Abstract
The behavior in which the association observes the ideal response to a network protection threat is a distant memory. Senior board members need to think hard about how to mitigate, mitigate, and address online security challenges and hazards. Developers continue to develop their strategy by bringing up new themes that harm associations. There’s so much the federation needs to do and this is just the tip of the iceberg, so on a relevant level. A distinction must be made between intrusions, security breaches and specific attacks, which must be reinforced by the choice of meeting room. It is tragic that not all bosses have passed this test, which ultimately puts most authoritative frameworks at risk. This paper first looks at how emerging digital threats force people to make decisions about network security and outlines how these attacks evolved, which attracted more attention.
This means that such associations cannot stick to government initiatives, but they will still be a step forward for programmers to become aware of. This requires agreement, coordination, approaches and procedures to be carried out at the board level. At this point, the document then suggests actions that can be taken to create long-lasting associations after a digital threat.
I. INTRODUCTION
Cyber threats have grown so large and extensively that their consequences tend to impact companies’ valuations, business continuity, and other organizational goals. This turn of events has resulted in network security and data privacy becoming a part of boardroom governance concerns federal government regulators like the Securities and Exchange Commission have, in turn, responded by increasing oversight as well as highlighting the need for public coequnies und entities to make disclosures lated to these risks as well as develop ways so mitigate, restore business processes and cosure continuity and minimize losses Therefore, boards in organizations are promprod devise mom aemion and to these ever-incrning risks while evaluating their corporate readiness for sach threats and attacks.
As organization’s employees usually offer attacken with one among the wesint security chain link. The latest information technology security technologies can provide paramount protection for the core system by not protecting against thorized personnel activities and behavior. Hamun une vulnerable to social angineering attacks on social media platforms. improperly secured networks, and perunal networks, as well as performing business operations through mobile devices. Attackers require a lot of resources and time to tipas modem technologies; therefom, they choose more accessible attack surfaces, which are hunun or company employers. It is increasingly Foving important to embed information communication technology security awareness within all organizational levels. The mearch paper will focus on reviewing the diffent cyber security issues that exist outline how sach cyber-security issues impact the boardroom decisions to come the cyber awareness gap and provide some solutions the impacts of these cyber security issues
II. CURRENT CYBERSECURITY ISSUES
Initially, the internet was a Massing the emne globe. It was seen as something that connected the world and made things much more manageable. However, soon there was the realization that it had presented several challenges that would be hard to eliminate among them cybercrimes. In this technological age, there has been an upsurge in the number of cybercrimes. Even the safest of networks can fall prey to these criminals. The prevention of these crimes to protect organizations begins with a clear understanding of the types of cybercrimes today (Furnell. 2017). The most common examples of cyber-security issues that affect organizations include advertising, identity theft, cyber-stalking, and spams and phishing.
One of the common cyber-crimes is malvertising. This comes from the name malware, which refers to the diverse types of viruses’ existent today. Among these viruses are Trojans, worms, and harmful software. Mal practitioners will send these viruses to computers and systems where they will latch without immediate detection by the users.
Malvertising follows a similar strategy where cybercriminals will use advertisements to introduce malware to the users’ computers. Most of the cybercriminal will begin with clean adverts for a short while. They will then insert malicious ads that users download without their knowledge. The hope of cybercriminals here is to get information from computers or frames that download malicious ads. Sometimes, customers even neglect to distinguish the quality of vengeful ads, because once cybercriminals get the data from their profit, they remove the abuse.
Identity theft is another prevalent cybercrime. This happens when cybercriminals acquire important and highly personal customer data and then use it for the benefit of the first owner. This suggests that actors can access financial accounts and other fundamental areas from a single act like this (Hassan et al. 2018). This type of cybercrime occurs when pieces of data, such as: B. intricacies of banking, are offered on an open platform. This allows programmers to move to access all individual data by attacking these organizations and causing incarnations.
The computer age has also led to the introduction of several stages of web-based media. This makes another type of cybercrime normal in today’s world – digital surveillance. This particular type of cybercrime occurs when someone follows a disastrous internet-based action by their target to gain access to their own data (Briones, Chamoso, & Barriuso, 2016). These practicing cybercriminals had different expectations. Some have had to slander, steal outright, and use the information obtained to destabilize in more extreme cases. Cyberbullying blackmail can occur when a stalker obtains relevant data and asks the next party to offer something of a compromise for their silence. How exactly do digital stalkers access the frame? You can track online media recordings of potential victims. However, in more extreme cases, malicious software is used to track every detail of victims from their computers and even their phones.
The last classification is spams and phishing. Spams are quite common, as almost everyone has received a spam email. The spam may contain viruses and computers that have anti-virus detection software quickly warn the user against this. Phishing is the more severe version. Phishing scams happen when criminals attempt to bait victims into the provision of personal information. This happens by using attractive and tempting offers. The scammers will begin by impersonating big companies. They will then alert the user mostly through email that they have won something, and there is the need for the provision of personal information to get it processed (Hassan et al. 2018). Unsuspecting individuals often send private information to the scammers. What follows is that criminals. can access personal information and use it for all the wrong reasons. Phishing scams are often the genesis of identity theft.
The common cybercrimes that are happening today are advertising, identity. theft, spams and phishing. Internet users can avoid falling prey to these crimes by ensuring that they do not share their personal information online. The users should be careful when replying to emails whose source is unknown and clicking on links,
III. HOW BOARDS ARE SOLVING CYBERCRIMES
It is worth noting that most organizational and business web platforms have become more vulnerable to web application attacks due to the ease of accessing the internet and weaknesses in the operation, design, maintenance, testing, and implementation of such websites. Considering these issues, there is a need for seriously considering the deployment of more resources for purposes of ensuring security to web applications. One of the areas that have been affected by these cyber-security attacks is decision-making into various organizations. Many decisions are made in the boardroom, prompting senior management to pursue a problem-solving approach (Gong and Wang, 2015). It will be indispensable for various organizations and individuals belonging to the online business industry. An important part of ensuring the highest level of security for web applications in an Internet business is exposing managers to danger. a process that integrates implementation methodologies to meet periodic reviews and work on the framework. This includes clear evidence, assessment and risk reduction.
People on board need to understand that network security issues can pose dangers, such as doors opening during their dynamic interactions. This means that if they can foresee the impact of data security on their business, one of the things they can do with network security is that all their information and data can be distorted, which can lead to explosions and loss of critical government data. On the other hand, digital security issues can have several positive aspects (Deshpande et al. 2017). This is due to the fact that busy club members can take advantage of the situation and improve their image by elevating them to a more important level. This can be achieved by instituting safety measures that help ensure that safety people need a change in the way they think and react, and hence the impact.
Unaware, innocent, and uninformed employees or organizations are the personnel who are at the highest risk. Most external attacks on organizations usually utilize social engineering targeting organizational employees. These attacks are generally and loyalty of potential investors and active customers.
a) Evaluation Process
The other way that the emerging cyber-security issues have changed the boardroom’s decisions is through the evaluation process. Every decision made by the top management needs to be evaluated to ensure that it goes to full effect. In the past, all the activities were very analog, where there used to be one way of thinking during the entire decision-making process. However, the emergence of technology and cybersecurity issues has changed how they were thinking in the past. This is due to the fact that evaluation of security programs has become important and mandatory and thus the movement is an example of reflection. If we assume that something is wrong with the establishment of a safety program, the people on board are considered reliable. To avoid it, the people on the ship had to change their way of thinking and reacting and effect accordingly.
Unaware, innocent, and uninformed employees or organizations are the personnel who are at the highest risk. Most external attacks on organizations usually utilize social engineering targeting organizational employees. These attacks are generally opportunistic and exploit activities, including spontaneous communications through social media platforms and email. Therefore, the board of the organizations is inconvenienced on how they will make decisions, especially on how they will combat these cyber-security issues. Additionally, most employees are now utilizing personal devices while at work which increases activities outside their employers’ control, enhancing the need for raising security awareness and education. Most cybersecurity issues can get attributed to human error as well as ignorance. Cybersecurity control and techniques usually plugins, and even programs as an umbrella term. This term overuses, as well as misuse can get attributed to its utilization within an organization where information and data can be lost, making the organization undergo some losses (Briones, Chamoso & Barriuso, 2016).
Revenge programming is an apt term for all malicious programs in general, including infections, trojans, worms what else spyware. A computer infection is a type of malicious program that is usually introduced in a widget when copying it to spread contamination. Some infections can corrupt or delete information, while others mess up the framework or possibly render the program unusable. There are several types of viruses that get categorized based on how they function and their respective targets. Most viruses usually get classified under several categories. These virus examples can include the boot sector, browser hijacker and virtual machines. One of the approaches that are used for detecting misconfigurations legacy options is automated scanners. This nature of security flaws gives attackers” devices, including smart cars tablets smartphones, and computers. This issue occurs when the term PC infection is misused to refer to all suspicious code, email infections, polymorphic infections and direct activity infections and full infections. With this data, orders are given to consider how decisions are made to eliminate infections and prevent them from attacking the product on their computers.
b) Handling New Threats
Cybersecurity issues have also impacted the board members decision making process through the emergence of new threats that need to be handled differently from the previous ones. Studies show that most programmers want to exploit uncorrected bugs or access default accounts, unprotected documents, and unused records to gain unauthorized access to a framework. Importantly, security misconfigurations are common at all levels of the web application stack, including web servers, network management, and application servers, custom code, intelligence base, and pre-recognition of emerging security threats. Similarly, programming testing is an integral part of network security issues. Any application must be tested for vulnerability to all application. security threats. This should include intrusion testing to check whether hackers can penetrate the security systems of the form. If application security is not given priority, the organization will experience economic and social losses. Thus, all the above measures should be put in place to ensure the systems are secure against any form of cyber-attack.
c) Auditing
Secondly, auditing is an essential process for a cyber-security system security environment or any environment. Auditing a Windows environment helps in investigating. Understanding and identifying environmental performances. Verification helps improve the existing human activities and aims to reduce the adverse effects of these activities on the environment.
Environmental auditing is done, and an environmental audit report produced. The issues consisted in the report include the environmental legislation and pressure from clients (Deshpande et al. 2017). Carrying out an environmental audit determines whether an organization’s internal policies, legal requirements, and other know practices are compliant
The auditing baselines that would apply to the Windows environment are the Microsoft Toolkit. Microsoft toolkit contains various compliant tools that organizations can use to configure their settings. The kit includes baselines that use any of the latest 13 Microsoft Operating Systems, such as the Windows Server and Windows 10, whose baseline covers the Core OS and Internet Explorer. The primary determinant that a security professional would look to determine if an OS environment is reaching the benchmark is to check if the systems and software securely configured. Secure configurations always appear at the top (Gupta & Gupta, 2017). Vendors produce the Security Best Practices documents to assist their clients in protecting their infrastructure. If the environment is not reaching the baseline, one would suggest that the management contract trusted an organization that creates the Best Practice Audit the organization assists in producing the Best Practice audits. If the environment is reaching the baseline, the management should seek an alternative review from an external source for a Best Practice audit to ensure compliance.
d) Advanced Systems & Technology
Advancement in new technology allows businesses to use many of the information systems that are used by the more significant undertaking. In so doing, the company will be at risk of many cyber threats associated with large companies. Therefore, the company needs to continue using the information systems with caution to ensure information does not tamper. A small e commerce company is supposed to have an inventory tracking database. This will enable the company to track how much the inventories of the business are in the warehouse, storage room, or store shelves. It is important to have integrated bar codes and scanners for a well-designed tracking system. (Furnell, 2017). It will also help the company to track and monitor products as they move in and out of the store. Secondly, the company needs to be having a payroll and scheduling database. This database will help in managing employee information and the prevention of payroll errors. The company’s accounting system should be accurately kept on track to ensure that finances are not tampered with. The management of this system should be left in the hands of consultants for control. E-commerce businesses and operations are sensitive because any access to information by malicious people can lead to a downfall of the whole organization.
There are proven ways that are used to solve cybersecurity issues, as discussed above. These ways include: software testing, auditing, and using advanced systems and technology. Employing these measures in an organization reduces cybersecurity risks.
IV. CONCLUSION
In conclusion, the board room members must make decisions on behalf of the organization. Cyber-security issues have been rampant in this technological era and are among the choices that need to be made. Due – to this reason, the decision-making patterns have been impacted in several ways where the boardroom members have been made to change their way of thinking towards the cyber-security issues. In contemporary e commerce applications, several vulnerabilities are increasingly affecting the security of computer applications and e commerce web applications. These vulnerabilities pose a considerable threat not only to the individual companies but also to the entire e-commerce industry. For example, most of the online payment applications have compliance issues, so they have significantly become targets of most hackers compared to other web applications. This has led to an enormous loss of data and several identity related problems. The reported losses and problems have been a result of enough t security measures and protocols that are supposed to be put in place as a way of protecting the systems.
Considering how the e-commerce sector is expanding at high speed, if security to these applications is not assured, then gigantic confidential data belonging to online customers will likely fall in the hands of malicious people (Cihan & Akleylek, 2019). Ones they get hold of it, several things may happen where the user information may be used against them, leading to attacks. Companies may also undergo monetary losses due to the hacking activities or the getting hold of data and information by malicious individuals. This is so because the increasing number of e-commerce applications is associated with an increase in web application vulnerabilities as well as increasing security risks.
Among the cases that have been reported include those of phishing attacks. Other threats that have been reported include payment card scams, whether debit cards or credit cards, website spoofing. This happens when passwords of the debit and credit cards are obtained by the malicious individuals and get access to the user accounts where they end up draining all the money saved in the individual accounts. Besides, several vulnerabilities have been reported in fraudulent transactions, malware attacks in the form of viruses and Trojans, infiltrations. data breaches, identity theft, and vandalism. Such attacks call for effective e-commerce web application security management, which aims at the achievement of secure online transactions, ranging from the processing of orders, the operation of payment, clearing. and banking.
V. Recommendations
Cybersecurity is an issue that needs to be addressed by everybody who uses technology. It is the responsibility of every internet user to ensure that their data is safe from attacks. One way of enhancing cybersecurity is by not sharing private information on the net (Lamba et al., 2017). As an internet user, ensure that you do not give information out private details like your date of birth, your address, telephone number, bank account number, and your location.
Cybercriminals: use information to hack into your accounts. Never click on any suspicious link on your computer or phone. Cyber attackers usually send links and entice the users to click on them. These links transfer viruses and other malware to your system, and thus it becomes easy for the attacker to reach you. For security reasons, never reply to an email that you think is suspicious. The cyber attackers send random emails to their targets and request personal information like bank account numbers or telephone numbers. Any mail whose source you cannot authenticate should be ignored.
Log off your accounts when you are not using them. Leaving online accounts open allows cybercriminals to access your data (Ullah et al., 2019). Create strong passwords that are not easy to guess. Avoid using your date of birth or your initials as security passwords because they are easy to guess. A strong password should contain a mixture of symbols, numbers, and characters. You should always block your devices from public viewing. Avoid using public Wi-Fi at all costs because once you log in to your devices using public Wi-Fi, it is easy for hackers to spy on you.
In an organization, the passwords should only be shared with selected people who can be held accountable if anything goes wrong. These passwords should be frequently changed to minimize the chances of other people in the organization mastering them. The passwords should not be written down somewhere because they can get into the wrong hands. An organization’s website and data should be centrally managed because it is easy to monitor who is logging in and what is being done online.
REFERENCES
[1]. Briones, A. G., Chamoso, P., & Barriuso, A. (2016). Review of the leading. security problems with multi-agent systems used in e-commerce applications. ADCAIL: Advances in Distributed Computing and Artificial Intelligence Journal, 5(3), 55-61.
[2]. Cihan, A. T. A. Ç., & Akleylek, S. (2019). A survey on security threats and solutions in the age of loT. Avrupa Bilim ve Teknoloji Dergisi (15), 36-42
[3] Deshpande, V. M., Nair, D. M. K., & Shah, D. (2017). Major Web Application Threats for Data Privacy & Security Detection, Analysis, and Mitigation Strategies. Under Review in International Journal of Scientific Research in Science and Technology PRINT ISSN. 2395-6011. 141
[4]. F. Ullah et al., “Cyber Security Threats Detection in the Internet of Things Using Deep Learning Approach.” in IEEE Access, vol. 7. pp. 124379-124389, 2019, doi: 10.1109/ACCESS.2019.2937347.
[5]Furnell, S. (2017). Cybercrime: Vandalizing the information society (pp. 3-540), London: Addison-Wesley.
[6] Gong, S.. & Wang, Y. (2015. April). Research on Security Strategy of Electronic Websites. Conference Mechanical Commerce Industry In International Advances Engineering Industrial Informatics.
[7] Gupta. S., & Gupta, B. B. (2017). Cross-Site Scripting (XSS) attacks and defense classification mechanisms: state-of-the and art, International Journal of System Assurance Engineering Management, 8(1), 512-530. and Management, 8(1), 512-530.
[8] Hassan, M.M., Nipa. S. S.. Akter. M.. Haque, R.. Deepa, F. N.. Rahman, M & Sharif, M. H. (2018), Broken Authentication and Session Management Vulnerability: A Study of Web Case Application. International Simulation Systems, Technology. 19(2).6-1.
[9] Lamba, A.. Singh, S., Balvinder, S., Dutta, N, & Rela, S. (2017). Mitigating Cyber Security Threats of Industrial Control Systems (SCADA & Des). In 3rd International Conference on Emerging Technologies in Engineering, Biomedical. Medical, and Science (ETEBMS-July 2017),
[10]. Pandey, R. K., & Misra, M. (2016. December). Cybersecurity threats-Smart grid infrastructure. In 2016 National Power Systems Conference (NPSC) (pp. 1-6). Journal Science of & IEEE.