CYBER SECURITY AND ITS

IMPORTANCE
Koti Sree Chakravarthy Dummanaboyina
Faculty of Science and Technology
Bournemouth University
Bournemouth, United Kingdom
s5228628@bournemouth.ac.uk

Abstract—Cyber security has its unique role in defended cybersecurity experts in IT sectors. The
securing information in every sector. Protecting term cybersecurity came into existence in 1970s
information from is hackers have become more with a research project called ARPANET[2]. After
challenging. First thing that strikes in mind with the observing traceable footprints along the network
word hacker is cyber threats which is the major path using a program developed by the researcher
concern for every data handling organizations. named Bob, he started calling it CREEPER. Later
Ray Tomlinson who is the creator of email service,
Various policies and regulation acts were being
redesigned the same program with self-replication
implemented by organizations and governments to
capability. That invented first computer worm and
prevent cyber crimes. This paper focuses on cyber to defend that he developed a program called
security challenges, the world is facing and required REAPER. Today there are many techniques
techniques and technologies to prevent them. developed in cyber security to defend national and
Keywords: cybersecurity, information security, cyber international cyber crimes. As this digital
ecosystem is just a triangle of process, people and
threats, cyber crimes prevention, cyber security
technology, the chance of being a victim is high.
challenges, cyber ethics, cyber crimes.
According to the data gathered from large scale
business sectors funds has been raising with 63% in
1. INDRODUCTION 2018 and 67% in 2019 and small scale companies
with 50% in 2018 and 66% in 2019 competitively
Maintaining security over sensitive information has to maintain security[3]. Protecting from cyber
become the most considerable challenge. Updating threats, identifying threats in less time, recovering
and upgrading security of every internet data loss, preventing system from further risk are
connectable device is required to prevent data from the main functions of cybersecurity which are also
cyber threats. The cybersecurity department not considered as major concerns in companies and
only deals with the security measures of common private lives.
devices like computers, smart phone and other
internet of things but also technologies like virtual
machines, network topology, cloud services, 3. IMPORTANCE
servers and more. As digital forensics is also apart
of this, there is a huge requirement for IT Today Internet is playing very crucial role in every
companies to analyze and investigate cyber attacks. days life, this makes hacker to exploit in more
Though there are teams like SIEM, CISSP, possible ways. Therefore, maintaining the speed of
information security analysts are working for the internet is as important as maintaining its security.
companies to provide good performances, attackers Most of the commercial transactions, business
coming up with different patterns to effect the CIA deals, private information, human interests and
triad[1]. emotions are processing via internet. cybersecurity
is one of the fast growing tech fields, not only in IT
2. LITERATURE REVIEW sectors but also in health, banking, educational,
military, government and public sectors as well.
Digitization and internet in today’s world changed Even governments of every nation introducing new
the human lifestyle by increasing business cybersecurity laws and policies to prevent
opportunities and social connections. On the other confidentiality, integrity and availability of the data
side, cyber criminals taking this platform as an and services[4]. In every sector cybersecurity has
advantage and exploiting systems to grab sensitive its own importance to secure companies data.
information. This risk of exploitation can be Training employees with proper knowledge and
following security policies are necessary to prevent hacking techniques like eve dropping or social
accidental insider attacks. Recruiting cyber analysts engineering can ultimately lead to emotional
for the company’s security can help not only in cheating and scams. Gaining personal information
identifing threat but also in incident response for financial gain is the most frequent happening
process. For investigating the incident and cyber scam. According to the cyber999 report
implementing countermeasures to prevent attacks, Malaysia cybersecurity cases raised 82.5% [6]. Not
system security professionals are important. only on computer or server threats there will be
considerable number of attacks occurring on
android phones as well. As smart phones and IoT
4. HYPOTHESIS TESTING
devices are linked with other existing IoT devices,
accessing any week secured device lead to
There are many potential benefits with
complete network compromise. As the technology
cybersecurity which supports in company’s growth,
and internet convincing people with its convenient
trust and reputation in the society. Implementing
and fast methods of processing a task, companies
firewalls or access control lists can block malwares
and customers have no choice to refuse the
like viruses, trojans, worms and other spam or junk
computerized environment. According to the
files and prevent systems for vulnerabilities
security report by PwC 2015, comparing 2009 to
exploitation. This results in protected systems
2015, cyber attacks in 2015 count raised to 66%
against hacking techniques like ransomware,
[7]. Risk over sensitive information increasing
DDOS and more. Security techniques are helpful in
rapidly and confidentiality is compromising.
preventing data loss and exposure of sensitive
information. System or server crashes can be
minimized and availability can be maintained[5]. Considering an example of most notorious cyber
Though there are considerable positive points with attack raised in the UK, WannaCry ransomware
this, few disadvantages are also to be considered. attack 2017. The wannacry outbreak which started
Securing systems with centralized architectures like on may 12th 2017 infected around 200,000 systems
unified threat management systems are easy to in the entire world around 150 countries costing net
compromise with a single point of failure. worth of £6 billion pounds. The attacker sent a
According to a proverb “don’t put all your eggs in malicious mail which automatically downloads and
one basket” may fail with a single point of runs in the system when the mail is opened. This
breakdown. Establishing security architectures and locks the computer and confidential data in it. Then
security engineers are budget dependent in case of attacker demand ransom in the form of
large networks. Training staff with proper cryptocurrency. In UK, this affected on national
cybersecurity knowledge can cause intentional health service demanding £230 to unlock the
insider attacks. Sometimes even firewalls can fail computer and this resulted in cancellation of
to identify patterns of malicious files with incorrect around 19,000 medical appointments, operations
configuration. In case of small scale startup and emergency patient services[8][9].
companies and individual lives cyber crimes are
more frequent for financial benefits. As the
6. CYBER SECURITY
company grows, resources and data increases
which results in increase of network complexity.
As the technology is growing rapidly, there is no
This makes a challenging task in separating
limits for cyber threats and no scope of slowing
network and implementing security. Following
down. Even after following security rules and
security policies without exemptions and
policies, companies are suffering from threat actors
implementing security matrices with scalability is
performing cyber crimes like insider threats,
also a problem to consider.
storage devices thief, social engineering. cyber
threats are not only limited to companies and
5. CYBER CRIMES individual lives but also extended to power plants
and other utility services resulting in cyber war
The term cyber crime is defined as any illegal between nations. Cyber criminals are now focusing
activity performed used computer or internet. The on financial benefits world wide. WannaCry and
definition is extended to network intrusion, NotPetya ransomware attacks are the suitable
disseminating malicious files into systems, bullying examples of global cyber threats. Skimming
and thefts including hardware storage device and technique in individual bank accounts and bitcoin
identity thefts. Data privacy and security will be mining are the recent approaches resulting in
top concern for every company or organization as massive financial scam. These impact in financial
most of the sensitive information is always loss as well as trust in the banks sectors and
represented in digital format. Not only in government. In the context of IT industries,
companies information but also accessing every Companies are more focused on financial and
day communication through social websites using global growth and less concerned with the security.
Providing advanced technology system for the major concern. Using virtual private network build-
company’s security is as important as in browsers can prevent cyber attacks [12].
implementing it with proper configurations for a
protected environment[10]. Smart ways of securing
7.2 Mobile networks:
a company is by identifying and stopping threats in
the initial stage and defining own security policies Though people using laptops and desktops, mobile
for safeguarding data. This can be done by cyber technology is dominating the internet world. Unless
specialists. In every sector, malware are the most in companies or organizations, people are are more
common threats seen in computers and networks habitual in using smart phones and tables in which
which includes computer virus, worms, trojans, security is a concern. In individual life, most of the
adware, spam, ransomware and more. These are everyday private things are recorder in personal
intended to harm computers either intentionally or mobile phones. Therefore, ignoring security
accidentally. As malware programs can be updates lead to higher compensation. With the
developed with different patterns to cross firewalls, change in mobile network generations from 4G to
adopting technologies like machine learning 5G, security and network speed is has been
techniques to secure websites and spam filters like improving to prevent network intrusion attacks
intrusion detection and intrusion prevention [12].
systems are useful for identifying and blocking
suspected files. As long as the security design and
7.3 Changing to IP6 version:
operations are related to the organization’s business
model, confidentiality and integrity can’t be Internet protocol version 4, popularly known as
disturbed. IPV4 has been the backbone of internet by connect
large number of devices. Now internet protocol
For maintaining standards and managing structure versions 6 is changing the trend by replacing IPV4
in an organization, PPT framework is the to IPV6 which supports more number of connective
fundamental component. This framework is the devices with better security capabilities.
structure of people, process and technology which Implementing IPV6 technology can reduce number
is also helpful in incident response. Considering an of attacks not only in private lives but also in large
example, DDOS attack in the company’s server is scale IT industries.
identified resulting in service unavailability. The
action can be divided as the person who performed
7.4 Cloud based services:
the crime, the technique he used and the equipment
he used. With the three components, the framework Targeted database attacks are increasing not only in
is also called 3 pillars of cybersecurity[11]. IT and health sectors but also in public and military
sectors as well. With the problem, cloud storage
turned out to be the suitable solution to prevent
SQL inject attacks. Therefore, most of the small
and large scale industries around the world are
adopting cloud services. With increase in
7. CYBER SECURITY
information, cloud storage capacity changes which
IMPLEMENTATION creates security flaws. Services also include
software as a service, platform as a service,
Buying smart high tech gadgets to secure the infrastructure as a service. This also help users to
system or an organization is successful only when secure and save resources[12].
the technology is implemented properly with
required configurations. Such of the most popular
7.5 Data encryption:
technologies reflecting impact on cybersecurity are
presented below. Encryption is the method of converting human
readable format to code format. The technique is
used to prevent attacks like eavesdropping and man
7.1 Web servers:
in the middle. In the process to encryption few
As internet is dealing most of the everyday things, technical encryption algorithms are used to convert
companies started developing web based data with a key which describes the encryption
application to make it more convenient. Attacks are type. Though is this not a new technique,
also increasing on the web in the same way to encrypting data with number of bites determine its
expose or to steal sensitive data. Cyber criminals strength. Salting is the technique used in encryption
are using web as a open platform to spread which makes hard to crack. This maintains data
malicious files via weak secured web servers. So, confidentiality though it is exposed.
securing web securing and application turned into a
 8. SUITABLE TECHNOLOGY 8.5 Access control lists:
Maintaining ACL(Access control list) for
The suitable technologies used to maintain security
accessing files depending upon their sensitivity
system stronger are as follows.
is trending with the growing cyber threats. ACL
is creates a specific list of people with
8.1 Firewall: privileges to access files or directories or to
block specific group of people. This is mostly
For a system or an organization firewalls act as
used in organization to secure highly
the first layer of security. A firewall is used to
confidential files from insiders. List usually
block junk files or unauthorized packets
depends on role and criteria on the employee.
entering from the network. This can be a
hardware or in-built software. Though the
function of a firewall is inspecting and filtering 9. CONCLUSION
packets, setting up with suitable configurations
matter. Firewall with incorrect configurations cybersecurity has endless benefits followed by few
can be bi-passed by changing the file pattern. disadvantages. Even large scaled security
organizations were the victims on these cyber
attacks. Organizations dealing with sensitive
8.2 Anti-virus applications:
information and having low cybersecurity
Malware in a system can delete or overwrite knowledge like medical and banking sectors have
files, slow down the system, crashes the system huge risk cyber threats. Hiring a role to perform
and sometimes helps the attacker to cybersecurity operations for the organization is
compromise the system or servers. These helpful to defend cyber crimes. Including that
include viruses, trojans, worms, ransomware, companies has a respectability to train their
spyware and more. These malware can be employees with proper cybersecurity knowledge.
detected using malware scanners popularly This help employees to identify the attack at the
called anti-virus software. The function of anti- initial stage which may not be helpful in defending
virus software is to identify, block or delete the the attack but can help in minimizing the loss.
suspected files by scanning the entire system. Though this indirectly trains employees to perform
But there are few disadvantages which include insider attack without any traces, this can reduced
more RAM consumption, sharing personal by implementing constant surveillance and security
information and not supporting comprehensive policies.
protection [13].
References
8.3 Honeypots:
[1] Commissum. (12th OCT 2018). The CIA
In the recent years honeypots are developed to Triad: The key to Improving Your Information
as a security alarm which helps the admin or Security. Available:
security analyst in finding the intruder. These https://commissum.com/blog-articles/the-cia-
are used to deflect the hacker to different path triad-the-key-to-improving-your-information-
and prevent the information. Though using this security# . Last accessed 13th Nov 2020.
technology attack can be prevented in the initial
stage, false alarms can occur with improper [2] Dakota Murphey. (27th June 2019). A history
configurations. of information security. Available:
https://www.ifsecglobal.com/cyber-security/a-
history-of-information-
8.4 User credentials: security/#:~:text=Cybersecurity's%20history
For computer or web application accessing %20began%20with,small%20trail
entering user credentials in first step for %20wherever%20it%20went. . Last accessed
authentication and authorization purpose. The 11th Nov 2020.
usual way of accessing is by entering username [3] Cristea Lavinia Mihaela. (2020). “Current
and password which specifies uniqueness of security threats in the national and
every user. As these can be stolen by the hacker international context”. Accounting and
to pretend like the user. This is known as social Management Information Systems. Vol. 19
engineering attack. This problem can be (No. 1), 351-378.
overcome with the latest solution, one time [4] Federal Register. (14th July, 2010).
password (OTP). This is a unique password sent Department of Health and Human
to the mobile or email. This is also known as 3 Services . Federal Register. 75 (2), 40869-
way authentication. 40876.
[5] Drtil, (2013) “impact of information security ransomware. Available:
incidents - theory and reality”. Journal of https://www.bbc.co.uk/news/health-39899646
Systems Integration. No. 1: 44-52. . Last accessed 13th Nov 2020.
[6] YUEN MEIKENG. (2020). Cybersecurity [10] Alhogail A. & Abdulrahman. (2014). “A
cases rise by 82.5%. Available: framework of information security culture
https://www.thestar.com.my/news/focus/2020/ change”. Journal of Theoretical and Applied
04/12/cybersecurity-cases-rise-by-825 . Last Information Technology. Vol. 64 (No. 2), 540-
accessed 13th Nov 2020. 548.
[7] PwC. (2015). Information Security Breaches [11] Julia Dutton. (26th September 2017). Three
Survey 2015 – Full Report. Available: pillars of cyber security. Available:
https://assets.publishing.service.gov.uk/gover https://www.itgovernance.co.uk/blog/three-
nment/uploads/system/uploads/attachment_da pillars-of-cyber-security . Last accessed 13th
ta/file/432412/bis-15-302- Nov 2020.
information_security_breaches_survey_2015- [12] Vidhya P.M. (February 2014). CYBER
full-report.pdf . Last accessed 13th Nov 2020. SECURITY -Trends and Challenges.
[8] BBC. (27th Oct 2020). NHS 'could have International Journal of Computer Science
prevented' WannaCry ransomware and Mobile Computing. 3 (2), 586–590.
attack. Available: [13] Josh Giesing. (7th April, 2017). 7
https://www.bbc.co.uk/news/technology- Disadvantages Of A Free Antivirus
41753022 . Last accessed 13th Nov 2020. Program. Available:
[9] BBC. (12th May 2017). NHS cyber-attack: https://www.cprou.com/software/7-
GPs and hospitals hit by disadvantages-of-a-free-antivirus-program/.
Last accessed 11th Dec 2020.