Introduction
For the past two decades, the Internet has been a significant tool for global communication, enhancing the lives of people around the world. According to Azizi and Haass (2023), innovations around Internet applications have increasingly enhanced their performance and availability, as evidenced by the fact that more than 3 billion people have access to the Internet. Currently, nearly all communications and interactions between countries for economic, social, cultural, and commercial activities between individuals, organizations, or governments are conducted over cyberspace. The above implies that sensitive information is generated, transferred, and managed within cyberspace. According to Boubiche et al. (2021), the majority of financial transactions holding very sensitive information are currently conducted within cyberspace. Instabilities, challenges, or cybercrimes conducted in cyberspace have a direct impact on people’s lives and the working efficiency of governments and organizations (Khan, 2019). The study intends to provide a comprehensive understanding of the current trends in the management of cybersecurity, the effectiveness of the approaches, and trends in the challenges in the management of cybersecurity. Observations by Li and Liu (2021) indicated that cyber organizations must stay ahead of the curve on cyberspace security solutions beyond normal organizational security surveillance. Similarly, Azizi and Haass (2023) highlighted that exploring current cyber security challenges intervenes in the early implementation of security solutions, allowing for secure air traffic control. Findings from the study will be critical in informing cyber organizations of the new trends in managing cybersecurity challenges and provide insights on the appropriate and effective techniques for countering the challenges. Insights generated from the study will contribute to the existing knowledge of the development trends in the management of cyber organizations. Based on the above, the main purpose of the current study is an exploration of developments and challenges encountered in managing cyber organizations.
Background
Cyber organizations have been playing a fundamental role in enabling and supporting cyberspace communications between individual, organizational, and governmental activities. However, Cabaj et al. (2018) highlighted that global cyberspace innovations have continually created overlapping cyberspace controls where actors have conflicting legal and strategic interests. According to Khan (2019), the continual production of computer hardware and software products and the increasing scalability of cyber domains have made it impossible to guarantee a secure cyberspace supply process. The above have posed increased risks to the development and management of cyber organizations due to emerging cybersecurity challenges. In the wake of increased cyber threats, organizations have implemented security approaches to secure system network data from impeding cyber-attacks. Boubiche et al. (2021) underlined that popular cyber security measures adopted by organizations include Firewalls, multi-authentications, access controls, data encryption and vulnerability management techniques. Findings by Li and Liu (2021) indicated that although current security techniques have been fundamental in securing organizational networks, cyber organizations continue to face increasing cyber threats. However, increased accessibility, individual anonymity, and lack of transparency over cyberspaces have compromised the effectiveness of cyberspace, creating opportunities for organized crimes, cyber warfare, and cyber terrorism Boubiche et al. (2021). In their study, Azizi and Haass (2023) underlined that widespread cyberspace challenges, such as the introduction of viruses that potentially attack and corrupt government and business systems, causing major disruptions, have posed an increased threat to air traffic control. Li and Liu (2021) defined cyber security as the measures taken to protect and manage critical information, data, and system networks from any internal and external cyber threats. Cyber security is an essential duty in the management of cyber organizations. Li and Liu (2021) highlighted that for optimal cyber security, organizations should demonstrate vigilance in network security, application security, information security, operational security, cloud security, and user training. Failure to secure all the aspects of organizations’ air traffic control systems increases threats of unauthorized access to the organizational system. The study aims to explore developments and challenges encountered in managing cyber organizations.
Research objectives
The research aims to gain a deeper understanding of the challenges of managing cyber organizations. The study seeks to meet the following key objectives.
- To explore trends in the development and management of cybersecurity
- To determine the effectiveness of cyber security techniques adopted by organizations
- To examine challenges encountered in the management of cybersecurity
Literature Review
This chapter includes a review of existing literature on the management of cyber security in organizations.
Development of Cyber Security
Existing studies present different definitions of cyber security. According to Perwej et al. (2021), it refers to a range of measures taken to protect computer devices and networks from attacks. In a different study, Kaur and Ramkumar (2022) see them as a set of processes and procedures aimed at protecting computer devices from unauthorized access and attacks. Based on these definitions, it is evident that cyber security aims to protect computing devices from any malicious attacks (Kaur and Ramkumar, 2022; Perwej et al., 2021). These protective elements ensure that the data stored or transmitted through computing devices and networks are safe from any kind of attack.
A number of scholars have examined the effectiveness of cyber security in the modern-day digital environment (Ghelani et al. 2022; Perwej et al. 2021). Perwej et al. (2021), for instance, argued that information shared over computing networks often contains sensitive elements, such as financial data or personal information, which require restricted access. Often, access to such information may have negative implications for organizations. Currently, data from Statista indicates that losses as a result of cybercrime activities have doubled over the last three years as a result of the evolving nature of cyber threats. The above is confirmed by recent studies, including Aslan et al. (2023) and Kaur and Ramkumar (2022), who also found some significant increases in cybercrimes. The above, therefore, justifies the need to adopt appropriate cyber security measures.
There are a number of frameworks that provide guidelines on the management of cyber security risks in organizations. As noted by Ganin et al. (2020), the frameworks provide a clear set of standards that could be easily adopted across different industries. Findings by Ganin et al. (2020) are consistent with Aslan et al. (2023), who noted that the frameworks ensure alignment with industry best practices, which provides a basis for continuous improvement. Among them is the National Institute of Science and Technology (NIST) framework. The framework provides businesses with a list of best practices that could be used to protect businesses. These practices are often tailored based on the size and nature of the business (National Institute of Science and Technology, 2022). Others include the International Organization for Standardization (ISO) 27001, which provides a series of best practices and specific issues to be met in managing cyber security risks (International Organization for Standardization, 2023). Are frameworks specific for different sectors and industries, such as the Health Insurance Portability and Accountability Act (HIPAA) in the health sector and the Service Organization Control (SOC) Type 2 in accounting? The frameworks are, therefore, important in enabling businesses to examine their positions in regard to managing cyber security risks while adhering to the best practices across the different industries.
Cyber Security Techniques
Authentication of data is a significant technique that enhances the integrity and authenticity of data. It entails verification of the identity of users and ensuring that every data being accessed is not tampered with. To achieve this, different techniques are utilized, such as digital signature and encryption, where sensitive information is protected from unauthorized modifications (Reddy and Reddy, 2014). In a similar study, Zheng et al. (2022) argued that password security and access control would be essential in ensuring that only authorized individuals can access specific resources or perform particular actions. The above technique entails the implementation of user authentication mechanisms such as usernames and passwords and two-factor authentication (Culot et al. 2019). On the other hand, strong password policies have been significantly enhancing system security and preventing unauthorized access. Malware scanners are also essential cyber security techniques that assist in detecting and removing malicious software from computer systems. The above scanners are designed to perform regular scans of files and systems. Equally, malware scanners can also assist in the identification of different types of malware, such as viruses, worms, and ransomware, in order to prevent and mitigate the damage caused by such threats. According to Reddy and Reddy (2014), firewalls have been acting as a barrier between internal networks and external networks in order to protect systems from unauthorized access and malicious traffic. They assist in analyzing incoming and outgoing network traffic through consideration of predefined rules, either by enabling or blocking specific communications (Kaur and Ramkumar, 2022). Through firewalls, individuals are able to monitor and filter traffic, thus detecting suspicious activities and blocking malicious connections.
Challenges in Managing Cyber Security
The application of cyber security processes and techniques in organizations would be associated with a number of challenges. Among them is the evolving nature of the cyber threats. In their study, Hussain et al. (2020) observed that cyber threats have become more sophisticated over time, with the persons involved developing new techniques and ways of executing the threats. In a different study, Spremić and Šimunic (2018) noted the increase in insider threats, making it difficult to fully secure cyberspace. Spremić and Šimunic (2018) and Hussain et al. (2020) agree that the increase in threats makes it difficult to predict all the risks involved, which increases the vulnerability of different organizations. Similarly, the rate of technological development, especially in the context of emerging technologies such as cloud computing, has made it difficult to manage cyber threats effectively. Culot et al. (2019) present a situation where the development of new technologies surpasses the rate of development of new security and threat control measures. As noted by Lackner, Markl, and Aburaia (2018), the above implies that organizations should not only ensure compliance with cybersecurity measures but also remain on par with technological changes. The ability to achieve the above, however, could be based on whether an organization has the relevant resources and personnel to keep in pace with the evolving threat landscape while complying with industry best practices.
Literature Gap
Existing studies have examined different cybersecurity services adopted by organizations (Culot et al., 2019; Kaur and Ramkumar, 2022). However, there is still a gap in the general application of the services across different industries. This would be achieved by determining whether the selected cybersecurity techniques would be generally applicable across a wide range of industries. Equally, there is a gap in determining the effectiveness of cyber security techniques in different organizations. In regard to frameworks for managing cyber security, Zheng et al. (2022) observe that some of the commonly used frameworks may be outdated or contain information that is not sector-specific. In this regard, there would be a need to determine the effective application of cybersecurity standards and frameworks across different industries.
References
Aslan, Ö., Aktuğ, S.S., Ozkan-Okay, M., Yilmaz, A.A. and Akin, E., 2023. A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions. Electronics, 12(6), p.1333.
Azizi, N. and Haass, O., 2023. Cybersecurity Issues and Challenges. In Handbook of Research on Cybersecurity Issues and Challenges for Business and FinTech Applications (pp. 21-48). IGI Global.
Boubiche, D.E., Athmani, S., Boubiche, S. and Toral-Cruz, H., 2021. Cybersecurity issues in wireless sensor networks: current challenges and solutions. Wireless Personal Communications, 117, pp.177-213.
Cabaj, K., Kotulski, Z., Księżopolski, B. and Mazurczyk, W., 2018. Cybersecurity: trends, issues, and challenges. EURASIP Journal on Information Security, 2018(1), pp.1-3.
Culot, G., Fattori, F., Podrecca, M. and Sartor, M., 2019. Addressing Industry 4.0 cybersecurity challenges. IEEE Engineering Management Review, 47(3), pp.79-86.
Ganin, A.A., Quach, P., Panwar, M., Collier, Z.A., Keisler, J.M., Marchese, D. and Linkov, I., 2020. A multicriteria decision framework for cybersecurity risk assessment and management. Risk Analysis, 40(1), pp.183-199.
Ghelani, D., Hua, T.K. and Koduru, S.K.R., 2022. Cyber Security Threats, Vulnerabilities, and Security Solutions Models in Banking. Authorea Preprints.
Hussain, A., Mohamed, A. and Razali, S., 2020, March. A review on cybersecurity: Challenges & emerging threats. In Proceedings of the 3rd International Conference on Networking, Information Systems & Security (pp. 1-7).
International Organization for Standardization, 2022. ISO 27001: 2022. [Online] Available at: https://www.iso.org/standard/27001 Accessed: February 21, 2024
Kaur, J. and Ramkumar, K.R., 2022. The recent trends in cyber security: A review. Journal of King Saud University-Computer and Information Sciences, 34(8), pp.5766-5781.
Khan, D.S.W., 2019. Cyber security issues and challenges in E-commerce. In Proceedings of 10th international conference on digital strategies for organizational success.
Lackner, M., Markl, E. and Aburaia, M., 2018. Cybersecurity Management for (Industrial) Internet of Things–Challenges and Opportunities. Journal of Information Technology & Software Engineering, 8(05).
Li, Y. and Liu, Q., 2021. A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments. Energy Reports, 7, pp.8176-8186.
National Institute of Science and Technology, 2023. The NIST Cyber Security Framework 2.0. [Online] Available at: https://csrc.nist.gov/pubs/cswp/29/the-nist-cybersecurity-framework-20/ipd Accessed: February 21, 2024
Perwej, Y., Abbas, S.Q., Dixit, J.P., Akhtar, N. and Jaiswal, A.K., 2021. A systematic literature review on cyber security. International Journal of Scientific Research and Management, 9(12), pp.669-710.
Reddy, G.N. and Reddy, G.J., 2014. A study of cyber security challenges and its emerging trends on latest technologies. arXiv preprint arXiv:1402.1842.
Spremić, M. and Šimunic, A., 2018, July. Cyber security challenges in the digital economy. In Proceedings of the World Congress on Engineering (Vol. 1, pp. 341-346). Hong Kong, China: International Association of Engineers.
Statista, 2023. Cybercrime and Security. [Online] Available at: https://www.statista.com/markets/424/topic/1065/cyber-crime-security/#overview Accessed: February 21, 2024
Zheng, Y., Li, Z., Xu, X. and Zhao, Q., 2022. Dynamic defences in cyber security: Techniques, methods and challenges. Digital Communications and Networks, 8(4), pp.422-435.
write