60% of Businesses Suffer Cyber Attacks: Impact & Solutions - Essay Sample

Introduction

Ideally, heavy usage of the internet has posed a threat to many organizations due to cybersecurity breaches. Research has indicated that 60% of businesses have suffered cyber attacks in the last one year (Radanliev and De Roure et al., 2018). Summatively, therefore, Cybersecurity breaches impact the involved organizations' profits and reputation negatively. In response, many companies have developed cybersecurity governance techniques to curb the effects of the attacks under discussion. However, since the breaches' natures appear in unpredictable ways, there is no single mitigation approach. For that matter, therefore, Cybersecurity governance is an undertaking that can only realize its goals through the use of multiple measures, including laws and regulations.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Save 25%

For instance, the US-drafted the federal computer fraud and abuse act (CFAA). It outlines the penalties for both criminal and civil crimes associated with cyber breaches. Precisely, the penalties range from one to 20 years in prison, depending on the magnitude of the offence committed. Also, various statutes have been passed by several states to prohibit unauthorized access to information and other computer crimes. Statutory rules and regulations have helped to mitigate cyber risks in the transport sector since the offenders are prosecuted.

Standards (ISO and NIST)

Various agencies have been designed to help mitigate cyber-attacks risks. An example of an official agency is the National Institute of Standards and Technology (NIST). The agency upholds and maintains standards of measuring information and data security in organizations. It contains a cybersecurity framework that helps manage and reduce cyber vulnerabilities. The structure depends on the rules and guidelines that are predetermined. The Cybersecurity technique mentioned above was developed in the US and has proven to be flexible in mitigating the risk of cyber-attacks in the transport sector. Besides, in emphasis, the technique mentioned particularly through NIST SP 800-53 has developed a reliable information protection framework. NIST framework enables organizations to uphold their mission, vision, and objectives.

Consequently, information security roles and responsibilities are handled carefully to reduce the risk of cybercrime. Also, NIST recommends the use of appropriate measures to ensure the safety of critical information. For instance, access to assets holding sensitive information should be limited to authorized individuals, consistent management of information and data by the risk management team, and regular monitoring and repair of industrial control and information system in line with established policies and procedures.

Additionally, the transport sector relies on ISO Standards to mitigate cyber-attacks risks. ISO is recognized internationally, and it focuses on risk management-based approaches and practices that ensure information security. ISO 27001 contains ten clauses guidelines that help the transport sector to protect their data and information. The clauses outline requirements for quality management system in an organization which includes leadership responsibilities and commitments, proper planning, provision of resources needed, and quality management system operations. Besides, the clauses require the organizations to comprehensively indicate their cybersecurity frameworks to prove that they have proper governance measures. Organizations should carry out performance evaluations regularly on the quality management system. Accredited certification to ISO 27001 demonstrates that an organization is using the best practices and methods to secure information, thus guaranteeing that sensitive information is well protected. ISO and NIST standards have helped the transport sector to curb cyber bleaches in a significant way.

Policies, Organizational Information Technology, and Information Security

Organization policies on information technology and security put in place penalties and rewards for the employees that participate in the execution and prevention of cyber breaches, respectively. Therefore, cybersecurity governance incorporates policies that guide organizations in securing sensitive information and data. Companies offering transportation services create systems to ensure that workers and other users adhere to security protocols and guidelines. In so doing, the guidelines help organizations reduce the risk associated with unauthorized people's access to information. Consequently, Cyberspace governance focuses on the confidentiality of information. Besides, it also ensures that custodians uphold data integrity. Therefore, the policies under discussion keep data intact and accurate while ensuring that the information system is operational.

Besides, information security policies are useful when the concerned authorities ensure that authority to access data is under control. Therefore, the strategies highlighted above recommend that companies use a hierarchical approach to access data. For instance, a senior manager should have the power to decide the data to be shared and the person overseeing the sharing process. Similarly, information security policies should also indicate the level of authority over data and information technology systems for every role in the organization.

Similarly, the development of network security policies helps to mitigate cyber breaches; this is achieved through the use of passwords, biometrics tokens, and ID cards. Consequently, that ensures that only the users with valid logins access the networks and information. Another information security policy used by companies includes data classification. The system classifies data as top secret, secret, confidential, or public. The idea behind the classification of data is to ensure that unauthorized individuals cannot obtain sensitive information. Organizations should provide adequate training concerning information security to the employees. By so doing, this helps to protect data and avoid access to confidential information by unauthorized users.

Contracts and Commitments

Also, Contracts and commitments are used as a solution to reduce cyberspace associated risks in the transport sector. According to Ruan (2017), every organization must ensure that personal information of individuals is protected. One way an organization guarantees the safety of personal information is the use of PCI compliance. PCI contains guidelines to be used by companies in ensuring that credit card related data is managed and protected (Ataya, 2010). Researchers have stipulated that many companies in the US lose vast amounts of money each year due to credit card fraud. Therefore, for the transport sector businesses to mitigate cyber risks, they should embrace and level up PCI compliance competence. In addition to the measure mentioned above, they should ensure that there are disciplinary consequences that individuals face whenever they fail to honour their responsibilities as stipulated in the contracts and commitments. Also, business to business agreements (B2B) ensures the protection of information among firms in the transport sector (Bandyopadhyay, 2011). Moreover, companies should discuss ways to protect the data of their clients. On that note, they should develop agreements concerning the usage of information on their websites as well.

The Processes and Procedures

Research indicates that the process and procedures of carrying out duties contribute to reducing cybercrime (Cherdantseva et al., 2016). Recent reports discovered that many companies were affected by cybercrimes in the last few years (Vande et al., 2014). Imperatively this has been contributed to by inadequate processes and procedures. Organization procedures ensure the removal of loopholes that interfere with the confidentiality of information. Companies should, therefore, identify threats and employ systems such as secure sign off policy, assess risk, conducts audits regularly, and ensure the organization against cyber risks. Also, organizations should gather knowledge relating to cybercrime and develop effective measures to protect information. Therefore, by carrying out intensive research and reviewing rules and regulations that abide by information technology, employees can achieve the ideal results.

Also, the process and procedures outlined by ISO and NIST should be followed appropriately. The ISO 9001 states that organizations should establish proper processes and procedures to help manage the information system. Effective means lead to good results. Therefore, transport companies should focus on developing efficient methods and processes. NIHIS stipulates that organizations should identify the threats on business information, carry out background checks, and establish policies and procedures that ensure cybersecurity. Also, the company should protect, detect, respond, and eventually recover.

Administrative, Physical and Technical Control

Administrative, physical, and technical control can be used to regulate access to sensitive information in organizations. Administrative controls should be provided whereby the organization offers proper security education to the employees. Also, proper password management and a backup plan should be in place. There should be physical security of an organization's information system as well (Vande et al., 2014). Hardware and software should be protected from actions that could destroy or damage them. Imperatively, this can be done by controlling access to server areas, using video surveillance and wireless cabinet locks.

References

Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H., and Stoddart, K., 2016. A review of cybersecurity risk assessment methods for SCADA systems. Computers & Security, 56, pp.1-27.

Henrie, M., 2013. Cybersecurity risk management in the SCADA critical infrastructure environment. Engineering Management Journal, 25(2), pp.38-45.

Radanliev, P., De Roure, D., Cannady, S., Montalvo, R.M., Nicolescu, R., and Huth, M., 2018. The economic impact of IoT cyber risk-analyzing past and present to predict future developments in IoT risk analysis and IoT cyber insurance.

Ruan, K., 2017. Introducing cybernetics: A unifying economic framework for measuring cyber risk. Computers & Security, 65, pp.77-89.

Vande Putte, D., and Verhelst, M., 2014. Cybercrime: Can a standard risk analysis help in the challenges facing business continuity managers?. Journal of business continuity & emergency planning, 7(2), pp.126-137.

Ataya, G., 2010. PCI DSS audit and compliance. Information security technical report, 15(4), pp.138-144.

Bandyopadhyay, T., 2011. A model for B2B IT security: Multilayer defense facing interdependent cyber risk. In Proceedings of the Southern Association of Information Systems Conference, Atlanta, GA.