Security Professionals Must Reinforce Detect Attacks to Avoid Unauthorized Data Exposure

Alain Loukaka and Shawon S. M. Rahman

Abstract


Organizations face the probability of being hacked because of weak and inadequate cybersecurity implementations. Hackers are still able to breach a system when security tools such as firewalls, SIEM, anti-virus software, encryption, and IDPS are readily in place within an organization. Digital criminals are responsible for increased network breaches using elusive security tools to penetrate secure environments with sophistication. Cyberattacks are continually increasing due to the sophistication and innovation of cyber attackers. Many vulnerable areas must be reinforced against cybercriminals, Insider threats, inadequate employee training, and negligence. Monetary investment in cybersecurity and management support plays a significant role in assuring the implementation of information security throughout any organizational processes. The implication for practice can provide organizations with approaches on how to mitigate cyber exploits and safeguard the confidentiality, integrity, and availability of information by bridging the gap between incident detection and response.

Keywords


Data Breach, Computer crime, Cyberattack, Exploit, Hacking, Zero-day attack

References


Sharma, M. P., Zawar, M. S., & Patil, S. B. (2016). Ransomware analysis: Internet of things (Iot) security issues, challenges and open problems in the context of worldwide scenario of security of systems and malware attacks. Int. J. Innov. Res. n Sci. Eng, 2(3), 177-184.

Hewes, C. A. (2016). Threat and challenges of cyber-crime and the response. S.A.M. Advanced Management Journal, 81(2), 4-10, 2.

Neal, P., & Ilsever, J. (2016). Protecting information: Active cyber defense for the business entity: A prerequisite corporate policy. Academy of Strategic Management Journal, 15(2), 15-35.

Esteves, J., Ramalho, E., & De Haro, G. (2017). To improve cybersecurity, think like a hacker. MIT Sloan Management Review, 58(3), 71-77.

PWC, P. (2015). Managing Cyber Risks in an Interconnected World: Key Findings from the Global State of Information Security Survey 2015.

Romanosky, S. (2016). Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2(2), 121-135.

Alnatheer, M. A. (2014). A conceptual model to understand information security culture. International Journal of Social Science and Humanity, 4, 104-107. Retrieved from http://www.ijssh.org/papers/327-A00013.pdf

Gaigole, M. S., Kamaltai, S., & Kalyankar, M. A. (2015). The study of network security with its penetrating attacks and possible security mechanisms. Int. J. Comput. Sci. Mob. Comput, 45(5), 728–735.

Goel, S., Williams, K., & Dincelli, E. (2017). Got phished? Internet security and human vulnerability. Journal of the Association for Information Systems, 18(1), 22-44.

Chowdappa, K. B., Lakshmi, S. S., & Kumar, P. P. (2014). Ethical hacking techniques with penetration testing. International Journal of Computer Science and Information Technologies, 5, 3389-3393. Retrieved from http://www.ijcsit.com/

Siponen, M., Pahnila, S., & Mahmood, M. (2014). Employees’ adherence to information security policies: An exploratory field study. Information & Management, 51(2), 217-224.

Alazab, M., Venkatraman, S., Watters, P., & Alazab, M. (2011). Zero-day malware detection based on supervised learning algorithms of API call signatures. In Proceedings of the Ninth Australasian Data Mining Conference, 121, 171-182.

Murshudli, F., & Loguinov, B. (2019). Digitalization Challenges to Global Banking Industry. Varazdin: Varazdin Development and Entrepreneurship Agency (VADEA).

Daud, M., Rasiah, R., George, M., Asirvatham, D., & Thangiah, G. (2018). Bridging the Gap between Organizational Practices and Cyber Security Compliance: Can Cooperation Promote Compliance in Organizations? International Journal of Business & Society, 19(1).

Samtani, S., Chinn, R., Chen, H., & Nunamaker, J. F., Jr. (2017). Exploring emerging hacker assets and key hackers for proactive cyber threat intelligence. Journal of Management Information Systems, 34(4), 1023-1053.

Emery, A. C. (2017). Zero-day responsibility: The benefits of a safe harbor for cybersecurity research. Jurimetrics, 57(4), 483-503.

Jang-Jaccard, J., & Nepal, S. (2014). A survey of emerging threats in cybersecurity. Journal of Computer and System Sciences, 80(5), 973-993.

Dahbur, K., Bashabsheh, Z., & Bashabsheh, D. (2017). Assessment of security awareness: A qualitative and quantitative study. International Management Review, 13(1), 37-58,101-102.

Cohen, A. (2018). Effective Cyber Leadership: Avoiding the Tuna Fish Effect and Other Dangerous Assumptions. The Cyber Defense Review, 3, 47-52.

Benson, V., McAlaney, J., & Frumkin, L. A. (2019). Emerging Threats for the Human Element and Countermeasures in Current Cyber Security Landscape. In Cyber Law, Privacy, and Security: Concepts, Methodologies, Tools, and Applications, 1264-1269. doi:10.4018/978-1-5225-8897-9.ch062

Karahan, S., Wu, H., & Armistead, L. (2019). Evolution of US Cybersecurity Strategy. In International Conference on Cyber Warfare and Security, 168-176. Academic Conferences International Limited.

Parrend, P., Navarro, J., Guigou, F., Deruyver, A., & Collet, P. (2018). Foundations and applications of artificial intelligence for zero-day and multistep attack detection. EURASIP Journal on Information Security, 2018(1), 1-21.

Davis, A. (2012). Hacktivism. ITnow, 54(2), 30-31.

Habeeb, R. A. A., Nasaruddin, F., Gani, A., Hashem, I. A. T., Ahmed, E., & Imran, M. (2018). Real-time big data processing for anomaly detection: A survey. International Journal of Information Management.

Malecki, F. (2019). Best practices for preventing and recovering from a ransomware attack. Computer Fraud & Security, 2019, 8-10. ISSN 1361-3723. doi:10.1016/S1361-3723(19)30028-4

Wolff, J., & Lehr, W. (2017). Degrees of Ignorance about the Costs of Data Breaches: What Policymakers Can and Can't Do about the Lack of Good Empirical Data. doi:10.2139/ssrn.2943867

Gillon, K., Branz, L., Culnan, M. J., Dhillon, G., Hodgkinson, R., & MacWillson, A. (2011). Information Security and Privacy-Rethinking Governance Models. CAIS, 28, 33.

Wolff, J., & Lehr, W. (2018). When cyber threats loom, what can states and local governments do? Georgetown Journal of International Affairs, 19, 67.

Cappelli, D. M., Moore, A. P., & Trzeciak, R. F. (2012). The CERT guide to insider threats: how to prevent, detect, and respond to information technology crimes (Theft, Sabotage, Fraud). Addison-Wesley.

Caravelli, J. (2019). Cyber Crime. Cyber Security: Threats and Responses for Government and Business, 23.

Guozhu, M., Yang, L., Jie, Z., Pokluda, A., & Boutaba, R. (2015). Collaborative security: A survey and taxonomy. ACM Computing Surveys, 48(1), 1-42.

Brief, K. (2017). Arbor Networks is recognized as the 2017 Market and Technology Leader in the Global DDoS Mitigation Market. Retrieved from https://pages.arbornetworks.com/rs/082-KNA087/images/Knowledge%20Brief_Arbor%20Networks_Market%20Technology%20Leader_DDoS%20Mitigation%20FINAL.pdf

Mee, P., & Schuermann, T. (2018). How a cyberattack could cause the next financial crisis. Harvard Business School Publishing. Retrieved from https://hbr. org/2018/09/how-a-cyber-attackcould-cause-the-next-financial-crisis

Olmstead, K., & Smith, A. (2017). Americans and cybersecurity. Pew Research Center, 26.

Farahmand, F., & Spafford, E. H. (2013). Understanding insiders: An analysis of risk-taking behavior. Information System Frontiers, 15(1), 5-15.

Chen, S., & Janeja, V. (2014). Human perspective to anomaly detection for cybersecurity. Journal of Intelligent Information Systems, 42, 133-153.

Cheng, L., Li, Y., Li, W., Holm, E., & Zhai, Q. (2013). Understanding the violation of IS security policy in organizations: An integrated model based on social control and deterrence theory. Computers & Security, 39, 447-459.

Hua, J., & Bapna, S. (2013). Whom can we trust? The economic impact of insider threats. Journal of Global Information Technology Management, 16(4), 47-67.

Barrios, R. (2013). A multi-leveled approach to intrusion detection and the insider threat. Journal of Information Security, 4, 54-65. doi:10.4236/jis.2013.41007

Hsu, J. S. C., & Shih, S. P. (2015). When does One Weight Threats more? An Integration of Regulatory Focus Theory and Protection Motivation Theory. Retrieved from http://aisel.aisnet.org/wisp2015/12

Floyd, D. L., Prentice-Dunn, S., & Albery Rogers, R. W. (2000). A meta-analysis of research on protection motivation theory. Journal of Applied Social Psychology, 30(2), 407-429.

Shane, S., Perlroth, N., & Sanger, D. E. (2017). Security breach and spilled secrets have shaken the NSA to its core. The New York Times. Retrieved from https://cyber-peace.org/wpcontent/uploads/2017/11/Security-Breach-andSpilled-Secrets-Have-Shaken-the-N.S.A.pdf

Computer Fraud & Security (2019). New reports reveal scale of nation-state hacking, 2019(3), 1-3. ISSN 1361-3723. Doi:10.1016/S1361- 3723(19)30023-5

Thomas, G., Burmeister, O., & Low, G. (2018). Issues of Implied Trust in Ethical Hacking. ORBIT Journal, 2(1).

Identity Theft Resource Center (2017). 2017 annual data breach year-end review. Identity Theft Resource Center: California.

Emerson, R. G. (2016). Limits to a cyber-threat. Contemporary Politics, 22, 178-196. doi:10.1080/13569775.2016.1153284

Stanciu, V., & Tinca, A. (2016). Students' awareness on information security between own perception and reality—An empirical study. Accounting and Management Information Systems, 15(1), 112-130.

Zabicki, R., & Ellis, S. R. (2017). Penetration Testing. In Computer and Information Security Handbook, 1031-1038. doi:10.1016/B978-0-12-803843-7.00075-2

Branquinho, M. A. (2018). Ransomware in industrial control systems. What comes after Wanacry and Petya global attacks? WIT Transactions on the Built Environment, 174, 329-334.

Maglaras, L., Ferrag, M. A., Derhab, A., Mukherjee, M., Janicke, H., & Rallis, S. (2019). Threats, Protection and Attribution of Cyber Attacks on Critical Infrastructures. arXiv preprint arXiv:1901.03899.

Krombholz, K., Hobel, H., Huber, M., & Weippl, E. (2015). Advanced social engineering attacks. Journal of Information Security and Applications, 22, 113-122.

Nhan, J. (2014). Phishing. In C. J. Forsyth, & H. Copes (Eds.), Encyclopedia of social deviance.: SAGE Publications: Thousand Oaks, CA.

Zhao, M., An, B., & Kiekintveld, C. (2016). Optimizing personalized email filtering thresholds to mitigate sequential spear phishing attacks, 658-665.

Enigbokan, O. K., & Ajayi, N. (2017). Managing cybercrimes through the implementation of Security measures. Journal of Information Warfare, 16(1), 112-129.

Rassam, M. A., Maarof, M., & Zainal, A. (2017). Big Data Analytics Adoption for Cybersecurity: A Review of Current Solutions, Requirements, Challenges, and Trends. Journal of Information Assurance & Security, 12(4).

Elngar, A., Mohamed, D., & Ghaleb, F. (2012). A fast accurate network intrusion detection system. International Journal of Computer Science and Information Security, 10(9), 29-35.

El-Taj, H., Najjar, F., Alsenawi, H., & Najjar, M. (2012). Intrusion detection and prevention response based on signature-based and anomalybased: Investigation study. International Journal of Computer Science and Information Security, 10(6), 50-56.

Genç, Z. A., Lenzini, G., & Ryan, P. (2017). The Cipher, the Random and the Ransom: A Survey on Current and Future Ransomware. Advances in Cybersecurity 2017. Retrieved from http://hdl.handle.net/10993/32574

CISCO. (2017). Annual Cybersecurity Report.

Bjorke, J. D., & May, J. D. (2016). Trends in recent data breach litigation. Franklin Business & Law Journal, 2016(4), 52-66.

Leonard, S. M. (2013). Cybercrime. In C. G. Bates, & J. Ciment (Eds.), Global social issues: An encyclopedia. Routledge: London, UK.

Singh, P. K., & Chandel, G. S. (2014). A modified technique for performing data encryption & data decryption. International Journal of Engineering Research and Applications, 4(7), 149-152.

Mahbod, R., & Irish, R. (2017). A Guide to Cybersecurity. The Journal of Government Financial Management, 66(3), 34-39.

Bidgoli, H. (2016). Integrating real-life cases into a security system: Seven checklists for managers. American Journal of Management, 16(4), 9-25. Retrieved from http://www.m.www.nabusinesspress.com/AJM/BidgoliH_Web16_4_.pdf

Iovan, S., & Iovan, A. (2016). From cyber threats to cyber-crime. Journal of Information Systems & Operations Management, 425-434.

Birtstone, R. (2015). Don't count on antivirus software alone to keep your data safe. Available online at http://www.theregister.co.uk/2015/02/09/dont_count_on _antivirus_alone_to _protect_your_data/

Stanciu, V., & Tinca, A. (2016). Students' awareness on information security between own perception and reality—An empirical study. Accounting and Management Information Systems, 15(1), 112-130.

Singh, R., Kumar, H., Singla, R .K., & Ketti, R. R. (2017). Internet attacks and intrusion detection system. Online Information Review, 41(2), 171-184.

Elshoush, H. T., & Osman, I. M. (2011). Alert correlation in collaborative intelligent intrusion detection systems—A survey. Applied Soft Computing, 11, 4349-4365. doi:10.1016/j.asoc.2010.12.004

Rizvi, S., Labrador, G., Guyan, M., & Savan, J. (2016). Advocating for hybrid intrusion detection prevention system and framework improvement. Procedia Computer Science, (95)1, 369-374.

Turner, C., Jeremiah, R., Richards, D., & Joseph, A. (2016). A rule status monitoring algorithm for rule-based intrusion detection and prevention systems. Procedia Computer Science, 95(1), 361-368.

Firstenberg, M. (2017). Industrial cybersecurity: How much is enough? Chemical Engineering Progress, 113(6), 26-29.

Guri, M., & Elovici, Y. (2018). Bridgeware: The air-gap malware. Communications of the ACM, 61(4), 74-82.

Marotta, V., & Acquisti, A. (2017). Online distractions, website blockers, and economic productivity: A randomized field experiment. Preliminary Draft.

Alves, N. S., Mendes, T. S., de Mendonça, M. G., Spínola, R. O., Shull, F., & Seaman, C. (2016). Identification and management of technical debt: A systematic mapping study. Information and Software Technology, 70, 100-121. doi: 10.1016/j.infsof.2015.10.008

Conti, M., Dargahi, T., & Dehghantanha, A. (2018). Cyber threat intelligence: Challenges and opportunities. Cyber Threat Intelligence, 1-6.

Lv, K., Chen, Y., & Hu, C. (2019). Dynamic Defense Strategy against Advanced Persistent Threat under Heterogeneous Networks. Information Fusion.

Gupta, S., & Gupta, B. B. (2017). Detection, avoidance, and attack pattern mechanisms in modern web application vulnerabilities: present and future challenges. International Journal of Cloud Applications and Computing (IJCAC), 7(3), 1-43.

Shen, L. (2014). The NIST cybersecurity framework: Overview and potential impacts. Journal of Internet Law, 18(6), 3–6.

Radziwill, N., & Benton, M. (2017). Cybersecurity cost of quality: Managing the costs of cybersecurity risk management. Software Quality Professional, 19(4), 25-43.

Brown, W., & Nasuti, F. (2005). What ERP systems can tell us about Sarbanes-Oxley. Information Management & Computer Security, 13, 311-327.

Loukaka, A., & Rahman, S. (2017). Discovering new cyber protection approaches from a security professional prospective. International Journal of Computer Networks & Communications (IJCNC) Vol, 9.

Zolait, A. S. (2014). The nature and components of perceived behavioral control as an element of theory of planned behavior. Behaviour & Information Technology, 33(1), 65-84.

Sommestad, T., Karlzén, H., & Hallberg, J. (2015). The sufficiency of the theory of planned behavior for explaining information security policy compliance. Information and Computer Security, 23(2), 200-217.

Sharma, A., & Misra, P. K. (2017). Aspects of enhancing security in software development life cycle. Advances in Computational Sciences and Technology, 10(2), 203-210.

Vance, A., Siponen, M., & Pahnila, S. (2012). Motivating IS security compliance: Insights from habit and protection motivation theory. Information & Management, 49(3), 190-198.

Deterrence theory. (2015). In J. Mcray (Ed.), Leadership glossary: Essential terms for the 21st century. Santa Barbara, CA: Mission Bell Media.

Willison, R., & Warkentin, M. (2013). Beyond deterrence: An expanded view of employee computer abuse. MIS Quarterly, 37(1).

Crossler, R., Johnston, A., Lowry, P., Hu, Q., Warkentin, M., & Baskerville, R. (2013). Future directions for behavioral information security research. Computers & Security, 32, 90-101.

Posey, C., Roberts, T., Lowry, P. B., Bennett, B., & Courtney, J. (2013). Insiders’ protection of organizational information assets: Development of a systematics-based taxonomy and theory of diversity for protection-motivated behaviors. Mis Quarterly, 37(4), 1189-1210.

Muegge, S., & Craigen, D. (2015). A design science approach to constructing critical infrastructure and communicating cybersecurity risks. Technology Innovation Management Review, 5(6), 6-16.

Corman, J. (2010). Principles of ethical review. Applied Clinical Trials, 19(7), 2-8A, 9A.

Department of Health, E. (2014). The Belmont report. Ethical principles and guidelines for the protection of human subjects of research. The Journal of the American College of Dentists, 81(3), 4.

Hoser, B., & Nitschke, T. (2010). Questions on ethics for research in the virtually connected world. Social Networks, 32(3), 180-186. doi:10.1016/j.socnet.2009.11.003

Yazdani, N., & Murad, H. S. (2015). Toward an ethical theory of organizing. Journal of Business Ethics, 127, 399-417. doi:10.1007/s10551-014-2049-3

Ilvonen, I. (2013). Information security assessment of SMEs as coursework—Learning information security management by doing. Journal of Information Systems Education, 24(1), 53-61.

Creswell, J. W., & Creswell, J. D. (2017). Research design: Qualitative, quantitative, and mixed methods approach. Sage publications.

Jackson, D. (2013). What are qualitative research ethics? Journal of Research Administration, 44(1), 93-95.


Full Text: PDF

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.

IT in Innovation IT in Business IT in Engineering IT in Health IT in Science IT in Design IT in Fashion

IT in Industry @ http://www.it-in-industry.com . ISSN (Online): 2203-1731; ISSN (Print): 2204-0595