Project Objective

The use of smartphones and internet has grown significantly in past decade. People use the internet for sharing and connecting with their friends and families. The internet is used by companies, individuals, and government due to its numerous benefits. But there are several disadvantages of the internet as well. With the increase in internet usage, the rate of cyber crimes has increased too. Cyber security has started to become raising issues for individuals and companies globally. Organisations are facing new threats relating to cyber security such as malware, hacking, insider risks and much more. To avoid such threats, companies are required to invest a huge amount of capital on safety software’s, which do not provide 100 percent security. This report is focused on analysing different challenges faced by modern corporations regarding their cyber security. The examples of several companies will be taken to understand the effect of cybercrimes. Further, the report will provide various recommendations for improving the cyber security of enterprises.

The primary objective of the report is to evaluate different problems faced by modern corporations relating to their cyber security. The perspective of various companies shall be taken to understand the depth of cyber crimes and requirement of cyber security. The secondary objective of the report is to provide recommendations for improving the cyber security functions of an enterprise.

The report will analyse the usage of internet and computer in corporation’s activities and how modern technology has changed the process of organisations. The report will analyse cyber threats from the perspective of various companies. Discussion of theories and advice provided by experts will also be analysed in the report.

With the advancement of technology in a previous decade, the usage of internet based services has grown considerably. The internet services are not only used by the large organisation, but normal peoples are using the internet for sharing and communicating purposes. People share their personal information online and enterprises share their sensitive data. Due to this, the risk of cyber crimes has grown significantly (Figure 1). Cybercrimes are the offenses conducted by peoples using a computer and the internet. Hackers use various methods to collect the information of individuals and organisations to gain unfair advantages. Following are the activities due to which threat of cyber-attack has grown:

1. Social Media: In previous few decades, the use of social media has significantly increased, with more than 2.9 billion active social media users. The people use social media websites such as Facebook, Twitter, YouTube or Instagram, to share their personal information and to connect with their friends and families. With the considerable grown of social media sites, companies are started using social media to interest with their customers.

Social media sites are a great place for companies to advertise their products, conduct surveys and interest with their customers. Organisations such as Starbucks, Old Spice, and Oreo have effectively implemented social media strategy in their business model which has proved to be significantly beneficial for them. With the advancement of social media users, the risk of cyber-attacks has grown significantly as well. Attacks on companies such as HBO, Yahoo and Play station’s social media accounts are a good example for determining the cyber threats (Youmans and York 2012).

1. Mobile Banking: According to Sui (2016), around 44 percent of world’s population shall be started using smartphones in 2017. Due to this enormous usage, companies are providing various services to people’s smartphones. Banks are allowing their customers to perform their banking activates just by using their smartphones. The use of net banking, online shopping, and mobile wallets are significantly high in the market.

Project Scope

To use these services, people are required to share their sensitive data on the internet like passwords or banking details. Most hackers attack such data to gain access to another person’s bank accounts. Many companies also have their banking data online which can be hacked by individuals. These attacks can be detrimental to a firms business. There have been several attacks against banks, for example, Tesco bank, where hackers stole more than $2 million from accounts. Another example is information breach in JP Morgan which affected more than 83 million customers (Arabo and Pranggono 2013).

1. Lack of Online Security: One of the reasons for enhancement in cyber-attack is because they are easier than other crimes. As per Haber (2017), due to modernisation, companies have started using internet based services without taking any strict precaution against security. Most of the large corporations have simple security firewalls, which are easier for hackers to breach. Among 20 biggest banks in the United States, 19 have online security ratings below ‘C’ grade. The cost of cyber security are usually high, therefore organisations avoid spending on security, which makes them vulnerable to cyber-attacks. The attack on user’s data of Yahoo is a good example of lack of cyber security.
2. Lack of Knowledge: As per the research of Wang and Lu (2013), most peoples who use social media or the internet based services do not have proper knowledge regarding the services. They avoid security features because usually, they are frustrating to apply, such as setting a tough password or enabling two-step verification. Due to this fact, hackers get easy access to people’s private data. A recent attack on Apple’ cloud servers leaked more than 500 personal pictures of celebrities on the web.

The modernisation of technology has introduced several new threats on the cyber activates of individual and organisations. While using internet based services, corporations face various problems for protecting their security. Following are few examples of the problem faced by corporations while performing cyber activates.

Ransomware is a type of malware which attacks the computer of an individual or a company and prevents them from accessing their data (Figure 2). The hacker demand a ransom to give back the access of computer usually monetary, and just like normal ransom, there is no guarantee of getting back the access after the payment. Few examples of ransomware include WannaCry, Locky and Crypto Locker. Various large companies have been attacked by ransomware such as FedEx and Nissan (Wattles and Disis 2017).

According to Dunn (2017), this virus has attacked various big brands such as Rio Olympics, Donald Trump’s election campaign, five Russian banks, BBC and DYN. In this attack, the hackers flood an organisation or server with a huge amount of traffic, which stops them from performing certain takes. The hackers usually attack a single computer than gain access to another computer which is connected to the first computer.

Not all cyber crimes are aimed to gain an unfair advantage; many attacks are based on political and social factors. As per Kenney (2015), these attacks are more dangerous than normal cyber-attacks since hackers want to make a public statement to illegally damage the reputation of an enterprise. Their main objective is to finish the organisation instead of gaining money. Many hackers attack government servers to leak secret documents which are a huge threat to national security. The most notable attacks of Hacktivism include an attack on Sony by hackers group called Anonymous, to protest against the Play Station lawsuit. The Same group has also attacked Bank of America to expose their illegal activities.

Development of Technology

As per the research of McAfee, more than 1.8 billion internet active devices will be used by customers till 2019. Hacking in their data will be easier than before for hackers. The smartphones of peoples usually contain private data which a hacker can easily collect. This sensitive information allows hackers to gain illegal advantages. Many new products sold by companies have back door available, which can be used by hackers to gain access to the particular device. The devices or gadgets of the internet of things include smart home products, wearable gadgets, connected vehicles and much more. These new products get connected to the internet to work properly, making them easily hack able by hackers (McAfee 2017).

As per the research conducted by IBM in 2016, more than 60 percent of cyber-attacks are happened due to insider threats (Figure 3). Most of the employees give access of data to hackers to gain some benefits. Many employees accidentally give access of company’s data to hackers, due to their negligence. In modern times, the insider threat is one the main reason of cyber-attacks over organisations. The popular example of insider threat includes data leakage by Edward Snowden and Jun Xie (Habeck and Molloy 2017).

Smartphones are significantly popular in the modern world; every person is dependent upon their phone to perform several tasks. The smartphone contains a person’s personal data such as bank details, address and other sensitive data. Due to its popularity, hackers are targeting people’s smartphones to collect their details or gain an unfair advantage. More than 44 percent of the population will own a smartphone till 2017, which makes them an ideal target for hackers. With the introduction of banking services on mobile, it is easier for hackers to collect bank data from people’s smartphones. ‘DroidKungFu’ is a popular mobile malware which uses android OS backdoor to gain access to a smartphone. ‘Plankton’ is another malware which attaches itself to Android applications and collects user’s data. Google has to remove 10 applications from play store to stop this virus from spreading (Seo et. al. 2014).

Machine learning is a complicated technology that assists organisations in performing complicated and analysis takes of significantly large quantities. Large corporations such as Google uses this technology to predict their user’s behaviour and provide them a recommendation based on their preferences. This technology is also used by companies to detect fraud, predict the success of advertisement projects and perform automated tasks. But many technology experts believe that this technology can be used by hackers to target large data of companies and individuals, to use them to their advantage (Hink et.al. 2014).

Challenges of Cyber Safety

Many online websites display fake advertisement on their platform to hack or collect data of users. If a customer clicks on a fake advertisement it will redirect them to hackers servers where the control of users computer or smartphone can be taken by hackers. These advertisements also collect users banking information to gain access to their accounts. These advertisements are hard to detect by government regulations, and they are an easy method of hacking users. In 2015, many popular sites such as eBay and TalkTalk were used by hackers to display fake advertisement which collected user’s data (Mo et.al. 2012).

The impact of cyber-attack has been significantly high in past few years. Hackers are finding new methods to attack businesses and individuals, due to which requirement of cyber security has been increased. Organisations, as well as individuals, are required to protect their data from hacker to avoid any misuse or illegal usage of data. Following are some recommendations use by individuals and companies to protect their data from cyber-attacks:

• Physically securing the computer hardware can assist companies to avoid cyber-attacks. Checking of employees before entering or exiting, physically locking down the units after work and avoid any third party access to a computer can help in reducing the threat of cyber-attacks. Implementation of security guidelines for proper physical security of cyber data and hardware components will avoid any physical cyber threat (Agarwal 2017).
• Companies are required to encrypt their data before transmitting them to various servers. Generally, hackers look for data which is left behind and use such information to attack a computer, but by encryption of data, the company can keep information safe from hackers. The encryption of data and disk will only take few extra minutes but it benefits the company a lot. Although for encryption to work properly, the automatically log out of the user after 5 or 10 min feature shall also be enabled, or unless the hackers will be able to physically gain access to employee’s computer while they were on a break.
• As per Lopez (2014), individual persons should change their passwords every week to avoid any hacking and should only use strong passwords. They should also keep their sensitive detail private such as bank details, passwords, security pins and other information. Routinely checking of bank accounts and credit card details to determine any unauthorised activity should also be helpful for early detection of hacking.
• The organisation should embrace the safety guidelines as an integral part of their corporate culture. Employees must be aware regarding the safety regulations, and they know how to avoid any cyber threat. Providing proper training and also employing proper IT employees should also benefit the company.
• Creating a proper budget for safety expenditures is necessary for the safety of information. Usually, companies avoid safety regulations due to their high cost but it is necessary to avoid any future loss. The organisation should use antiviruses and other security software’s to avoid any cyber-attack.

Conclusion

From the above report, it can be concluded that cyber security has been a significant challenge for organisations. Most corporations do not know about the risk of cyber-attack or most of them avoid security due to its high expenditures. In past few decades, the number of cyber-attacks has grown considerably against both corporations and individuals. Moderation of technology also puts normal peoples in the risk of cyber-attacks. Hackers are using modern technology to attack a large number of individuals. Proper safety measures should be taken by organisations and individuals to avoid cyber threats. Increasing the awareness and knowledge towards cyber security is also necessary for the better implementation of safety precautions.

References

Agarwal, A., 2017. 4 Easy Ways to Protect Your Company From a Cyber Attack. Entrepreneur India. Retrieved from < https://www.entrepreneur.com/article/289680 >

Arabo, A. and Pranggono, B., 2013, May. Mobile malware and smart device security: Trends, challenges and solutions. In Control Systems and Computer Science (CSCS), 2013 19th International Conference on (pp. 526-531). IEEE.

Dunn, J. E., 2017. The 12 worst types of ransomware – we name the internet’s nastiest extortion malware. ComputerWorldUK. Retrieved from <

https://www.computerworlduk.com/galleries/security/worst-ransomware-attacks-we-name-internets-nastiest-extortion-malware-3641916/ >

Habeck, T. A. and Molloy, I.M., 2017. Usage Monitoring and Insider Threats. IBM Research. Retrieved from <

https://researcher.watson.ibm.com/researcher/view_group.php?id=2860 >

Haber, M., 2017. Cyber Security Challenges for Small to Medium Size Businesses. Beyond Trust. Retrieved from <

https://www.beyondtrust.com/blog/cyber-security-challenges-small-medium-size-businesses/ >

Hink, R.C.B., Beaver, J.M., Buckner, M.A., Morris, T., Adhikari, U. and Pan, S., 2014, August. Machine learning for power system disturbance and cyber-attack discrimination. In Resilient Control Systems (ISRCS), 2014 7th International Symposium on (pp. 1-8). IEEE.

Kenney, M., 2015. Cyber-terrorism in a post-stuxnet world. Orbis, 59(1), pp.111-128.

Konkel, F., 2013. Why cybersecurity remains a risky endeavour. FCW. Retrieved from <

https://fcw.com/articles/2013/02/15/high-risk-cyber.aspx >

LiveSafe., 2017. Using your employees to prevent insider cyber threats. LiveSafe. Retrieved from <

https://www.livesafemobile.com/prevent-insider-threats/ >

Lopez, P., 2014. 5 Ways To Protect Yourself From Cyber Attacks. Forbes. Retrieved from <

https://www.forbes.com/sites/realspin/2014/02/07/5-ways-to-protect-yourself-from-cyber-attacks/#57ef2d3a5afb >

McAfee., 2017. McAfee Labs Threats Report. [PDF file]. McAfee. Retreived from <

https://www.mcafee.com/in/resources/reports/rp-quarterly-threats-mar-2017.pdf >

Mo, Y., Kim, T.H.J., Brancik, K., Dickinson, D., Lee, H., Perrig, A. and Sinopoli, B., 2012. Cyber–physical security of a smart grid infrastructure. Proceedings of the IEEE, 100(1), pp.195-209.

Seo, S.H., Gupta, A., Sallam, A.M., Bertino, E. and Yim, K., 2014. Detecting mobile malware threats to homeland security through static analysis. Journal of Network and Computer Applications, 38, pp.43-53.

Sui, L., 2016. 44% of World Population will Own Smartphones in 2017. Strategy Analytics. Retrieved from <

https://www.strategyanalytics.com/strategy-analytics/blogs/smart-phones/2016/12/21/44-of-world-population-will-own-smartphones-in-2017#.WbJAuLIjHIU >

Theim, C., 2017. Highlights, Trends, and Mind Boggling Statistics from the 2017 Verizon DBIR. Secure World. Retrieved from <

https://www.secureworldexpo.com/industry-news/highlights-trends-and-mind-boggling-statistics-from-the-2017-verizon-dbir >

Wang, W. and Lu, Z., 2013. Cyber security in the Smart Grid: Survey and challenges. Computer Networks, 57(5), pp.1344-1371.

Wattles, J. and Disis, J., 2017. Ransomware attack: Who’s been hit. CNN. Retrieved from <

https://money.cnn.com/2017/05/15/technology/ransomware-whos-been-hit/index.html >

Youmans, W.L. and York, J.C., 2012. Social media and the activist toolkit: User agreements, corporate interests, and the information infrastructure of modern social movements. Journal of Communication, 62(2), pp.315-329.