Cyber Security: A Review of Cyber Crimes,Security Challenges and Measures to Control

Abstract

The proliferation of the Internet’s interconnections has led to a substantial increase in cyberattack incidents, often with devastating and grave consequences for the organizations and their associated clientele. The pandemic of COVID-19 has pushed most organizations towards digital transformation. The higher dependence of a firm on digital infrastructure makes it more vulnerable to cyber-crimes. The existing literature suggests that the most notable and frequently chosen weapons of attackers are Internet of things (IoT) attacks, phishing attack, malware attack, distributed denial of service (DDoS) attack and structured query language (SQL) injection attack. In this study, an attempt has been made to generate a protection framework from these cyberattacks. In doing so, the present research has adopted a systematic stepwise process of investigation. The research method consists of four components. First, through bibliometric analysis in VOSviewer, authors identified the scope for searching the related literature published worldwide and generated visualization for comprehension. This step led to the selection of 60 research articles for further analysis. After that, each security threat’s MAXQDA software word tree was developed, representing its linkages with possible security solutions and control measures. Lastly, they adopted expert elicitation protocol through semi-structured interviews with six corporate IT experts and five academic experts. The synthesis of information gathered leads to the development of a suggestive protection framework for the organizations.

Keywords

Cyber Threats Cyber Security Bibliometric Analysis Word Tree

Introduction

The acceleration of cyberattack cases in various organizations during the pandemic poses a severe threat like that of the coronavirus; while the latter claims lives, the former erodes billions from the organizations. The new phase of the internationalization of business depends upon digital connectivity. Digital technology is one of the main drivers of globalization. The growing connectivity through digital mediums is creating less dependence on physical presence. Moreover, due to the COVID-19 pandemic, customers feel secure in digital avenues. However, one of the main concerns in digitally enabled transactions today is security and privacy. Cyberattackers’ movement through their target networks is analogous to how a virus-like COVID-19 moves through the human body (Scroxton, 2020).

Further, augmented dependence on digital technology for business development has been marred by security concerns. Security is one of the primary and ongoing concerns deterring customers and organizations from engaging in digital transactions. There are many types of threats based on frequent occurrence, as suggested by the literature (Aravindan et al., 2020; Loukas et al., 2013; Segal et al., 2011). The present research delves into malware, phishing, structured query language (SQL) injection attacks, Internet of things (IoT) attacks and distributed denial of service (DDoS) attacks. As described by Razak et al. (2016), ‘Malicious software (malware) is a computer program designed to create harmful and undesirable effects. It is considered as one of the many dangerous threats for Internet users’. The most common types of malware are ‘rootkit’, ‘botnet’, ‘worm’, ‘spyware’ and ‘trojan horse’. Malware is a significant security threat for businesses that rely on the internet (Eeten & Bauer, 2008). The scale and impact of malware also depend upon legitimate market players’ behaviour and risk management techniques such as e-commerce companies.

Another typical attack is a phishing attack. As posited by Shaikh et al. (2016), ‘Phishing is a rapidly growing threat in the cyber world and causing billions of dollars in damage every year to organizations and customers’. It is an illegal activity that employs social engineering and technology to gather sensitive information. Burke (2021) states that phishing attacks are a significant security threat that is increasing manifold every year. The attackers take the benefit of human glitches, which allows them to access the entire corporate network.

According to Lopez (2014), the digital business environment is changing customer outlook and business models. It is altering the way businesses are conducted. The networking with customer, partners and suppliers are all conducted digitally. This speeds up the pace of the business. It is changing the competitive landscape of business. Some online articles state that digital technology is the building block of digital business. Organizations increasingly use the IoT as the main ingredient of the digital technologies mix. IoT presents an array of modern applications, including better product-line management, the enhancement of the output and better dealing with suppliers. One threat that hovers on IoT-based applications is a cyberattack exploiting the data obtained illegally to hamper an organization’s database (Rose et al., 2015).

The other type of cyberattack is DDoS attacks, exposing the database and posing grave danger to its security. Ansari and Shevtekar (2011) posited that cybercriminals are professionals and are involved in such activities because of financial motives. Kumar (2004) demonstrated the case of a highly catastrophic distributed DoS attack in which millions of Internet servers exploit as packet reflectors. The author stated, in conclusion, ‘the need to protect innocent internet servers’. Lastly, the cyberattack which is being experienced most recently by many organizations is called an SQL injection attack. Halfond and Orso (2005) realized that these attacks could pose a significant threat to organizations in the future. Therefore, they called for a need to research and devise strategies to prevent them a decade back. Kareem et al. (2021) stated, ‘SQL injection attacks pose a serious security threat to web applications. They allow attackers to obtain unrestricted access to the databases underlying the applications and the sensitive information these databases contain’. The sensitive information is customers’ data and other confidential organizational information.

In today’s digitized business environment, a vital issue for every organization is the protection against cyberattacks. To curtail such occurrences of cyberattacks, the present research aims to develop a suggestive protective framework through a qualitative analysis involving bibliometric analysis, extensive literature review, computer-aided data analysis and expert elicitation protocol.

In the research presented, the authors seek to make conceptual contributions to an emerging research domain by proposing a consolidated framework of cyber-threat control measures. The study is organized into seven sections. The initial section reviews cyber threats and the different types that are most commonly prevailing nowadays. The second section focuses on the objectives and methodology involved in the study. The third section involves bibliometric analysis to reveal the theoretical base of the topic. The fourth section encompasses the extensive research review and computer-aided qualitative analysis. The following section covers the expert elicitation protocol to provide a robust structure to study and substantiate the findings from the literature’s qualitative inquiry. Lastly, the conclusion and future implications of the study have been discussed.

Research Objectives and Methodology

This section covers the objectives and methodology used in the study. The study aims to create awareness and provide a protective framework to organizations against cyber threats.

The key objectives of this study are to do the following:

Conduct a detailed analysis of five cyber threats and security concerns surrounding the business.

Execute a stepwise qualitative analysis involving bibliometric analysis, extensive literature review, computer-aided data analysis and expert elicitation protocol.

Synthesize protection measures and techniques after detailed analysis and propose a protective framework to organizations as a tool to curtail the events of cyber-crimes.

To achieve these objectives, the research is conducted in four phases. The first phase is the bibliometric analysis. Authors instrumentalized the ‘Dimensions’ and ‘Scoups’ databases to search for the research articles published in the time duration of ten years 2011–2021. The authors identified 324 articles that focused broadly on the theme of cyber-crime and cyber-security. These were analysed using VOSviewer software. The data is used for generating co-citations of sources graph, authors’ country map and authors’ organizations’ map. Then, the authors selected 60 research articles and reports focusing closely on cyber-security issues; this phase involved the manual investigation of the literature for eliciting the latest information on cyber threats and measures to control as reported. To avoid manual error, at this stage, MAXQDA Analytics Pro software is used to generate the word cloud and word trees. To substantiate the finding as generated from the qualitative inquiry in the earlier steps, the last phase of the research conducts structured in-depth interviews in online mode with six industry and five academic experts. The experts were contacted through email to elicit their approval. Out of 20 experts, 11 gave their consent. Figure 1 depicts all the phases involved in the research methodology.

Figure 1.

Source: The authors.

Bibliometric Analysis

As the first step of this study, the bibliometric analysis aims at uncovering the theoretical base of the topic under investigation. Co-citation analysis of sources was developed. As stated by Pampel (2004), ‘This analysis is an exploratory data analysis based on graph theory, and it represents the data in the form of nodes and edges. Each node represents a source and link showing co-citation relationship’. The closeness in journals in the diagram indicates the linkages of the journals in terms of co-citation links. The degree to which two journals are cited means a likeness in the journal’s scope and the theme of the research article. In this study, 324 documents with 2,265 cited sources were identified based on the similarity with the topic, as shown in Figure 2. The software classified the sources into three clusters in different colours based on similarity. The green cluster consisted of 121 sources and included journals that are mainly related to general cyber security threats; the prominent journals are Journal of Management Information, Information and Management, Information System Frontiers and The Journal of Strategic Information. The red cluster with 97 sources focused on the relevant research on the cyber threat of malware and phishing attacks. The prominent journals are IEEE Security and Privacy, Computer Fraud and Security and Risk Analysis. The blue cluster grouped 106 sources, mainly highlighting research on cyber threats and IoT and DDoS attacks. The journals in this cluster included Computers in Human Behaviour, Cyberpsychology Behaviour and Social Networking and Journal of Business Ethics.

Figure 2.

Source: The authors.

As presented in Figure 3, the authors’ country map revealed that most of the studies related to cyber security, threats and measures to control are from countries such as the United States, the United Kingdom, India, Canada, South Korea, and Spain. There are visibly prominent interconnections between the authors from USA and UK. Further, as presented in Figure 4, the authors’ organization map helps understand the organizations/universities that contributed the research in cyber threat and security. The interlinkages between them indicate the association of authors from these organizations. The most notable ones are the Indian Institute of Technology Delhi, The University of Texas, Oxford University, University of South Florida, and Michigan State University. Conducting the bibliometric analysis in this section enables the authors to understand the intellectual base of the topic.

Figure 3.

Source: The authors.

Figure 4.

Source: The authors.

Case Studies

Extensive Research Review and Computer-Aided Qualitative Analysis

Extensive research was undertaken to explore the five most commonly occurring security threats in organizations, namely, phishing, malware, IoT, DDoS and SQL injections. In this section, along with a manual investigation of research papers, reports and articles, computer-aided qualitative data analysis is conducted. This involves the creation of word trees about each cyberattack as present in the following sections

Phishing Attack and Measures to Control

A massive phishing attack on Sony Picture Entertainment in 2014 jolted the company thoroughly; hackers used phishing emails to breach company networks, including many top Sony executives, as per McClure’s data. Now, phishing is spreading everywhere and growing as the most common type of cyberattack (Schwartz, 2021). The most common type of cybercrime in 2020 was phishing; as per FBI Internet Crime Report 2020 (2021), the victim count is 241,342. It is done through fraud emails, e- communication or instant messages that are designed to lure the target. Fraud communication or email appears from a trustworthy source, and it steals data or installs malware on a victim’s device (Day, 2020). As per Verizon’s (2021) Data Breach Investigations Report (DBIR), the pandemic outbreak leads to a rise in phishing emails by cybercriminals; 1.5 million phishing sites are generated every month, and 50% of these sites use HTTPS (Purplesec, 2021). About 75% of organizations worldwide experienced some kind of phishing attack in 2020, and 96% of the phishing attacks arrived by email (Rosenthal, 2021). Also, the average cost of a data breach is $3.92m, and the average cost per compromised record is $150. Additionally, Wandera (2020) stated that ‘a new phishing website online is released every 20 seconds’. The most commonly occurring phishing attacks are deceptive, spear, whaling, smishing and pharming. In deceptive phishing, swindlers imitated a legitimate company to steal people’s data or login credentials (Retarus, 2020). Organizations need to be wary of imitating partners (Gannon & Haas, 2020). In December 2020, Elara Caring, the US healthcare provider, exposed the personal details of over 100,000 elderly patients as attackers gained access to the employees; email accounts for an entire week (Haworth, 2021a). Spear phishing is the most common on social media sites. In this, fraudsters use more personalized information and emails from recognized senders. In September 2019, a list of top 50 innovative companies worldwide faced a spear-phishing attack (Team Armorblox, 2020). The email contained an attachment redirecting to a fake Microsoft Office 365 login page and disguised the fraudulent web page. In a whaling attack, scamsters harpoon executives and steal their login details. In 2016, Austrian aerospace manufacturer, FACC, fired its CEO as its supervisory board found an incident to have been a whaling attack in which the firm was defrauded out of $55.8 million (Muncaster, 2016). Further, in November 2020, an Australian hedge fund, Levitas Capital, was forced to close after suffering reputational damage due to a whaling attack via a fake Zoom link (Tessian, 2021). In smishing, digital fraudsters contact targets by SMS/text message using a phone. The scamster mimics known entities in order to steal sensitive data or funds. In September 2020, Apple lovers became the victim of a smishing campaign. They were told via SMS texts that they had earned a chance to test the new iPhone 12. In actuality, the operation used a bogus online gateway to steal the payment card information of its victims. In the end, the ad directed victims to pay a delivery fee (Ducklin, 2020). Pharming utilizes a technique known as cache poisoning to attack the domain name system (DNS), which allows an attacker to redirect users to a malicious website even if they type in the proper URL. Over 300,000 small business and home office routers in Europe and Asia were compromised by an attack revealed by Team Cymru in 2014 (Ashford, 2014). To control the phishing attack, users should scrutinize all URLs and be alert to fake emails, websites, text messages or voicemails. They should also check for legitimate redirection to avoid an unknown and suspicious website (Tripwire, 2020). If one receives an unpredicted message inciting to open an unknown attachment, only do so if one is confident the sender is a trustworthy source. There should be frequent company-wide password changes and multifactor authentication implemented for all users of its systems (Kaspersky, 2019). Close out of the bad link immediately if accidentally clicked, first run an antivirus check, and then change the password and security questions. Also, companies should conduct employee security awareness training and limit sharing of sensitive personal or professional information on social media. Further, companies should invest in automated solutions to analyse emails (Proofpoint Staff, 2015). Security awareness training of executives along with their employees should be mandated on an ongoing basis. If a communication appears to create fear, respond quickly and be cautious—this is a frequent tactic used by hackers. It’s most likely a hoax if someone is contacted about what appears to be a once-in-a-lifetime opportunity. To guard against pharming attacks, agencies must inspire personnel to go into login credentials handiest on HTTPS-blanketed sites. Companies must also set up antivirus software programs on all company gadgets and enforce virus database updates on a normal basis. Finally, they must live on the pinnacle of safety enhancements issued via a dependent Internet service provider (ISP). Lastly, based on the data gathered through research reports, articles and papers, we generate a word tree for phishing attack controlling measures given in Figure 5.

Figure 5.

Source: The authors.

Malware Attack and Measures to Control

Malicious software, commonly known as malware, is a danger to computers. It’s an intrusive programme that cybercriminals create with the intent of stealing data to gain access to or destroy a computer (Brunau, 2018). A malware attack occurs when cybercriminals write malicious software and install it on another person’s device without their knowledge to access personal information or damage the device for financial benefit. Malware attacks can affect many devices and operating systems, including Windows, macOS, Android and iOS. One form of malware attack that is becoming more prevalent is ransomware attacks. On mobile devices, it increased by three times in 2018 compared to the previous year. The majority of malware attack incidents took place in the United States (Fintech News, 2020). Ransomware, trojan, spyware, adware and fileless malware are all examples of malware. Ransomware is a malware that encrypts data and prevents the target from accessing it until a ransom is paid. As per Verizon’s (2021) DBIR, 10% of breaches involved ransomware, which doubled last year’s frequency. The WannaCry ransomware attack costs more than $100 million, according to the National Health Service. The initial cost of the attack was estimated to be over $25 million.

As per the suggestions given in research reports, first, it’s critical to have systems that constantly monitor and detect malware that has gotten past perimeter protection. Multiple layers of security and high-level network visibility and intelligence are required for effective, sophisticated malware defence. Computer software updates should be downloaded and installed as quickly as is feasible. Software updates are vital because they patch security gaps and address or remove computer flaws detected. Back up data regularly to an external hard drive or use a cloud storage service if it’s infected by malware. Based on the database as collected through research reports, a word tree is developed, as shows in Figure 6.

Figure 6.

Source: The authors.

DDoS Cyberattack and Measures to Control

DDoS is a malicious attempt to disrupt the services offered by a network resource and make them unavailable to the users. DDoS attacks are carried out with networks of Internet-connected machines. These networks encompass computers and other devices infected with a virus (Haworth, 2021b). In this type of attack, the incoming traffic originates from multiple sources called ‘bots’. A bot is a computer device compromised by an attacker. A network of bots is called Botnet. DDoS attacks come in various shapes and sizes, and they all aim to disrupt your network or systems in some way (Cloudflare, 2021a). They include volumetric attacks, application-layer attacks and protocol attacks. The most typical sort of DDoS assault is solumetric attacks. By sending a large number of fake requests to every open port, a bot overwhelms the network’s bandwidth.

In 2020, a New Zealand Stock Exchange was hit by a series of DDoS attacks, which took their service offline for two days. Impacted systems included websites and announcement platforms (Haworth, 2020). In February of 2020, Amazon Web Services (AWS) stated that it had successfully mitigated a significant DDoS attack. Incoming traffic peaked at 2.3 terabits per second during this attack. AWS did not disclose the customers targeted by the hack. The attackers used Connection-less Lightweight Directory Access Protocol (CLDAP) web servers that had been hacked. In October 2016, a DNS provider called Dyn was hit by a massive DDOS attack. This attack led to the disruption of many significant sites such as Airbnb, PayPal, Amazon, Netflix and many more. One should create incident response plan as the measures to control DDoS. It is good to have a clear response methodology to deal with such cyberattacks. Install protection tools such as Web Application Firewall, IDS, IPS and antivirus software. Keep everything updated to make sure that all the issues are patched. Allow as less user error as possible. Prevent and respond with an in-house intrusion prevention system. Identify the symptoms of a DDoS attack as early as possible to the action and mitigate damage. Educating the team on signs of DDoS attacks and alerting them the on warning signs is helpful. The word tree in Figure 7 presents all the measures to control DDoS attacks in organizations based on the literature data provided as input to the software.

Figure 7.

Source: The authors.

Figure 8.

Source: The authors.

IoT Attack and Measures to Control

When attackers try to breach the security of an IoT device or network, they are called IoT attacks. Attackers can steal or alter sensitive data, add IoT devices to a botnet or seize control of a system when devices are hacked. The first half of 2021 saw more than 1.5 billion attacks on IoT devices. This is up from the 639 million in the previous half-year. The volume is more than twice the volume of the previous six months (Seals, 2021b). Attacks on IoT devices increase as users increase the use of intelligent devices. Hackers target organizations involved in the increased use of digital technology. According to a study by researchers at the Massachusetts Institute of Technology (MIT) and the University of British Columbia (UBC), an attacker can access the entire IoT/Operational Technology (OT) network if the SIP protocols are hacked. The vulnerability can be exploited remotely, which means that the victim doesn’t have to do anything (Newman, 2019). Industrial control boards connected to the IoT can also be hacked. Manufacturing equipment or employees could suffer severe damage (Brizinov, 2021). Data thieves armed with spyware can take advantage of Bluetooth chip vulnerabilities (O’Donnell, 2020). Researchers from the University of Singapore discovered flaws that allow smart gadgets to execute code (Seals, 2021a). To control the IoT attack, devices must employ up-to-date software components with no known vulnerabilities and must have sufficient access and controls on essential configuration files (Huey and Windsor, 2021). Device manufacturers must be vigilant and should promptly fix newly found vulnerabilities before they are weaponized (Cimpanu, 2020). Users must ensure that the devices are configured correctly, and that any data collected by the devices are appropriately secured and accounted for (McMillen, 2021). Organizations must be aware that their IoT devices may be hacked and should adopt mitigation procedures as a result (Shah, 2018). In the case of a security breach, incident response teams should be ready to respond. According to Gartner, privy access management (PAM) for all devices is critical for reducing IoT security risks and ensuring that IoT networks cannot be hijacked. They should have password complexity, password expiration, account lock-out and one-time passwords that force users to change the device’s default credentials when setting it up. Network administrators that use appropriate IoT identity and access management solutions can use a variety of device authentication capabilities to limit the risk of IoT attacks. Responsible manufacturers should ensure that the embedded software or firmware in their products is completely safe. When vulnerabilities in their IoT devices are uncovered, they should issue security upgrades. Based on the reports, a software-generated word tree, as given in Digure 8, is presented.

SQL Injection Attack and Measures to Control

SQL injection is a web security vulnerability that allows an attacker to access information that is generally only available to the user. An attacker can employ a SQL injection attack to compromise the underlying server, launch a denial-of-service attack or modify the application’s content on a long-term basis. Unauthorized access to sensitive data can come from a successful SQL injection attack (Weiss, 2012). Such attacks have resulted in several high-profile data breaches. A persistent backdoor into an organization’s systems can sometimes result in a long-term compromise that goes unreported for a long time. Unauthorized viewing of user lists, the destruction of entire tables and, in some situations, the loss of administrative powers may all come from a successful attack. An SQL injection vulnerability affects a web page or web application. In 2018, Cisco Prime License Manager was discovered to have a SQL injection vulnerability. As a result of the flaw, attackers could get shell access to systems running the licence management. Cisco has addressed the vulnerability. Fortnite is a popular online game with a global audience of over 350 million players. A SQL injection vulnerability was discovered in 2019 that allowed attackers to get access to user accounts.

Therefore, to curb these attacks, organizations must employ ways to deter them. Validating user input is a frequent initial step in mitigating SQL injection attacks. They should establish an allow-list for all valid assertions after identifying the essential ones. Input validation or query redesign are terms used to describe this procedure. In addition, organizations should configure user data inputs based on context (Kerner, 2010). Vulnerabilities in apps and databases that can be exploited with SQL injection are identified regularly (OWASP, 2021). Businesses must stay updated on the latest developments and implement upgrades as quickly as possible. This includes maintaining all components of web application software up-to-date (Goldman, 2018). It is strongly recommended to use a software or appliance-based web application firewall (Ingalls, 2020). With the recent revelation of supply-chain hacks in 2020, many organizations are turning to National Institute of Standards and Technology (NIST) and other security checklists to harden their operating systems and applications (Ingalls, 2021). This entails discarding or securing any database functionalities that are no longer required. Common mistakes that increase SQL injection attack risk include cross-site scripting, obsolete software, unpatched vulnerabilities, injections and weak passwords (Robb, 2021). As presented in Figure 9, a word tree links all the possible measures to control the SQL injection attack. Figure 10 gives a pictorial representation of the data (literature) we used in this study through a word cloud.

Figure 9.

Source: The authors.

Figure 10.

Source: The authors.

Expert Elicitation Protocol

As suggested by Cains et al. (2021), the model called ‘Expert Elicitation Protocol’ has been adapted. As stated by Knol et al. (2010), ‘expert elicitation is a structured approach to consult experts on uncertain issues systematically’. This method is used for developing qualitative issues such as ‘definitions’, ‘assumptions’, and ‘concepts’. In our study, six industry experts and five academicians with established research profiles are selected for the in-depth structured interviews. Authors sought the interviewees’ approval for participation through email. After that, an online discussion was arranged. The discipline and research area of participants are as present in Table 1. The authors asked questions through a systematic interview guide. This process augmented the validity of the conclusion given in the last section of this research.

Table 1.

Discipline and Research Area of Interview Participants

Security informatics	Cyberattacks	Information security	Blockchain
Security and network security	Computer security	Network security	Security auditing
Risk analysis	Wireless security	Operational security	Security threat
Cyber crimes	Cyber vulnerability	Application security	SQL injection
Cyber security	Cyber defence	Business continuity planning	Hybrid cyberattacks

Source: The authors.

Table 2.

Interview Guide

· How do you define cyber security?

· What all are the possible cyber threats endangering the organization’s security.

· According to you, which are the most frequently occurring cyber-crimes?

· What ways can an organization employ to make its system cyber-crime-proof?

· What is an IoT threat?

· What measures can be employed to curtail IoT threats?

· What is a DDoS attack?

· What measures can be adopted to restrict it?

· What is malware?

· How can a business protect itself from malware?

· What is a phishing attack?

· What are the ways to prevent phishing attacks?

· What are SQL injections attacks?

· How does SQL injection attack hamper the security of an organization?

Source: The authors.

Table 3.

Interview Excerpts

Defining cyber security
‘Cybersecurity refers to the protection of hardware, software and data from attackers. The primary purpose of cyber security is to protect against cyberattacks like accessing, changing or destroying sensitive organizational information’.
‘It protects the business against ransomware, malware, social engineering and phishing’.
‘It protects end-users’.
‘It gives good protection for both data and networks’.
‘Increase recovery time after a breach’.
‘Cybersecurity prevents unauthorized users’.

Cyber threats endangering organizations
‘Malware’
‘Denial of service’
‘Phishing attacks’
‘Man in the middle’
‘SQL injection’
‘Password attacks’
‘Internet of things’
‘Identity theft’
‘Website defacement’
‘Private and public web browser exploits’
‘Server threat’

IoT attacks
‘Individual devices that connect to the internet or other networks offer an access point for hackers’.
‘When the cybercriminals target devices run from the internet such as smart home and internet of things (IoT) devices, TVs, voice assistants, etc. to snip information’.
‘When hackers access the important organizational information for ill-use such as login information’.

DDoS attack
‘Malicious attempt to disrupt the normal traffic of a targeted server, service or network’.
‘The DDoS attack will send multiple requests to the attacked web resource—to exceed the website’s capacity to handle multiple requests/.
‘A DDoS attack involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic’.
‘A DDoS is a cyberattack on a server, service, website or network flood it with Internet traffic’.

Malware attack
‘Malware is a blanket term for viruses, trojans and other destructive computer programs threat’.
‘Provide remote control for an attacker to use an infected machine’.
‘Send spam from the infected machine to unsuspecting targets’.
‘Investigate the infected user’s local network’.
‘Steal sensitive data’.

Phishing attack
‘Phishing is a cyberattack that uses disguised email as a weapon’.
‘Phishing is a way of identity theft that depend on individuals unintentionally volunteering personal details or information that can be used for immoral purposes’.
‘ Phishing may also occur in the form of emails or texts from scammers that are made to appear as if they are sent from a legitimate business’.

SQL injection
‘SQL injection is a code injection method used to attack data-driven applications; in these, malicious statements are inserted into an entry field for execution’.
‘Attackers use SQL injection vulnerabilities to bypass application security measures’.
‘Attackers use SQL injections to find the credentials of other users in the database. They can then impersonate these users’.

Measures to control as per experts’ panel
‘Training of staff’
‘Encrypt and backup data’
‘Conduct regular audits
‘Restrict admin rights’
‘Multifactor authentication’
‘Malware scanner’
‘Monitoring’
‘Remove redundancies’
‘Involve government authorities’
‘Data encryption’
‘Use of firewalls’
‘Setting up of security advisory board’

Source: The authors.

Conclusion and Future Implications

It is essential to develop a comprehensive understanding of the potential cyber risks that organizations encounter in the contemporary digital business environment. Given the multidisciplinary nature of cyber risks and the pervasiveness of security concerns in society, it is pivotal to study cyber threats and security in an organizational context.

As identified in this study, the most commonly occurring recent cyberattacks in organizations are malware, phishing, DDoS attacks, IoT attacks and newly recognized SQL attacks. These attacks steal, destroy and alter confidential organizational information through unauthorized access. Cyber attackers target financial data, trade secrets, product designs and sensitive customer data by attacking a company’s IT system and infrastructure. To prevent this, current research proposed a protective framework to safeguard organizations from the most frequently occurring attacks. Based on the process elaborated in the methodology section, the present study suggested a composite framework of cyber security as shown in Table 4. Organizations can use the same as a ready tool to deter cyber-security attacks. As per the most frequently occurring cyberattacks, the protective framework divides into five parts consisting of measures to deal with each type of threat. Authors suggest the steps of regular audits, staff training, set-up of advisory board, installation of antivirus, two-factor authentication, being ready to implement an action plan, removal of redundant software, alert on fake emails, ensuring high standard security infrastructure and installing multi-level protection. In the composite framework presented, each type of cyberattack has some primary set of protection measures that can reduce the vulnerabilities and produce a safer organizational environment.

Table 4.

Composite Framework of Cyber Security

Attacks
Measures to Control	Phishing	Malware	DDoS	IoT	SQL Injection
Measures to Control	• Alert on fake mails • Install Anti -virus software • Restrict Admin rights • Monitoring • Setup Security Advisory Board	• Firewalls • Audits • Staff Training • Remove Redundant Software • Install Anti - virus • Anti – Ransome • Anti - Exploit	• Involve Govt Authorities • Be ready with response plan • Have multi – level protection • Prevention Management • Educate team for signs of DDoS • Ensure high standard security infra • Prevent and respond inhouse	• Two factor authentication • Use complex passwords • Change preinstalled passwords • Frequent Rebooting • Adopt Privy access management • Select Security • Solutions aiding IoT environment	• Discarding database no longer required • Regular penetration testing • Use up to date software components • Avoid extended organizational URL’s • Enforce best practice for account and password polices.

Source: The authors.

Installing robust cyber-security measures is also vital, as a better understanding of security challenges and appropriate strategies can save the companies from colossal loss and ensure long-term survival.

Every research has some limitations and there is always a scope of improvement. The primary constraint of this research is that it uses qualitative research methods to generate the model. An empirical analysis could have provided more robust insights. The composite protective framework developed in the current study provides a comprehensive understanding of all organizations to control cyber-crimes. In today’s completely digitized organizational environment, the framework works as a ready-to-refer tool for learning ways to curb cyber threats. The study also adds to the present intellectual base. Cyber security is part of rising and evolving research because of accelerated dependence on digital transactions. Lastly, the authors hope that the study serves as groundwork to enhance cybersecurity further.

Footnotes

Declaration of Conflicting Interests

The authors declared no potential conflicts of interest with respect to the research, authorship and/or publication of this article.

Funding

The authors received no financial support for the research, authorship and/or publication of this article.

References

Ansari

, & Shevtekar

(2011). Cyber infrastructure protection. In Saadawi

& Jordan

(Eds.), Strategic Studies Institute, US Army War College (pp. 279–306). http://www.jstor.org/stable/resrep11979.15

Aravindan

, Frederick

, Hemamalini

, & Cathirine

(2020). An Extensive Research on Cyber Threats using Learning Algorithm. In International conference on emerging trends in information technology and engineering (ic-ETITE) (pp. 1–8). IEEE.

Ashford

(2014, 4 March. Team Cymus exposes SOHO router compromise. Computer Weekly.com. https://www.computerweekly.com/news/2240215529/Team-Cymru-exposes-SOHO-router-compromise

Basset

(2019, 3 October. 5 common phishing techniques. Vade. https://www.vadesecure.com/en/blog/5-common-phishing-techniques

Bisson

(2020, 16 September. New smishing campaign using USPS as its disguise. Tripwire. https://www.tripwire.com/state-of-security/security-data-protection/new-smishing-campaign-using-usps-as-its-disguise/

Brizinov

(2021, 31 August. Crashing SIP clients with a single slash. Claroty. https://www.claroty.com/2021/08/31/blog-research-crashing-sip-clients-with-a-single-slash/

Brunau

(2018, 18 October. Ransomware news: WannaCry attack costs NHS over $100 million. Datto. https://www.datto.com/blog/ransomware-news-wannacry-attack-costs-nhs-over-100-million

Burke

(2021). How to prepare for the onslaught of phishing email attacks. Computer Fraud & Security, 1(5), 12–14.

Cains

M.G.

, Liberty

, Taber

& King

, & Henshel

D.S.

(2021). Defining cyber security and cyber security risk within a multidisciplinary context using expert elicitation. Risk Analysis: An Official Publication of the Society for Risk Analysis. https://doi.org/10.1111/risa.13687

10.

Cimpanu

(2020, 19 January. Hacker leaks passwords for more than 500,000 servers, routers, and IoT devices. Zdnet. https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/

11.

Cloudflare. (2021). Famous DDoS attacks. Cloudflare. https://www.cloudflare.com/en-in/learning/ddos/famous-ddos-attacks/

12.

Day

(2020, 29 June. Watch out: Instagram hackers are using fake copyright notices to trick people into giving up their account details. Fstoppers. https://fstoppers.com/news/watch-out-instagram-hackers-are-using-fake-copyright-notices-trick-people-giving-496609

13.

Ducklin

(2020, 24 September. SMS phishing scam pretends to be Apple ‘chatbot’—Don’t fall for it! Naked Security. https://nakedsecurity.sophos.com/2020/09/24/sms-phishing-scam-pretends-to-be-apple-chatbot-dont-fall-for-it/

14.

Dunn

J. E.

(2019, 23 December. Man jailed for $122 million scam that fooled Google and Facebook. Naked Security. https://nakedsecurity.sophos.com/2019/12/23/man-jailed-for-122-million-scam-that-fooled-google-and-facebook/

15.

Eeten

V. M.

, & Bauer

(2008). Economics of malware: Security decisions, incentives and externalities. OECD Science, Technology and Industry Working Papers, 2008/01.

16.

FBI. (2021). Internet crime report 2020. FBI, Internet Crime Complaint Center. https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf

17.

Fintech News. (2020, 16 February. The 2020 Cybersecurity stats you need to know. Fintech News. https://www.fintechnews.org/the-2020-cybersecurity-stats-you-need-to-know/

18.

Gannon

, & Haas

(2020, 16 September. Spoofed training email from phishing simulator company. Cofense. https://cofense.com/spoofed-training-email-from-phishing-simulator-company/

19.

Goldman

(2018, 13 March. Microsoft patches massive remote access vulnerability. eSecurity Planet. https://www.esecurityplanet.com/threats/microsoft-patches-massive-remote-access-vulnerability/

20.

Halfond

, & Orso

(2005). AMNESIA: Analysis and monitoring for neutralizing SQL-injection attacks. IEEE and ACM Intl. Conference on Automated Software Engineering (ASE 2005), (pp. 174–183). IEEE.

21.

Haworth

(2020, 20 August. New Zealand stock exchange hit by series of DDoS attacks. The Daily Swig. https://portswigger.net/daily-swig/new-zealand-stock-exchange-hit-by-series-of-ddos-attacks

22.

Haworth

(2021a, 10 March. Data breach at healthcare provider Elara Caring exposes 100,000 patients’ information. The Daily Swig. https://portswigger.net/daily-swig/data-breach-at-healthcare-provider-elara-caring-exposes-100-000-patients-information

23.

Haworth

(2021b, 2 July. UK cryptocurrency exchange EXMO knocked offline by ‘massive’ DDoS attack. The Daily Swig. https://portswigger.net/daily-swig/uk-cryptocurrency-exchange-exmo-knocked-offline-by-massive-ddos-attack

24.

Huey

, & Windsor

(2021, 7 May. Lemon Duck spreads its wings: Actors target Microsoft Exchange servers, incorporate new TTPs. Talosintelligence. https://blog.talosintelligence.com/2021/05/lemon-duck-spreads-wings.html

25.

Ingalls

(2020, 16 December. Firewalls as a service (FWaaS): The future of network firewalls? eSecurity Planet. https://www.esecurityplanet.com/cloud/firewalls-as-a-service-fwaas/

26.

Ingalls

(2021, 17 June. Top database security solutions for 2021. eSecurity Planet. https://www.esecurityplanet.com/products/database-security-tools/

27.

Kareem

, Ameen

, Salih

, Ahmed

, Kak

, & Yasin

(2021). SQL injection attacks prevention system technology. Asian Journal of Research in Computer Science, 6(15), 13–32.

28.

Kaspersky. (2019, 13 February. DNS manipulation in Venezuela in regards to the humanitarian aid campaign. SecureList by Kaspersky. https://securelist.com/dns-manipulation-in-venezuela/89592/

29.

Kerner

S.M.

(2010, 4 December. IBM AppScan takes aim at input validation. eSecurity Planet. https://www.esecurityplanet.com/trends/ibm-appscan-takes-aim-at-input-validation/

30.

Knol

A.B.

, Slottje

, van der Sluijs

J.P.

, & Lebret

(2010). The use of expert elicitation in environmental health impact assessment: A seven step procedure. Environ Health, 9, 19. https://doi.org/10.1186/1476-069X-9-19

31.

Kumar

(2004). Sophistication in distributed denial-of-service attacks on the Internet. Current Science, 87(7), 885–888. http://www.jstor.org/stable/24109391

32.

Lopez

(2014, 7 May. Digital business is everyone’s business. Forbes. https://www.forbes.com/sites/gartnergroup/2014/05/07/digital-business-is-everyones-business/?sh=2831f8ca7f82

33.

Loukas

, Gan

, & Vuong

(2013). A review of cyber threats and defence approaches in emergency management. Future Internet, 5(2), 205–236.

34.

McMillen

(2021, 22 April. Internet of threats: IoT botnets drive surge in network attacks. Security Intelligence. https://securityintelligence.com/posts/internet-of-threats-iot-botnets-network-attacks/

35.

Muncaster

(2016, 31 May. CEO Sacked after $56 million whaling attack. Infosecurity Magazine. https://www.infosecurity-magazine.com/news/ceo-sacked-after-56-million/

36.

Newman

(2019, 30 July. Return on IoT: Dealing with the IoT skills gap. Forbes. https://www.forbes.com/sites/danielnewman/2019/07/30/return-on-iot-dealing-with-the-iot-skills-gap/?sh=779dc78b7091

37.

O’Donnell

(2020, 13 October. Lemon Duck cryptocurrency-Mining botnet activity spikes. ThreatPost. https://threatpost.com/lemon-duck-cryptocurrency-botnet/160046/

38.

OWASP. (2021). SQL Injection prevention cheat sheet. OWASP Cheat Sheet Series. https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html

39.

Pampel

F.C.

, & Rogers

R.G.

(2004). Socioeconomic status, smoking, and health: A test of competing theories of cumulative advantage. Journal of Health and Social Behavior, 45(3), 306–321. https://doi.org/10.1177/002214650404500305

40.

Proofpoint Staff. (2015, 26 February. Phish pharming attack: Cybercriminals use phishing to exploit router vulnerabilities and carry out man-in-the-middle attacks. Proofpoint. https://www.proofpoint.com/us/threat-insight/post/Phish-Pharm

41.

Puig

(2020, 20 February. Is that text message about your FedEx package really a scam? Federal Trade Commission Consumer Information. https://www.consumer.ftc.gov/blog/2020/02/text-message-about-your-fedex-package-really-scam?_ga=2.230171868.1166097783.1600090605-1623916963.1600090604

42.

Purplesec. (2021). 2021 Cyber security statistics. The ultimate list of stats, data & trends. Purplesec. https://purplesec.us/resources/cyber-security-statistics/

43.

Raggi

, & The Proofpoint Threat Research Team. (2020, 1 September. Threat insight. Proofpoint. https://www.proofpoint.com/us/blog/threat-insight/chinese-apt-ta413-resumes-targeting-tibet-following-covid-19-themed-economic

44.

Razak

, Anuar

, Salleh

, & Firdaus

(2016). The rise of ‘malware’: Bibliometric analysis of malware study. Journal of Network and Computer Applications, 75, 58–76.

45.

Retarus. (2020, 1 September. Phishers are posing as contract partners to access company data. PR Newswire, https://www.prnewswire.com/news-releases/phishers-are-posing-as-contract-partners-to-access-company-data-301122307.html

46.

Robb

(2021, 15 January. Best penetration testing tools for 2021. eSecurity Olanet. https://www.esecurityplanet.com/products/best-penetration-testing/

47.

Rose

, Eldridge

, & Chapin

(2015, October). The internet of things (IoT): An overview. Understanding the issues and challenges of a more connected world. Internet Society. https://www.internetsociety.org/resources/doc/2015/iot-overview/

48.

Rosenthal

(2021, 16 September. Must-know phishing statistics: Updated 2021. Tessian Limited. https://www.tessian.com/blog/phishing-statistics-2020/

49.

Schwartz

(2021, 29 January. Google search found 25 billion spammy pages each day. Search Engine Roundtable. https://www.seroundtable.com/google-search-25-billion-spammy-pages-each-day-30841.html

50.

Scroxton

(2020). What Cisos can learn from COVID-19. Computer Weekly, 11–15.

51.

Seals

(2021a, September 2). Bluetooth bugs open billions of devices to DoS, code execution. Threatpost. https://threatpost.com/bluetooth-bugs-dos-code-execution/169159/

52.

Seals

(2021b, September 6). IoT attacks skyrocket, doubling in 6 months. ThreatPost. https://threatpost.com/iot-attacks-doubling/169224/

53.

Segal

, Ngugi

, & Mana

(2011). Credit card fraud: A new perspective on tackling an intransigent problem. Fordham Journal of Corporate & Financial Law, 16(4), 743–781.

54.

Shah

(2018, 16 April. SMELLS FISHY Hackers stole casino’s list of super-wealthy high-rollers through a FISH TANK. The Sun. https://www.thesun.co.uk/tech/6062743/hackers-stole-casino-database-fish-tank/

55.

Shaikh

, Shabut

, & Hossain

(2016). A literature review on phishing crime, prevention review and investigation of gaps. In 10th International Conference on Software, Knowledge, Information Management & Applications (SKIMA) (pp. 9–15). IEEE

56.

Team Armorblox. (2020, 9 October. Blox tales #15: Credential phishing attack performs real-time active directory authentication. Armorblox. https://www.armorblox.com/blog/blox-tales-credential-phishing-attack-performs-real-time-active-directory-authentication/

57.

Tessian. (2021, 11 August. What is whaling? Whaling email attacks explained. Tessian. https://www.tessian.com/blog/whaling-phishing-attack/

58.

Verizon. (2021). 2021 data breach investigations report. Verizon. https://www.verizon.com/business/resources/reports/dbir/

59.

Wandera. (2020). Mobile threat landscape 2020. Wandera. http://go.wandera.com/rs/988EGM040/images/Mobile%20Threat%20Landscape%202020.pdf

60.

Weiss

(2012, 26 October. How to prevent web attacks using input sanitization. eSecurity Planet. https://www.esecurityplanet.com/endpoint/prevent-web-attacks-using-input-sanitization/