Article Review # 2: The nature of losses from cyber-related events: risk categories and business sectors.<\/p>\n\n\n\n
Melissa Baddie<\/p>\n\n\n\n
School of Cybersecurity, Old Dominion University<\/p>\n\n\n\n
CYSE201S: Cybersecurity and the Social Sciences<\/p>\n\n\n\n
Professor Diwakar Yalpi<\/p>\n\n\n\n
November 7, 2025<\/p>\n\n\n\n
This article review is in regard how many industrial devices and critical infrastructure (CI) are connected to the internet and are vulnerable to cyber-attacks. The focus of cyber-attacks used by Open-source Intelligence tools (OSINT), social engineering, and open-source surface-web platforms (Google, YouTube, Reddit, and Shohan). The article exposes the amount of data that is available to malicious attackers were to take advantage and the need to implement training, awareness and policies and procedures to secure these industrial systems and CI.<\/p>\n\n\n\n
In the article the principle of objectivity was used during the research. There were never any opinions, the tone maintained an overview, while attempting to \u201clocate insight on the potential threat surface web data could pose to CI facilities, as well as aid in the development of more rigorous mitigation strategies and recommendations to CI vendors to prevent from future cyber-attacks\u201d (Yuxuan (Cicilia) Zhang, 2022).<\/p>\n\n\n\n
Given the lack of research on the types of open-source data related to CI accessible on surface-web platforms became the catalyst for the paper and below research questions.<\/p>\n\n\n\n
RQ1. What types of CI-related data can be found from the surface web?<\/p>\n\n\n\n
RQ2. How can these data be useful for malicious cyber-attacks?<\/p>\n\n\n\n
Although there hasn\u2019t been research involving cyber-attacks, the authors observed a substantial increase in the quantity and frequency of attacks as well as hacking against organizations and businesses. The information was retrieved from surface-web platforms, advanced internet of Things (IoT), exposure of industrial devices, OSINT and social engineering.<\/p>\n\n\n\n
The research method used was qualitative, and data was collected by using keyword queries in four open-source search engines and websites including Google, Reddit, YouTube, and Shodan on the surface web. The authors elected to exclude open-source data from privacy-oriented programs like Darknet and DuckDuckGo, as they weren\u2019t as easily accessible in the dark web. In addition to private platforms aren\u2019t monitored by the government institutions, therefore encryption is high and in addition to the probability of malicious actors to being user on those platforms. They narrowed down to eighty-six dependent variable keywords, to be used.<\/p>\n\n\n\n
The data was analyzed by conducting four rounds of a coding process and any duplicated or irrelevant results were removed. The coding and analysis were completed by the authors and three themes were discovered: \u201cindirect reconnaissance\u201d data, \u201cProof-of-concept codes\u201d and \u201cEducation materials. Their research was consistent with that of previous literature. Indirect reconnaissance data assisted hackers indirectly during their research stage of cyber attack kill-chain, providing them with strategy, methods to avoid detection, malware choice, and ideal targets. Proof of concept codes allow security researchers to perform and understand exploits, and improve, but is also vulnerable for malicious hackers. Training courses offering coding and ethical hacking on open-source websites, people are providing personal information. This is perfect for social engineering for the unsuspecting person with no knowledge of computer skills or cyber awareness.<\/p>\n\n\n\n
This article has valuable information for those who are not familiar with cyber threats and vulnerabilities, especially for the marginalized communities. If they are interested in learning about cybersecurity, ethical hacking, and they receive a phishing email then they have now become a victim. The same could be said for employees, as stated in the article that women are more likely to me victims as they are less knowledgeable about cyber threats.<\/p>\n\n\n\n
This article is needed as a reminder that our critical infrastructure and industrial devices are more reliant on the electronic grid and vulnerable. It\u2019s the responsibility of not just governmental organizations but society to be aware of the cyber threats. Especially while using YouTube how to videos, open -sourced search engines, the idea that if a person is attempting to better themselves by taking cyber awareness courses such as ethical hacking and that could become a victim proves the value of this article.<\/p>\n\n\n\n