Introduction
Almost any business today is connected with technology in one way or another. Therefore, cyber threats are one of the most common problems for entrepreneurs. In a modern company, cybersecurity continuity and incident review process are the most important strategic direction. Its first stage should be an assessment of possible risks depending on the direction of the business and the programs most often used. It is important for companies to raise awareness in the field of cybersecurity. In this case, the actual solution will be to conduct a cyber audit, which is another stage of the cybersecurity continuity and incident review process. Next, it is necessary to implement various stages of digital transformation of cybersecurity, which include improving the maturity of enterprises in cybersecurity issues and the use of new solutions. In addition, it is important for the company to organize monitoring of network activity to detect traces of hacking.
Maturity Level
Approaches to Improvement
Cyber threats may arise due to a low level of awareness or a low level of maturity of the organization’s system. There are several approaches to solving this problem, the first of which is to strengthen the resilience of business in relation to cyber threats. It is carried out by developing a risk-oriented culture and increasing the maturity of the cyber risk management function. Another approach is to create a security infrastructure using modern integrated communication security solutions (Padilla & Freire, 2019). They consist not only in establishing transparent communication between the board of directors and the cyber defense service. This approach should also extend to interaction with business partners and third parties included in the company’s digital platform.
Technical Influences
Often companies build cyber defense, focusing primarily on technical attack vectors. Such systems can have a high level of maturity and be reliable. Therefore, when increasing the level of maturity, it is necessary to take into account some technical aspects (Essien & Aniefiok, 2022). The first priority is the specifics of the process of writing software and creating an information infrastructure. In addition, technical features that are important for the choice of an approach to increasing maturity can be identified during the audit of an already ready information infrastructure and in the process of developing tools in order to obtain unauthorized access. Digital transformation of the maturity level taking into account technical factors is a priority in the formation of the cybersecurity continuity and incident review process.
External Influences
When improving the level of maturity in an organization, it is necessary to take into account not only technical intra-organizational factors, but also external influences. This is due to the fact that cyber threats often come from the influence of external software products. For example, over-reliance on connections creates the potential for intentional Internet outages. Another significant external factor is deterioration, implying the rapid development of intelligent technologies plus conflicting requirements (Filho et al., 2022). They arise as a result of the development of national security rules and individual privacy rules and negatively affect the ability of organizations to control their own information. Moreover, organizations should take into account such an external factor as distortion. It involves the deliberate dissemination of disinformation, including through bots and automated sources, which undermines trust in the integrity of information.
Cybersecurity Contingency & Incident Review Changes
Current
Current cybersecurity contingency and incident review changes occur according to the zero-trust model. According to it, any office user and corporate device connected to the network have a zero level of trust. They need to prove all the time with the help of identification that they have the right to access the system. It does not matter where they connect from or to which network segment. Zero Trust assumes that the security service is obliged to monitor any suspicious signal when entering the network (Al-Mhiqani et al., 2019). Distributed accesses and multi-level identification are used for this. Distributed data access makes it possible to provide full or limited access for users. Zero Trust uses artificial intelligence to ensure that IT systems independently detect various vulnerabilities and suspicious activity, eliminating them.
Anticipated
The anticipated cybersecurity contingency and incident review changes should take place according to the threat hunting model. It is a process of proactive and interactive analysis of information that is collected from endpoints and sensors in order to detect threats that have bypassed the security tools used. Specialists use threat intelligence technologies to study in detail the tactics, techniques and procedures of attacking groups of cyber fraudsters. Receiving information about new techniques of attacks on the infrastructure, experts create a hypothesis about how they are applicable to the system in which it works (Padilla & Freire, 2019). If the primary hypothesis turns out to be unreliable, then it is modified and checked again. That is, hypothesis testing is constantly happening, so experts are getting more and more data on the tactics of cybercriminals, preventing their attacks.
Threats
Cybersecurity continuity and incident review changes should take into account new emerging threats. They are related to the fact that companies cannot check how secure the outsourcer is, and cannot share responsibility with him if an attack has occurred. Together with them, a technology such as deepfake will pose an increasing threat. In the next few years, it will become so perfect that it will bypass the biometric protection of systems. The security of the infrastructure is not the responsibility of the system owner, but of the cloud operator, who does not have sufficient resources for protection (Al-Mhiqani et al., 2019). An increase in the complexity of encryption viruses encoding data on software, demanding a ransom (most often in Bitcoins) for decryption and providing access to computer systems should also be expected.
Vulnerabilities
Vulnerabilities that should be considered when planning cybersecurity contingency and incident review changes represent flaws in software, firmware, or hardware. An attacker can use them to perform unauthorized actions in the system. They may be caused by software programming errors. Attackers use these errors to infect computers with malware or perform other malicious actions (Essien & Aniefiok, 2022). The most significant are programming errors, shortcomings that were allowed during the design of the system, and unreliable passwords. In general, vulnerability is created by any flaws in the computer system, the use of which leads to a violation of the integrity of the system and incorrect operation.
Global
Global cybersecurity continuity and incident review changes strategies include the main requirement – to protect important information resources through the introduction of privacy enhancement technologies. With the development of technologies such as blockchain, online transactions, digital file exchange platforms, the variety of cyber threats is constantly growing. In connection with the processes of digital globalization, the interdependence of cybersecurity of organizations is often rising. By components, the global cybersecurity market is divided into solutions and services (Filho et al., 2022). The solutions segment includes the categories’ identity, access, and risk management. According to the type of reliability, the global information security market has split into meeting the needs of small and medium-sized enterprises and large enterprises. Depending on the size of the organization, cybersecurity continuity and incident review changes represent the work of securing networks, endpoints, applications, clouds, and wireless networks.
Technical Adjustments
Technical adjustments applicable for cybersecurity continuity and incident review changes mainly consist in installing cryptography. It uses encryption to protect information by hiding its contents. When the information is encrypted, it is only available to those users who have the correct encryption key. If users do not have this key, then the information for it is not available. Security teams can use encryption to protect the confidentiality and integrity of information throughout its lifetime, including during storage and transmission (Essien & Aniefiok, 2022). However, as soon as the user decrypts the data, they become vulnerable to theft, exposure or modification. To encrypt information, security teams use technical adjustments such as encryption algorithms or technologies such as blockchain.
Conclusion
The level of cybercrime in the world continues to grow; most often, educational institutions, public administration bodies, Internet and IT service providers are subjected to hacker attacks. The attackers’ goals are profit—making, disabling infrastructure and cyber espionage. To achieve these goals, cybercriminals use various tools and methods, creating threats and exploiting the vulnerabilities of organizations. To improve security, it is necessary to improve the maturity level of the organization by launching the cybersecurity contingency and incident review changes process. Planning this process taking into account external and technological factors will allow to implement information security in the organization.
References
Al-Mhiqani, M. N., Ahmad, R., Abidin, Z. Z., Ali, N. S., & Abdulkareem, K. H. (2019). Review of cyber attacks classifications and threats analysis in cyber-physical systems. International Journal of Internet Technology and Secured Transactions, 9(3), 282–298.
Essien, N. P., & Aniefiok, E. U. (2022). Cyber security: Trends and challenges toward educational development in 21st century. Asia-Africa Journal of Education Research, 2(12), 141–156.
Filho, N. G., Rego, N., & Claro, J. (2022). A cybersecurity incident classification integrating the perspectives of perpetrators and target companies. Social Science Research Network Journal, 8(5), 41–61.
Padilla, V. S., & Freire, F. F. (2019). A contingency plan framework for cyber-attacks. Journal of Information Systems Engineering & Management, 4(2), 1–6.