Research Paper on Cybersecurity

Issues Facing Security Professionals

The rate of technology growth and advancement in the twenty-first century is shocking. The current trends in technology are shaping the world, giving it a new outlook. In a business setting, competition is an inevitable exercise; thus, most businesses have adopted new technologies in a bid to gain a competitive edge in the market. Technology in businesses involves the automation of activities as well as the flow and protection of information. Nowadays, information security has become a vital subject of interest in virtually all organizations. According to Susanto, Almunawar, and Tuan (2012), the subject on information security is increasingly gaining interest because all the human activities involve communication. Organizations must, therefore, implement robust security measures to safeguard data because it is undeniably the organization's lifeblood.

Is your time best spent reading someone else’s essay? Get a 100% original essay FROM A CERTIFIED WRITER!

Order now

The most ideal solution to the rapidly increasing information breaching and hacking in the IT-enabled world is to invest heavily in cybersecurity. In a world where technology has revolutionized every aspect of doing business, nothing is seemingly safe. Thus, it is vitally important for organizations to ensure data is secured by implementing security measures that protect all the communication flow channels both internally and externally. In a survey conducted by Susanto et al. (2012), organizations have incurred enormous losses due to information breaching. The 2017 series of cyber attacks according to the popular United States' media CNN exposed alarming data vulnerabilities. The Equifax company found itself at the vulnerable hands of cybercriminals where data belonging to 145million individuals was stolen(Larson, 2017). The increase in security breaches is alarming. Huge techno-giant corporations have not been spared either. Facebook was on the spot recently following a massive cyber attack. Although the company assured its billion users across the world that it had stepped up robust security measures in response to the attacks, many users did not buy the apology. The company was however swift in patching the security flaws. Information is arguably the most vital asset that can contribute to the success or downfall of an organization depending on how it is handled.

Technology has become part and parcel of human lives. It has shaped social, political and economic aspects of human lives. However, the benefits of technology have come with severe ethical challenges. Some of these challenges have adversely affected organizations resulting in enormous losses. Information users and IT experts have been put to the test a series of challenges emanating from the emerging technologies. Technology has been on an evolutionary journey that does not seem to end. Therefore, security experts must learn how to handle the challenges brought by the rapidly evolving technology. Data privacy has become a debatable topic when it comes to information security. But studies have shown that cybercriminals gain access to the organization's database through the information users within that organization. Although there are other malicious ways of accessing and stealing data, information users in an organization are the easiest target. Earp and Payton (2000) suggest that threats to sensitive information within an organization can be successfully minimized by balancing of security measures and the information necessary for normal business running.

There is no doubt the Information Technology (IT) department plays a crucial role in ensuring the safety of information in every organization. In most companies, the IT professionals and the managerial department are the only individuals that have direct access to the organization's sensitive information. Sensitive information refers to information about the organization, users' confidential records and any other information that involves the operations between the organization and external forces. The privilege to have direct access to such information sometimes is misused. The IT personnel are required to adhere to their work ethics as they are key and vital assets of the organization. The research on this paper addresses some of the ethical issues facing security professionals at the workplace.

Privacy

Data privacy is a key fundamental area that every organization must carefully address. Data privacy in this IT-world where cybercrimes are alarmingly on the rise is a priority. During the recruitment process in virtually all organizations in the world, private employee information is electronically captured and digitally stored. Some organizations carry millions of personal data that ought to be carefully and securely stored. On a daily basis, millions of data are processed, stored and retrieved on demand. Therefore, it is evident that most operations in the industry involve data processing and storage. All the employees' processed information must be properly safeguarded. The organization's management and the security professionals must implement robust security measures that safeguard the information from the violation. But with the increased rate of cybercrimes in recent times, management and security of data are becoming a serious challenge to the IT professionals (Earp & Payton, 2000). Employee information such as account details, identification number, residential area, and health information must be securely kept and accessed by only the authorized individuals who have super access to the company's database.

Managers and security personnel have access to a wide range of services and information within the organization. However, the way they handle the information may significantly influence the performance of the organization. For instance, they may view all the websites visited by the employees, all the log files, exchange of emails as well as monitor employee activities. This may seem like an intrusion of privacy, but it is an important security measure in safeguarding users' information. The privileges accorded to the managers and IT professionals should not be used for the wrong purposes. It would be unethically wrong for the manager to share an employee's personal information with third parties. Research conducted by Knapp et al. (2006) found that implementation of stiffer penalties for individuals found guilty of violating information could be a solution to the security challenges experienced by modern-day organizations.

Employees must also be trained on the proper usage of the internet on accessing social networking sites. Social media has been a great platform for exchanging ideas with friends, but it could lead to negative consequences if it is not properly and carefully. Hackers use social platforms such as Facebook and Twitter in tricking innocent users in revealing their details without their knowledge. Security personnel must educate employees on the risks of sharing personal information via social media. Every stakeholder within the organization must, therefore, offer support in safeguarding information. The security personnel which has direct access to almost every piece of information in the company's database must observe work ethics. Choobineh et al. (2007) assert that most information breaching instances occur due to the violation or lack of proper information security strategies by the trusted personnel.

Ownership

Ownership defines what the company owns. It is vitally important to understand that ownership does not involve the physical business assets alone. A business idea, a way of doing things, software could be vital business assets. Most companies require their employees to sign the non-disclosure agreement forms during recruitment. The primary objective of signing non-disclosure agreements intended to restrict employees from disclosing information related to that company to any other potential employer. Even after termination of the employment contract, employees are restricted from sharing the information. But not all the employees sign the non-disclosure agreements. That means that they can shift crucial knowledge or information to rival companies. This poses a great challenge to managers. Managers may put strict security measures that enhance data security, but they may not completely prevent the transfer of knowledge to rival companies by the employees.

Pressure on The Security Personnel

The primary duty of the information security team is to protect the company's systems and information around the clock. The information security team is therefore supposed to be on high alert to ensure the company's systems are safe and secure from cyber attacks. Threats in the field of technology are inevitable; thus, at some point there would be interference of the systems by intruders. The burden of safeguarding the company's data may sometimes become too heavy thus, resulting in increased pressure and stress.

Security

The internet is by far the most common tool used by hackers to gain access to private networks and computers. They normally use the computers Internet Protocol (IP) address which can be defined as the computers unique identifier on the internet. By accessing the computer IP address, they break into the user's computer and steal information. Managers and security officers must work collaboratively to shield the company's data from such forms of cyber attacks. Studies have shown that cybercriminals require a small system flaw to disrupt the entire system (Brar, & Kumar, 2018). In the modern era of the technology-driven world, there is no worse attack that an organization can endure than hacking. Hacking may adversely affect an organization financial stability. The manager and the information security team must, therefore, implement robust security policies to address the glaring security threats. Security breaches within the organization must not be treated lightly. If the manager does adhere to the company's policies that require him or her to secure the company's systems. Security compromises should not be tolerated whatsoever.

Control

Control and monitoring of the employees' activities within an organization could be one of the security enforcement measures to safeguard the system. However, the manager and security personnel must inform all the employees on the monitoring process. They may not necessarily disclose all the security procedural measures taken to safeguard the company's system, but it is ideal to inform them that using the company's resources subjects one to close monitoring. However, the manager and the information security officers must not use their privileges to monitor employees' activities for personal gains.

Accuracy

Technology has transformed ways of handling data in the business setting. In this modern era where technology has become part and parcel of every business activity, millions of data that require a highly secured database are processed on a daily basis. Accuracy a key factor to consider when processing, storing and retrieving this information. The manager and the information security team of the company must ensure that the data stored is accurate and undistorted.

Conclusion

Generally, cybersecurity has become a subject of interest in the massively interconnected IT-world. This research has found that although the technology comes with benefits that may propel businesses in great success heights, there are potential harms that could hinder the growth of the businesses. As Prince (2018) states, businesses must operate with the assumption that hackers are on the loose and ready to strike once they realize a small security flaw. Business managers and Information security officers must, therefore, implement robust policy measures to ensure the security of data.

References

Susanto, H., Almunawar, M. N., & Tuan, Y. C. (2012). Information security challenge and breaches: novelty approach on meas...