Conference Paper

A state of the art survey - Impact of cyber attacks on SME's

July 2017

DOI:10.1145/3102304.3109812

Conference: the International Conference

Authors:

Jibran Saleem

Manchester Metropolitan University

Bamidele Adebisi

Manchester Metropolitan University

Ruth Ande

Manchester Metropolitan University

Mohammad Hammoudeh

King Fahd University of Petroleum and Minerals

Corporations and end users are nding it hard to keep their devices safe from the ever evolving and complicated threat of cyber attacks. Currently, with the widespread adoption of the Internet of Things (IoT), cyber threat is becoming an even greater challenge for both technology providers and consumers. This paper presents a review of the recent and significant cyber security issues affecting many areas of digital technology. From IoT devices and smart automobiles to commonly used computers and typical corporate servers, we focus our analysis on current attack trends and the effects of intrusion on Small and Medium sized Enterprises(SMEs). This paper helps to build awareness among non-technical experts, practitioners and researchers about attack and defense strategies in the current digital market. We have created a guide with input from our in-house security researchers and information gathered from the literature to help the reader understand the challenges faced by the IT industry in the future.

Cybersecurity Infrastructure Compliance Key Factors to Detect and Mitigate Malware Attacks in SMEs: A Systematic Literature Review

Article

Full-text available

Jan 2025

Plain language summary Cybersecurity Infrastructure Compliance Key Factors to Detect and Mitigate Malware Attacks in SMEs: A Systematic Literature Review This study conducted a systematic review to investigate the vulnerabilities faced by Small and Medium Enterprises (SMEs) in relation to malware attacks and propose mitigation measures. As SMEs increasingly move online, they become more susceptible to malware due to limited knowledge, awareness, and resources. The research aimed to bridge this gap by identifying vulnerabilities and suggesting practical solutions to enhance SMEs' cybersecurity infrastructure. Using the PRISMA framework, the study analyzed relevant scholarly articles to identify key vulnerabilities and mitigating factors. The findings revealed that SMEs face various challenges, including weak authentication, outdated software, and inadequate employee training, leaving them prone to malware attacks. Mitigating measures, such as implementing strong password policies, regularly updating software, and providing cybersecurity education, were proposed to address these vulnerabilities. Understanding the vulnerabilities and associated threats will help SMEs in the incorporation of specific factors into policies. To measure the effectiveness of these implementations, we plan to conduct interviews with industry experts in the future that will provide further insights, enhancing the credibility and practical relevance of these measures. However, the study has limitations. It focused solely on SMEs, so the findings may not directly apply to larger enterprises. The review’s timeframe also means that the latest research might not be included. Additionally, the proposed mapping framework for vulnerability mitigation requires further validation and testing to determine its effectiveness.

What small businesses in developing country think of cybersecurity risks in the digital age: Indonesian case

Article

Aug 2021
J Inform Comm Ethics Soc

Purpose This study aims to identify and analyse the issues faced by internet-based small businesses in developing countries regarding cybersecurity and document how these businesses address the risks. Design/methodology/approach This study used the qualitative method. Respondents were internet-based small businesses selected by using theoretical sampling. Data were collected by using interviews and observations. The validity of the analysis was ensured by using triangulation and member checking. Findings This study reveals that small businesses managed to identify the loss of physical and monetary assets as possible damage. However, only a few businesses identified loss of intangible assets as possible cyber risks. Most small businesses had used basic cybersecurity measures to protect data access and some primary business activities. Unfortunately, they rarely take initiatives in preventing and early detecting cyber risks. Research limitations/implications Findings of this study cannot be generalised as it aims to obtain new insights and document unexplored findings. Thus, if this study’s findings are going to be generalised, it is necessary to conduct an additional study. Secondly, this study did not assess how far small business had fulfilled the relevant information security framework as assessment required additional research, and this study only aimed to map the current situation in small businesses. Practical implications This study emphasised the importance of identifying valuable assets or resources when implementing cybersecurity measures. Focusing on security measures to protect identified assets from cyber risk will make the efforts more efficient and effective than using standardised cybersecurity measures. Third-party developers can also use this study to understand small businesses’ current cybersecurity implementation and their characters to design online platforms that suit these needs. Governments can also design educational activities that address small businesses’ lack of knowledge. Originality/value Most studies which focus on small businesses and information technology (IT) usually only discuss how they use IT. This study also brings new contributions by focusing on developing countries and specifically addresses internet-based technology cyber risk faced by e-commerce businesses. The qualitative method is used as most studies in e-commerce adoption were positivistic in nature, and inductive-based studies were rarely found on the topic.

A Survey on Situational Awareness of Ransomware Attacks—Detection and Prevention Parameters

Article

Full-text available

May 2019

In recent years, cybercrime activities have grown significantly, compromising device security and jeopardizing the normal activities of enterprises. The profits obtained through intimidation and the limitations for tracking down the illegal transactions have created a lucrative business based on the hijacking of users’ files. In this context, ransomware takes advantage of cryptography to compromise the user information or deny access to the operating system. Then, the attacker extorts the victim to pay a ransom in order to regain access, recover the data, or keep the information private. Nowadays, the adoption of Situational Awareness (SA) and cognitive approaches can facilitate the rapid identification of ransomware threats. SA allows knowing what is happening in compromised devices and network communications through monitoring, aggregation, correlation, and analysis tasks. The current literature provides some parameters that are monitored and analyzed in order to prevent these kinds of attacks at an early stage. However, there is no complete list of them. To the best of our knowledge, this paper is the first proposal that summarizes the parameters evaluated in this research field and considers the SA concept. Furthermore, there are several articles that tackle ransomware problems. However, there are few surveys that summarize the current situation in the area, not only regarding its evolution but also its issues and future challenges. This survey also provides a classification of ransomware articles based on detection and prevention approaches.

A Survey of Ransomware Detection Methods

Article

Full-text available

Jan 2025

Ransomware attacks continue to pose a significant challenge to cybersecurity, causing substantial financial and reputational damage to individuals and organizations. These attacks typically encrypt user data and demand a ransom for its release. There is a growing need for more effective and dynamic detection methods, especially for zero-day and unknown ransomware variants. This survey focuses on ransomware-detecting methods published from 2019 to 2025. One hundred thirty-five papers were reviewed and filtered based on their scope and publication venue. For in-depth analysis, this survey selected 45 papers focusing on ransomware detection forWindows or Android operating systems. This paper aims to comprehensively review existing ransomware detection methods, focusing on their effectiveness, limitations, and applicability. The detection methods are categorized into machine-learning-based and non-machine-learning-based methods, discussing the advantages and drawbacks of each. The paper also highlights ransomware-as-a-service, explaining what it is, how it works, and how it affects the increasing number of ransomware attacks in recent years. It also studies the datasets used in the reviewed literature, listing their structures and limitations. This survey identifies gaps in current research and suggests future directions for developing more robust ransomware detection systems.

Cybersecurity Analytics for Enterprise Environment: A Systematic Literature Review

Preprint

Full-text available

Mar 2025

Cost-Effective Cybersecurity Framework for Small and Medium-Sized Enterprises

Chapter

Full-text available

Sep 2024

Small and medium-sized enterprises (SMEs) are vital drivers of economic growth and champions of innovation in today’s highly connected digital environment. However, their limited resources and size make them vulnerable to the cybercriminals who seek to find ways of compromising their cybersecurity defenses. As such, by embracing various technologies that will enhance their competitive edge; SMEs expose themselves increasingly to growing threats on the Internet via sophisticated methods for attacking them online. This study examines the specific cyberspace issues confronting SMEs while suggesting opportunities and best practices for making companies’ safety more grounded. In terms of cybersecurity, these companies face unique barriers which make them open to vulnerabilities. The present study endeavors to bridge the existing knowledge gap in cybersecurity among small and medium-sized enterprises (SMEs), advocating for the implementation of best practices that safeguard businesses in the rapidly evolving and highly interconnected digital realm. The objective of this research is to identify and develop effective strategies enabling small businesses to establish a cost-effective cybersecurity ecosystem, drawing lessons from current challenges. Ultimately, the goal is to bolster the cybersecurity resilience of SMEs, ensuring their secure existence within the digital landscape.

An Educational Escape Room Game to Develop Cybersecurity Skills

Article

Full-text available

Aug 2024

The global rise in cybercrime is fueled by the pervasive digitization of work and personal life, compounded by the shift to online formats during the COVID-19 pandemic. As digital channels flourish, so too do the opportunities for cyberattacks, particularly those exposing small and medium-sized enterprises (SMEs) to potential economic devastation. These businesses often lack comprehensive defense strategies and/or the necessary resources to implement effective cybersecurity measures. The authors have addressed this issue by developing an Educational Escape Room (EER) that supports scenario-based learning to enhance cybersecurity awareness among SME employees, enabling them to handle cyber threats more effectively. By integrating hands-on scenarios based on real-life examples, the authors aimed to improve the knowledge retention and the operational performance of SME staff in terms of cybersafe practices. The results achieved during pilot testing with more than 200 participants suggest that the EER approach engaged the trainees and boosted their cybersecurity awareness, marking a step forward in cybersecurity education.

A Review of Privacy and Security of Edge Computing in Smart Healthcare Systems: Issues, Challenges, and Research Directions

Article

Full-text available

Feb 2024

The healthcare industry is rapidly adapting to new computing environments and technologies. With academics increasingly committed to developing and enhancing healthcare solutions that combine the Internet of Things (IoT) and edge computing, there is a greater need than ever to adequately monitor the data being acquired, shared, processed, and stored. The growth of cloud, IoT, and edge computing models presents severe data privacy concerns, especially in the healthcare sector. However, rigorous research to develop appropriate data privacy solutions in the healthcare sector is still lacking. This paper discusses the current state of privacy-preservation solutions in IoT and edge healthcare applications. It identifies the common strategies often used to include privacy by the intelligent edges and technologies in healthcare systems. Furthermore, the study addresses the technical complexity, efficacy, and sustainability limits of these methods. The study also highlights the privacy issues and current research directions that have driven the IoT and edge healthcare solutions, with which more insightful future applications are encouraged.

Navigating Cybersecurity Training: A Comprehensive Review

Preprint

Full-text available

Jan 2024

In the dynamic realm of cybersecurity, awareness training is crucial for strengthening defenses against cyber threats. This survey examines a spectrum of cybersecurity awareness training methods, analyzing traditional, technology-based, and innovative strategies. It evaluates the principles, efficacy, and constraints of each method, presenting a comparative analysis that highlights their pros and cons. The study also investigates emerging trends like artificial intelligence and extended reality, discussing their prospective influence on the future of cybersecurity training. Additionally, it addresses implementation challenges and proposes solutions, drawing on insights from real-world case studies. The goal is to bolster the understanding of cybersecurity awareness training's current landscape, offering valuable perspectives for both practitioners and scholars.

The Relevance Of Cybersecurity Awareness Training For Employees In Small and Medium Enterprises (SMEs)

Preprint

Full-text available

Dec 2023

Olufunmilayo Olabode

Due to the increasing frequency and complexity of cyber threats, staff must receive comprehensive cybersecurity awareness training. This study evaluates the impact of such training on SMEs. An extensive analysis of current literature and empirical research shows that cybersecurity awareness training reduces human error, improves threat detection, improves employee efficiency, preserves customer confidence, ensures regulatory compliance, fosters a security culture, and boosts cyber resilience. The research shows that employees, the most susceptible part of cybersecurity, can be the first line of defence against cyberattacks with proper training. Training should be comprehensive, consistent, and tailored to employees' schedules, according to the report. The results indicate that implementing comprehensive cybersecurity awareness training can substantially mitigate the likelihood of successful cyberattacks, enhance trust in the security of corporate activities, and guarantee adherence to industry laws. enhance trust in the security of corporate activities, and guarantee adherence to industry laws.

Role of Cyber-Risk on shaping the movement of stock returns: An event study on T-Mobile Company

Article

Full-text available

Jan 2023

Vol. 3 El desarrollo de América Latina desde una perspectiva de políticas públicas, fiscales y financieras

Book

Full-text available

Mar 2021

El desarrollo de América Latina desde una perspectiva de políticas públicas, fiscales y financieras es un libro producto de investigación que hace parte integral de la colección “Gestión estratégica”, que recopila un conjunto de capítulos que dan cuenta de la realidad Latinoamericana en materia de política pública, fiscal, financiera y contable, en un intento de develar las diferentes problemáticas en las que se enfrentan las distintas entidades y ofrecer soluciones integrales a las distintas situaciones.

Importance of Least Cybersecurity Controls for Small and Medium Enterprises (SMEs) for Better Global Digitalised Economy

Chapter

Full-text available

May 2023

A Comparative Analysis of IoT Protocols for Resource Constraint Devices and Networks

Conference Paper

May 2023

Ethical Hacking for IoT: Security Issues, Challenges, Solutions and Recommendation

Article

Full-text available

Apr 2023

In recent years, attacks against various Internet-of-Things systems, networks, servers, devices, and applications witnessed a sharp increase, especially with the presence of 35.82 billion IoT devices since 2021; a number that could reach up to 75.44 billion by 2025. As a result, security-related attacks against the IoT domain are expected to increase further and their impact risks to seriously affect the underlying IoT systems, networks, devices, and applications. The adoption of standard security (counter) measures is not always effective, especially with the presence of resource-constrained IoT devices. Hence, there is a need to conduct penetration testing at the level of IoT systems. However, the main issue is the fact that IoT consists of a large variety of IoT devices, firmware, hardware, software, application/web-servers, networks, and communication protocols. Therefore, to reduce the effect of these attacks on IoT systems, periodic penetration testing and ethical hacking simulations are highly recommended at different levels (end-devices, infrastructure, and users) for IoT, and can be considered as a suitable solution. Therefore, the focus of this paper is to explain, analyze and assess both technical and non-technical aspects of security vulnerabilities within IoT systems via ethical hacking methods and tools. This would offer practical security solutions that can be adopted based on the assessed risks. This process can be considered as a simulated attack(s) with the goal of identifying any exploitable vulnerability or/and a security gap in any IoT entity (end devices, gateway, or servers) or firmware.

Cybersecurity Awareness and Capacities of SMEs

Preprint

Full-text available

Feb 2023

Small and Medium Enterprises (SMEs) are increasingly exposed to cyber risks. Some of the main reasons include budget constraints, the employees' lack of cybersecurity awareness, cross-sectoral cyber risks, lack of security practices at organizational level, and so on. To equip SMEs with appropriate tools and guidelines that help mitigate their exposure to cyber risk, we must better understand the SMEs' context and their needs. Thus, the contribution of this paper is a survey based on responses collected from 141 SMEs based in the UK, where the objective is to obtain information to better understand their level of cybersecurity awareness and practices they apply to protect against cyber risks. Our results indicate that although SMEs do apply some basic cybersecurity measures to mitigate cyber risks, there is a general lack of cybersecurity awareness and lack of processes and tools to improve cybersecurity practices. Our findings provide to the cybersecurity community a better understanding of the SME context in terms of cybersecurity awareness and cybersecurity practices, and may be used as a foundation to further develop appropriate tools and processes to strengthen the cybersecurity of SMEs.

Cybersecurity Awareness and Capacities of SMEs

Conference Paper

Full-text available

Dec 2022

Small and Medium Enterprises (SMEs) are increasingly exposed to cyber risks. Some of the main reasons include budget constraints, the employees’ lack of cybersecurity awareness, cross-sectoral cyber risks, lack of security practices at organizational level, and so on. To equip SMEs with appropriate tools and guidelines that help mitigate their exposure to cyber risk, we must better understand the SMEs’ context and their needs. Thus, the contribution of this paper is a survey based on responses collected from 141 SMEs based in the UK, where the objective is to obtain information to better understand their level of cybersecurity awareness and practices they apply to protect against cyber risks. Our results indicate that although SMEs do apply some basic cybersecurity measures to mitigate cyber risks, there is a general lack of cybersecurity awareness and lack of processes and tools to improve cybersecurity practices. Our findings provide to the cybersecurity community a better understanding of the SME context in terms of cybersecurity awareness and cybersecurity practices, and may be used as a foundation to further develop appropriate tools and processes to strengthen the cybersecurity of SMEs.

LCCI: A framework for least cybersecurity controls to be implemented for small and medium enterprises (SMEs)

Article

Full-text available

Apr 2022

Globally Small and Medium Enterprises (SMEs) are the biggest contributors to the economy by providing two-thirds of global employment opportunities and more than half the GDP of the developed economies. Regardless of many existing cybersecurity standards or frameworks, SMEs are most vulnerable to cyber threats. SMEs face serious impacts on their existence if undergo successful cyber-attacks by cybercriminals. There is a need to understand the challenges SMEs are facing especially in the implementation of cybersecurity controls. Through a research survey conducted by authors where one hundred and fifteen SMEs voluntarily participated, this research paper will throw light on the current cybersecurity controls implementation posture for different SMEs, along with the challenges they are facing which are stopping them to decide, plan and implement cybersecurity controls. Further, using an analysis of the inputs and the core concepts of cybersecurity, the authors are also going to propose a recommended solution for SMEs.

El desarrollo de América Latina desde una perspectiva de políticas públicas, fiscales y financieras

Book

Full-text available

Mar 2021

La presente obra es producto de los trabajos presentados en el V Congreso Internacional sobre Sustentabilidad, Competitividad y Gestión en las Organizaciones (CISCGO), bajo el lema: “Gestión estratégica: promotora de la sostenibilidad al valor compartido” realizado del 03 al 05 de octubre de 2019 en la ciudad de Mazatlán, Sinaloa, México. El cual tuvo como objetivo contribuir al análisis y reflexión sobre temas acerca de la Sustentabilidad, Competitividad y Gestión Organizacional. La primera edición del congreso en 2013, se generó con el fin de contribuir al análisis y reflexión sobre competitividad, sustentabilidad y género, a iniciativa de un grupo de investigadores y académicos de la Facultad de Contaduría y Administración de la Universidad Autónoma de Sinaloa, un año después en 2014, este evento se replica. De lo anterior se desprendieron acuerdos de colaboración académica en redes entre pares de otras instituciones de educación superior, tanto del país como del extranjero, siendo el caso de la REOALCeI, REDEMUN y REGIOLAB, lo que contribuyó a que, en 2016, en el III CISCGO, que además de las temáticas desarrolladas, se le agregara la línea de la gestión organizacional, con el propósito de ampliar nuestras redes de colaboración y extender el ámbito de análisis y reflexión. Asimismo, con la experiencia adquirida en las tres ediciones anteriores del CISCGO, en 2017 nos dimos a la tarea de convocar al IV Congreso Internacional sobre Sustentabilidad, Competitividad y Gestión en las Organizaciones, bajo el lema de “La Gestión estratégica como generadora de valor en un mundo competitivo y sustentable”. Esta quinta edición ratifica al CISCGO como un escenario académico donde se presentan temáticas en las que se discuten, analizan y proponen alternativas de solución a los problemas que enfrentan las organizaciones interesadas en ser competitivas y en desarrollar estrategias atendiendo la dimensión social, ambiental y económica, creando un espacio de reflexión en torno a los avances y nuevas formas de entender el desarrollo competitivo y sustentable de las organizaciones apoyándonos en las experiencias exitosas a nivel local, nacional e internacional.

It Won’t Happen to Me: Surveying SME Attitudes to Cyber-security

Article

May 2022

We report an online survey of 85 U.K-based SMEs that explored their threat and coping appraisals toward five common types of cyber-attack: Network being hacked; Data being stolen or encrypted; malware infection; mobile devices being compromised; and phishing e-mail attack. Overall, SMEs’ reported assessment of the risk of an attack was low, particularly for the possibility of their business network being hacked or their data being stolen or encrypted. However, there was an incongruence in their Threat Appraisals since, while they believed the risks to be low, they reported that the impact would be high. In terms of Coping Appraisal, respondents indicated that measures to prevent such attacks were both inexpensive and effective. However, their reported self-efficacy was significantly lower for keeping mobile devices safe and avoiding phishing attacks. We discuss these results taking into consideration additional qualitative data and provide recommendations for SME engagement.

Automated Testing of Data Survivability and Restorability

Conference Paper

Nov 2021

Regular data backups are fundamental for protection against cyber-attacks and damage to infrastructure. To ensure a successful restoration, backed up data must be tested regularly for restorability to the company’s current environment. Cloud providers generally test their backedup data, but a testing framework is also required for locally stored files and databases. The paper proposes an automated test framework that validates the continued usability of backed up data for target restoration environments. The framework tests backups of Excel files, MySQL and Postgres databases, PDF documents and flat files.

The Effectiveness of Outsourcing Cybersecurity Practices: A Study of the Italian Context

Chapter

Full-text available

Jan 2022

The increasing number of cyber-attacks requires an organizational awareness about the disruptive effects of fraud attempts and acts of vandalism on business continuity and, sometimes, on company survival. The context influences the way companies use and adapt these theories in practice, so we consider in this study differences in the effectiveness of cybersecurity best practices between organizations that manage internally or outsource the cybersecurity processes. We conducted a study involving 153 managers’ experts in cybersecurity who responded to a survey on the effectiveness of NIST procedures. Results revealed significant differences in the effectiveness of managing cybersecurity in-house or outsource it. Specifically, major differences can be observed in the variables related to the use of disciplinary processes, the protection of log information, and the use of lessons learned to improve recovery plans. These differences provide further insights for cybersecurity management literature and a practical instrument for organizations willing to adapt their cyber processes to their organizational context.

'They're all about pushing the products and shiny things rather than fundamental security' Mapping Socio-technical Challenges in Securing the Smart Home

Preprint

May 2021

Insecure connected devices can cause serious threats not just to smart home owners, but also the underlying infrastructural network as well. There has been increasing academic and regulatory interest in addressing cybersecurity risks from both the standpoint of Internet of Things (IoT) vendors and that of end-users. In addition to the current data protection and network security legal frameworks, for example, the UK government has initiated the 'Secure by Design' campaign. While there has been work on how organisations and individuals manage their own cybersecurity risks, it remains unclear to what extent IoT vendors are supporting end-users to perform day-to-day management of such risks in a usable way, and what is stopping the vendors from improving such support. We interviewed 13 experts in the field of IoT and identified three main categories of barriers to making IoT products usably secure: technical, legal and organisational. In this paper we further discuss the policymaking implications of these findings and make some recommendations.

Information Security and Cybersecurity Management: A Case Study with SMEs in Portugal

Article

Full-text available

Apr 2021

Information security plays a key role in enterprises management, as it deals with the confidentiality, privacy, integrity, and availability of one of their most valuable resources: data and information. Small and Medium-sized enterprises (SME) are seen as a blind spot in information security and cybersecurity management, which is mainly due to their size, regional and familiar scope, and financial resources. This paper presents an information security and cybersecurity management project, in which a methodology based on the well-known ISO-27001:2013 standard was designed and implemented in fifty SMEs that were located in the center region of Portugal. The project was conducted by a business association located at the center of Portugal and mainly participated by SMEs. The Polytechnic of Leiria and an IT auditing/consulting team were the other two entities that participated on the project. The characterisation of the participating enterprises, the ISO-27001:2013 based methodology developed and implemented in SMEs, as well as the results obtained in this case study, are depicted and analysed in the paper. The attained results show a clear benefit to the audited and intervened SMEs, being mainly attested by the increasing of their information security management robustness and collaborators’ cyberawareness.

Security governance as a service on the cloud

Article

Full-text available

Dec 2019

Ciarán Bryce

Abstract Small companies need help to detect and to respond to increasing security related threats. This paper presents a cloud service that automates processes that make checks for such threats, implement mitigating procedures, and generally instructs client companies on the steps to take. For instance, a process that automates the search for leaked credentials on the Dark Web will, in the event of a leak, trigger processes that instruct the client on how to change passwords and perhaps a micro-learning process on credential management. The security governance service runs on the cloud as it needs to be managed by a security expert and because it should run on an infrastructure separated from clients. It also runs as a cloud service for economy of scale: the processes it runs can service many clients simultaneously, since many threats are common to all. We also examine how the service may be used to prove to independent auditors (e.g., cyber-insurance agents) that a company is taking the necessary steps to implement its security obligations.

Internet of Things: Evolution and Technologies from a Security Perspective

Article

Jul 2019

In recent years, IoT has developed into many areas of life including smart homes, smart cities, agriculture, offices, and workplaces. Everyday physical items such as lights, locks and industrial machineries can now be part of the IoT ecosystem. IoT has redefined the management of critical and non-critical systems with the aim of making our lives more safe, efficient and comfortable. As a result, IoT technology is having a huge positive impact on our lives. However, in addition to these positives, IoT systems have also attracted negative attention from malicious users who aim to infiltrate weaknesses within IoT systems for their own gain, referred to as cyber security attacks. By creating an introduction to IoT, this paper seeks to highlight IoT cyber security vulnerabilities and mitigation techniques to the reader. The paper is suitable for developers, practitioners, and academics, particularly from fields such as computer networking, information or communication technology or electronics. The paper begins by introducing IoT as the culmination of two hundred years of evolution within communication technologies. Around 2014, IoT reached consumers, early products were mostly small closed IoT networks, followed by large networks such as smart cities, and continuing to evolve into Next Generation Internet; internet systems which incorporate human values. Following this evolutionary introduction, IoT architectures are compared and some of the technologies that are part of each architectural layer are introduced. Security threats within each architectural layer and some mitigation strategies are discussed, finally, the paper concludes with some future developments.

Refining the PoinTER “human firewall” pentesting framework

Article

Jun 2019

Purpose Penetration tests have become a valuable tool in the cyber security defence strategy in terms of detecting vulnerabilities. Although penetration testing has traditionally focussed on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyberattacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper, the authors reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. This paper aims to propose improvements to refine the framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny Design/methodology/approach The authors conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet the requirements to have an ethical human pentesting framework, the authors compiled a list of ethical principles from the research literature which they used to filter out techniques deemed unethical. Findings Drawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, the authors propose the refined GDPR-compliant and privacy respecting PoinTER framework. The list of ethical principles, as suggested, could also inform ethical technical pentests. Originality/value Previous work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature.

Enhancing Cyber-Physical Security in Manufacturing through Game-Theoretic Analysis

Article

Full-text available

Oct 2018

Modern manufacturing systems utilize cyber-physical systems that are interconnected through an Internet of Things (IoT) network. An IoT infrastructure enables cyber-physical systems to communicate with each other and coordinate the manufacturing process autonomously with minimal human assistance. A significant challenge for cyber-physical systems is cyber security. Adversaries can exploit weaknesses in the IoT security infrastructure to gain remote access to the system and modify or damage manufacturing processes and/or products. Due to the autonomous nature of cyber-physical systems, cyberattacks can go unnoticed by the users for a long time, further compounding the problem. Attacks on cyber-physical systems are on the rise, and manufacturers need to address this problem. In this paper, we discuss how game-theoretic thinking and modeling can help to identify a manufacturer's cyber vulnerabilities and enhance its security. We consider various attack and defense scenarios and analyze each through the corresponding game-theoretic model. Our approach and findings can be used to improve the effectiveness and efficiency of security strategies for cyber-physical manufacturing systems.

IoT standardisation: challenges, perspectives and solution

Conference Paper

Full-text available

Jun 2018

The success and widespread adoption of the Internet of Things (IoT) has increased many folds over the last few years. Industries, technologists and home users recognise the importance of IoT in their lives. Essentially, IoT has brought vast industrial revolution and has helped automate many processes within organisations and homes. However, the rapid growth of IoT is also a cause for significant concern. IoT is not only plagued with security, authentication and access control issues, it also doesn't work as well as it should with fourth industrial revolution, commonly known as Industry 4.0. The absence of effective regulation, standards and weak governance has led to a continual downward trend in the security of IoT networks and devices, as well as given rise to a broad range of privacy issues. This paper examines the IoT industry and discusses the urgent need for standardisation, the benefits of governance as well as the issues affecting the IoT sector due to the absence of regulation. Additionally, through this paper, we are introducing an IoT security framework (IoTSFW) for organisations to bridge the current lack of guidelines in the IoT industry. Implementation of the guidelines, defined in the proposed framework, will assist organisations in achieving security, privacy, sustainability and scalability within their IoT networks.

Security Threats to Critical Infrastructure: The Human Factor

Article

Full-text available

Oct 2018
J SUPERCOMPUT

In the 21st century, globalisation made corporate boundaries invisible and diffcult to manage. This new macroeconomic transformation caused by globalisation introduced new challenges for critical infrastructure management. By replacing manual tasks with automated decision making and sophisticated technology, no doubt we feel much more secure than half a century ago. As the technological advancement takes root, so does the maturity of security threats. It is common that today's critical infrastructures are operated by non-computer experts, e.g., nurses in healthcare, soldiers in military or firefighters in emergency services. In such challenging applications, protecting against insider attacks is often neither feasible nor economically possible, but these threats can be managed using suitable risk management strategies. Security technologies, e.g., firewalls, help protect data assets and computer systems against unauthorised entry. However, one area which is often largely ignored is the human factor of system security. Through social engineering techniques, malicious attackers are able to breach organisational security via people interactions. This paper presents a security awareness training framework, which can be used to train operators of critical infrastructure, on various social engineering security threats such as spear phishing, baiting, pretexting, amongst others.

CROLL: An Expert System for Cyberanalysis of Networks

Article

Full-text available

Mar 2018

Cyberanalysis of Internet-of-Things (IoT) networks have garnered tremendous interest from both system developers and information theorists in the last several years. In fact, few cyberneticists would disagree with the development of the World Wide Web (WWW), which represents well-known principles of open network development. In order to realize this intent, we explore an application for cyberanalysis framework (CROLL), which we use to demonstrate on a real-world example of academic network.

Building scalable Machine Learning & AI Workflow Platforms Building scalable Machine Learning & AI workflow platforms

Book

Full-text available

Feb 2025

Hari Gupta

This book provides a comprehensive guide to designing, developing, and deploying scalable machine learning (ML) and artificial intelligence (AI) workflow platforms. It covers best practices for building robust AI pipelines, data engineering strategies, model training and deployment techniques, and optimizing ML workflows for efficiency and scalability.

Navigating cybersecurity training: A comprehensive review

Article

Apr 2025
COMPUT ELECTR ENG

Navigating Cybersecurity Governance: The Influence of Opportunity Structures in Socio-Technical Transitions for Small and Medium Enterprises

Article

Apr 2024
COMPUT SECUR

Supply Chain Management Security Issues and Challenges in the Context of AI Applications

Chapter

Feb 2024

Logistics generally relates to the careful preparation and performance strenuous activity. To meet the needs of customers or enterprises, logistics is broadly defined as managing the flow of items from their point of production to their location of consumption. According to studies, up to 90% of a company's sustainability consequences are attributable to its supply chain. These crucial supply chain flaws have been made public by the COVID-19 pandemic. Additionally, businesses are making many sustainability pledges because of legislative and consumer pressure for climate action. Current procedures have the potential to be streamlined with artificial intelligence (AI) innovation in logistics. Numerous developments are pushing automation to the top of the logistics CEO's agenda. The first step toward extensive optimization is automation, which many businesses have already adopted to maintain competitiveness.

Artificial Intelligence Applications in the Context of the Security Framework for the Logistics Industry

Chapter

Jan 2024

Artificial intelligence (AI) has a wide range of applications in logistics and supply chain management. With the help of AI, businesses can improve their planning activities, optimize their routes, manage resources more efficiently, and enhance their delivery effectiveness. AI-powered autonomous delivery systems are also gaining popularity as they enable faster and more reliable delivery of goods without the need for human intervention. By leveraging AI, businesses can analyze large amounts of data and gain insights into customer behaviour, demand patterns, and other critical factors that impact their logistics operations. This information can be used to create more accurate demand forecasts, optimize inventory levels, and improve the overall efficiency of the supply chain. Moreover, AI can also help businesses reduce costs by identifying areas of waste and inefficiency in their logistics operations. For instance, AI-powered algorithms can optimize delivery routes to reduce fuel consumption and transportation costs.

Acta Electronica Malaysia (AEM) UTILIZING BUSINESS ANALYTICS FOR CYBERSECURITY: A PROPOSAL FOR PROTECTING BUSINESS SYSTEMS AGAINST CYBER ATTACKS

Article

Full-text available

Aug 2023

In the age of digital transformation, businesses face an escalating challenge in managing cyber threats. The paper "Utilizing Business Analytics for Cybersecurity: A Proposal for Protecting Business Systems Against Cyber Attacks" delves into an innovative approach where the power of business analytics is harnessed to bolster cybersecurity defenses. An exhaustive exploration elucidates how data, a seemingly intangible asset, can be transformed into actionable insights that preemptively detect, mitigate, and counteract cyber threats. The discourse emphasizes the convergence of two distinct domains: business analytics and cybersecurity. This union is demonstrated to be synergistic, enhancing the capabilities of traditional cybersecurity methods. Predictive analytics forecast potential threats, behavioral analytics discern anomalies in user activities, and network analytics spotlight vulnerabilities in real-time. Moreover, the iterative nature of these analytical processes ensures a proactive and evolving defense mechanism. The paper underscores the myriad benefits of this integration, including efficient resource allocation, enhanced incident response, and the cultivation of an organizational culture centered on continuous learning. While the advantages are manifold, challenges are inherent. Issues related to privacy, data quality, and the necessity for regular model updates are discussed in depth. Furthermore, a detailed framework is proposed, guiding businesses in seamlessly incorporating business analytics into their cybersecurity strategies. From data collection and validation to model deployment and continuous monitoring, each stage is meticulously crafted to ensure maximum efficacy. In summation, the paper serves as both an enlightening exploration and a clarion call for businesses. In an era where threats evolve rapidly, the amalgamation of business analytics with cybersecurity presents a formidable solution, ensuring robust and resilient defenses.

Digitalizing Process Assessment Approach: An Illustration with GDPR Compliance Self-assessment for SMEs

Chapter

Aug 2023

While many regulations are highly prescriptive in informing regulated entities of what to do and how to do it, this is not the case with the General Data Protection Regulation (GDPR), which simply requires data protection principles (Art. 5) to be respected to ensure compliance. This compliance regime implies a liability shift between the regulator and regulated entities, with the latter becoming “responsible for, and […] able to demonstrate compliance with data protection principles (‘accountability’)” (GDPR, Art. 5.2). It is then up to the regulated entities to demonstrate they have implemented the “appropriate technical and organisational measures to ensure […] that processing is performed in accordance with” this regulation (GDPR, Art. 24.1). In addition, regulated entities must demonstrate that these measures are “reviewed and updated where necessary”. Due to a lack of resources, small and medium-sized enterprises (SMEs) struggle to identify both privacy requirements and the technical and organizational measures needed to meet them. To support the compliance of SMEs with GDPR, a regulatory technology has been developed based on the digitalization of a GDPR capability assessment approach. The proposed regulatory technology goes beyond the previous process assessment automation by considering the digitalization of identification and collection of objective evidence. After introducing the main features of this regulatory technology, the paper presents the results of its assessment process, measurement framework and assessment model conformity assessment. The paper also discusses the challenges and opportunities offered by the automation of the ISO/IEC 330xx series assessment framework.KeywordsGDPRCompliance self-assessmentSMEsorganizational and technical measuresISO/IEC 330xx

I Just Want to Help: SMEs Engaging with Cybersecurity Technology

Chapter

Jul 2023
Lect Notes Comput Sci

The cybersecurity landscape is particularly challenging for SMEs. On the one hand, they must comply with regulation or face legal sanction. But on the other, they may not have the resource or expertise to ensure regulatory compliance, especially since this is not their core business. At the same time, it is also well-attested in the literature that individuals (human actors in the ecosystem) are often targeted for cyber attacks. So, SMEs must also consider their employees but also their clients as potential risks regarding cybersecurity. Finally, it is also known that SMEs working together as part of a single supply chain are reluctant to share cybersecurity status and information. Given all of these challenges, assuming SMEs recognise their responsibility for security, they may be overwhelmed in trying to meet all the associated requirements. There are tools to help support them, of course, assuming they are motivated to engage with such tooling. This paper looks at the following aspects of this overall situation. In a set of four studies, we assess private citizen understanding of cybersecurity and who they believe to be responsible. On that basis, we then consider their attitude to sharing data with service providers. Moving to SMEs, we provide a general overview of their response to the cybersecurity landscape. Finally, we ask four SMEs across different sectors how they respond to cybersecurity tooling. As well as providing an increased understanding of private citizen and SME attitudes to cybersecurity, we conclude that SMEs need not be overwhelmed by their responsibilities. On the contrary, they can take the opportunity to innovate based on their experience with cybersecurity tools.KeywordsSMECybersecurityAwarenessTrainingSelf-EfficacyInnovationMixed Methods Secure System Modelling

Privacy, Safety, and Security in Extended Reality: User Experience Challenges for Neurodiverse Users

Chapter

Full-text available

Jul 2023
Lect Notes Comput Sci

Neurodevelopmental disorders are a group of disorders that affect the development of the nervous system, leading to abnormal brain function, which may affect emotion, learning ability, self-control, and memory. Such disorders include Attention Deficit Hyperactivity Disorder (ADHD), Autism Spectrum Disorder, specific learning disorders such as dyslexia, traumatic brain injury, and others. The effects of neurodiversity tend to last for a person’s lifetime. Neurodiversity (ND) has recently become a serious topic in cybersecurity because the perceived skills shortage has opened the door for ND candidates. However, ND introduces some cybersecurity challenges. For instance, in the educational domain, a minor manipulation of an online quiz design can have significant implications on the ability of students with ADHD to answer correctly. This type of manipulation can become a major vulnerability that can be exploited by skilled attackers and lead to a serious human-targeted Cyber-Physical System attack. Although the research community has dedicated significant research towards accessibility in the XR realm, there is still not a fair and adequate amount of research concerning potential immersive threats affecting neurodiverse users in XR. We need to shed light on a need for a revision in our collective understanding of risks brought on by XR technology.KeywordsAccessibilityCybersecurityExtended RealityNeurodiverse Users

A Novel Two-Routers Model Based on Category Constraints Secure Data-Dissemination-Aware Scheduling in Next-Generation Communication Networks

Article

Full-text available

Jun 2023
J NETW SYST MANAG

Data breaches are a critical issue and have become one of the top widespread risks in today’s data-driven digital environment. Hence, Secure data outsourcing is essential in today’s digital communications. The current interconnected network lack many core features, including privacy and security, which make it vulnerable to data leakages when transmitting sensitive information during critical circumstances (e.g., natural and human disasters). In this paper, we propose a network model that can be employed as a future private network paradigm to promptly and securely transmit confidential data, hence minimizing the chances of breaches. Our schemes provide the following contributions: (1) design a private novel network architecture to disseminate multilevel confidential packets using two routers; (2) Develop several heuristics to reduce an NP-hard problem to find an optimal solution for the studied problem; (3) Employee a developed scheduler for selecting the best algorithm that schedule packets securely and timely through two routers such that critical data packets associated to the same confidential level are prohibited from being transmitted at the same time; (4) conduct an analysis study to compare the developed heuristics and to prove the practicality of the proposed solution. The experimental results show the performance of the proposed heuristics. The results showed that the best heuristic is IFP2 in 84.4% of cases.

Small and Medium-Sized Enterprises’ Perceptions of the Use of Cloud Services

Article

Full-text available

Apr 2023

Although cloud computing is a rapidly evolving technology and is considered one of the key technological drivers of business digitalisation, it is still a challenge for many businesses to adopt it. Implementing the right cloud services is challenging and requires the right level of knowledge. In addition, the size of the company, its digital maturity and its financial situation are also critical factors, which are particularly relevant for small and medium-sized enterprises. Therefore, in this study, we focus on the situation of small and medium-sized enterprises regarding cloud services. To this end, we conducted qualitative research to examine the studies on cloud services, their trends, research directions, and research areas and to explore the relationship between the publications and their scientific embeddedness.

Machine Learning Algorithms and Approaches used in Cybersecurity

Conference Paper

Oct 2022

The Impact of Cyber Attacks on E-Governance During the COVID-19 Pandemic

Chapter

Mar 2022

A cyber-attack can damage data, computer programs, and network one or more computers through applying different methods and cybercriminal's activities to steal information. The increasing of new technologies among the users facilities them. The cyber-attacks are growing tremendously. E-governance is an application of IT and giving online services. These days the world is completely focused on creating social distance among the people, and billions of peoples around the world are working from home (online activities) and shops, and businesses are closed in the COVID-19 pandemic, which the WHO recommended. A remarkable cyber-crime has been recorded by the researcher's study in this environment, affecting society and businesses. This research's primary objective is to find cyber-attacks that steal information in the COVID-19 pandemic and assess the user loss. The results of five years have been compared on the machine learning techniques.

Cybersecurity Issues and Challenges for E-Government During COVID-19: A Review

Chapter

Mar 2022

Imdad Ali Shah

Cyber-attacks can steal information by applying different methods and activities of cyber criminals, thereby destroying data, computer programs, and networking on one or more computers. There is an increase in new technology among users, and it provides them with more convenience. On the other hand, cyber-attacks are increasing dramatically today. The world is completely focused on creating social distancing between people. During the WHO-recommended COVID-19 pandemic, billions of people around the world are working from home, with shops and businesses closed. In their investigation of the environment, researchers have uncovered a notable type of cybercrime that has an impact on society and businesses. The pandemic has accelerated the transition of government employees and businesses to an actual workplace ecosystem. Dramatic changes in the workplace have created new and multi-layered challenges in dealing with cybersecurity risks and threats. Cyber-attacks can create problems that are detrimental to the economy, human privacy, and national security. These attacks have different perspectives on the problem and need to be understood first. In this chapter, the authors highlight several essential concerns and challenges facing e-government development as well as different departments that provide e-services. They also focus on and peer evaluate the major concerns and challenges facing e-government growth from a holistic perspective, offering methodologies and policy recommendations to address them in a complete and inclusive manner.

Conceptualizing Cybersecurity Management Impact on Performance: Agility and Information Technology Governance

Conference Paper

Nov 2021

SME Cybersecurity awareness program 1

Technical Report

Full-text available

Mar 2020

This document provides a systematic literature review of previously executed studies that focused on cybersecurity awareness across small and medium-sized enterprises within the European Union. The study seeks to: (i) identify and classify the research papers published on the topic of cybersecurity awareness, (ii) analyse and evaluate the identified studies, (iii) summarise the detailed research results, and (iv) to make recommendations for future research.

A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs

Article

Apr 2021
DECIS SUPPORT SYST

The growing amount of cyberspace threats highlights the need to evaluate cybersecurity risks and to plan for effective investments. One document internationally recognized for cybersecurity risk management is the framework (Framework for Improving Critical Infrastructure Cybersecurity (Version 1.1), National Institute of Standards and Technology, 2014.) by the US National Institute of Standards and Technology (NIST). It provides guidelines, best practices and standards for cybersecurity risk management. Nevertheless, as other self-assessment frameworks, it produces a static view of an organization's cyber posture and does not capture the dynamics of organizational changes and cyberattacks. Moreover, the current situation sees small and medium enterprises (SMEs) in a critical position since they need to manage their cybersecurity while usually not enough skilled or equipped to internalize this process. Therefore, there is a need for a practical and easily applicable model able to identify a cybersecurity risk profile and its dynamics. This study proposes a system dynamics methodology and tool (SMECRA - SME Cyber Risk Assessment) for supporting cybersecurity investment decisions for SMEs through the evaluation of cyber risk and previous investments. SMECRA addresses dynamic organizational complexity and can be used to assess cyber risks and related dynamics over time. Three case studies demonstrate its capability to assess a SME's cybersecurity status and to evaluate investments impacts on an organization's risk profile, raising cybersecurity awareness. This study is important for SMEs wishing to manage their own cybersecurity risk and for insurance companies in their economic evaluation of residual risks that SMEs wish to externalize.

Internet of things and ransomware: Evolution, mitigation and prevention

Article

Full-text available

May 2020

Internet of things architecture is the integration of real-world objects and places with the internet. This booming in technology is bringing ease in our lifestyle and making formerly impossible things possible. Internet of things playing a vital role in bridging this gap easily and rapidly. IoT is changing our lifestyle and the way of working the technologies, by bringing them together at the one page in several application areas of daily life. However, IoT has to face several challenges in the form of cyber scams, one of the major challenges IoT has to face is the likelihood of Ransomware attack. Ransomware is a malicious kind of software that restricts access to vital information in some way and demand payment for getting access to this information. The ransomware attack is becoming widespread daily, and it is bringing disastrous consequences, including loss of sensitive data, loss of productivity, data destruction, and loss of reputation and business downtime. Which further leads to millions of dollar daily losses due to the downtime. This is inevitable for organizations to revise their annual cybersecurity goals and need to implement proper resilience and recovery plan to keep business running. However, before proceeding towards providing a practical solution, there is a need to synthesize the existing data and statistics about this crucial attack to make aware to the researchers and practitioners. To fill this gap, this paper provides a comprehensive survey on evolution, prevention and mitigation of Ransomware in IoT context. This paper differs from existing in various dimensions: firstly, it provides deeper insights about Ransomware evolution in IoT. Secondly; it discusses diverse aspects of Ransomware attacks on IoT which include, various types of Ransomware, Current research in Ransomware, Existing techniques to prevent and mitigate Ransomware attacks in IoT along with the ways to deal with an affected machine, the decision about paying the ransom or not, and future emerging trends of Ransomware propagation in IoT. Thirdly, a summary of current research is also provided to show various directions of research. In sum, this detailed survey is expected to be useful for researchers and practitioners who are involved in developing solutions for IoT security.

Botnet Command and Control Traffic Detection Challenges A Correlation based Solution

Conference Paper

Full-text available

Dec 2016

Botnet Command and Control Traffic Detection Challenges: A Correlation-based Solution

Article

Full-text available

Apr 2017

While high-speed computer networking and the Internet brought great convenience, a number of security challenges also emerged with these technologies. Amongst different computer network security threats, like viruses and worms, botnets have become one of the most malicious threats over the Internet. In this paper, we describe key research challenges in developing effective intrusion detection systems for botnet command and control traffic detection. Then, we outline a new approach to address such challenges, which is based on voting between intrusion detection methods to collaboratively identify command and control traffic. Each detection method analyzes the network traffic to detect one technique used for command and control communications. Four detection methods are initially investigated, these are: malicious IP address, malicious SSL certificate, domain flux and Tor connection detection. Initial analysis shows that the proposed voting-based intrusion detection significantly reduces the number of false positive alerts.

Fog Computing for the Internet of Things: Security and Privacy Issues

Article

Full-text available

Mar 2017

The inherent characteristics of Internet of Things (IoT) devices, such as limited storage and computational power, require a new platform to efficiently process data. The concept of fog computing has been introduced as a technology to bridge the gap between remote data centers and IoT devices. Fog computing enables a wide range of benefits, including enhanced security, decreased bandwidth, and reduced latency. These benefits make the fog an appropriate paradigm for many IoT services in various applications such as connected vehicles and smart grids. Nevertheless, fog devices (located at the edge of the Internet) obviously face many security and privacy threats, much the same as those faced by traditional data centers. In this article, the authors discuss the security and privacy issues in IoT environments and propose a mechanism that employs fog to improve the distribution of certificate revocation information among IoT devices for security enhancement. They also present potential research directions aimed at using fog computing to enhance the security and privacy issues in IoT environments.

Defence for Distributed Denial of Service Attacks in Cloud Computing

Article

Full-text available

Dec 2015

Cloud computing offers users high-end and scalable infrastructure at an affordable cost. Virtualisation is the key to unlocking cloud computing. Although virtualisation has great benefits to the users, the complexity in its structure, introduces unseen and forcible threats to the security of the data and to the system infrastructure. This investigates the exploitation of compromised virtual machines to execute large-scale Distributed Denial-of-Service (DDoS) attacks. A critical review of most recent intrusion detection and prevention systems to mitigate potential DDoS attacks is presented.

Intrusion Detection and Countermeasure of Virtual Cloud Systems - State of the Art and Current Challenges

Article

Full-text available

Jun 2015

Clouds are distributed Internet-based platforms that provide highly resilient and scalable environments to be used by enterprises in a multitude of ways. Cloud computing offers enterprises technology innovation that business leaders and IT infrastructure managers can choose to apply based on how and to what extent it helps them fulfil their business requirements. It is crucial that all technical consultants have a rigorous understanding of the ramifications of cloud computing as its influence is likely to spread the complete IT landscape. Security is one of the major concerns that is of practical interest to decision makers when they are making critical strategic operational decisions. Distributed Denial of Service (DDoS) attacks are becoming more frequent and effective over the past few years, since the widely publicised DDoS attacks on the financial services industry that came to light in September and October 2012 and resurfaced in the past two years. In this paper, we introduce advanced cloud security technologies and practices as a series of concepts and technology architectures, from an industry-centric point of view. This is followed by classification of intrusion detection and prevention mechanisms that can be part of an overall strategy to help understand, identify and mitigate potential DDoS attacks on business networks. The paper establishes solid coverage of security issues related to DDoS and virtualisation with a focus on structure, clarity, and well-defined blocks for mainstream cloud computing security solutions and platforms. In doing so, we aim to provide industry technologists, who may not be necessarily cloud or security experts, with an effective tool to help them understand the security implications associated with cloud adoption in their transition towards more knowledge-based systems.

Cyber Security Trends and Issues

Chapter

Mar 2008

Cyber attacks in mechatronics systems based on Internet of Things

Conference Paper

Feb 2017

Abdullahi Chowdhury

Internet of things (IoT) systems are becoming multidisciplinary day by day and integrating more and more mechanical, electrical, electronics, control and information disciplines. This integration is making mechatronics systems based on IoT easily available for public uses. Government organisations, different industries, healthcare systems and individual users are using these systems to store different kind of public, private, confidential and classified information. This is attracting cyber attackers to make cyber and cyber physical attacks to these systems. Currently, security policy researchers of both industries and academic institutes are analysing existing cyber attacks and are developing different types of techniques to protect the systems against potential cyber-threats and cyber attacks. This paper analyses the increasing exploitation of IoT based mechatronics system, which has created more opportunities for the current cybercrimes. Contemporary and important mitigation approaches for cyber-crimes have also been articulated in this paper.

Social Engineering Attack Strategies and Defence Approaches

Conference Paper

Aug 2016

This paper examines the role and value of information security awareness efforts in defending against social engineering attacks. It categories the different social engineering threats and tactics used in targeting employees and the approaches to defend against such attacks. While we review these techniques, we attempt to develop a thorough understanding of human security threats, with a suitable balance between structured improvements to defend human weaknesses, and efficiently focused security training and awareness building. Finally, the paper shows that a multi-layered shield can mitigate various security risks and minimize the damage to systems and data.

That ’Internet of Things’ Thing

Article

Jan 2009

Kevin Ashton

Two thirds of large UK businesses hit by cyber breach or attack in past year. http://www.agcs.allianz.com/global-oces/united-kingdom/newspress-uk/allianz-risk-barometer-2016-press-uk [Online

Allianz

Allianz. 2016. Two thirds of large UK businesses hit by cyber breach or aaack in past year. =hhp://www.agcs.allianz.com/global-ooces/united-kingdom/newspress-uk/allianz-risk-barometer-2016-press-uk/. (2016). [Online; accessed 8June-2017].

security-annual-threat-report2016-white-paper-197571.pdf,. (2016) [Online; accessed 8 [Online

Jun 2016

Dell

Dell. 2016. Dell Security Annual reat Report 2016. =hhp://www.neehreat.co.uk/assets/assets/dell-security-annual-threat-report2016-white-paper-197571.pdf,. (2016). [Online; accessed 8-June-2017]. [9] FBI. 2016. Public Service Announcement. =hhps://www.ic3.gov/media/2016/160317.aspx,. (2016). [Online; accessed 8-June-2017]. [10] FDA. 2016. Cybersecurity Vulnerabilities Identiied in St.

reeye.com/current-threats/annual-threat-report/mtrends.html,. (2017) [Online; accessed 8

Jun 2016
3436717

Fireeye

FireEye. 2017. M-Trends 2017 Cyber Security Trends. =hhps://www..reeye.com/current-threats/annual-threat-report/mtrends.html,. (2017). [Online; accessed 8-June-2017]. [12] Gartner. 2016. Gartner Says Organizations Must Update eir Network Access Policy to Address AAack of IoT Devices. =hhp://www.gartner.com/newsroom/id/3436717. (2016). [Online; accessed 8-June-2017].

Two thirds of large UK businesses hit by cyber breach or aack in past year. =https://www.gov.uk/government/news/two-thirds-of-large-ukbusinesses-hit-by-cyber-breach-or-aack-in-past-year. (2016) [Online

Gov.co.uk. 2016. Two thirds of large UK businesses hit by cyber breach or aaack in past year. =hhps://www.gov.uk/government/news/two-thirds-of-large-ukbusinesses-hit-by-cyber-breach-or-aaack-in-past-year. (2016). [Online; accessed 8-June-2017].

Estimating the global cost of cybercrime

Mcafee

McAfee. 2014. Estimating the global cost of cybercrime. h ps://www.mcafee. com/de/resources/reports/rp-economic-impact-cybercrime2.pdf. (2014). [Online; accessed 19-July-2017].

Hackers Spend Over 200 Days Inside Systems Before Discovery. =https://www.infosecurity-magazine.com/news/hackers-spend-over-200-daysinside [Online; accessed 8

Phil Infosecurity Magazine
Uk Muncaster
Emea News
Reporter

Infosecurity Magazine Phil Muncaster UK / EMEA News Reporter. 2015. Hackers Spend Over 200 Days Inside Systems Before Discovery. =hhps://www.infosecurity-magazine.com/news/hackers-spend-over-200-daysinside/,. (2015). [Online; accessed 8-June-2017].

Roundup Of Internet of ings Forecasts And Market Estimates

Jun 2015

Louis Columbus

Louis Columbus. 2015. Roundup Of Internet of ings Forecasts And Market Estimates, 2015. =h ps://goo.gl/I90ewy. (2015). [Online; accessed 8-June-2017].

Dell Security Annual Threat Report =http://www.neshreat.co.uk/assets/assets/dell-security-annual-threat-report-2016-white-paper-197571.pdf,. (2016) [Online; accessed 8

Dell

Hackerpocalypse Cybercrime Report

Jun 2016

Cybersecurity Ventures

Cybersecurity Ventures. 2016. Hackerpocalypse Cybercrime Report. =h p://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/. (2016). [Online; accessed 8-June-2017].

M-Trends 2017 Cyber Security Trends. =https://www.reeye.com/current-threats/annual-threat-report/mtrends.html,. (2017) [Online; accessed 8

Fireeye

Gartner Says Organizations Must Update Their Network Access Policy to Address Aack of IoT Devices [Online; accessed 8

Gartner

Vault 7: CIA Hacking Tools Revealed

Jan 2017

Wikipedia

Wikipedia. 2017. Vault 7: CIA Hacking Tools Revealed. =h ps://wikileaks.org/ciav7p1/index.html,. (2017).

Public Service Announcement

FBI. 2016. Public Service Announcement. =h ps://www.ic3.gov/media/2016/160317.aspx,. (2016). [Online; accessed 8-June-2017].

Cybersecurity Vulnerabilities Identified in St. Jude Medical's Implantable Cardiac Devices and Merlin

FDA. 2016. Cybersecurity Vulnerabilities Identi ed in St. Jude Medical's Implantable Cardiac Devices and Merlin. =h ps://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm535843.htm.. (2016). [Online; accessed 8-June-2017].

Gartner Says Organizations Must Update Their Network Access Policy to Address Attack of IoT Devices

Gartner

Gartner. 2016. Gartner Says Organizations Must Update eir Network Access Policy to Address A ack of IoT Devices. =h p://www.gartner.com/newsroom/id/3436717. (2016). [Online; accessed 8-June-2017].

Two thirds of large UK businesses hit by cyber breach or attack in past year

Co Gov

Gov.co.uk. 2016. Two thirds of large UK businesses hit by cyber breach or a ack in past year. =h ps://www.gov.uk/government/news/two-thirds-of-large-ukbusinesses-hit-by-cyber-breach-or-a ack-in-past-year. (2016). [Online; accessed 8-June-2017].

Connected devices create millions of cyber security weak spots

Jun 2016

Financial Times. 2016. Connected devices create millions of cyber security weak spots. =h ps://www..com/content/a63b2de8-992c-11e6-8f9b-70e3cabccfae. (2016). [Online; accessed 8-June-2017].

A state of the art survey - Impact of cyber attacks on SME's

Abstract

No full-text available

Recommended publications

Cyber security threats and risk mitigation measures in internet of things

Analysis of Cyber Security Vulnerabilities in Corporate Networks

Refining the PoinTER “human firewall” pentesting framework

Smart Grid Cyber Security and substation Network Security