It seems reasonable to state that by using cyber-attack simulator systems and research, a number of crucial benefits may be attained. First, the development of efficient research practices, as well as training scenarios, may address problems within the scope of human cyber-security, advance the related skills, and contribute to the significant decision-making process. Second, the exploration of human factors in the framework of cyber-security can assist in resolving the issues of understanding a defender’s cognitive state, possibilities for automation, and an attacker’s subjective traits. Third, dynamic malingering that would involve attackers, defenders, and user models could enrich data sets regarding cyber epidemiology and cyber protection (Leblanc et al., 2011). The described benefits might be considered a great advantage in dealing with challenges caused by cyber-attacks. Such a state of affairs allows analyzing these benefits in terms of how they could assist in defining the needs for security within an organization.
Here, it may be claimed that the mentioned cognitive models can give precise projections of behaviors if they are designed and applied appropriately. A model’s peculiarities, processes, and biases will vary depending on the aspects of age, education levels, and network intents. Internal surveys can be conducted in order to figure out essential details about users and defenders, as well as geographical data accompanied by information regarding potential cyber-attacks origins. This would allow an organization to determine the areas of security enhancement effectively. The utilization of advanced computational processes in the framework of cyber-security can serve as an important foundation for precise simulations. The latter, in turn, contributes to a company’s enrichment in terms of experience and theoretical background, which leads to a proper realization of how to address a specific issue. The conjunction of theory and practice in this vein is critical and should be achieved at all levels.
Trend Micro reported that in 2020, the company’s products identified 119,000 cyber threats every minute. The attacks primarily targeted home-based employees and network infrastructure. This and other facts are published by Trend Micro in A constant state of flux: Trend Micro 2020 annual cybersecurity report (Trend Micro, 2021). Among other things, the report reveals that home networking has become one of the most popular targets for cybercriminals in 2020. With their help, attackers tried to gain access to corporate network resources or use home IoT devices for their botnets.
In early June 2021, a cyberattack on the world’s largest meat producer JBS SA caused the shutdown of all US beef factories, which supply nearly a quarter of the US supplies. All of the company’s meat processing plants and regional beef plants were forced to close, and the rest of JBS’s meat processing facilities were malfunctioning (Polansek & Mason, 2021). Then, according to Sharwood (2021), in May 2021, the American auto parts manufacturer Toyota Auto Body, part of the Toyota Motor Group, announced a cyberattack on the company. As a result of the hack, classified information was stolen.
In mid-February 2021, North Korean hackers tried to hack into the computer systems of the pharmaceutical company Pfizer in search of information on a vaccine and technology for treating coronavirus infection (French Press Agency, 2021). Here, it may be noted that both the public and private sectors are affected by cyber-attacks significantly. However, given the fact that the private one seems to be impacted more constantly (CDNetworks, 2021) – and taking into account the examples above – it may have greater insights if compared with the public sector.
There is a number of practices that should be implemented during the development of a company’s cybersecurity. The most critical ones are the utilization of a firewall, documentation of security policies, cybersecurity plans for mobile devices, and educating all employees (Segal, n.d.). It should be claimed that in order to sustain these practices, IT personnel should arrange their roles and functions appropriately. These roles and functions – such as daily updates of cybersecurity software or increasing IT awareness among other employees – may be perceived as a foundation for averting and dealing with cyberattacks within an enterprise.
Then, planning a cybersecurity strategy is another crucial aspect within the scope given. Without a coherent plan, there might be breaches within cybersecurity in the future, and hackers may identify and use them. Among key deliverables that would ensure the effective implementation and transition of this plan seem to be the following. First, it is the adherence to the best practices of cybersecurity. Second, it is a significant extent of awareness among all employees in this regard. Third, it is a sustainable daily routine of cybersecurity enhancement.
Without outside help, government agencies are unable to improve the state of affairs in the field of national cybersecurity. For cybersecurity measures and projects to be successful, strong partnerships must be built between public and private actors. The National Institute of Standards and Technology of the US has developed the System for Strengthening Cybersecurity of Critical Infrastructure through a collective effort through public-private partnerships. As noted in more detail in Section 2.4, the institute has ensured that all stakeholders are involved in the development of the update, thereby encouraging them to adhere to the system’s principles as much as possible (International Telecommunication Union, 2019a). As stakeholders participated in the development of version 1.1 of the system and their suggestions and comments were taken into account, it is more likely that they will adhere to and implement the best practices, guidelines, and standards contained therein.
In the Republic of Korea, the Ministry of Science and Information and Communications Technology developed the 2019 national cybersecurity baseline for the private sector in consultation with relevant stakeholders, including academia, businesses, and civil society organizations. The plan provided for the implementation of two tasks: ensuring the security of cyberspace and the development of the information security industry (International Telecommunication Union, 2019b). Key strategic projects under these efforts have focused on expanding the cybersecurity network, promoting the development of the information security industry, and strengthening the information security infrastructure. Given the rapidly changing ICT environment, the ministry intends to update the plan on an annual basis. In addition, the Republic of Korea’s Public and Private Sector Advisory Board meets twice a year to track progress on the project and identify areas for improvement.
The latter two examples may be considered a great foundation for cybersecurity at different dimensions. Within the corporate environment, such measures could contribute to a considerable degree of awareness about cyber hazards among employees, given comprehensive and consistent provisions fixed at the national level. At the regional level, there can be productive cooperation between various local entities in terms of cybersecurity development as they have effective roadmaps to follow. At the national level, the government could obtain constantly obtain data from companies that can share their cybersecurity insights, which may lead to governmental cybersecurity enhancement.
References
CDNetworks. (2021). The industries most vulnerable to cyber attacks in 2021.
French Press Agency. (2021). North Korea ‘tried to hack Pfizer’ for vaccine data, Seoul claims. Daily Sabah.
International Telecommunication Union. (2019a). NIST Framework for Improving Critical Infrastructure Cybersecurity V1.1.
International Telecommunication Union. (2019b). 2019 Comprehensive Cybersecurity Plan for the private sector.
Leblanc, S., P., Partington, A., Chapman, I., & Bernier, M. (2011). An overview of cyber attack and computer network operations simulation. Proceedings of the 2011 Military Modeling & Simulation Symposium, 2011, 92–100.
Polansek, T., & Mason, J. (2021). U.S. says ransomware attack on meatpacker JBS likely from Russia. Reuters.
Segal, C. (n.d.). 8 cyber security best practices for your small to medium-size business.
Sharwood, S. (2021). Toyota rear-ended by twin cyber attacks that left ransomware-shaped dents.The Register.
Trend Micro. (2021). A constant state of flux: Trend Micro 2020 cybersecurity report.