CYSE 200T

Cyber threats and attacks are constantly growing in number and the complexity all while he business industry in increasingly becoming more complex and digitalized.  One of the main factors to look at with the unpredictable, is finances.  Small businesses and local government companies are easier to exploit compared to their larger counterpart corporations.  Why? Larger corporations have better, more sophisticated intrusion prevention and detection systems.  Another factor to look at is how companies or these people are communicating.  Digital transformation and IT continue to grow and evolve.  With everchanging devices and programs comes the need for constant trainings and classes to understand and gain the knowledge to work with the new information.  It is crucial to develop trust relationships within organizations and the external parties (vendors, service providers, customers, etc) because the better the trust, the easier it is to work with someone when problems arise.

Even though there are significant increases to cyberattacks and cyber related issues, the fast-evolving cyber threat environment requires board members and directors to increase their cyber competencies to help understand cyber risks, evaluate the organizations current cyber programs and initiatives, and evaluate the extent of which these cyber risks will face the corporation.  For instance, let’s say that we have an entire board of directors that aren’t quite understanding something due to their lack of experience.  They can bring in someone from another board or with significantly more experience to have oversight of the organizations cyber security strategies, execution, and their monitoring programs.  This board may even seek outside information to help understand the entirety of a cyber security stance.

Some core features that can help with the short arm predictive knowledge:

1. Securing the involvement of senior leadership, top executives and the board.
2. Raising cybersecurity profiles within organization beyond the IT department, giving security function higher level attention
3. Aligning cybersecurity efforts more closely with companies business strategies.

Galligan, M. E., Herrygers, S., & K. (2019). M A N A G I N G CYBER RISK IN A DIGITAL AGE. Committee of Sponsoring Organizations of the Treadway Commission.

In our current society, it is apparent that victims are more likely to be offenders for cybercrime.  Cybercrime results are suggesting these offenders participate in low0self control and routine activities.  Crime will always be a thing, but the means of which or how it happens are everchanging constantly.  These crimes are taking place in a digital context and space, whereas many traditional crimes were in forms of physical convergences with offenders and victims.

Through cybercrime, it is pretty apparent that cybercrime offenders and victims are largely affected by low self-esteem, partaking in risky online routine activities, substance abuse, and different socio-economic status.  Although cybercrimes are typically committed in a different context compared to traditional crimes, the relationship between the traditional offenders and victimization are the strongest for violent crimes.  Per definition of transitional crimes, it requires physical interaction between victims and the offenders.

Some of these interactions can be explained from the risks like low self-esteem or the way someone grew up.  Some forms of cybercrime are easier to carry out, they may provide the serotonin or dopamine rush, instant gratification.  These events can possibly provide multiple opportunities for the offender too, perhaps digital piracy.  It is noted that these attacks were specific.  The targeting for victims was random, usually resulting from the personal characteristics and behaviors of the victims.  As stated before, those with low self-esteem.  It would be easier to target them because they would not appear to be very confident with their standings, therefore easier to influence into doing something.

Another risk factor of online routine activity is the fact that it may enable digital conversation of such offenders and victims.  It then may be associated with cybercrime offender-victim overlaps.  It was reported that individual involvement of these cybercrime activities may significantly increase risk of victimization.  On top of that, it may be correlated that increased time spent using internet connected devices, social media, email, may increase these risks for interpersonal victimization like online harassment.

Marleen Weulen Kranenbarg, Thomas J. Holt & Jean-Louis van Gelder (2019) Offending and Victimization in the Digital Age: Comparing Correlates of Cybercrime and Traditional Offending-Only, Victimization-Only and the Victimization-Offending Overlap, Deviant Behavior, 40:1, 40-55, DOI: 10.1080/01639625.2017.1411030

Cyber attacks and cybercrime occur daily, and they do not always have a monetary value.  Cybercrime overtime and evolved from theft of digitalized funds, to data.  Cyberattacks are becoming way more complex as time goes on and there are trends occurring where hackers using an “onion-layered attack” approach.  This involves creating attacks using different channels, so while you may be able to find one attack, there are multiple others occurring elsewhere in different locations.  While you may be focused on the one specific area you’ve found the hack, they are stealing even more information and planting more issues further into the system.

It all starts with the basics.  Why is cybersecurity knowledge important? It helps keep us safe, point blank.  It can start all at the most basic principle, sound passwords – they are often the very first line of defense in protecting data.  Majority of people are still using passwords, perhaps they find them as an inconvenience. Engineers can help with this.  They have extensively studies trends and best practices.  They help educate the everyday person on what works best.  Since they are constantly studying programs and updating them, they are the experts.  For instance, lets say that something has gone wrong at work and you’ve been hacked.  It would make the most sense to hire an engineer to figure out what exactly has been compromised and fix it.  They can then run extensive tests to figure out weak points in the system and give the been advice on software/hardware to be implemented.  An engineer is going to know what works best and is going to provide the best security. 

According to Homeland Security, majority of traditional crimes are done through cyberspace.  Through engineers of cybersecurity, they help by designing and evaluating computer-based systems and programs that meet security needs.  They also help analyze systems and identify risks and how to secure them, also developing security and recovery policies appropriate for information systems.

Let’s take a look through the transportation side of things.

Death and injuries from auto related accidents continue to have an impact in trauma in the United States.  Between January and June of 2020, nearly 19,000 people were killed from motor related accidents, and nearly 2.3 million people were seriously injured in 2015 in a span of 6 months.

1. Android Auto

The system allows for the dashboard of acar to display and allow drivers to keep their eyes on the road.  The complications of the system allow for calls, text messages, and usaged of maps without the need for holding a personal devide.  The system is typically touch free as andrioid auto communicates with the driver through the audio system.

• Apple CarPlay

Apple CarPlay is very similar to Android Auto, but just for Apple users.  Generally, it has the same functions, like the ability to make phone calls, receives text messages and reply, using maps and so one.  The interface is typically the biggest difference, but some apps won’t even let the operator open them as long as the car is in drive.

• The idea of locating lost things or finding people

iPhones now have the ability to locate lost things or find people with such location turned on.  It is called Find My iPhone.  If you have any type of apple device, it will allow you to sign in with your iCloud account and connect via Bluetooth and allow you to find it on a map.  The location is actually pretty precise.  One of the better functions is that you can share you location with people whom also have an iPhone.  I personally find this beneficial because if I am out with friends or somewhere that is questionable, I can tell someone and they can track my location.  What if someone kidnapped me, as long as I have my phone on me and the battery isn’t dead, it would give someone time to locate me

Less safe.

1. Tracking.  We can literally track anyone at any time if they have some electronic device on them. 
2. The internet holds so much information out there.  We have endless opportunities to do things with them.  I could put something up for sale that is no where near what it is listed to be.  Someone could be talking to someone they think is who they say they are, meet up with them and they are someone totally different and dangerous.  It is possible to speak through a screen and harass people.  I think this makes things especially dangerous for the younger generations because they could be impressionable and more outlets to be bullied and so one.
3. Everything is becoming computerized.  We are trying to create robots to do human functions. Just as humans malfunction, I think it may be easier to “control” such or handle it, but what if all these robots start malfunctioning.  It wouldn’t be as easy to deal with that.

Anyone who has a computer or some sort of computerized device, has the possibly of becoming infected with malware or viruses especially because software is constantly updating.  A computer virus essentially interferes with the performance of a device by replicating itself and spreading throughout an operating system – kind of like a human with a viral infection and getting sick.  It is possible to potentially notice if a system or operating platform is infected with a virus because you man notice programs become damaged, files are randomly deleted or reformatted differently, performance may be significantly reduced, or the entire system just crashes.  But how does one check the security of our own personal devices?

First of all, the best way to manage safety is through prevention.  Stopping something before it happens, being practice instead of reactive.  One the damage is done, it is usually going to take ignorantly more time and money to handle it.  Using antivirus protection and antispyware software is a good first step to take.  With these added safety precautions, it is also important to make sure the software/hardware that we are using, we are double checking that they are the most up to date current versions.  It wouldn’t be very beneficial to have programs installed but neglect to update them, it would be counterproductive.  Regularly back up files somewhere or multiple places in case something were to happen.  Another way to check the security of your system or using different tolls to evaluate how vulnerable your operation system may be.  It would seem to be common sense to not just click on the first link that says something like “click here to test your computer!!!!” followed by a bunch of flashing arrows, multiple pop up boxes appearing, and bright colors on the screen.  Do the research to figure out what system would be the best fit and legit.  It is possible to have these programs run tests on your computer to figure out where there are leaks or breaking points. 

More options to consider is testing computer settings.  They should be able to check under use account passwords and alert you if there are weak/disabled passwords.  With the technology today, a lot of web browsers or account allow you to save a password, so you never have to re=enter them, it’s like an automatic log in.  This is useful, but dangerous.  Sure, it is a personal device, but anything could happen, and someone could steal your phone and now they have access to all your accounts.  Essentially it just comes down to double checking everything on your computer: plug-ins, auto enter information, updating programs and software for the most current versions and etc.

Developing a solid cyber risk culture and technical files are good company moves right off the bat.  The tighter and more secure the defense is up front, the easier it is and more benefits on the back end.  Frist of all, strong cybersecurity practices will improve the company’s brand and the ability for growth or new partners/clients. It is believed many corporate leaders think a strong cybersecurity program will increase a company’s speed and profitability to market. 

The tools in place with an organization are essential, but it is even more crucial for information to be secured and the ways of which it is managed.  Rather focusing on only one risk and ensuring everything is one hundred percent for it, companies would benefit more so planning for an all-inclusive, all hands approach for cybersecurity plans.  Knowing what risks such business is dealing with can help effectively plan for what is necessary.  For example, the top security threats typically are malware, phasing, ransomware, files less attacks and human errors.  Breaking down possible cost hits are usually pretty intense and extravagant.  The average cost to malware breaches or issues sits around 2.4 million dollars according to research done by Accenture.  Typically, it could take nearly fifty days for a business to identify, address, patch, and repair affected systems.  Phishing a single lost or stolen account can cost nearly 200 dollars or more.  This does not even account for the possible thousands or more stolen records.  There is a solid chance that if one record/account has been stolen, the person on the other end did not stop there and took even more.  Ransomware can be extremely destructive between the events occurring, system downtime, lost or damaged data, patching systems, and training personnel in the end on handling and spotting it sooner.  Such ransomware attacks to business could cost upwards of 11.5 million dollars.  Fileless attacks could cost nearly 5 million if they are fully contained.  Human error accounts for nearly twenty seven percent of data breaches and could cost almost 150 dollars per compromised data record, which can take a substantial amount of time to recover and reconcile.

First and foremost, cyber technology is ever changing. It consistently changing offers more opportunities for job and ideas to be presented. Different scopes, different requirements, several positions can be created. Workplace deviance is defined as “deliberate, malicious attempts to sabotage an organization by causing problems within.” Deviance can occur from a frustrated worked whose been laid off and an IT department did not remove their credentials from their office or workstation.  This then allows the ex-worker to remain authorized and have access – giving them the ability to hack or harm the company any way they decide to.  Another example so when setting up profiles by an IT member, such IT worker can accidently assign too many access points to a specific person and that person would then have access to various accounts and files that they should not have. It is very possible that this data could contain sensitive data that should not be given out, especially for the public eye.  For instance, it would be like working at a top-secret location, perhaps the White House, and something is TOP-SECRET and it gets into the wrong hands of someone.  There would then be an issue of a national emergency.  It could mean that there were plans that were supposed to be discreate.  The moment that something gets out to the public, it essentially spreads like wildfire.  With the technology that we have today, even if you “get rid of it” on the original server or location that it was, there is a pretty-solid chance that the information is now in multiple locations because someone copied it.  There are always records.  That is why it is crucial for there to be multiple steps of precaution in place.  All it takes is an upset coworker, someone who thinks that they have been done wrong so they want payback, or just an accidental slip up.

Cyber technology has offered a lot of different scopes for workplace deviance.  People could abuse their power and authorization for specific accounts or information. You have people who could work in hospitals and maintain private records – they could very well go in an get information from someone to use to their benefit and steal information, or find out where they live. 

Four jobs related to cybersecurity:

1. Business
2. Management
3. Marketing
4. Health Professions

Healthcare

Hospitals are massive corporations with hundreds of thousands of patients that are constantly walking through their doors.  This means hundreds of thousands of patient records being maintained.  Data breaches were amongst one of the largest reported incidents when it came down to data security in 2015 (USF Health).  While electronic healthcare records (EHR) create efficiency, cut down on time, and provide better organization, it still can allow and create a large attack surface.  It is easy to miss small hacks and breaches with such large corporations, especially if it isn’t directly making an impact right off the bat.  It was noted to be common that major healthcare organizations were not implementing any method of cybersecurity until major breaches occurred.  It is crucial to have cybersecurity standards in place because “healthcare organizations are experiencing at least one hacking incident per month over the previous 12 months.” It’s noted that hackers are mostly focusing on software vulnerabilities, and hospitals don’t seem to be focused on IT “cleanliness” and its integration in the company.  Healthcare largely relates to cybersecurity – just think about how many systems and monitors are constantly connected to a network or the internet.

Cybersecurity Management

Cybersecurity management is more than just managing software/hardware and working with firewalls.  It is a key functioning piece in organizations as it helps keep a balance between trust and a “healthy” cybersecurity program. A solid program will later help a company with possibly customers and their trust, managing budget from prevention of hacks and so forth.  According to PARANET, 35 data records were stolen every second in 2016 and the average security breach expense is expected to be around 150 million.  Ideally, companies should be proactive and not reactive.  If they focus on prevention, they can help establish a solid strategy that will fit within budgets and so on.  A large role in functioning cybersecurity is training which should incorporate all employees, contractors, vendors, etc.  Training is not simply one and done, it is a consistent evolution.  Cybersecurity is constantly changing, technology is ever-changing as well.

Small Business

Businesses are everywhere, they can be as basic as just using emails and maintaining websites, or owning a massive business corporation that is worldwide.  Regardless, it is crucial to mitigate risks and watch for fraud or theft (physical or digitally). As the previous jobs and majors stated, maintaining personal information is extremely important.  Small businesses may not have as much personal information as a healthcare setting, but they will have personal information like addresses and credit cards stored – which is why it is important to have a solid foundation so it isn’t accessible to the general public. 

Marketing

Marketing can play several roles in cybersecurity; target for hackers, a risk for enterprises, or be an advocate for cybersecurity awareness. 

Role 1: Marketing as a target

Marketers make it easier for hackers trying to compromise organizations cybersecurity programs because they are typically more open than just the typical everyday person or company. Marketers may have a larger social media presence, constantly promoting things or looking for promos.  It would be considerably easy for a hacker to send a malicious link and someone open it in an email and now everything is compromised.

Role 2: Marketing as the risk factor

It is important for marketers to realize and understand the important in working with IT on security protocols when newer technology is introduced.

Role 3: Marketing as the champion

Create a culture in cybersecurity that ensures and promotes the important of training, good password protocols, physical security enforcement, social engineering awareness and so forth.

Creative, 3. (2020, May 05). What you need to know about cyber security management. Retrieved March 10, 2021, from https://www.paranet.com/2018/02/16/what-you-need-to-know-about-cyber-security-management/

Cybersecurity for small business. (2020, January 17). Retrieved March 10, 2021, from https://www.fcc.gov/general/cybersecurity-small-business

Healthcare cybersecurity job description. (2020, November 02). Retrieved March 10, 2021, from https://www.usfhealthonline.com/resources/career/healthcare-cybersecurity-jobs/

Rizkallah, J. (2017, December 05). Council post: The role of marketing in cybersecurity. Retrieved March 10, 2021, from https://www.forbes.com/sites/forbestechcouncil/2017/12/05/the-role-of-marketing-in-cybersecurity/?sh=6f4d2a582027

Create your own business

Yacht GPS software

Back-up systems – learn them to help people/customers

Engineer systems/maintaining systems

Rent out property to a cybersecurity property

Security consultations

Ethical hacking

Create penetration testing for companies

User support technician

Rate other companies and offer comparisons

IT outsourcing

Teach cybersecurity classes

You can become a security guard (physcial security)

Comparing China and the United States. The United States and China are vastly different, partially because “it is difficult to unpack, mainly because it does no fir traditional interpretations of how a state regulates operations in other non-cyber domains” (Potter).  The United States seems to really struggle with responding to China’s cybersecurity policy. Reason 1: “Scale is difficult to define” (Potter).  It is already difficult as is to get an accurate account of the scale of cyber threats because of the various number of factors, as “companies are often cyber immature.”  In other words, they aren’t practicing solid and secure cyber security regimes.  This can lead to organizations failing to correctly establish protective measures against the threat environment – or simply put, threats will go unnoticed.  If threats go unnoticed, things continue as is, nothing gets fixed, and it provides a false sense of security. Reason 2: “Chine sees cyber security differently – cyber [security] is no exclusively a government enterprise.” The average United States Company, cybersecurity threats are just business risks and “treated as an extension of traditional physical security.”  As stated by most governments, especially the United States, cyber security falls under two primary categories: extension of traditional espionage and extension of weapons development.  In China, there is nothing more to it – they consistently use “cyber security attacks as a natural extension of its sovereignty.” Within China, more specifically, Beijing define cyber security as ownership and control.  Those doing business are required to comply with regulations set forth.