HI6008 Business Research: Cyber Security Challenges in Business

Verified

Added on 2023/06/12

AI Summary

This literature review examines the various cyber security challenges faced by businesses in the digital age. It highlights the increasing reliance on internet-based operations and the corresponding rise in cybercrimes. The review covers a range of threats, including mobile internet vulnerabilities, phishing attacks, social media breaches, and Distributed Denial of Service (DDoS) attacks. It also discusses the implications of emerging technologies like IoT and smartphone malware on business security. The review emphasizes the importance of investing in robust security infrastructure and raising awareness among users to mitigate these challenges. The document is available on Desklib, a platform offering study tools and solved assignments for students.

CHALLENGES IN CYBER
SECURITY FOR BUSINESS

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
Contents
INTRODUCTION.................................................................................................................................2
Project objective....................................................................................................................................2
Project Scope.........................................................................................................................................3
Literature Review..................................................................................................................................3
Conclusion.............................................................................................................................................8
REFERENCES......................................................................................................................................9
INTRODUCTION
Internet had penetrated into the lives of the people. This has not only made the lives of people
easier but has helped them in day to day activities. It is not only beneficial for the individuals
but has also helped business to grow at a much faster rate. Cyber world is facing lot of
challenges. These challenges are posing negative effect on the operations of the firm. With
the increasing popularity of the cyber based business and the increase in the use of smart
devices is substantially. These days various business industries like shopping, entertainment,
finance, banking and many others are heavily relying on internet based business. In the past
cybercrimes have increased which is a major challenge for the business. This research will
evaluate the challenges in cyber security for the business.
Project objective
The major objective of this research is to do a literature review on several challenges that are
faced by the business due to cyber security. This research will also discuss various kinds of

2
cyber-attacks done on companies in the past as well as the effect that these attacks made on
businesses. The secondary objective is to give recommendations regarding the ways in which
firms can face challenges.
Project Scope
The research will analyse the influence of the internet and other online web services on the
organisation’s operations as well as understand the alterations in their functionalities so as to
evaluate their vulnerability towards cyber threats. The research will inspect several cyber
threats and the risk faced by the firms in the past. Several professional advice and theories is
illustrated in the later part of the research.
Literature Review
In the era of digital technology, internet has played a very crucial role. In the views of Choo,
(2011) it has not only transformed the businesses all around the world but has also impacted
the lives of people. Many firms have emerged all across the globe that is running their
business on the online space. This is due to the reason that it benefits the company as they
can reach to a larger numbers of people at once irrespective of their geographical locations.
This has empowered the smaller firms who does not have larger amount of resources to do
business on such larger scale as done by the bigger firms. As per Yan, et al., (2012) business
organisations takes use of internet so as to connect with larger section of the market and
hence achieving higher growth rate. Both individuals and firms upload their private and
sensitive data on internet which makes them vulnerable target for the cyber-attacks. Due to
lack of security measures these attacks are getting frequent especially it happens with those
people who have poor knowledge about the operations through internet mediums. According
to Elmaghraby and Losavio, (2014) there are several hackers that are in the search of some
kind of loop holes in the network. This empowered them to make easier attacks on the
business. This is done so as to gain an unfair advantage over the business. With the expansion
of internet mediums the chances of attacks have also increased. There are various reasons
because of which number of cyber-attacks enhanced in the past few decades.
O’Connell, (2012) illustrated that there are several platforms through which these attacks are
getting possible. Mobile internet has become one of the major sources of these cyber -attacks.
Today almost all the businesses are getting connected to the mobile technology. For example
mobile banking has been one of the prime areas where the attacks in the past few decades

3
have been used. It has also been noticed that App based business is also not safe and there are
several loop holes through which various crucial data gets leaked. Phishing has been one of
the most common forms of cyber-attacks in the mobile banking. It is posing serious threats to
the businesses and individuals. With the increasing number of mobile phone users all around
the world, it has become one of the largest markets where companies can sell their products.
On the other hand Jajodia, et al., (2011) thinks that taking use of mobile transactions for
different purposes has also raised the concerns of the business. Services like mobile wallet,
online shopping, Pay Pal has further enhanced the cyber threats. Since there are many
financial data that is present on such online mediums which if gets into the hands of
unauthorised person then there can be heavy losses to the individuals. There are multi-layer
protection like firewalls that has been used by the banks and other firms so as to protect their
consumers and their business. Hackers generally take advantage of any faults that is done by
the users or says the flaws present in the system is capitalised by the hackers for their
personal benefit.
On the contrary, Sadeghi, Wachsmann and Waidner, (2015) believes that most of the frauds
in the online banking is through the website. Since there are many operations that are done by
the banks with the use of these sites hence the number of cases of such attacks has been seen
in the past. For instance the cyber-attack on the JP Morgan resulted in information breach
related to 83 million consumers. Another example in this regard is Tesco Bank, where the
hackers stole more than 2 million dollars from accounts of bank’s clients. In both the cases it
was seen that the major reason for such type of attack getting possible is due to poor security
measures. Razzaq, et al., (2013) suggests that the major reason for most of the attacks is that
they have not invested a lot on the security infrastructure. This is done for saving cost.
Another side of it is that people do not have enough knowledge regarding the ways of using
the safe banking solutions. Most of the infrastructures are easier to break due to some kind of
loop holes. In a research it was found that the 19 out of the 20 banks present in America has
got “C” grade in their security. Firms generally neglect higher security infrastructure because
of their higher infrastructural cost and maintenance charges.
In the views of Katal, Wazid and Goudar, (2013) major source of attack on the business is
through social media. This is the place where the vulnerability is highest, as huge amount of
personal data related to individuals and firms are present on these sites. Presently there are
approx. 3 billion social media users which is again a large market for the companies. This is
the place that is utilised by the firms to post their advertisements collect data regarding their

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
products, getting feedbacks, doing market research and many other activities. Organisations
have been highly benefited by the use of social media sites as their promotional campaigns
can go worldwide on a single click. Hackers generally hacks the social media sites of the
company and other users so as to gather important information associated with them. This is
also done to diminish the image of the firm.
Dunn Cavelty, (2013) states that the major reason for such kind of online attacks is that they
do not have such a high level of digital knowledge that they could protect their online data.
People and organisations generally do not focus on the security features that are hard to
understand even when they provide extra layer of security to the business operations.
Presently allegations on Facebook Inc. in various parts of the world regarding the stealing of
many private data of the people has raised serious questions on the business of this
organisation. This has made many companies vulnerable to data theft. The attack on the
Apple Incorporation has resulted in the private data leakage of many people. Posting of more
than 500 personal pictures of celebrity on the internet sites was the result of it. According to
So, (2011) these challenges have resulted in heavy losses to the firms and individuals. Today
data has become the most valuable tool in the modern day business hence there are many
hackers that are trying to access the data related to the personal likings and disliking of the
people without their prior permission.
According to Suo, et al., (2012) some more kind of challenges are faced by the business
organisations. Distributed Denial of Service attack or DDoS over the servers enhances the
traffic of such servers to a limit that it stops performing several operations. Usually the
hackers attack on the most vulnerable node or system on the network and hence gaining the
access to the computers that are linked with same server. Sometimes attack gets possible due
to large traffic on the server. This provides the access to the hackers due to system failures.
Hackers generally take advantage of these situations and attack on servers since at this time
they are most vulnerable. They take use of spams, mails, advertisements or other type of
viruses in order to enhance the server’s traffic. The attack on BBC was a type of DDoS
attack. Other examples of such type of attacks are DYN, American presidential election
where attack was on campaign of Donald Trump, attack on five Russian banks and Rio
Olympics.
On the contrary McGettrick, et al., (2014) believes that the advancements like IOT have
helped the firms in their growth process but it has significantly caused several types of cyber-

5
security challenges in front of the firms. A research conducted by McAfee suggested that by
the end of 2019, 1.8 billion internet based devices will be used by the consumers. IOT is a
network where the connection between all the devices makes the system smarter and hence
they can take decisions on their own. IOT is understood as the future of advanced business as
it helps the owners to have more control over their operations. Due to large numbers of nodes
connected with the IOT, vulnerability of the network towards cyber-attacks has increased.
Due to presence of large number of sensors at various level of IOT network hacking of
devices has got easier. With such a large amount of data being stored at various nodes this is
serious problem for the company. These devices when hacked can be used for accessing the
environment that is present at workplace as well as they can have control over the operations
till the time it is not regained by the owner. Since all the machines that are in use are
connected with each other hence the challenge before companies becomes greater.
In the views of Morrow, (2012) smartphone Malware has become one of the biggest
challenges for the business. Since smartphones have large amount of personal data hence if it
gets hacked then huge loss to the stakeholders can be possible. Hackers generally attacks on
the bigger stakeholders of the company so as to take their private data and use it for their
personal benefit (Arabo and Pranggono, 2013). With the use of mobile application, a mobile
malware like ‘Plankton’ can steal the data. Another mobile malware that is popular is
‘DroneKungFu’.
Sharma, (2012) says that the biggest challenge to the cyber security of the business is
Hacktivism. Mostly it is seen that cyber-attacks have increased because there are many active
hackers present in market who just have the intension to gather the data for their personal
benefit. It is also promoted when one firm using it against their competitors to gain their
crucial data regarding their business. This destroys the reputation of the company which
displaces the firm in achieving their motives. This sometimes results in financial disability.
The best example of hacktivism was the attack on Sony Corporation where an unknown
hacking organisation attacked the firm due to their PlayStation lawsuit. An unknown hackers
group also attacked Bank of America in order to expose the illegal activities that are
conducted by the firm. Panama paper leak was another such example that provided
information related to tax evasion scandal of many bigger leaders all around the world.
In the views of Gupta, Agrawal and Yamaguchi, (2016) another type of malware known as
Ransomware, attacks firm’s systems or individuals and does not allow them to access their

6
own data. For having control over their system, hackers demand a ransom in the form of
money or other valuable products. There is no guarantee that hackers will give access to the
computers even after paying the ransom. The examples of ransomware are Locky,
WannaCry, Cryptolocker. In past such ransomware attack was possible on FedEx and Nissan
Motor Company.
On the contrary Bayuk, et al., (2012) believes that the biggest challenge to the cyber security
of the company is the threats from inside of the firm. A research by IBM in the year 2016
suggested that most of the cyber-attack approx. 60% that took place happened due to insider
threats. Many a time workers intentionally or unintentionally provides access to the hackers
and a result data breach gets possible. Many a time it is seen that employees intentionally
gives access codes to the hackers and hence making their work easier. Jun Xie and Edward
Snowden are perfect examples of insider threats; both leaked the information of the website
for which they were working.
Jing, et al., (2014) believes that companies should make many types of changes so as to make
sure that these attacks may not be possible. Data encryption can be one of the most valuable
methods in this regards. Organisations can take use of encryption techniques for transmitting
it among two distinct devices. This is highly effective in the case of connected networks like
IOT as they can share and receive data without the chances of getting hacked. It acts as an
additional layer of security which enhances the device usability. Firms do not prefer to adopt
encryption since it takes additional time for data processing but the security provided to it can
protect from potential cyber-attacks, like as the attack from Sony Corporation.
Tonge, Kasture and Chaudhari, (2013) suggests that physically safeguarding the servers and
computer is also crucial for making sure that data of corporation gets secured. Putting
security camera, biometric locks and other security measures in labs of computer can protect
the firm from threats from insider. Appropriate checking of workers is also essential for
ensuring that credible data with other parties.
On the other hand Reddy and Reddy, (2014) thinks that a firm must not hesitate to invest in
the security software since it helps in safeguarding against the potential threats. This may
destroy the financial position or reputation of the organisation. Every firm must an additional
budget that must be used towards upgrading technology that will help in enhancing security
against cyber-attacks. The use of antivirus, firewalls and other security software can minimise
this potential risk.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

7
He, et al., (2016) suggests that taking use of password protected systems as well as
authentication tools like once time passwords can be highly helpful against the phishing or
other kinds of attacks. Strong password is highly recommended. For business the passwords
must be regularly upgraded.
In the views of Parmar, (2017) organisation can establish a culture where the data privacy and
security must be given higher importance. A formal training regarding the cyber security can
help in enhancing the safety of the data that gets leaked due to some kind of human errors. A
culture of check and balance must be incorporated where the fault of one employee can be
corrected by someone else.
Conclusion
From the above research it can be suggested that the use of computers and internet mediums
for doing business have increased. This has benefitted the firm in many ways but it has also
resulted in negative sense as the company’s data and information are in a great threat to get
stolen. There are many challenges faced by the firms in the cyber-world which can result in
heavy losses for the company. Mobile banking, use of internet and IOT has increased the
problems of the firms. Many kinds of risks that is faced by the larger firms are insider threat,
ransomware, IOT, DDoS, Hactivism, smartphone malwares etc. There are many examples in
the past where companies have faced loss due to cyber-attacks like BBC, Sony, DYN, FedEx,
Bank of America and many more. A firm needs to be ready with larger amount of resources
so as to confront the challenges that are posing by the hackers all across the globe. Increasing
security budget, setting effective and flexible security infrastructure or preventive measures
like passwords or data encryptions can help the firm in safeguarding themselves from
external attacks. These day data is business hence firm needs to have an organisational
culture where knowledge about preventing data must be given to all their stakeholders.

8
REFERENCES
Arabo, A. and Pranggono, B., (2013), May. Mobile malware and smart device security:
Trends, challenges and solutions. In Control Systems and Computer Science (CSCS), 2013
19th International Conference on (pp. 526-531). IEEE.
Bayuk, J.L., Healey, J., Rohmeyer, P., Sachs, M.H., Schmidt, J. and Weiss, J., (2012). Cyber
security policy guidebook. John Wiley & Sons.
Choo, K.K.R., (2011). The cyber threat landscape: Challenges and future research
directions. Computers & Security, 30(8), pp.719-731.
Dunn Cavelty, M., (2013). From cyber-bombs to political fallout: Threat representations with
an impact in the cyber-security discourse. International Studies Review, 15(1), pp.105-122.
Elmaghraby, A.S. and Losavio, M.M., (2014). Cyber security challenges in Smart Cities:
Safety, security and privacy. Journal of advanced research, 5(4), pp.491-497.
Gupta, B., Agrawal, D.P. and Yamaguchi, S. eds., (2016). Handbook of research on modern
cryptographic solutions for computer and cyber security. IGI Global.
He, H., Maple, C., Watson, T., Tiwari, A., Mehnen, J., Jin, Y. and Gabrys, B., (2016), July.
The security challenges in the IoT enabled cyber-physical systems and opportunities for
evolutionary computing & other computational intelligence. In Evolutionary Computation
(CEC), 2016 IEEE Congress on(pp. 1015-1021). IEEE.
Jajodia, S., Ghosh, A.K., Swarup, V., Wang, C. and Wang, X.S. eds., (2011). Moving target
defense: creating asymmetric uncertainty for cyber threats (Vol. 54). Springer Science &
Business Media.

9
Jing, Q., Vasilakos, A.V., Wan, J., Lu, J. and Qiu, D., (2014). Security of the Internet of
Things: perspectives and challenges. Wireless Networks, 20(8), pp.2481-2501.
Katal, A., Wazid, M. and Goudar, R.H., (2013), August. Big data: issues, challenges, tools
and good practices. In Contemporary Computing (IC3), 2013 Sixth International Conference
on (pp. 404-409). IEEE.
Morrow, B., (2012). BYOD security challenges: control and protect your most sensitive
data. Network Security, 2012(12), pp.5-8.
McGettrick, A., Cassel, L.N., Dark, M., Hawthorne, E.K. and Impagliazzo, J., (2014), March.
Toward curricular guidelines for cybersecurity. In Proceedings of the 45th ACM technical
symposium on Computer science education (pp. 81-82). ACM.
O’Connell, M.E., (2012). Cyber security without cyber war. Journal of Conflict and Security
Law, 17(2), pp.187-209.
Parmar, H., (2017). The top 10 cyber security challenges for businesses. [Online]. Available
at: . [Accessed on: 23rd April 2018].
Razzaq, A., Hur, A., Ahmad, H.F. and Masood, M., (2013), March. Cyber security: Threats,
reasons, challenges, methodologies and state of the art solutions for industrial applications.
In Autonomous Decentralized Systems (ISADS), 2013 IEEE Eleventh International
Symposium on (pp. 1-6). IEEE.
Reddy, G.N. and Reddy, G.J., (2014). A Study of Cyber Security Challenges and its
emerging trends on latest technologies. arXiv preprint arXiv:1402.1842.
Sadeghi, A.R., Wachsmann, C. and Waidner, M., (2015), June. Security and privacy
challenges in industrial internet of things. In Proceedings of the 52nd annual design
automation conference (p. 54). ACM.
Sharma, R., (2012). Study of latest emerging trends on cyber security and its challenges to
society. International Journal of Scientific & Engineering Research, 3(6), p.1.
So, K., (2011). Cloud computing security issues and challenges. International Journal of
Computer Networks, 3(5), pp.247-55.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

10
Suo, H., Wan, J., Zou, C. and Liu, J., (2012), March. Security in the internet of things: a
review. In Computer Science and Electronics Engineering (ICCSEE), 2012 international
conference on (Vol. 3, pp. 648-651). IEEE.
Tonge, A.M., Kasture, S.S. and Chaudhari, S.R., (2013). Cyber security: challenges for
society-literature review. IOSR Journal of Computer Engineering, 2(12), pp.67-75.
Yan, Y., Qian, Y., Sharif, H. and Tipper, D., (2012). A survey on cyber security for smart
grid communications. IEEE Communications Surveys and tutorials, 14(4), pp.998-1010.