The evolution of cyber policy and infrastructure has gone through incredible changes this century. Not only reshaping the way people live their day to day lives, but these advancements have also improved communication, and provided endless career options. It’s easy to see that these improvements have unlocked infinite opportunities, all the while transforming society into a more interconnected space. The evolution of cyber policy and infrastructure has helped individuals, organizations, and governments to expand their digital landscape. The extensive cyber policies that have been created support the foundation of secure online environments, while also protecting privacy and ensuring the integrity of users sensitive information. Although as society grows and expands its current cyber infrastructure, it is crucial for users to be aware that the developments have also opened the door to a variety of risks that should be taken seriously. Three important examples of note are the new growing concerns around workplace deviance, malicious code, and the overarching ethical issues of storing electronic information.

Let’s begin with workplace deviance, anyone can tell that cyber technology has revolutionized the way we work, communicate, and conduct business. Just look at the monumental shift to online work culture that occurred in 2020 after COVID. Although cyber technology has introduced tremendous advancements, it has also introduced new risks and vulnerabilities that can be exploited by individuals with malicious intent or those who engage in workplace deviance.

One significant area where cyber technology enables workplace deviance is through unauthorized access and data breaches. Digital systems and networks can allow individuals to gain unauthorized access to confidential information, steal valuable data, or disrupt operations. This poses a serious threat to organizations and employees can exploit system vulnerabilities or misuse their actual access for personal gain. Cyber technology has enabled the expansion of insider threats, where employees misuse their authorized access to engage in deviant behavior. This includes unauthorized disclosure of sensitive information, using malware, or sabotage of important systems. Insiders have the advantage of having knowledge of the organization’s systems and processes, making their actions even more damaging. Employees could even use their access to manipulate financial records or conduct fraud. Sharing and distributing digital content also contributes to intellectual property violations, where employees may unlawfully use or share information, violating copyrights or non-disclosure agreements.

To mitigate these risks, organizations need to implement strong and well-rounded cybersecurity measures. This includes enforcing strict access controls, regularly updating and patching systems, providing cybersecurity awareness training to employees, and establishing clear policies and guidelines. By promoting a culture of security and vigilance, organizations can minimize the opportunities for workplace deviance facilitated by cyber technology.

Unfortunately, workplace deviance isn’t the only threat one must look for in an organization. In the ever-expanding world of cyber threats, it is crucial for organizations to remain on the lookout for the various forms for all malicious activities. These threats, identified by ISACA (The Information Systems Audit and Control Association), list the following categories: Hacking, Malicious Code, Loss of Intellectual Property, Phishing, Denial of Service, and Insider Damage. Of these categories malicious code has the potential to be the greatest threat. Also known as malware, this code was created with the sole purpose of harming or exploiting computer systems. Malware also comes in many forms, such as viruses, rootkits, and logic bombs.

One of the more dangerous aspects of malware is just how easily accessible it can be. Unlike other forms of cyber threats, using malicious code can be one of the simplest forms for less technical users. Not only is it effortless, but it’s also easily attainable. Some companies exist to specifically sell vulnerabilities and exploits identified in other organizations. Not only that, but these options can be customizable such as zero-day vulnerabilities which are new exploits identified that have not yet been corrected by the organization. An alarming example of the dangers of malicious code can be easily seen in the Stuxnet worm, which was used to infect and harm the Iranian nuclear facilities at Natanz and Bushehr. Something as small as a USB drive has the capability of spreading infection from one connected device to another, almost like a spiderweb.

Developing a deep understanding of cyber threats is essential in creating the needed cybersecurity countermeasures. When we study these threats, we can create policies to address incidents like Stuxnet, like the CIP-010-2 designed to control the vulnerability of smaller storage devices. When organizations are proactive in understanding the past and present cyber threats, it is only then are they enabled to be armed for the future.

When developing robust cybersecurity policies and infrastructure, it is commonly understood that preparing for malicious users is essential. The significance of addressing the ethical issues of storing electronic information however, are often overlooked and should not be forgotten. Storing electronic information about individuals presents several important ethical concerns that should be taken into consideration such as privacy, data protection, and professional responsibility.

In most cases it can be said that the information stored on your personal devices is far more valuable than the devices themselves and for this reason its extremely important to protect personal data. When discussing computer ethics we are referring to the concept of preexisting principals or morals to base decisions on which guide a person on what actions are right or wrong when it comes to this data. Taking that into consideration, as we discuss storing others electronic information there are a few ethical issues to note. As privacy and data protection are essential, it’s important to make sure others personal data are stored securely to prevent unauthorized access, or misuse of this information. Cybersecurity also plays a tremendous role in protecting this information from cyber threats like hackers and unauthorized access such as insider leaks. When personal data is stored by others, they are under the impression it is being used for the purpose they agreed upon when providing the data. People should have a clear understanding of how their data is being collected, stored and used. Being transparent and getting informed consent on the data an organization is maintaining is their professional responsibility to provide. Professional responsibility can be broken into many groups: employer-employee, client-professional, professional-professional and so on. In these scenarios it’s important to ensure you are handling the data of these counterparts as you would want your data handled.

As society continues to advance and expand its cyber infrastructure, it is tremendously important for users to realize that these developments have accidentally created risks that demand our attention. Cyber workplace deviance has grown into a pressing concern, where workers with permissions might maliciously use their access to compromise sensitive information, becoming a threat to the organizations integrity. The expansion of malicious code, such as malware and ransomware, has heightened the risks of cyberattacks, leaving individuals and businesses vulnerable to data breaches. Additionally, the ethical dilemmas surrounding the storage and management of electronic information demand our attention, addressing questions of data ownership, privacy, and accountability. By actively acknowledging and addressing the risks posed by cyber workplace deviance, threats of malicious code, and the ethical dilemmas of electronic information storage, we can make a safer and more secure digital world. Only by staying informed, proactive and responsible, are we able to address these risks and make sure we have continued secure advancement of our cyber infrastructure.

Works Cited:

Electric Grid Security and Resilience: Establishing a Baseline for Adversarial Threats (pp. 36-39)

Fundamentals of Information Systems and Security
https://en.wikibooks.org/wiki/Fundamentals_of_Information_Systems_Security/Information_Security_and_Risk_Management

Ford, Dianne P., et al. “A Review and Extension of Cyber-Deviance Literature: Why It Likely Persists.” The Cambridge Handbook of Technology and Employee Behavior (August) (2019): 544-79

Green, David. “Insider threats and employee deviance: Developing an updated typology of deviant workplace behaviors.” Issues in Information Systems 15.2 (2014): 185-189

Maglaras, Leandros A., et al. “Cyber security of critical infrastructures.” Ict Express 4.1 (2018): 42-45.