Ransomware Attacks on Manufacturing SMEs: Causes and Framework
VerifiedAdded on 2023/06/07
|33
|12553
|108
Project
AI Summary
This project delves into the critical issue of ransomware attacks targeting Small to Medium Enterprises (SMEs) within the manufacturing sector. The research begins with an introduction that establishes the prevalence of ransomware as a significant cyber threat, particularly for SMEs, and outlines the study's aim, objectives, research questions, and rationale. A comprehensive literature review follows, exploring the definition of SMEs, the factors that heighten their vulnerability to ransomware, existing responses to such attacks, and relevant cybersecurity frameworks and policies. The methodology chapter details the research strategy, approach, philosophy, design, data collection methods (surveys and interviews), and data analysis techniques. The subsequent chapters present the data analysis and the conclusions drawn from the research, culminating in recommendations for improving IT security in manufacturing SMEs. The project aims to identify vulnerabilities, analyze attack vectors, and propose a robust security framework to mitigate the risks associated with ransomware, offering practical insights for SMEs to enhance their cybersecurity posture.
ELEMENT 1 INDIVIDUAL
PROJECT
1
PROJECT
1
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
TABLE OF CONTENTS
TABLE OF CONTENTS.................................................................................................................2
ABSTRACT.....................................................................................................................................4
TOPIC: RANSOMWARE ATTACKS IN SMES IN THE MANUFACTURING SECTOR:
CAUSES AND FRAMEWORK FOR SECURITY........................................................................5
CHAPTER ONE: INTRODUCTION..............................................................................................5
Background information:.............................................................................................................5
Aim:.............................................................................................................................................6
Objectives:...................................................................................................................................6
Research question:.......................................................................................................................7
Rationale:.....................................................................................................................................7
CHAPTER 2: LITERATURE REVIEW.........................................................................................8
Theme 1: Definition of SME.......................................................................................................8
Theme 2: Factors Placing SMEs at Risk of Ransomware 637....................................................8
Theme 3: Responses to Ransomware Attacks...........................................................................10
Theme 4: Cybersecurity Frameworks and Policies...................................................................12
CHAPTER 3: RESEARCH METHODOLOGIES........................................................................14
Research strategy:......................................................................................................................14
Research approach:....................................................................................................................15
Research philosophy:.................................................................................................................15
Research design:........................................................................................................................16
Data collection:..........................................................................................................................17
Data analysis:.............................................................................................................................18
Reliability and validity:.............................................................................................................18
Ethical consideration:................................................................................................................19
CHAPTER FOUR: DATA ANALYSIS........................................................................................20
CHAPTER 5 CONCLUSION AND RECOMMENDATION......................................................27
2
TABLE OF CONTENTS.................................................................................................................2
ABSTRACT.....................................................................................................................................4
TOPIC: RANSOMWARE ATTACKS IN SMES IN THE MANUFACTURING SECTOR:
CAUSES AND FRAMEWORK FOR SECURITY........................................................................5
CHAPTER ONE: INTRODUCTION..............................................................................................5
Background information:.............................................................................................................5
Aim:.............................................................................................................................................6
Objectives:...................................................................................................................................6
Research question:.......................................................................................................................7
Rationale:.....................................................................................................................................7
CHAPTER 2: LITERATURE REVIEW.........................................................................................8
Theme 1: Definition of SME.......................................................................................................8
Theme 2: Factors Placing SMEs at Risk of Ransomware 637....................................................8
Theme 3: Responses to Ransomware Attacks...........................................................................10
Theme 4: Cybersecurity Frameworks and Policies...................................................................12
CHAPTER 3: RESEARCH METHODOLOGIES........................................................................14
Research strategy:......................................................................................................................14
Research approach:....................................................................................................................15
Research philosophy:.................................................................................................................15
Research design:........................................................................................................................16
Data collection:..........................................................................................................................17
Data analysis:.............................................................................................................................18
Reliability and validity:.............................................................................................................18
Ethical consideration:................................................................................................................19
CHAPTER FOUR: DATA ANALYSIS........................................................................................20
CHAPTER 5 CONCLUSION AND RECOMMENDATION......................................................27
2
REFERENCES..............................................................................................................................30
3
3
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
ABSTRACT
There is current trend in cyber world named as ransomware cyber-attack, this is on peak
where almost every business organization, user of social media and other user gets impacted due
to ransomware cyber-attack. SME are some of the major victim of ransomware as cyber-attack,
these attacks depend on type of industry and their size, business processing and other factors are
included. Ransomware ask for amount of ransom user need to provide, many manufacturing
units even have to pay higher amount while unlocking their files and information. SME's are
some of the major target of ransomware attack, SME need to include cyber security.
4
There is current trend in cyber world named as ransomware cyber-attack, this is on peak
where almost every business organization, user of social media and other user gets impacted due
to ransomware cyber-attack. SME are some of the major victim of ransomware as cyber-attack,
these attacks depend on type of industry and their size, business processing and other factors are
included. Ransomware ask for amount of ransom user need to provide, many manufacturing
units even have to pay higher amount while unlocking their files and information. SME's are
some of the major target of ransomware attack, SME need to include cyber security.
4
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
TOPIC: RANSOMWARE ATTACKS IN SMES IN THE
MANUFACTURING SECTOR: CAUSES AND FRAMEWORK FOR
SECURITY
CHAPTER ONE: INTRODUCTION
Background information:
Ransomware is one of the most trending term in cyber world, this is a type of malware
that deny user to access their own files and document. Ransomware infect device and lock
important information in the system impacting user privacy and security of data, in order to
assess own file and information, user need to pay ransom (amount). This is type of cyber-attack
which have ability to steal important information from device and even infect other connected
device. Ransomware arrive in the system from external area including website, unlisted sites,
unethical downloads, spammed emails, malvertisement and even free anti-virus download of any
application or files (Aslan and Yilmaz, 2021). Ransomware limit user assess over files, this
simply means either pay the ransom amount or lose confidential files, here, user need to have
anti-ransomware software or antivirus allowing user to become safe and secure. Victim of
ransomware may include those users who assess internet on regular basis including business, E-
commerce user, social media user and student. SME (Small-to-Medium Enterprise) are some of
the most common type of victim of ransomware attack, these business unit do not have any extra
safety measure or expensive antivirus stopping the cyber-attack.
Firms who deal in production and manufacturing sector have high chance of getting
cyber-attack including ransomware attack, data and information related to manufacturing process
impacted after the attack of ransomware. Some ransomware is so powerful that even lock the
screen of user and prevent them to access information related to raw material, procurement,
production capacity and manufacturing demand. Ransomware attack reduce flow of supply and
demand as production department unable to assess information, depend on the size of
information, attacks and ransomware amount depend. However, ransomware attack is planned
which means SME with less security gets impacted due to ransomware attack, SME need to have
high tech cyber security allowing firm to ensure safety and security (Bansal and et.al., 2020).
Advance level of ransomware also added different variant of payment method including iTunes
5
MANUFACTURING SECTOR: CAUSES AND FRAMEWORK FOR
SECURITY
CHAPTER ONE: INTRODUCTION
Background information:
Ransomware is one of the most trending term in cyber world, this is a type of malware
that deny user to access their own files and document. Ransomware infect device and lock
important information in the system impacting user privacy and security of data, in order to
assess own file and information, user need to pay ransom (amount). This is type of cyber-attack
which have ability to steal important information from device and even infect other connected
device. Ransomware arrive in the system from external area including website, unlisted sites,
unethical downloads, spammed emails, malvertisement and even free anti-virus download of any
application or files (Aslan and Yilmaz, 2021). Ransomware limit user assess over files, this
simply means either pay the ransom amount or lose confidential files, here, user need to have
anti-ransomware software or antivirus allowing user to become safe and secure. Victim of
ransomware may include those users who assess internet on regular basis including business, E-
commerce user, social media user and student. SME (Small-to-Medium Enterprise) are some of
the most common type of victim of ransomware attack, these business unit do not have any extra
safety measure or expensive antivirus stopping the cyber-attack.
Firms who deal in production and manufacturing sector have high chance of getting
cyber-attack including ransomware attack, data and information related to manufacturing process
impacted after the attack of ransomware. Some ransomware is so powerful that even lock the
screen of user and prevent them to access information related to raw material, procurement,
production capacity and manufacturing demand. Ransomware attack reduce flow of supply and
demand as production department unable to assess information, depend on the size of
information, attacks and ransomware amount depend. However, ransomware attack is planned
which means SME with less security gets impacted due to ransomware attack, SME need to have
high tech cyber security allowing firm to ensure safety and security (Bansal and et.al., 2020).
Advance level of ransomware also added different variant of payment method including iTunes
5
and Amazon, some cyber attacker may demand cryptocurrency for the payment of ransom to free
system and device.
There are certain causes of ransomware attack including; opening of unverified emails
and spammed clicks, it is very clear that some cyber-attack arrives from spammed email, these
email do not mainly impact security of system until and unless user click and open these
spammed mail. Backup of system become impossible in the case of ransomware attack, firm
might have to pay the ransom amount to assess back to the system (Conti, Dargahi and
Dehghantanha, 2018). Apart from this, some ransomware attack arrives from click user made on
unlisted sites and link, many times cyber attacker send link to the victim which looks similar to
the system information, after opening of link, ransomware gets activated and block the screen of
user asking them to pay the amount and unlock the system (Vidyarthi and et.al., 2019).
Manufacturing unit consider ransomware as critical attack, they know if production stopped due
to cyber-attack then firm might face certain type of issue, cyber-attack takes away confidential
information from the system which means firm might become unstable and face losses. Small
scale business does not have experience in cyber-attacks, they do not focus on building strong
firewall over the system to keep files safe and secure.
Aim:
The aim of this study is “To understand why SMEs in the manufacturing sector are high
victims of ransomware attacks. Understanding the vulnerabilities and attack vectors would create
a better picture as to mitigate these attacks and create a more secure posture”
Objectives:
The following objectives will help in the overall research aim being achieved:
Identify a sample of SMEs for my research
Perform a survey, using interviews, on the employees within the sampled SMEs to
extract the needed information from the participants of the study.
To identify the different security practices and postures in the sampled SMEs.
To identify the reasons behind the high rate of successful ransomware attacks through the
interviews.
To propose a set of best security policies and practices to improve the IT security in
SMEs in the manufacturing sector.
6
system and device.
There are certain causes of ransomware attack including; opening of unverified emails
and spammed clicks, it is very clear that some cyber-attack arrives from spammed email, these
email do not mainly impact security of system until and unless user click and open these
spammed mail. Backup of system become impossible in the case of ransomware attack, firm
might have to pay the ransom amount to assess back to the system (Conti, Dargahi and
Dehghantanha, 2018). Apart from this, some ransomware attack arrives from click user made on
unlisted sites and link, many times cyber attacker send link to the victim which looks similar to
the system information, after opening of link, ransomware gets activated and block the screen of
user asking them to pay the amount and unlock the system (Vidyarthi and et.al., 2019).
Manufacturing unit consider ransomware as critical attack, they know if production stopped due
to cyber-attack then firm might face certain type of issue, cyber-attack takes away confidential
information from the system which means firm might become unstable and face losses. Small
scale business does not have experience in cyber-attacks, they do not focus on building strong
firewall over the system to keep files safe and secure.
Aim:
The aim of this study is “To understand why SMEs in the manufacturing sector are high
victims of ransomware attacks. Understanding the vulnerabilities and attack vectors would create
a better picture as to mitigate these attacks and create a more secure posture”
Objectives:
The following objectives will help in the overall research aim being achieved:
Identify a sample of SMEs for my research
Perform a survey, using interviews, on the employees within the sampled SMEs to
extract the needed information from the participants of the study.
To identify the different security practices and postures in the sampled SMEs.
To identify the reasons behind the high rate of successful ransomware attacks through the
interviews.
To propose a set of best security policies and practices to improve the IT security in
SMEs in the manufacturing sector.
6
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Research question:
1. What are the threats of ransomware attacks to SMEs in the manufacturing sector?
2. What are the factors that hinder or promote the security of Manufacturing SMEs against
ransomware attacks?
3. Are SMEs in the manufacturing sector practising a good policy to improve their system?
Rationale:
The reason behind conducting this research is to examine the impact of cyber-attack over
SME, there are certain type of cyber-attack but for betterment and clear view, researcher has
selected trending cyber-attack, 'ransomware'. This is one of the most powerful type of cyber-
attack which block the system of user and ask them to pay ransom, company who consider small
scale dealing are the victim of ransomware cyber-attack (Cusack, Michel and Keller, 2018).
Another reason for conducting this study is to investigate the impact of cyber-attack including
ransomware over manufacturing sector, this may include cause of cyber-attack. Personal interest
of researcher is another reason for selecting this topic, researcher want to explore this specific
topic where learning can be seen, cyber-attack and type of security needed to manage these
attack in the firm.
7
1. What are the threats of ransomware attacks to SMEs in the manufacturing sector?
2. What are the factors that hinder or promote the security of Manufacturing SMEs against
ransomware attacks?
3. Are SMEs in the manufacturing sector practising a good policy to improve their system?
Rationale:
The reason behind conducting this research is to examine the impact of cyber-attack over
SME, there are certain type of cyber-attack but for betterment and clear view, researcher has
selected trending cyber-attack, 'ransomware'. This is one of the most powerful type of cyber-
attack which block the system of user and ask them to pay ransom, company who consider small
scale dealing are the victim of ransomware cyber-attack (Cusack, Michel and Keller, 2018).
Another reason for conducting this study is to investigate the impact of cyber-attack including
ransomware over manufacturing sector, this may include cause of cyber-attack. Personal interest
of researcher is another reason for selecting this topic, researcher want to explore this specific
topic where learning can be seen, cyber-attack and type of security needed to manage these
attack in the firm.
7
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
CHAPTER 2: LITERATURE REVIEW
Literature review chapter describe an overview about the key literature that is relevant to
research topic (Liu and et.al 2020). It involves the smooth flow of discussion about what
researcher has done already it assists to develop significance and context of study. Following
literature review also include the arguments of different authors regarding SME who are more
prone to cyber-attacks.
Theme 1: Definition of SME
According to the view of Agrafiotis and et.al (2018) Small to medium enterprise SME is a
convenient form for segmented organisations and other businesses. European union has
considered an SME as legal independent firm with less than 500 workforces, SME’s are not only
limited to any particular industry but they can also involve the small production arrangements,
small processing units. Author further said that SME’s are normal enterprises that have
investment, turnover and employees below the specific threshold, they are mainly categorises on
the basis of composite criteria about annual turnover and investment over machineries and other
requirements. there are major benefits which the numerous SME’s can get as they are much more
close to their consumer; they potentially deliver the best outcome to consumer where they retain
to firm for longer period. Another benefit for them is they can easily make decision for business
and having a short member of team will be efficient to deliver best outcome of any project.
However, author Manesh and Kaabouch, (2019) said that such organisation also has sort of
disadvantages like they possible seen as struggling for raising fund for their business, also some
businesses faces problem in finding the large number of audience and to make them potential
consumers. Additionally, because of poor IT structure they are also prone to cyber-attacks.
Theme 2: Factors Placing SMEs at Risk of Ransomware 637
As per the view of Mousavinejad and et.al (2019) It is found that due to rapid
technological evolution every business is attempting to have IT infrastructure for streamlining
their business functionalities, but it often comes in form of range of challenges like cyber-
attacks, data theft etc. Having use of technology is business is efficient but it is also important to
manage the system consistently and have technicians who can easily detect the problems and to
solve it to reduce chances of any vulnerabilities. Small and medium size businesses are also
adapting such IT system to upgrade their business functions but in return they also faces the
8
Literature review chapter describe an overview about the key literature that is relevant to
research topic (Liu and et.al 2020). It involves the smooth flow of discussion about what
researcher has done already it assists to develop significance and context of study. Following
literature review also include the arguments of different authors regarding SME who are more
prone to cyber-attacks.
Theme 1: Definition of SME
According to the view of Agrafiotis and et.al (2018) Small to medium enterprise SME is a
convenient form for segmented organisations and other businesses. European union has
considered an SME as legal independent firm with less than 500 workforces, SME’s are not only
limited to any particular industry but they can also involve the small production arrangements,
small processing units. Author further said that SME’s are normal enterprises that have
investment, turnover and employees below the specific threshold, they are mainly categorises on
the basis of composite criteria about annual turnover and investment over machineries and other
requirements. there are major benefits which the numerous SME’s can get as they are much more
close to their consumer; they potentially deliver the best outcome to consumer where they retain
to firm for longer period. Another benefit for them is they can easily make decision for business
and having a short member of team will be efficient to deliver best outcome of any project.
However, author Manesh and Kaabouch, (2019) said that such organisation also has sort of
disadvantages like they possible seen as struggling for raising fund for their business, also some
businesses faces problem in finding the large number of audience and to make them potential
consumers. Additionally, because of poor IT structure they are also prone to cyber-attacks.
Theme 2: Factors Placing SMEs at Risk of Ransomware 637
As per the view of Mousavinejad and et.al (2019) It is found that due to rapid
technological evolution every business is attempting to have IT infrastructure for streamlining
their business functionalities, but it often comes in form of range of challenges like cyber-
attacks, data theft etc. Having use of technology is business is efficient but it is also important to
manage the system consistently and have technicians who can easily detect the problems and to
solve it to reduce chances of any vulnerabilities. Small and medium size businesses are also
adapting such IT system to upgrade their business functions but in return they also faces the
8
serious problem like issue of data theft and other malicious attacks. They are major victim of
cyber security attacks because of poor IT system and have lack of IT security in business lead
them to face vulnerable consequences. They usually lack the cyber security precautions as
compared to large organisation due to lack of money and other aspects. It is found that around 43
percent of all cyber-attacks is seen for Small businesses and the consequences of such breaches
are extremely costly from less efficiency to organisational reputation. However, author
Kavallieratos, Katsikas and Gkioulos, (2018) also said that not because of poor IT structure can
lead to such vulnerabilities but lack of knowledge in employees is also main cause for the cyber-
attacks. In some cases, it is seen that malicious link is appeared on employee’s device without
inspecting it they click on it, with their just one click all information is being sent to the party
who is behind of sending that con link.
Author Shi and et.al (2020) stated that ransomware is most common cyber-attack, it is a
malware attack that is designed to deny the organisational and user access to their system. It is
one of the common attack through which many SME’s are still suffering. In this attack mainly
hackers try to encrypt the data and once they succeed in it they asked for huge amount as ransom
against decryption key, to get the decryption key for encrypting the data user or organisation has
to pay large amount sometimes it can cause death threatening events for them. Some of the
organisation thinks that giving a ransom amount would be better deal to get access to system
again. Now a day’s ransom is becoming a most prominent and visible malware attack. Author
further proposed that recently ransomware attacks have affected the operability of health care
and small SME” s, this attack has literally crippled the services in cities and also lead certain
firm to face unwanted vulnerable consequences. Author Dimitriadis and et.al (2020) stated that
SME’s reason for more prone to ransomware attack because they heavily support BYOD (bring
your own device) system, where personal devices are being used by the employees in the office
premises that lead to such vulnerabilities. On contradict with the above statement author Liu and
et.al (2020) said that BYOD system can be beneficial for the firm it is not only reason for leading
to ransomware attack, as many employees in SME brings their system but they do have software
installed in their system to protect their organisational critical information from being out or
misused.
According to Tahoun and Arafa, (2021) lack of technical awareness is also a factor
leading to ransomware attack, generally SME’s hires less technically aware employees who does
9
cyber security attacks because of poor IT system and have lack of IT security in business lead
them to face vulnerable consequences. They usually lack the cyber security precautions as
compared to large organisation due to lack of money and other aspects. It is found that around 43
percent of all cyber-attacks is seen for Small businesses and the consequences of such breaches
are extremely costly from less efficiency to organisational reputation. However, author
Kavallieratos, Katsikas and Gkioulos, (2018) also said that not because of poor IT structure can
lead to such vulnerabilities but lack of knowledge in employees is also main cause for the cyber-
attacks. In some cases, it is seen that malicious link is appeared on employee’s device without
inspecting it they click on it, with their just one click all information is being sent to the party
who is behind of sending that con link.
Author Shi and et.al (2020) stated that ransomware is most common cyber-attack, it is a
malware attack that is designed to deny the organisational and user access to their system. It is
one of the common attack through which many SME’s are still suffering. In this attack mainly
hackers try to encrypt the data and once they succeed in it they asked for huge amount as ransom
against decryption key, to get the decryption key for encrypting the data user or organisation has
to pay large amount sometimes it can cause death threatening events for them. Some of the
organisation thinks that giving a ransom amount would be better deal to get access to system
again. Now a day’s ransom is becoming a most prominent and visible malware attack. Author
further proposed that recently ransomware attacks have affected the operability of health care
and small SME” s, this attack has literally crippled the services in cities and also lead certain
firm to face unwanted vulnerable consequences. Author Dimitriadis and et.al (2020) stated that
SME’s reason for more prone to ransomware attack because they heavily support BYOD (bring
your own device) system, where personal devices are being used by the employees in the office
premises that lead to such vulnerabilities. On contradict with the above statement author Liu and
et.al (2020) said that BYOD system can be beneficial for the firm it is not only reason for leading
to ransomware attack, as many employees in SME brings their system but they do have software
installed in their system to protect their organisational critical information from being out or
misused.
According to Tahoun and Arafa, (2021) lack of technical awareness is also a factor
leading to ransomware attack, generally SME’s hires less technically aware employees who does
9
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
not understand the risks of clicking the malicious links. Another reason is that SME generally
stores attractive data like consumer contact and other details, credit card information, intellectual
property information, thus poor handling of this can always create a probability for any type of
cyber-attacks. Author also said that because of limitation in funds SME’s do not prioritise their
budgetary system, they also not do not consider importance of investment on IT systems and
cyber security technologies. because of their lack of interest in cyber security aspects it made the
cyber criminals to easily identify the vulnerabilities which they can easily exploit to get access of
the network or system. However, Kurt, Yılmaz and Wang, (2018) author also said that SME’s
are also attacked through automated attack, where hackers usually utilises the accessible
malware tools to produce the mass attacks with such little investments, such attacks are
automated and hackers do not care about whom they are attacking as long as they get what they
desired for.
Theme 3: Responses to Ransomware Attacks
As per the view of Alhelou, Golshan and Hatziargyriou, (2019) Data backup and recovery
plan can be a better step for protecting critical information. It is important to perform and checks
the regular backups for restricting the impact of information or system loss and also to advance
the recovery process, in such it is important to make sure that essential backups must be isolated
from network for the better protection. By maintaining the operating systems and other software
components up to data and upgraded can also reduce the chances for cyber-attacks. However,
author Sethuraman, Vijayakumar and Walczak, (2020) argues that by maintaining the system is
not enough to prevent any attacks, it is important to utilise the latest patches for upgrading the
systems. As patching will help in decreasing the number of exploitable entrance aspects that are
available to the attacker. Author further explained that patching is one of the important aspects
that works against defending from ransomware attack.
Author Mousavinejad and et.al (2019) investigated that by installing the anti-virus
software utility can also be efficient to defend against malicious activities, for that it is also
necessary to scan and test all the downloaded software from internet before implementing or
using it. By restricting the permission to user will also be workable factor as it will restrict the
employee to not download the unwanted software and other applications, thus by follow up of
least privilege to all system and services can be beneficial as it prevents from malware attacks
10
stores attractive data like consumer contact and other details, credit card information, intellectual
property information, thus poor handling of this can always create a probability for any type of
cyber-attacks. Author also said that because of limitation in funds SME’s do not prioritise their
budgetary system, they also not do not consider importance of investment on IT systems and
cyber security technologies. because of their lack of interest in cyber security aspects it made the
cyber criminals to easily identify the vulnerabilities which they can easily exploit to get access of
the network or system. However, Kurt, Yılmaz and Wang, (2018) author also said that SME’s
are also attacked through automated attack, where hackers usually utilises the accessible
malware tools to produce the mass attacks with such little investments, such attacks are
automated and hackers do not care about whom they are attacking as long as they get what they
desired for.
Theme 3: Responses to Ransomware Attacks
As per the view of Alhelou, Golshan and Hatziargyriou, (2019) Data backup and recovery
plan can be a better step for protecting critical information. It is important to perform and checks
the regular backups for restricting the impact of information or system loss and also to advance
the recovery process, in such it is important to make sure that essential backups must be isolated
from network for the better protection. By maintaining the operating systems and other software
components up to data and upgraded can also reduce the chances for cyber-attacks. However,
author Sethuraman, Vijayakumar and Walczak, (2020) argues that by maintaining the system is
not enough to prevent any attacks, it is important to utilise the latest patches for upgrading the
systems. As patching will help in decreasing the number of exploitable entrance aspects that are
available to the attacker. Author further explained that patching is one of the important aspects
that works against defending from ransomware attack.
Author Mousavinejad and et.al (2019) investigated that by installing the anti-virus
software utility can also be efficient to defend against malicious activities, for that it is also
necessary to scan and test all the downloaded software from internet before implementing or
using it. By restricting the permission to user will also be workable factor as it will restrict the
employee to not download the unwanted software and other applications, thus by follow up of
least privilege to all system and services can be beneficial as it prevents from malware attacks
10
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
and also prohibits the malware’s ability to spread through overall network. by avoiding
performing or enabling macros from email attachment is also effective, for an instance if user
opens the mail attachment and unknowingly they enable the macros can have embedded the code
which implement malware on system. Author Saad and et.al (2020) argues that what if person do
not know about such things like to not enable macros, in such it is important for the SME’s to
make sure that to teach their employees about such things and to provide them technical
knowledge trainings so that they are well aware of IT terms and avoid enabling macros, it will
ultimately reduce the chances for malicious attacks. Author further proposed that cyber
awareness training is must it plays a crucial role for organisation as well as for oneself, mostly
ransomware is spreading because it involves the phishing emails. Therefore, lack of awareness
towards technical aspects can cause serious troubles for SME business, therefore it is must to
train the workers to identify and reduce the potential ransomware attacks.
Current cyber-attacks generally initiate by targeting the email which does not even
contains the malware said by author Liu and et.al (2018) but generally they are socially
engineered information which motivates the person to click on that particular malicious link,
users’ education and awareness is one of the important defences which a firm can deploy to
avoid any kind of cyber risk. User authentication is one of the most favourable response against
cyber-attacks, in some cases accessing the RDP like services with the stolen user credential is
favourite activity of ransomware attackers. Therefore, to defend such activities it is important to
put strong password and authentication credential that will make harder for attacker to gain
insight of system and to stole the password. As per the view of author Kapoor and et.al (2021)
there are some anti-ransomware systems are also available that can be easily installed on system,
as by using virus scanners and content filters on mail servers can be an effective measure to
prevent ransomware activities. Such programs aim to decrease the spam risk that are generally
associated with malicious attachments which reached to mailbox. However, author Yin and et.al
(2019) said that installation of such system requires a huge amount of investment, thus before
investing on large equipment, it is must to educate the workforce about such attacks and to
conduct trainings session for them to prevent from malicious cyber-attack activities.
11
performing or enabling macros from email attachment is also effective, for an instance if user
opens the mail attachment and unknowingly they enable the macros can have embedded the code
which implement malware on system. Author Saad and et.al (2020) argues that what if person do
not know about such things like to not enable macros, in such it is important for the SME’s to
make sure that to teach their employees about such things and to provide them technical
knowledge trainings so that they are well aware of IT terms and avoid enabling macros, it will
ultimately reduce the chances for malicious attacks. Author further proposed that cyber
awareness training is must it plays a crucial role for organisation as well as for oneself, mostly
ransomware is spreading because it involves the phishing emails. Therefore, lack of awareness
towards technical aspects can cause serious troubles for SME business, therefore it is must to
train the workers to identify and reduce the potential ransomware attacks.
Current cyber-attacks generally initiate by targeting the email which does not even
contains the malware said by author Liu and et.al (2018) but generally they are socially
engineered information which motivates the person to click on that particular malicious link,
users’ education and awareness is one of the important defences which a firm can deploy to
avoid any kind of cyber risk. User authentication is one of the most favourable response against
cyber-attacks, in some cases accessing the RDP like services with the stolen user credential is
favourite activity of ransomware attackers. Therefore, to defend such activities it is important to
put strong password and authentication credential that will make harder for attacker to gain
insight of system and to stole the password. As per the view of author Kapoor and et.al (2021)
there are some anti-ransomware systems are also available that can be easily installed on system,
as by using virus scanners and content filters on mail servers can be an effective measure to
prevent ransomware activities. Such programs aim to decrease the spam risk that are generally
associated with malicious attachments which reached to mailbox. However, author Yin and et.al
(2019) said that installation of such system requires a huge amount of investment, thus before
investing on large equipment, it is must to educate the workforce about such attacks and to
conduct trainings session for them to prevent from malicious cyber-attack activities.
11
Theme 4: Cybersecurity Frameworks and Policies
From the view point of Humayun and et.al (2021), it is found that cybersecurity framework
generally a set of standards, suitable guidelines and other practices to manage the risk which
usually arise in digital world. They generally match the security objectives like to avoid any
unauthorised access to system, and manages the system by asking user to enter their username
and password so that if anyone tries to put fake password in system they can easily identified by
cyber security team. Cybersecurity frameworks works in securing the digital asserts, they are
typically designed for providing better security and also assists the security managers to
systematically apply the process in order to mitigate risk no matter how complicated the work
environment is. Author Zimba, Wang and Chen, (2018) said that it is often necessary for the
businesses to efficiently manage their credit card transaction and other details, it is also
mandatory that businesses should comply with audit that is linked with compliance with payment
card industry data security standards (PCIDSS) framework.
As per the view of Ilker and Aydos (2020) there are some cybersecurity frameworks which
can be easily deployed in order to prevent from malicious attacks, control framework is one of
them that helps in creating an important strategy so security team can easily follow, it also
provide the baseline for set of controls and assists in analysing current technical state as well as it
prioritize the control implementation. Other program framework and risk framework are also
there with the program model businesses can easily analyse their security program’s stage as
well as able to develop comprehensive program for security, following framework also helps in
measuring the security and to simplify the process of communication among the security team
and business managers. However, author Lai, Qiu and W, (2019) believes that CIS a critical
security control that creates a defence in better manner about specific best practices to overcome
cyber-attacks. Author further said that CIS is one of the best manner to work against cyber
threats it aligns with the NIST cybersecurity framework that is mainly designed to develop a
common language to manage risk within corporation. Additionally, this framework assists the
businesses to response to critical questions about their cybersecurity programs like which
inventory they are required to protect and what are some possible gaps in their security measure.
According to Trautman and Ormerod, (2018) cybersecurity policies are set of documents which
concerns with organisational statement for intent, principles and certain measures are included
for efficient management of cybersecurity risks. Some of the policies are virus and spyware
12
From the view point of Humayun and et.al (2021), it is found that cybersecurity framework
generally a set of standards, suitable guidelines and other practices to manage the risk which
usually arise in digital world. They generally match the security objectives like to avoid any
unauthorised access to system, and manages the system by asking user to enter their username
and password so that if anyone tries to put fake password in system they can easily identified by
cyber security team. Cybersecurity frameworks works in securing the digital asserts, they are
typically designed for providing better security and also assists the security managers to
systematically apply the process in order to mitigate risk no matter how complicated the work
environment is. Author Zimba, Wang and Chen, (2018) said that it is often necessary for the
businesses to efficiently manage their credit card transaction and other details, it is also
mandatory that businesses should comply with audit that is linked with compliance with payment
card industry data security standards (PCIDSS) framework.
As per the view of Ilker and Aydos (2020) there are some cybersecurity frameworks which
can be easily deployed in order to prevent from malicious attacks, control framework is one of
them that helps in creating an important strategy so security team can easily follow, it also
provide the baseline for set of controls and assists in analysing current technical state as well as it
prioritize the control implementation. Other program framework and risk framework are also
there with the program model businesses can easily analyse their security program’s stage as
well as able to develop comprehensive program for security, following framework also helps in
measuring the security and to simplify the process of communication among the security team
and business managers. However, author Lai, Qiu and W, (2019) believes that CIS a critical
security control that creates a defence in better manner about specific best practices to overcome
cyber-attacks. Author further said that CIS is one of the best manner to work against cyber
threats it aligns with the NIST cybersecurity framework that is mainly designed to develop a
common language to manage risk within corporation. Additionally, this framework assists the
businesses to response to critical questions about their cybersecurity programs like which
inventory they are required to protect and what are some possible gaps in their security measure.
According to Trautman and Ormerod, (2018) cybersecurity policies are set of documents which
concerns with organisational statement for intent, principles and certain measures are included
for efficient management of cybersecurity risks. Some of the policies are virus and spyware
12
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 33
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.