it is also to note that in most of the disruptive forms, the cyber threats are often taken aim at political, infrastructural, military and secret assets of the nation and its people. Some of the very common threats are- Cyber warfare, Cyber terrorisms and Cyber espionage (Quigley, Burns and Stallard 2015).

In order to ensure a continued corporate survival and improved business performance a company must integrate its cyber security and resilience protocols. The following steps the company could follow in order to do the same:

• Including cyber security in the governance and management
• Prioritising the information assets and the other related risks
• Strengthening the cyber security protection for the important assets
• Engaging all the employees
• Building up of security features into the Information Technology systems
• Using some active defences in order to stay ahead of the attackers
• Planning and testing the responses to the cyber security incidents

It is also to note in this context that the technology alone could not hold the cyber attackers at the bay. A good culture of trust within the company is equally important for the corporate cyber security initiatives to be successful (Ni and Van Wart 2015). All the stakeholders in the ecosystem of the company including the IT leaders, the board directors, the vendors, the business people etc. should come to a mutual understanding of the various different risks that the company faces as well as to work together in order to take a decision on the best suitable and efficient approach for addressing the risks. However, it is also to note that it could be

Steps to Integrate Cyber Security and Resilience Protocols

There are several companies that have ensured that their business is practicing efficient cyber security. One among the most significant ways is of training and educating the employees about the importance of cyber security as well as the benefits of keeping their company secured and safe (Rid and Buchanan 2015). For example, in companies like Amazon and Apple, they make use of cyber security that is provided by some of the reliable cyber security companies. Some of them are- the Raytheon Cyber, Thycotic, Digital Defence, IBM security and Palo Alto Networks. These companies have implemented cyber security by means of the CIA principles and Access Control. It is to note that Access control refers to the process of controlling the ones who are allowed to access the information and data of the company and that too, to which extent they are allowed to alter and make use of the data and information (Pearlson, Saunders and Galletta 2016). With the same, it also helps in encompassing the control of the entrance to the physical facilities. One of the great method of understanding the fundamentals of the Logiccal Access Control is to assess and study on how the forum software works. It is to note that in the forums, the administrator could create several different groups as well as assign them some particular access to the particular forums. They then assigns the users to the groups. With the same, the admin could also grant some special privileges to those users who then get access to the restricted ones even though they are from different groups of user. Some of the groups might be authorised for posting announcements. On the other hand, the others could only reply to the posts. This type of system has been implemented in many of the top healthcare systems all around the globe (Chen, Hsu and Tsai 2017).

Furthermore, the CIA principles is an acronym that stand for Confidentiality, Integrity and Availability (Lopes and Oliveria 2015). It is something that refers to the three different states of the information and data that the company is protecting. The data are required to be kept confidential (no spying and no unauthorised access), retain their integrity (No manipulation, no destruction and no alteration) and remain accessible and available whenever it is required.

Also, some of the leading companies make use of Big Data analytics in order to identify the signals which might indicate an impending cyber-attack like an attempt to log into the networks from some unusual locations (Boddy et al. 2017). This helps these companies in maintain updated intelligence on the intentions and capabilities of the cyber criminals and sometimes, they also get an idea of their identities as well.

Examples of Best Practices

It is very important for the company to ensure that proper cyber security has been maintained within the business and the owners should also look after for initiating cyber resilience policy at corporate board level as well. However, in order to initiate a cyber-resilience policy at the corporate board level, the company could do the following:

• When it comes to the issue of cyber-security, the company should not only inform and train the higher-ups but to each of the employees about the benefits of cyber security within the organisation. One of the primary reason such instances of cyber-attack is the lack of knowledge among the employees about the proper cyber security service. Hence, the company should ensure that they are educating the employees about the same.
• It is to note that about 50% of the data and information assets are not mission critical in most of the companies. The company should therefore take some stock of its information assets as well as at the same time should tally the cyber related risks that they are facing. With the same, they should also assess their urgency and should focus on their efforts of cyber security on mitigating the risks to the very crucial assets. This could help the company in reducing the spending on the cyber security by up to 20%.
• Cyber risk is a very complex nonfinancial issue that has the potential to completely erode the bottom line as well as the brand value of a company. Due to this reason, the company should integrate some really effective cyber security measures in the daily business processes as well as should make cyber security the top most consideration in vital decisions.
• Applying the same controls of cyber security to each and every assets would create extra efforts and expense as well. The important data and information assets must be protected more strongly than the ones that are of less importance. With the same, the controls should also go beyond the typical options such as the encryption in order to include the access rights, the authentication, and the management of the digital rights, the prevention of the data loss, the patching and the intrusion detection.
• Furthermore, each and every employees has their own role to play in this process of protecting the company by means of practices such as sharing of the sensitive and personal details and information of the company by means of secure channels instead of the less secured channels like e-mails. Also, the cyber security drills, phishing campaigns like measures and efforts would also help the company to make its employees aware of the cyber risks that could potentially create cybercrime. Through this process, the company could also teach them various methods of mitigating these risks.
• The company should work towards building strong and effective cyber security controls into the core of its Information Technology systems. The in-house software engineers must have the appropriate tools that are necessary for developing the applications which are comparatively less vulnerable to the world wide hackers. With the same, the company should configure its IT systems in different ways in order to decrease the exposure to cyber-attacks and cyber risks.
• It can make use of big-data analytics in order to identify the signals which indicated impending attack on the company. This sometimes also helps in getting the identities of the hackers as well.
• The company must establish some plans in order to respond to the cyber-attacks. Once the incident response plans are in the place, the companies should put them to the test on a regular basis in the simulated cyber-attacks and war games.

Conclusion

The rapid increase on the cyber-crime all over the world has increased the need for updated cyber security within each and every business sector and each and every firm. Hence, it is very important for every business to take serious steps to implement strong cyber security. From the above discussion, it is also clear that cyber security holds a lot of benefits, not only for the company but also for its employees and its customers and the best way to ensure that the company would become the victim of cyber-attack is to verify that the business has an effective security planning in the place right before the attack could take place. However, technology alone could not hold the cyber attackers at the bay. A good culture of trust within the company is equally important for the corporate cyber security initiatives to be successful. Furthermore, there are certain recommendations made for the part of the company in this report as well. If the company go through the same and try to implement them within the working process, success is sure to take place and the safety and security of the company, its information, its employees and the customers would be maintained.

References:

Abomhara, M. and Køien, G.M., 2015. Cyber security and the internet of things: vulnerabilities, threats, intruders and attacks. Journal of Cyber Security, 4(1), pp.65-88.

Dhingra, M., 2016. Legal issues in secure implementation of bring your own device (BYOD). Procedia Computer Science, 78, pp.179-184.

Gorab, A.K. and Dalal, R.S., 2016. Insider Threat in Cyber Security: What the Organizational Psychology Literature on Counterproductive Work Behavior Can and Cannot (Yet) Tell Us. In Psychosocial Dynamics of Cyber Security (pp. 122-140).

Li, S., Da Xu, L. and Zhao, S., 2015. The internet of things: a survey. Information Systems Frontiers, 17(2), pp.243-259.

Lopes, I. and Oliveira, P., 2015. Implementation of information systems security policies: a survey in small and medium sized enterprises. In New Contributions in Information Systems and Technologies (pp. 459-468). Springer, Cham.

Ni, A. and Van Wart, M., 2015. Corporate Social Responsibility: Doing Well and Doing Good. In Building Business-Government Relations (pp. 175-196).

Pearlson, K.E., Saunders, C.S. and Galletta, D.F., 2016. Managing and Using Information Systems, Binder Ready Version: A Strategic Approach. John Wiley & Sons.

Quigley, K., Burns, C. and Stallard, K., 2015. ‘Cyber Gurus’: A rhetorical analysis of the language of cybersecurity specialists and the implications for security policy and critical infrastructure protection. Government Information Quarterly, 32(2), pp.108-117.

Rid, T. and Buchanan, B., 2015. Attributing cyber attacks. Journal of Strategic StudiConclusiones, 38(1-2), pp.4-37.

Sahu, B.K., 2015. A study on global solar PV energy developments and policies with special focus on the top ten solar PV power producing countries. Renewable and Sustainable Energy Reviews, 43, pp.621-634.

Shackelford, S.J. and Brady, A.E., 2017. Is It Time for a National Cybersecurity Safety Board: Examining the Policy Implications and Political Pushback. Alb. LJ Sci. & Tech., 28, p.56.

Chen, C.H., Hsu, C.L. and Tsai, K.Y., 2017, July. Survey on Open Source Frameworks for Big Data Analytics. In Third Int. Conf. Electron. Softw. Sci (p. 74).

Boddy, A., Hurst, W., Mackay, M. and Rhalibi, A.E., 2017, October. A study into data analysis and visualisation to increase the cyber-resilience of healthcare infrastructures. In Proceedings of the 1st International Conference on Internet of Things and Machine Learning (p. 32). ACM.