Search results for: cybersecurity breaches
Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 172

Search results for: cybersecurity breaches

172 Understanding the Human Element in Cybersecurity: A Literature Review and Recommendations

Authors: Sadiq Nasir

Abstract:

The need for strong cybersecurity measures has been brought to light by society's growing reliance on technology. Cybersecurity breaches continue, with the human aspect playing a crucial role, despite the availability of technology remedies. By analyzing the most recent findings in this area of research on awareness, attitudes, and behaviour, this literature review seeks to comprehend the human element in cybersecurity. A thorough overview of the most recent studies and gaps in the body of knowledge will be determined through a systematic examination of the literature. The paper indicates that in order to address the human component in cybersecurity, a socio-technical strategy is required, and it advocates for additional study in order to fully comprehend the consequences of various interventions. The findings of this study will increase our understanding of cybersecurity and have useful ramifications for companies wanting to strengthen their cybersecurity posture.

Keywords: cybersecurity, cybersecurity awareness, human factor in security, human security

Procedia PDF Downloads 87
171 Cybersecurity Challenges in the Era of Open Banking

Authors: Krish Batra

Abstract:

The advent of open banking has revolutionized the financial services industry by fostering innovation, enhancing customer experience, and promoting competition. However, this paradigm shift towards more open and interconnected banking ecosystems has introduced complex cybersecurity challenges. This research paper delves into the multifaceted cybersecurity landscape of open banking, highlighting the vulnerabilities and threats inherent in sharing financial data across a network of banks and third-party providers. Through a detailed analysis of recent data breaches, phishing attacks, and other cyber incidents, the paper assesses the current state of cybersecurity within the open banking framework. It examines the effectiveness of existing security measures, such as encryption, API security protocols, and authentication mechanisms, in protecting sensitive financial information. Furthermore, the paper explores the regulatory response to these challenges, including the implementation of standards such as PSD2 in Europe and similar initiatives globally. By identifying gaps in current cybersecurity practices, the research aims to propose a set of robust, forward-looking strategies that can enhance the security and resilience of open banking systems. This includes recommendations for banks, third-party providers, regulators, and consumers on how to mitigate risks and ensure a secure open banking environment. The ultimate goal is to provide stakeholders with a comprehensive understanding of the cybersecurity implications of open banking and to outline actionable steps for safeguarding the financial ecosystem in an increasingly interconnected world.

Keywords: open banking, financial services industry, cybersecurity challenges, data breaches, phishing attacks, encryption, API security protocols, authentication mechanisms, regulatory response, PSD2, cybersecurity practices

Procedia PDF Downloads 60
170 Cybersecurity Challenges in Africa

Authors: Chimmoe Fomo Michelle Larissa

Abstract:

The challenges of cybersecurity in Africa are increasingly significant as the continent undergoes rapid digital transformation. With the rise of internet connectivity, mobile phone usage, and digital financial services, Africa faces unique cybersecurity threats. The significance of this study lies in understanding these threats and the multifaceted challenges that hinder effective cybersecurity measures across the continent. The methodologies employed in this study include a comprehensive analysis of existing cybersecurity frameworks in various African countries, surveys of key stakeholders in the digital ecosystem, and case studies of cybersecurity incidents. These methodologies aim to provide a detailed understanding of the current cybersecurity landscape, identify gaps in existing policies, and evaluate the effectiveness of implemented security measures. Major findings of the study indicate that Africa faces numerous cybersecurity challenges, including inadequate regulatory frameworks, insufficient cybersecurity awareness, and a shortage of skilled professionals. Additionally, the prevalence of cybercrime, such as financial fraud, data breaches, and ransomware attacks, exacerbates the situation. The study also highlights the role of international cooperation and regional collaboration in addressing these challenges and improving overall cybersecurity resilience. In conclusion, addressing cybersecurity challenges in Africa requires a multifaceted approach that involves strengthening regulatory frameworks, enhancing public awareness, and investing in cybersecurity education and training. The study underscores the importance of regional and international collaboration in building a robust cybersecurity infrastructure capable of mitigating the risks associated with the continent's digital growth.

Keywords: Africa, cybersecurity, challenges, digital infrastructure, cybercrime

Procedia PDF Downloads 41
169 Cybersecurity Breaches and Audit Outcomes: An Analysis of Auditor Changes and Going Concern Opinions

Authors: Sara Dehaiman Alqahtani

Abstract:

This study investigates the effects of cybersecurity breaches on critical audit outcomes, specifically focusing on auditor changes, engagement partner rotations, and the issuance of going concern opinions. Utilizing an extensive dataset of U.S.-based firms spanning from 2006 to 2023, the research employs propensity score matching (PSM) to address selection bias and control for confounding variables. The analysis reveals that, contrary to conventional expectations, firms that experience cybersecurity breaches are less likely to change their audit firms and engagement partners. Additionally, these breached firms are less likely to receive going concern opinions from their auditors. However, an exception is noted within the technology sector, where breached firms show a higher propensity to switch auditors, potentially to demonstrate a commitment to enhanced cybersecurity measures. The findings suggest a strong preference for continuity in auditor-client relationships following cybersecurity incidents. This preference underscores the importance of auditors' existing knowledge of a firm's systems and controls, which is deemed valuable during periods of heightened risk. The study extends the existing literature by moving beyond the well-documented impact of breaches on audit fees to explore other significant dimensions of the auditor-client relationship. It challenges the traditional assumption that increased risk from breaches leads to higher auditor turnover or more conservative audit opinions, highlighting instead a tendency towards maintaining stability. Methodologically, the research leverages PSM to create a balanced comparison between breached and non-breached firms, ensuring robustness in the findings. Logistic regression analyses further substantiate the associations between breaches and audit outcomes, controlling for various firm-specific characteristics such as size, financial performance, and industry classification. Supplemental analyses explore additional factors, including litigation risk, breach frequency, and industry-specific responses, providing a nuanced understanding of the dynamics at play. The study’s main contributions are threefold. First, it broadens the scope of research on cybersecurity breaches by examining their impact on auditor changes and going concern opinions, areas previously underexplored. Second, it offers empirical evidence that breached firms tend to retain their auditors and engagement partners, suggesting that continuity is valued over potential audit quality improvements through auditor changes. Third, it highlights sector-specific behaviors, particularly within the technology industry, where breaches do lead to higher auditor turnover, indicating industry-specific risk management strategies. Implications of this research are significant for auditors, clients, and regulators. Auditors may need to enhance their risk assessment frameworks to better incorporate cybersecurity risks, ensuring that audit practices remain robust in the face of evolving cyber threats. Clients should evaluate the benefits of retaining existing auditors against the potential advantages of engaging new auditors who might offer fresh perspectives and specialized cybersecurity expertise. Regulators might consider updating auditing standards to more explicitly address cybersecurity risks, ensuring that such threats are adequately reflected in audit procedures and disclosures. Overall, this study provides a comprehensive analysis of how cybersecurity breaches influence audit outcomes, revealing a preference for auditor continuity and questioning whether current auditing frameworks sufficiently account for cyber risks. By highlighting these trends, the research calls for a reassessment of audit practices and regulatory standards to better address the complexities introduced by the increasing prevalence of cyber threats in the digital age.

Keywords: cybersecurity breaches, auditor changes, engagement partner rotations, going concern opinions, auditor-client relationships, audit risk assessment

Procedia PDF Downloads 4
168 Cybersecurity Challenges and Solutions in ICT Management at the Federal Polytechnic, Ado-Ekiti: A Quantitative Study

Authors: Innocent Uzougbo Onwuegbuzie, Siene Elizabeth Eke

Abstract:

This study investigates cybersecurity challenges and solutions in managing Information and Communication Technology (ICT) at the Federal Polytechnic, Ado-Ekiti, South-West Nigeria. The rapid evolution of ICT has revolutionized organizational operations and impacted various sectors, including education, healthcare, and finance. While ICT advancements facilitate seamless communication, complex data analytics, and strategic decision-making, they also introduce significant cybersecurity risks such as data breaches, ransomware, and other malicious attacks. These threats jeopardize the confidentiality, integrity, and availability of information systems, necessitating robust cybersecurity measures. The primary aim of this research is to identify prevalent cybersecurity challenges in ICT management, evaluate their impact on the institution's operations, and assess the effectiveness of current cybersecurity solutions. Adopting a quantitative research approach, data was collected through surveys and structured questionnaires from students, staff, and IT professionals at the Federal Polytechnic, Ado-Ekiti. The findings underscore the critical need for continuous investment in cybersecurity technologies, employee and student training, and regulatory compliance to mitigate evolving cyber threats. This research contributes to bridging the knowledge gap in cybersecurity management and provides valuable insights into effective strategies and technologies for safeguarding ICT systems in educational institutions. The study's objectives are to enhance the security posture of the Federal Polytechnic, Ado-Ekiti, in an increasingly digital world by identifying and addressing the cybersecurity challenges faced by its ICT management.

Keywords: cybersecurity challenges, cyber threat mitigation, federal polytechnic Ado-Ekiti, ICT management

Procedia PDF Downloads 40
167 The Nature and Impact of Trojan Horses in Cybersecurity

Authors: Mehrab Faraghti

Abstract:

Trojan horses, a form of malware masquerading as legitimate software, pose significant cybersecurity threats. These malicious programs exploit user trust, infiltrate systems, and can lead to data breaches, financial loss, and compromised privacy. This paper explores the mechanisms through which Trojan horses operate, including delivery methods such as phishing and software vulnerabilities. It categorizes various types of Trojan horses and their specific impacts on individuals and organizations. Additionally, the research highlights the evolution of Trojan threats and the importance of user awareness and proactive security measures. By analyzing case studies of notable Trojan attacks, this study identifies common vulnerabilities that can be exploited and offers insights into effective countermeasures, including behavioral analysis, anomaly detection, and robust incident response strategies. The findings emphasize the need for comprehensive cybersecurity education and the implementation of advanced security protocols to mitigate the risks associated with Trojan horses.

Keywords: Trojan horses, cybersecurity, malware, data breach

Procedia PDF Downloads 11
166 Cybersecurity Awareness Among Applied Sciences Student Population

Authors: Sanja Bracun, Nikolina Kasunic

Abstract:

After graduation, the student population of applied sciences will become the population of employees on IT experts’ positions or "just" business users of certain IT technologies for which the level of awareness of existing cybersecurity risks is extremely important. This research results define the current cybersecurity awareness level of students at Zagreb University of Applied Sciences (TVZ), what can be useful not only for teaching staff to form a curriculum related to cybersecurity more accurately but also to employers to know what to expect from their future employees regarding cybersecurity awareness level.

Keywords: student population cybersecurity awareness, cybersecurity awareness, cybersecurity, applied sciences students

Procedia PDF Downloads 254
165 A Virtual Reality Cybersecurity Training Knowledge-Based Ontology

Authors: Shaila Rana, Wasim Alhamdani

Abstract:

Effective cybersecurity learning relies on an engaging, interactive, and entertaining activity that fosters positive learning outcomes. VR cybersecurity training may promote these aforementioned variables. However, a methodological approach and framework have not yet been created to allow trainers and educators to employ VR cybersecurity training methods to promote positive learning outcomes to the author’s best knowledge. Thus, this paper aims to create an approach that cybersecurity trainers can follow to create a VR cybersecurity training module. This methodology utilizes concepts from other cybersecurity training frameworks, such as NICE and CyTrONE. Other cybersecurity training frameworks do not incorporate the use of VR. VR training proposes unique challenges that cannot be addressed in current cybersecurity training frameworks. Subsequently, this ontology utilizes concepts unique to developing VR training to create a relevant methodology for creating VR cybersecurity training modules. The outcome of this research is to create a methodology that is relevant and useful for designing VR cybersecurity training modules.

Keywords: virtual reality cybersecurity training, VR cybersecurity training, traditional cybersecurity training, ontology

Procedia PDF Downloads 289
164 Exploring the Need to Study the Efficacy of VR Training Compared to Traditional Cybersecurity Training

Authors: Shaila Rana, Wasim Alhamdani

Abstract:

Effective cybersecurity training is of the utmost importance, given the plethora of attacks that continue to increase in complexity and ubiquity. VR cybersecurity training remains a starkly understudied discipline. Studies that evaluated the effectiveness of VR cybersecurity training over traditional methods are required. An engaging and interactive platform can support knowledge retention of the training material. Consequently, an effective form of cybersecurity training is required to support a culture of cybersecurity awareness. Measurements of effectiveness varied throughout the studies, with surveys and observations being the two most utilized forms of evaluating effectiveness. Further research is needed to evaluate the effectiveness of VR cybersecurity training and traditional training. Additionally, research for evaluating if VR cybersecurity training is more effective than traditional methods is vital. This paper proposes a methodology to compare the two cybersecurity training methods and their effectiveness. The proposed framework includes developing both VR and traditional cybersecurity training methods and delivering them to at least 100 users. A quiz along with a survey will be administered and statistically analyzed to determine if there is a difference in knowledge retention and user satisfaction. The aim of this paper is to bring attention to the need to study VR cybersecurity training and its effectiveness compared to traditional training methods. This paper hopes to contribute to the cybersecurity training field by providing an effective way to train users for security awareness. If VR training is deemed more effective, this could create a new direction for cybersecurity training practices.

Keywords: virtual reality cybersecurity training, VR cybersecurity training, traditional cybersecurity training

Procedia PDF Downloads 215
163 Perceptions of Cybersecurity in Government Organizations: Case Study of Bhutan

Authors: Pema Choejey, David Murray, Chun Che Fung

Abstract:

Bhutan is becoming increasingly dependent on Information and Communications Technologies (ICTs), especially the Internet for performing the daily activities of governments, businesses, and individuals. Consequently, information systems and networks are becoming more exposed and vulnerable to cybersecurity threats. This paper highlights the findings of the survey study carried out to understand the perceptions of cybersecurity implementation among government organizations in Bhutan. About 280 ICT personnel were surveyed about the effectiveness of cybersecurity implementation in their organizations. A questionnaire based on a 5 point Likert scale was used to assess the perceptions of respondents. The questions were asked on cybersecurity practices such as cybersecurity policies, awareness and training, and risk management. The survey results show that less than 50% of respondents believe that the cybersecurity implementation is effective: cybersecurity policy (40%), risk management (23%), training and awareness (28%), system development life cycle (34%); incident management (26%), and communications and operational management (40%). The findings suggest that many of the cybersecurity practices are inadequately implemented and therefore, there exist a gap in achieving a required cybersecurity posture. This study recommends government organizations to establish a comprehensive cybersecurity program with emphasis on cybersecurity policy, risk management, and awareness and training. In addition, the research study has practical implications to both government and private organizations for implementing and managing cybersecurity.

Keywords: awareness and training, cybersecurity policy, risk management, security risks

Procedia PDF Downloads 345
162 How Cyber Insurers and Managed Security Companies Influence the Content and Meaning of Privacy Law and Cybersecurity Compliance

Authors: Shauhin Talesh

Abstract:

Cyber risks--loss exposure associated with the use of electronic equipment, computers, information technology, and virtual reality--are among the biggest threats facing businesses and consumers. Despite these threats, private organizations are not significantly changing their behavior in response. Although many organizations do have formal cybersecurity policies in place, the majority believe they are insufficiently prepared for cybersecurity incidences, and have not conducted proper risk assessments or invested necessary training and resources to protect consumers’ electronic information. Drawing on empirical observations over the past 5 years, this article explains why insurers who manage cybersecurity and privacy law compliance among organizations have not been more successful in curtailing breaches. The analysis draws on Talesh's “new institutional theory of insurance,” which explains how insurers shape the content and meaning of law among organizations that purchase insurance. In response to vague and fragmented privacy laws and a lack of strong government oversight, insurers offer cyber insurance and a series of risk-management services to their customers. These services convey legitimacy to the public and to the insureds but fall short of improving the robustness of organizations, rendering them largely symbolic. Cyber insurers and managed security companies have flooded the market with high-level technical tools that they claim mitigate risk, but all they've really accomplished is to institutionalize a norm that policyholders need these tools to avoid cybersecurity incidents. Federal and state regulators and industry-based rating agencies have deferred to cyber insurers without evidence that these tools actually improve security.

Keywords: regulation, compliance, insurance, cybersecurity, privacy law, organizations, risk management

Procedia PDF Downloads 3
161 Implementing Zero-Trust Security with Passwordless Authentication Gateways for Privacy-Oriented Organizations Using Keycloak

Authors: Andrei Bogdan Stanescu, Laura Diaconescu

Abstract:

With the increasing concerns about data breaches and privacy violations, organizations seek robust security measures to protect sensitive information. This research paper highlights the importance of implementing the Zero-Trust Security methodology using Passwordless Authentication Gateways that leverage Keycloak, an open-source Identity and Access Management (IAM) software, as a solution to address the security challenges these organizations face. The paper presents the successful implementation and deployment of such a solution in a mid-size, privacy-oriented organization. The implementation resulted in significant security improvements, reducing the risk of unauthorized access and potential data breaches. Moreover, user feedback indicated enhanced convenience and streamlined authentication experiences. The results of this study bring solid contributions in the field of cybersecurity and provide practical insights for organizations aiming to strengthen their security practices.

Keywords: identity and access management, passwordless authentication, privacy, zero-trust security

Procedia PDF Downloads 91
160 Cybersecurity Protective Behavior in Industrial Revolution 4.0 Era: A Conceptual Framework

Authors: Saif Hussein Abdallah Alghazo, Norshima Humaidi

Abstract:

Adopting cybersecurity protective behaviour among the employees is seriously considered in the organization, especially when the Internet of Things (IoT) is widely used in Industrial Revolution 4.0 (IR 4.0) era. Cybersecurity issues arise due to weaknesses of employees’ behaviour such as carelessness and failure to adopt good practices of information security behaviour. Therefore, this study aims to explore the dimensions that might influence employees’ behaviour to adopt good cybersecurity practices and to develop a new holistic model related to this concept. The study proposed this by reviewing the existing works of literature related to this field extensively, especially by focusing on the existing theory such as Protection Motivation Theory (PMT). Moreover, this study has also explored the role of cybersecurity competency among the security manager in the organization since this construct is essential to enhance the protective behaviour towards cybersecurity among the employees in the organization. The proposed research model is important to be quantitatively tested in the future as the findings will serve as the input to the act that will enhance employee’s cybersecurity protective behaviour in the IR 4.0 environment.

Keywords: cybersecurity protective behaviour, protection motivation theory, IR 4.0, cybersecurity competency

Procedia PDF Downloads 152
159 Cybersecurity and Governance for Humanitarian Work: An Approach for Addressing Security Risks

Authors: Rossouw De Bruin, Sebastiaan H. Von Solms

Abstract:

The state of national security is an evolving concern. Companies, organizations, governments, states and individuals are aware of the security of their information and their assets however, they may not always be aware of the risks present. These risks are not only limited to non-existence of security procedures. Existing security can be severely flawed, especially if there is non-conformance towards policies, practices and procedures. When looking at humanitarian actions, we can easily identify these flaws. Unfortunately, humanitarian aid has to compete with factors from within the states, countries and continents they are working in. Furthermore, as technology improves, so does our connectivity to the internet and the way in which we use the internet. However, there are times when security is overlooked and humanitarian agencies are some of the agencies that do not always take security into consideration. The purpose of this paper will be to introduce the importance of cybersecurity and cybersecurity governance with respect to humanitarian work. We will also introduce and briefly discuss a model that can be used by humanitarian agencies to assess, manage and maintain their cybersecurity efforts.

Keywords: humanities, cybersecurity, cybersecurity governance, maturity, cybersecurity maturity, maturity model

Procedia PDF Downloads 268
158 Adding Security Blocks to the DevOps Lifecycle

Authors: Andrew John Zeller, Francis Pouatcha

Abstract:

Working according to the DevOps principle has gained in popularity over the past decade. While its extension DevSecOps started to include elements of cybersecurity, most real-life projects do not focus risk and security until the later phases of a project as teams are often more familiar with engineering and infrastructure services. To help bridge the gap between security and engineering, this paper will take six building blocks of cybersecurity and apply them to the DevOps approach. After giving a brief overview of the stages in the DevOps lifecycle, the main part discusses to what extent six cybersecurity blocks can be utilized in various stages of the lifecycle. The paper concludes with an outlook on how to stay up to date in the dynamic world of cybersecurity.

Keywords: information security, data security, cybersecurity, devOps, IT management

Procedia PDF Downloads 117
157 Strategies and Approaches for Curriculum Development and Training of Faculty in Cybersecurity Education

Authors: Lucy Tsado

Abstract:

As cybercrime and cyberattacks continue to increase, the need to respond will follow suit. When cybercrimes occur, the duty to respond sometimes falls on law enforcement. However, criminal justice students are not taught concepts in cybersecurity and digital forensics. There is, therefore, an urgent need for many more institutions to begin teaching cybersecurity and related courses to social science students especially criminal justice students. However, many faculty in universities, colleges, and high schools are not equipped to teach these courses or do not have the knowledge and resources to teach important concepts in cybersecurity or digital forensics to criminal justice students. This research intends to develop curricula and training programs to equip faculty with the skills to meet this need. There is a current call to involve non-technical fields to fill the cybersecurity skills gap, according to experts. There is a general belief among non-technical fields that cybersecurity education is only attainable within computer science and technologically oriented fields. As seen from current calls, this is not entirely the case. Transitioning into the field is possible through curriculum development, training, certifications, internships and apprenticeships, and competitions. There is a need to identify how a cybersecurity eco-system can be created at a university to encourage/start programs that will lead to an interest in cybersecurity education as well as attract potential students. A short-term strategy can address this problem through curricula development, while a long-term strategy will address developing training faculty to teach cybersecurity and digital forensics. Therefore this research project addresses this overall problem in two parts, through curricula development for the criminal justice discipline; and training of faculty in criminal justice to teaching the important concepts of cybersecurity and digital forensics.

Keywords: cybersecurity education, criminal justice, curricula development, nontechnical cybersecurity, cybersecurity, digital forensics

Procedia PDF Downloads 105
156 Saudi Human Awareness Needs: A Survey in How Human Causes Errors and Mistakes Leads to Leak Confidential Data with Proposed Solutions in Saudi Arabia

Authors: Amal Hussain Alkhaiwani, Ghadah Abdullah Almalki

Abstract:

Recently human errors have increasingly become a very high factor in security breaches that may affect confidential data, and most of the cyber data breaches are caused by human errors. With one individual mistake, the attacker will gain access to the entire network and bypass the implemented access controls without any immediate detection. Unaware employees will be vulnerable to any social engineering cyber-attacks. Providing security awareness to People is part of the company protection process; the cyber risks cannot be reduced by just implementing technology; the human awareness of security will significantly reduce the risks, which encourage changes in staff cyber-awareness. In this paper, we will focus on Human Awareness, human needs to continue the required security education level; we will review human errors and introduce a proposed solution to avoid the breach from occurring again. Recently Saudi Arabia faced many attacks with different methods of social engineering. As Saudi Arabia has become a target to many countries and individuals, we needed to initiate a defense mechanism that begins with awareness to keep our privacy and protect the confidential data against possible intended attacks.

Keywords: cybersecurity, human aspects, human errors, human mistakes, security awareness, Saudi Arabia, security program, security education, social engineering

Procedia PDF Downloads 160
155 Towards Resilient Cloud Computing through Cyber Risk Assessment

Authors: Hilalah Alturkistani, Alaa AlFaadhel, Nora AlJahani, Fatiha Djebbar

Abstract:

Cloud computing is one of the most widely used technology which provides opportunities and services to government entities, large companies, and standard users. However, cybersecurity risk management studies of cloud computing and resiliency approaches are lacking. This paper proposes resilient cloud cybersecurity risk assessment and management tailored specifically, to Dropbox with two approaches:1) technical-based solution motivated by a cybersecurity risk assessment of cloud services, and 2)a target personnel-based solution guided by cybersecurity-related survey among employees to identify their knowledge that qualifies them withstand to any cyberattack. The proposed work attempts to identify cloud vulnerabilities, assess threats and detect high risk components, to finally propose appropriate safeguards such as failure predicting and removing, redundancy or load balancing techniques for quick recovery and return to pre-attack state if failure happens.

Keywords: cybersecurity risk management plan, resilient cloud computing, cyberattacks, cybersecurity risk assessment

Procedia PDF Downloads 142
154 Towards the Management of Cybersecurity Threats in Organisations

Authors: O. A. Ajigini, E. N. Mwim

Abstract:

Cybersecurity is the protection of computers, programs, networks, and data from attack, damage, unauthorised, unintended access, change, or destruction. Organisations collect, process and store their confidential and sensitive information on computers and transmit this data across networks to other computers. Moreover, the advent of internet technologies has led to various cyberattacks resulting in dangerous consequences for organisations. Therefore, with the increase in the volume and sophistication of cyberattacks, there is a need to develop models and make recommendations for the management of cybersecurity threats in organisations. This paper reports on various threats that cause malicious damage to organisations in cyberspace and provides measures on how these threats can be eliminated or reduced. The paper explores various aspects of protection measures against cybersecurity threats such as handling of sensitive data, network security, protection of information assets and cybersecurity awareness. The paper posits a model and recommendations on how to manage cybersecurity threats in organisations effectively. The model and the recommendations can then be utilised by organisations to manage the threats affecting their cyberspace. The paper provides valuable information to assist organisations in managing their cybersecurity threats and hence protect their computers, programs, networks and data in cyberspace. The paper aims to assist organisations to protect their information assets and data from cyberthreats as part of the contributions toward community engagement.

Keywords: confidential information, cyberattacks, cybersecurity, cyberspace, sensitive information

Procedia PDF Downloads 259
153 Cybersecurity Awareness through Laboratories and Cyber Competitions in the Education System: Practices to Promote Student Success

Authors: Haydar Teymourlouei

Abstract:

Cybersecurity is one of the greatest challenges society faces in an age revolving around technological development. With cyber-attacks on the continuous rise, the nation needs to understand and learn ways that can prevent such attacks. A major contribution that can change the education system is to implement laboratories and competitions into academia. This method can improve and educate students with more hands-on exercises in a highly motivating setting. Considering the fact that students are the next generation of the nation’s workforce, it is important for students to understand concepts not only through books, but also through actual hands-on experiences in order for them to be prepared for the workforce. An effective cybersecurity education system is critical for creating a strong cyber secure workforce today and for the future. This paper emphasizes the need for awareness and the need for competitions and cybersecurity laboratories to be implemented into the education system.

Keywords: awareness, competition, cybersecurity, laboratories, workforce

Procedia PDF Downloads 334
152 Cyber-Softbook: A Platform for Collaborative Content Development and Delivery for Cybersecurity Education

Authors: Eniye Tebekaemi, Martin Zhao

Abstract:

The dichotomy between the skills set of newly minted college graduates and the skills required by cybersecurity employers is on the rise. Colleges are struggling to cope with the rapid pace of technology evolution using outdated tools and practices. Industries are getting frustrated due to the need to retrain fresh college graduates on skills they should have acquired. There is a dire need for academic institutions to develop new tools and systems to deliver cybersecurity education to meet the ever-evolving technology demands of the industry. The Cyber-Softbook project’s goal is to bridge the tech industry and tech education gap by providing educators a framework to collaboratively design, manage, and deliver cybersecurity academic courses that meet the needs of the tech industry. The Cyber-Softbook framework, when developed, will provide a platform for academic institutions and tech industries to collaborate on tech education and for students to learn about cybersecurity with all the resources they need to understand concepts and gain valuable skills available on a single platform.

Keywords: cybersecurity, education, skills, labs, curriculum

Procedia PDF Downloads 92
151 Digital Immunity System for Healthcare Data Security

Authors: Nihar Bheda

Abstract:

Protecting digital assets such as networks, systems, and data from advanced cyber threats is the aim of Digital Immunity Systems (DIS), which are a subset of cybersecurity. With features like continuous monitoring, coordinated reactions, and long-term adaptation, DIS seeks to mimic biological immunity. This minimizes downtime by automatically identifying and eliminating threats. Traditional security measures, such as firewalls and antivirus software, are insufficient for enterprises, such as healthcare providers, given the rapid evolution of cyber threats. The number of medical record breaches that have occurred in recent years is proof that attackers are finding healthcare data to be an increasingly valuable target. However, obstacles to enhancing security include outdated systems, financial limitations, and a lack of knowledge. DIS is an advancement in cyber defenses designed specifically for healthcare settings. Protection akin to an "immune system" is produced by core capabilities such as anomaly detection, access controls, and policy enforcement. Coordination of responses across IT infrastructure to contain attacks is made possible by automation and orchestration. Massive amounts of data are analyzed by AI and machine learning to find new threats. After an incident, self-healing enables services to resume quickly. The implementation of DIS is consistent with the healthcare industry's urgent requirement for resilient data security in light of evolving risks and strict guidelines. With resilient systems, it can help organizations lower business risk, minimize the effects of breaches, and preserve patient care continuity. DIS will be essential for protecting a variety of environments, including cloud computing and the Internet of medical devices, as healthcare providers quickly adopt new technologies. DIS lowers traditional security overhead for IT departments and offers automated protection, even though it requires an initial investment. In the near future, DIS may prove to be essential for small clinics, blood banks, imaging centers, large hospitals, and other healthcare organizations. Cyber resilience can become attainable for the whole healthcare ecosystem with customized DIS implementations.

Keywords: digital immunity system, cybersecurity, healthcare data, emerging technology

Procedia PDF Downloads 67
150 Combined Safety and Cybersecurity Risk Assessment for Intelligent Distributed Grids

Authors: Anders Thorsén, Behrooz Sangchoolie, Peter Folkesson, Ted Strandberg

Abstract:

As more parts of the power grid become connected to the internet, the risk of cyberattacks increases. To identify the cybersecurity threats and subsequently reduce vulnerabilities, the common practice is to carry out a cybersecurity risk assessment. For safety classified systems and products, there is also a need for safety risk assessments in addition to the cybersecurity risk assessment in order to identify and reduce safety risks. These two risk assessments are usually done separately, but since cybersecurity and functional safety are often related, a more comprehensive method covering both aspects is needed. Some work addressing this has been done for specific domains like the automotive domain, but more general methods suitable for, e.g., intelligent distributed grids, are still missing. One such method from the automotive domain is the Security-Aware Hazard Analysis and Risk Assessment (SAHARA) method that combines safety and cybersecurity risk assessments. This paper presents an approach where the SAHARA method has been modified in order to be more suitable for larger distributed systems. The adapted SAHARA method has a more general risk assessment approach than the original SAHARA. The proposed method has been successfully applied on two use cases of an intelligent distributed grid.

Keywords: intelligent distribution grids, threat analysis, risk assessment, safety, cybersecurity

Procedia PDF Downloads 153
149 Navigating Cyber Attacks with Quantum Computing: Leveraging Vulnerabilities and Forensics for Advanced Penetration Testing in Cybersecurity

Authors: Sayor Ajfar Aaron, Ashif Newaz, Sajjat Hossain Abir, Mushfiqur Rahman

Abstract:

This paper examines the transformative potential of quantum computing in the field of cybersecurity, with a focus on advanced penetration testing and forensics. It explores how quantum technologies can be leveraged to identify and exploit vulnerabilities more efficiently than traditional methods and how they can enhance the forensic analysis of cyber-attacks. Through theoretical analysis and practical simulations, this study highlights the enhanced capabilities of quantum algorithms in detecting and responding to sophisticated cyber threats, providing a pathway for developing more resilient cybersecurity infrastructures.

Keywords: cybersecurity, cyber forensics, penetration testing, quantum computing

Procedia PDF Downloads 68
148 Information Technology in Assessing Risks and Threats in the Transition of the Brand to the Digital Environment

Authors: Spanova Yerkezhan, Amantay Ayan, Alimzhanova Laura

Abstract:

This article discusses the concept of rebranding and its relationship to cybersecurity. Rebranding is the process of changing the appearance and image of a company or organization in order to appeal to new customers or change the perception of a company. It can be a powerful tool for businesses looking to renew their reputation or expand into new markets. In today's digital age, companies increasingly rely on technology and the internet to conduct business; rebranding can also present significant cybersecurity risks. This is because a rebranding effort can create new vulnerabilities for companies, particularly in terms of their online presence. This article explores the potential hazards associated with rebranding and provides recommendations for mitigating those risks. It also highlights the importance of considering cybersecurity in the rebranding process and how it can be integrated into the overall strategy for a successful and secure rebranding.

Keywords: rebranding, cybersecurity, cyberattack, logo, vulnerability

Procedia PDF Downloads 166
147 Emerging Threats and Adaptive Defenses: Navigating the Future of Cybersecurity in a Hyperconnected World

Authors: Olasunkanmi Jame Ayodeji, Adebayo Adeyinka Victor

Abstract:

In a hyperconnected world, cybersecurity faces a continuous evolution of threats that challenge traditional defence mechanisms. This paper explores emerging cybersecurity threats like malware, ransomware, phishing, social engineering, and the Internet of Things (IoT) vulnerabilities. It delves into the inadequacies of existing cybersecurity defences in addressing these evolving risks and advocates for adaptive defence mechanisms that leverage AI, machine learning, and zero-trust architectures. The paper proposes collaborative approaches, including public-private partnerships and information sharing, as essential to building a robust defence strategy to address future cyber threats. The need for continuous monitoring, real-time incident response, and adaptive resilience strategies is highlighted to fortify digital infrastructures in the face of escalating global cyber risks.

Keywords: cybersecurity, hyperconnectivity, malware, adaptive defences, zero-trust architecture, internet of things vulnerabilities

Procedia PDF Downloads 22
146 Cybersecurity Protection Structures: The Case of Lesotho

Authors: N. N. Mosola, K. F. Moeketsi, R. Sehobai, N. Pule

Abstract:

The Internet brings increasing use of Information and Communications Technology (ICT) services and facilities. Consequently, new computing paradigms emerge to provide services over the Internet. Although there are several benefits stemming from these services, they pose several risks inherited from the Internet. For example, cybercrime, identity theft, malware etc. To thwart these risks, this paper proposes a holistic approach. This approach involves multidisciplinary interactions. The paper proposes a top-down and bottom-up approach to deal with cyber security concerns in developing countries. These concerns range from regulatory and legislative areas, cyber awareness, research and development, technical dimensions etc. The main focus areas are highlighted and a cybersecurity model solution is proposed. The paper concludes by combining all relevant solutions into a proposed cybersecurity model to assist developing countries in enhancing a cyber-safe environment to instill and promote a culture of cybersecurity.

Keywords: cybercrime, cybersecurity, computer emergency response team, computer security incident response team

Procedia PDF Downloads 156
145 Net-Trainer-ST: A Swiss Army Knife for Pentesting, Based on Single Board Computer, for Cybersecurity Professionals and Hobbyists

Authors: K. Hołda, D. Śliwa, K. Daniec, A. Nawrat

Abstract:

This article was created as part of the developed master's thesis. It attempts to present a newly developed device, which will support the work of specialists dealing with broadly understood cybersecurity terms. The device is contrived to automate security tests. In addition, it simulates potential cyberattacks in the most realistic way possible, without causing permanent damage to the network, in order to maximize the quality of the subsequent corrections to the tested network systems. The proposed solution is a fully operational prototype created from commonly available electronic components and a single board computer. The focus of the following article is not only put on the hardware part of the device but also on the theoretical and applicatory way in which implemented cybersecurity tests operate and examples of their results.

Keywords: Raspberry Pi, ethernet, automated cybersecurity tests, ARP, DNS, backdoor, TCP, password sniffing

Procedia PDF Downloads 125
144 Digital Governance Decision-Making in the Aftermath of Cybersecurity Crises, Lessons from Estonia

Authors: Logan Carmichael

Abstract:

As the world’s governments seek to increasingly digitize their service provisions, there exists a subsequent and fully valid concern about the security underpinning these digital governance provisions. Estonia, a small and innovative Baltic nation, has been refining both its digital governance structure and cybersecurity mechanisms for over three decades and has been praised as global ‘best practice’ in both fields. However, the security of the Estonian digital governance system has been ever-evolving and significantly shaped by cybersecurity crises. This paper examines said crises – 2007 cyberattacks on Estonian government, banks, and news media; the 2017 e-ID crisis; the ongoing COVID-19 pandemic; and the 2022 Russian invasion of Ukraine – and how governance decision-making following these crises has shaped the cybersecurity of the digital governance structure in Estonia. This paper employs a blended constructivist and historical institutionalist theoretical approach as a useful means to view governance and decision-making in the wake of cybersecurity incidents affecting the Estonian digital governance structure. Together, these theoretical groundings frame the topics of cybersecurity and digital governance in an Estonian context through a lens of ideation and experience, as well as institutional path dependencies over time and cybersecurity crises as critical junctures to study. Furthermore, this paper takes a qualitative approach, employing discourse analysis, policy analysis, and elite interviewing of Estonian officials involved in digital governance and cybersecurity in order to glean nuanced perspectives into the processes that followed these four crises. Ultimately, the results of this paper will offer insight into how governments undertake policy-driven change following cybersecurity crises to ensure sufficient security of their digitized service provisions. This paper’s findings are informative not only in continued decision-making in the Estonian system but also in other states currently implementing a digital governance structure, for which security mechanisms are of the utmost importance.

Keywords: cybersecurity, digital governance, Estonia, crisis management, governance in crisis

Procedia PDF Downloads 112
143 Cyber Attacks Management in IoT Networks Using Deep Learning and Edge Computing

Authors: Asmaa El Harat, Toumi Hicham, Youssef Baddi

Abstract:

This survey delves into the complex realm of Internet of Things (IoT) security, highlighting the urgent need for effective cybersecurity measures as IoT devices become increasingly common. It explores a wide array of cyber threats targeting IoT devices and focuses on mitigating these attacks through the combined use of deep learning and machine learning algorithms, as well as edge and cloud computing paradigms. The survey starts with an overview of the IoT landscape and the various types of attacks that IoT devices face. It then reviews key machine learning and deep learning algorithms employed in IoT cybersecurity, providing a detailed comparison to assist in selecting the most suitable algorithms. Finally, the survey provides valuable insights for cybersecurity professionals and researchers aiming to enhance security in the intricate world of IoT.

Keywords: internet of things (IoT), cybersecurity, machine learning, deep learning

Procedia PDF Downloads 33