Cyber Threat
For this assignment, you are requested to search in the Saudi Digital Library the following paper:
Breaking down silos between business continuity and cyber security in Journal of Business Continuity & Emergency Planning Volume 12 Number 3
Authors: Rick Phillips and Brandon Tanner
Your essay must include the following:
– Describe in details the different steps that you have followed to download this paper from Saudi Digital Library.
– Based on this paper and other related references, write with your own words how to minimize cyber threats through education and awareness.
Directions:
Your well-written paper should meet the following requirements:
– Be 2 to 3 pages in length, which does not include the title page, abstract or required reference page, which are never a part of the content minimum requirements.
– Use Saudi Electronic University academic writing standards and APA style guidelines.
– Include at least one scholarly reference in addition to the above reference. The Saudi Digital Library is a good source for resources.
Cyber threat is a malicious act which its main intention is to steal data, damage information or send a signal that is meant to disrupt digital activities. Some of the common threats are such as phishing; attackers harvest data through social media and use it to impersonate or trick people to get what they want. Ransomware; attackers hold a device or a system of an institution hostage until they are paid a certain amount. Cryptojacking; attackers use a link to manipulate users of a computer to click on the link or visit an infected website. They then mine cryptocurrency. (Smart, W. 2018).
When downloading this paper, I clicked on the sign-in link which directed me to the SDL site. I then selected the SDL icon to enter the library. I put my username and password in the required slots then searched by the name of the paper. I got several other related topics to what I was looking for but finally settled on this one. Finally, I downloaded the paper as a pdf after finding the exact information I needed.
Education refers to the general understanding of cybersecurity concepts. Being taught how the process works and understanding what it entails. On the other hand, awareness training should be done separately and continually. The program is designed to keep employees up to date with information on the latest tools and techniques cybercriminals are using every day. Awareness training is more specific and timely than education.
The executives, board members, and the employees should be educated on how to minimize cyber threats. Education should cover everything from basic company policies to on-the-job training. This will also help to minimize the budget used up in buying and installation of the modest software that curbs cyber threats. Cybersecurity awareness is brought about through education. Once a staff member learns how to minimize cyber threats, he will be able to identify the dos and don’ts and make them known. That is creating awareness.
Through education, businesses and institutions can identify the type of cyber threat used. If it is phishing; one will be able to spot the emails mimicking original ones to avoid theft. for ransomware, one can be able to spot the malware used to hold systems hostage and for cryptojacking, one will be able to spot the email or online advertisement used to lure victims into visiting the website.
There are ever emerging ways used to attack victims. Through awareness training, the employee gets to learn new forms of attack and is also able to continue thinking of cybersecurity as a never-ending process. Implementing a phishing training program alone will not help to address education and awareness. It only covers a small area of education so a comprehensive education and awareness program is important.
Education also helps those in leadership positions to be able to keep contents of the information safe; for instance, pins, passwords or security codes. The executives have access to personnel records containing names, social security numbers and other personal information which attackers use to fraud victims. If the executives are educated on how to keep that information safe and secure then cases of cyber threats will minimize. (Tanner, B. (2019).
In conclusion, any organization, despite the size is a target. Funds that can be used to buy new and up to date software to curb cyber threats should be allocated to the education and awareness program. This will help prevent an organization or a business from becoming a victim of fraud or rather cyber threat. As we all know prevention is better than cure.
References
Phillips, R., & Tanner, B. (2019). Breaking down silos between business continuity and cybersecurity. Journal of business continuity & emergency planning, 12(3), 224-232. Ponemon Institute (2018)
Smart, W. (2018). Lessons learned review of the WannaCry ransomware cyber-attack. London: Skipton House.