The advancement of technology and continuous improvements in the field of data storage, information processing, and artificial intelligence have enabled businesses to perform highly complex tasks with efficiency, accuracy, and in the shortest possible span of time. However, with growing independence on our computers and laptops for even the most trivial and easiest tasks have made us vulnerable to IT security issues or otherwise called cyber security issues. Cyber se technology and continuous improvements in the field of data storage, information processing, and artificial intelligence have enabled businesses to perform highly complex tasks with efficiency, accuracy, and in the shortest possible span of time. However, with growing independence on our computers and laptops for even the most trivial and easiest tasks have made us vulnerable to IT security issues or otherwise called cyber security issues. Cyber security is a term coined to explain the possible ways through which individuals and firms can protect their valuable data from hackers, make sure that their physical and wireless access to their networks are secured, and defend their systems against security breaches. The purpose of this assignment is to explain how businesses, irrespective of their size, are affected by cyber issues and how are they dealing with this menace of the 21st century.
According to csoonline.com, a renowned website that particularly covers the modern day issues of hacking and security issues within the parameters of the internet world, the cyber-crime damage cost would hit around $6 trillion annually by 2021. Cybercrime is one of the fastest growing crime in the United States. To further explain the gravity of this situation, it is prognosticated that by 2019, unfilled cyber security jobs would reach to 1.5 million within the span of next 5 years. In 2016, the vacancies for cyber security jobs were around 1 million and this gap is likely to augment in the upcoming years.
In this digital age, the protection of data is of immense importance for the businesses. One of the major reasons why people are not aware of this issue is the reluctance of large organizations to publicize the security breaches in their networks due to the fear of attaining a bad reputation and losing lucrative gains. Many incidents of cyber-attack go unnoticed because these multinationals are ready to compromise on their data privacy but cannot bear the loss of getting a bad publicity so what they do is, they pay ransom to these cyber attackers. This is an important problem for businesses that despite facing a loss of data, plans, and even monetary resources, they avoid reporting for such issues because of their brand image.
Large multinational organizations have now started to have strict background checks and really inflexible employment criteria to ensure that the employees are not the ones who leak information either through physically mismanaging files or getting access to the core of the system. To deal with the growing threat of internet security, organizations now have a complete database of their employees and a 360-degree appraisal which also inculcates elements of your loyalty towards the organization. The potential customers of these hacking firms can be your competitors, cyber espionage elements, and criminals.
The businesses face such strategic problems of securing data because the cyber-crime criminals have their own agendas which can range from ransom to acquiring important customers’ information and to extreme measures for terrorism where multinational networks are hacked into to show how vulnerable and weak these systems are. These hackers can be like “Anonymous” who strive for achieving social goals or terrorist organizations like ISIS that use domains for spreading their literature. To show how detrimental this can be, Wikipedia states the example of NATO. In 1999, a group of hackers attacked NATO computers. The computers flooded them with email and hit them with a denial of service. The hackers were protesting against the NATO bombings of the Chinese embassy in Belgrade.
According to a case study published by Congressional Research Service, Eric A. Fischer shows how vulnerable and unguarded our systems are. He clearly defines the objectives of those who hack systems and them emphasize on how this problem if not solved can have disastrous consequences for the world. There are different types of attacks, they can range from just normal identifiable viruses through emails or USB drives to cyber theft which is the exfiltration of financial, intellectual and personal resources For example, an October 2013 attack on Adobe resulted in the theft of customer data from 38 million accounts and of valuable source code behind some of Adobe’s most widely used products, including Reader, PhotoShop and ColdFusion. Denial of service is another type of cyber-attack where prevents legitimate users from getting access to the sites that are meant for them to be used. For example, if my computer has been affected by the denial of service attack, despite being a member of Amazon, I may not be able to access my profile and shop the desired items. Things don’t stop here, the inconvenience faced by customers can result in negative publicity and lawsuits for poor consumer service. Companies can lose sales, profits and potential customers believing that it is the ineffectiveness of company. Another type of getting illegal access to someone’s else computer system is called Botnet which can result in an employee sending nonsensical and irrelevant emails to its customers or members of higher management. The damage is not restricted here, these hackers can transgress to the control of your machines and equipment. Attacks on industrial control can cause the company’s plant to get halted or start malfunctioning resulting in a waste of resources for the company. it Is quite alarming to know that hackers can access peripherals of national security and military bases bringing a security risk for the entire nation. Federal agencies spend a significant part of their annual IT funding on cybersecurity, which currently constitutes 16-17% (about one in every seven dollars) of agency IT budgets overall. The statistics mentioned have been taken from the case study “Cybersecurity Issues and Challenges: In Brief”.
Another case study “Why cybersecurity is a strategic issue” by Syed Ali, Vishy Padmanabhan and Jim Dixon will further elucidate the shortcomings of our industrial and governmental structures. The 4 major causes of organizations being so helpless include accumulation of immense amount of digital assets, movement from physical data collection to hybrid cloud architectures, the use of smartphones that are connected with your main systems, and Finally, compliance remains the most important cybersecurity driver, particularly for companies in regulated industries or with contractual obligations. Now businesses spend a huge amount on research and development for the success of their product but are unwilling towards investing a significant amount of money on data protection. The age of digital asset means that transactions are now more dependent on plastic money (debit and credit cards) than cash (paper money). The information about our income, taxation, expenditure, family, wealth and everything can be accessed on the internet through the servers of government institutions. Secondly, the storage of our data now relies on cloud services or large online database structure. Authorization and authentication was easier when data was secured physically within the premises of the organization, but now corporate and customer data resides in the organization’s own data centers as well as public and private clouds, distributed across remote locations. While, the services of securing data online not only provide us cost saving, they also result in easy access to that data not only to the relevant and pertinent users of the organization, but also to the cyber-criminals. Another important issue is with the lack of acceptance that not only our computers can be accessed but also our smartphones and tablets no matter how much they claim to have close systems. IT companies have to expand their span of services and start focusing on every device that serves as a means to the internet world. Lastly, the lack of willingness to broaden the horizon of resources towards IT sector is a barrier as well. IT departments of most of the large organizations lack the resources needed to counter the activities of cyber-criminals. It is now important that organizations start accepting cyber-security as a part of organization’s overall strategic plan.
There are some long term challenges that we need to examine like the design of defense mechanism, incentives, consensus of all stakeholders, and the environment. The design is important as into which department should this system against hackers be inculcated into. IT department of any organization cannot encroach their limitations beyond due to lacking technical expertise and resources, but experts believe that effective security needs to be an integral part of the IT system. Secondly, the system on economic incentives for cyber security has been distorted or even perverse. Cybercrime is regarded as profitable and comparatively safe for the criminals due to non-static protocols being used by them which makes them undetectable. Cybersecurity is expensive and a lucrative profit making the field. Thirdly, the consent of every stakeholder for cyber security might differ as the connotation of cyber security differs for everyone and thus may have different opinions and decisions regarding it. There might be different opinions not only between different organizations in the industry but they can also surface amongst different departments within the hierarchy of a single organization. Lastly, cyber-crime and cyber-security industries are predicted to be the fastest growing industries in the next decade both in terms of scale, revenue generation, and properties. The expansion of ICT in the fields of smartphones, social networking, and cloud computing have augmented the scale of opportunities and threats at the same time.
The problems are infinite but there are solutions to curb the biggest problem of the internet age. Firms need to consider cyber security issues as an integral part of their strategic plans. Financial and human resources must be allocated towards this partisan of problems. The alignment of business objectives is very necessary, protection of data must be on the priority list of company executives.