Current Cyber Security Threats and Mitigation Measures

While digitization of every process in both service and manufacturing industries seemed to be the only waterproof way of evading conventional risks, more risks have emerged with digital cyberspace world. According to recent research, people operating online face of up to 30 percent risks of experiencing cyber crime (Choo & Smith, 2008). The risk of cyber attack is even increasing with every advancement made in technology. Cyber security threats, therefore, remain the greatest risk facing organizations and end-users. The focus of this paper is to analyze current cyber security threats facing organizations and propose appropriate mitigation measures.

2.0 Current cyber security threats

Current surveys reveal that there are various cyber security threats that can cause enormous havoc (Arachchilage &Love, 2018).  These include mining of cryptocurencies, ransomware in the cloud, hacking of elections, and phishing among other emerging threats.

2.1 Mining of cryptocurrencies

Digital currencies are increasingly gaining acceptance as legal method of payment. Various countries such as Australia and Japan have legalized use of digital currencies for normal business transactions without levying of goods and service tax. In North America and Europe, it is estimated that there more than 5.8 million active users of cryptocurrency wallet (Nica et al. 2017).  Cryptocurrency is an encrypted string of data that indicates a unit of currency, which is organized by a blockchain network. Crytocurrency is purely decentralized and therefore not subject to monetary policies of financial institutions. Bitcoin is currently the most popular cryptocurrency even though there are more than 700 cryptocurrencies (Nica et al. 2017). Bitcoin is developed using a network of computers and application specific integrated circuits (ASICs) hardware through cryptographic algorithms, a process called mining (Nica et al. 2017).

Mining cryptocurrencies requires huge computer processing power (Luu et al. 2015). In order to build such processing power, hackers are targeting public Wi-Fi and computers of big companies to build up enough capacity to solve mathematical problems in mining of cryptocurrencies. They use a cryptocurrency mining malware that turn machines into zombies for mining cryptocurrencies. These malwares deny other users the availability of the device, security and integrity of the whole system. They can also lead to theft of crucial information. Sensitive locations that face the threat of hacking computer networks for purpose of mining crytocurrencies include airports, huge hospital chains and high tech companies among others.

2.2 Cloud ransomware

According to Richardson and North (2017) ransomware can be defined as use of malware to lock computer files of big companies by hackers to demand for money before providing digital keys to unlock the data. WannaCry is a common dangerous ransomware that has the capability of locking down thousands of computers. San Francisco’s light rail system and British National Health Service have already fallen victim of ransomware attack. Other companies at risk of ransomware attack are cloud computing companies that maintain huge volume of customer data and provide consumer services such as IBM, Amazon and Google.

2.3 Hacking of electoral process

National general election is a sensitive process that threatens the national unity of most nations around the world. With increasing role that head of states play in national and regional economic and political policies, hackers are widely being used to influence the outcome of such elections. The use of electronic voter register and software to tally and audit electoral results increases the opportunities for cyber attack. Countries such as U.S and Russia are conflict due to Russia’s role in rigging U.S 2016 elections.

2.4 Phishing

Phishing is a form of cyber attack that uses malicious communications to trick culprits into implementing an action that harms them. Cyber criminals using phishing oftentimes purport to be trusted clients of the victim and lead the user into disclosing confidential information. It happens in various models but the most common one is the use of technologies such as AI to design malware that helps to evade any security programs that detect and prevent phishing. A survey in 2015 indicated that 100,000 phishing emails were received in UK alone, and 50 percent of this emails were successful (Arachchilage & Love, 2013). Creating of malicious website that resembles the authentic one and then inviting users to login their details is another form of phishing cyber attack (Arachchilage & Love, 2013).

3.0 Mitigation measures

3.1 Blocking public mining pool addresses

Organization can lessen the threat of their computer network being used for mining cryptocurrencies by blocking the Internet Protocol address that gives access to universal pools of blockchains. This measure requires technical expertise and knowledge of determining the most appropriate IP address to be blocked. According to Luu et al. (2015) mining software usually requires miners to provide pool IP address, wallet address and a password for joining the pool.

3.2 Building backups and institutionalization of best practices

Building up-to-date backups is one of the effective ways of preventing cloud ransomware. Having a backup will prevent companies from paying ransom to access their data. However, given that some ransomware could infect files even before they are backed up, emphasizing on best practices for all users can prevent ransomware (Richardson & North, 2017). Such practices include instituting continuous cyber security awareness training, develop appropriate social media policy and ensuring that there is automatic update of software on personal devices that uses company network (Richardson & North, 2017).

3.3 Education on Cyber security attacks

While there are various systems companies can invest in to prevent cyber security threats, most of the systems have not been effective in curbing such threats.  For instance, as shown in previous surveys (Purkait, 2012), anti-phishing techniques such as eBay Toolbar and Cloudmark anti-fraud toolbar are ineffective in detecting and preventing cyber attacks. Creating awareness on cyber security threats is considered one of the most effective and holistic way of protecting users against cyber attacks such as phishing (Purkait, 2012; Arachchilage & Love, 2012).  In fact, Schell (2016) highly advocates for comprehensive cyber defense measures. This emanates from the fact that human beings form the most vulnerable links in cyber security and threats (Gratian et al. 2018). Much attention should, therefore, be directed towards educating the public and employees to be aware of and develop behavior that enables them to thwart cyber attacks.

 Well designed end-user education that entails contextual, web-based and embedded training materials can effectively guard users from cyber attacks. Education can boost user avoidance motivation, which Arachchilage and Love (2014) describes that it is determined by three factors; safeguard effectiveness, safeguard cost, and self-efficacy. Since various anti-cyber attack systems have failed, education remains one of the effective tool of safeguarding against cyber attacks. Secondly, given that many institutions in U.S such as academic institutions and Anti-Phishing Work Group (APWG) offer such education at no cost, end-users can be motivated to apply in the training in their daily interaction with computers (Love & Arachchilage, 2014). 

4.0 Conclusion

            In conclusion, the modern digitalized environment is faced with high-risk cyber security threats.  The threats are diversified targeting individual users to large corporation database systems. Due to this diversification, there is no one particular risk mitigation strategy that fits them all. Nonetheless, apart from continuous improvement in cyber threat and detection systems, continuous education of the general and specific publics of the chances, risks and prevention of cyber security threats is a holistic method of preventing cyber attacks. Education creates both the know-how and motivation to prevent cyber attacks, which is one of the major risks facing technology based business environment.

References

Arachchilage, N. A. G., & Love, S. (2014). Security awareness of computer users: A phishing threat avoidance perspective. Computers in Human Behavior, 38, 304-312.

Arachchilage, N.A.G. & Love, S. (2013). A game design framework for avoiding phishing attacks. Computer in Human Behavior, 29: 705-714

Choo, K. K. R., & Smith, R. G. (2008). Criminal exploitation of online systems by organised crime groups. Asian journal of criminology, 3(1), 37-59.

Gratian, M., Badi, S., Cukier, M., Dykstra, J., &Ginther, A. (2018). Correlating human traits and cyber security behavior intentions. Computers & Security, 73345-358.

Luu, L., Saha, R., Parameshwaran, I., Saxena, P., & Hobor, A. (2015, July). On power splitting games in distributed computation: The case of bitcoin pooled mining. In Computer Security Foundations Symposium (CSF), 2015 IEEE 28th (pp. 397-411). IEEE.

Nica, O., Piotrowska, K., & Schenk-Hoppé, K. R. (2017). Cryptocurrencies: Concept and Current Market Structure.

Richardson, R. & North , M. (2017). Ransomware: Evolution, Mitigation and Prevention.  International Management Review, 13(1): 10-21

Schell, R. R. (2016). Cyber defense triad for where security matters. Communications Of The ACM, 59(11),