DSRt 839 1.3 question 2

Like never before, the world has been reshaped for the better with increasing advancement and adoption of a wide range of technologies. Modern information technology and communication have changed the operational mode of various business entities and the world. Modern information and communication technology (ICT) has created unlimited business opportunities (Gawade & Shekokar, 2022). This can be attributed to the fact that modern ICT has progressively facilitated universal access to information and data, which form the critical asset of all business entities today. The introduction of cloud computing technology, artificial intelligence, machine learning, modern tools and techniques for data analysis, and the progressive increase of the number of connections together with interdependencies between business entities and modern information and communication technology systems along with the popularization of mobile technologies has also increased exchange and sharing of information and data in real-time (Gawade & Shekokar, 2022). This technology has improved the productivity of business entities, reduced human errors, and facilitated and enhanced workforce flexibility and adaptability.

However, on the other side, this advancement has come with numerous challenges. Cybercrimes have become opportunistic in using advanced tools and technologies to exploit organizations' IT systems and other related devices, programs, and software to disrupt businesses and demand ransom before they restore daily operations (Gupta & Dahiya, 2021). The reality of the advancement of technology and improved information is a topic of profound changes that have permeated into today's society and therefore need to assess and have a complete view of cyber security issues such as confidentiality and privacy of data shared and data security. The changes' dynamics often impact organizations' cyber security environments (Hoffmann et al., 2020). For business entities to secure and maintain business continuity, there is a need to adopt new approaches and a new perspective on the issue of business risk within cyberspace. With the assumption that every organization is prone and vulnerable to cyber-attacks, the idea of cyber risk management based on the kill-the-chain concept and the use of the cyber security theory must be adopted and fully implemented to provide organizations with evidence-based techniques for addressing sophisticated cyber-attacks (Hoffmann et al., 2020).

A lack of adequate understanding of the cleaning meaning of cyber security and associated challenges, especially among working staff within an organization, is an excellent barrier to strategies proposed for cyber security mitigation measures. IT gurus in cyber security suggest that in every organization, employees should be the primary target for cyber security education programs, including enlightening each member of the working force on different meanings of cyber security risks and threats to create awareness and, therefore, keep them updated as well as alert every time they come across suspected threat they could deploy appropriate measures including timely reporting of cyber threat and system vulnerability (Hoffmann et al., 2020).

Unlike in the traditional world, where there were fewer challenges of cyber security issues due to overreliance on too much manual and paperwork, today's world has changed, and it is easier to share information or data in a wide range of physical and digital formats. Concerning the triad of confidentiality, integrity, and availability (CIA) of data and information, cyber security entails preserving data confidentiality, integrity, and information availability. On the other hand, the National Institute of Standards and Technology (NIST) describes cyber security as securing information and IT infrastructure by preventing, monitoring, detecting, and responding to cyber threats (Hoffmann et al., 2020). These two definitions will form the basis for identifying and analyzing various types of cyber threats to offer insightful knowledge on the mitigation measures organizations should adopt and align them concerning organization cyber security strategic management to achieve desired goals in minimizing impacts of cyber threats to an acceptable threshold (Hoffmann et al., 2020).

As mentioned earlier, since mid-2020, the rate of cyber-attacks has increased by over 50% compared to some years back (Hoffmann et al., 2020). The cyber security issues the world faces today are progressively becoming more complex and detrimental to business activities and, even to a more significant extent, targeting government agencies to disrupt the efficient provision of services to clients, customers, and the public. Cyber threats have become dynamic and ever-changing (Leelasankar et al., 2021). Based on this fact, it is, therefore, the duty of IT experts in various organizations and those working for private and government agencies to take cyber security challenges as a full-time job that requires them to keep pace with the advancement of cyber threats and update techniques that could be deployed to curb the attacks (Leelasankar et al., 2021).

Depending on the types of cyber-attacks, hack attacks can spread very fast and disrupt the proper operation of IT systems and networks to the point of bringing business activities to a standstill. This often results in disastrous events, especially when healthcare and other industries providing essential services to the public are attacked. Social engineering via notorious phishing attacks has become a common type of attack targeting organizations and even people at a personal level (Li et al., 2020). This means that every organization, including employees at a personal level, should be aware of such attacks and guard their devices by upscaling their technological skills; otherwise, such attacks could be detrimental to reputation damage and loss of finance (Li et al., 2020).

In this study on the most common types of cyberattacks, Tietsort, J. R. (2023, November 15) states that over 4000 new cases of cyberattacks are experienced worldwide daily. From these figures, Tietsort, J. R. (2023, November 15) argues that every 14 seconds, there are chances that an organization, whether small or big business entities, falls victim to cyber-attacks. Shockingly enough, Astra security surveyed in May 2023 and found that at least 560,000 new pieces of malware attacks are recorded each day. Both small, middle, and giant companies have suffered the impacts of cyber-attacks since 2013, when the rate of increase in cyber-attacks was noted (Li et al., 2020).

Statistics of cyber threats and case studies over the last 3 years

Nothing is worrying today's business entities and corporates like the advancement of cybersecurity issues leading to the continuous emergence of complex and nearly hard-to-detect cyber threats targeting businesses, hospitals, government agencies, private entities, the healthcare industry, the banking industry, and so forth (Packetlabs, 2023). It must be openly understood that the cybersecurity world is growing and expanding fastest. Currently, the cybersecurity industry is the fastest-moving industry in the globe (Packetlabs, 2023). With the increasing adoption of remote operations, it has become crucial for organizations to keep their eye and finger on the pulse of the current cyber trends and statistics to get a glimpse of what is happening in the world of cybersecurity. As per the most recent statistics and trends in cybersecurity in 2023, Packetlab’s (2023) survey on top cybersecurity statistics of 2023 asserts that, in general, there are over 800000 cyberattacks each year, and the trend is predicted to keep on rising on an annual basis. The survey further indicates that over 97% of the cybersecurity threats exploit WordPress plugins (Packetlabs, 2023).

It is also estimated that every 39 seconds, there is a threat to target corporations ' security infrastructure. Daily, it is also estimated that over 300000 new malware are created, which poses new threats as new malware strains are more dangerous and sophisticated to handle once they exploit the business' cybersecurity infrastructure (Liu et al., 2022). Of the total malware attacks launched by cybercriminals, it has been found that over 92% of such attacks are being delivered through emails (Liu et al., 2022). Due to the advancement of technology and the complexity of cybersecurity tools, it is also worrying that once complex and hard-to-detect cyber-attacks are launched on corporate cybersecurity infrastructure, it may take 49 days for such threats or attacks to be identified. This indicates how venomous and detrimental cyber threats have become. As per the study by Packetlabs (2023), it is also good to note that shocking revelation indicates that over 4.1 million websites on the internet have malware (Liu et al., 2022).

In 2022, key highlights in cybersecurity issues impacting the globe as per Packet labs (2023) statistics indicate that over 2200 cyber-attacks are reported daily (Mechdyne_admin, 2023). Over 256 million phishing attacks were reported to have occurred and spread over six months. From the phishing attacks, a survey on corporations indicates that there were 853987 attempted attacks on the domain names (Mechdyne_admin, 2023). It is also worrisome that in 2022 alone, over 2.8 billion malware attacks were launched, and within the first half of 2022, more than 60% of malicious DDoS attacks were reported. Over 1.51 billion attacks of Internet of Things breaches were reported in 2022. According to Packet labs (2023), the healthcare industry was the most targeted industry by cybercriminals in 2022. Over 92% of malware attacks launched in 2022 were successfully delivered via email. Also, over 71% of corporate entities worldwide fall victim to ransomware attacks (Mechdyne_admin, 2023).

Using the statistics above, along with a systematic review of existing literature from reputable sources on cyber security trends over the last three years, it can be concluded that, indeed, the menace of cyber-attacks is becoming too evil and costly to corporates, healthcare as well as the banking industry (Möller, 2023). Concerning the above facts, let us consider a few selected case studies in the major attacks in 2020/2023 to get a limelight on the cyber-attacks notoriously used and their impacts on business entities. To begin with, SolarWind's supply chain experienced a cyber-attack in 2020, which affected the normal operations of various private firms, including Cisco and FireEye (Möller, 2023). According to the report provided by FireEye, a nation-state actor identified as UNC2452 had launched attacks that managed to confiscate and compromise the supply chain of the SolarWinds Orion product, which was a popular product used by a wide range of firms, including government agencies. The type of attack used was the cobalt strike loaders such as the raindrop (Möller, 2023).

Besides that, in December 2022, there was a series of simultaneous and severe attacks worldwide. One such attack was the Toronto SickKids. This organization was attacked on December 20, 2022, when the Hospital for Sick Children (SickKids) reported a cyber-attack composed of a grey code, which later turned out to be a ransomware attack that had comprised system functionality (Möller, 2023). The malicious code caused several systems to stop working. On October 9, 2023, ICMR Indian Council of Medical Research also experienced serious cyber-attacks, which exposed the personal data of about 815 million Indian residents (Stouffer, 2023). This data was obtained from the ICMR's Covid-testing database and was intended for sale to the dark web by malicious cybercriminals (Stouffer, 2023). The data obtained by cyber criminals contain sensitive and personal information such as victims' names, dates of birth, passport numbers, addresses, genders, and the 12-digit government identification number known as the Aadhaar number. In the same month, October 2, 2023, a consumer genetics and research company, fell victim to cyber-attacks, leading to the exposure of over 1 million data packs of Jews (Stouffer, 2023). The attacks also claimed to have breached over 20 million of the sensitive data from the said company. Lastly, the attack on Redcliffe Labs was discovered on 25th, 2023, but there was an unclear report on how long the attackers could have been in the victim's IT infrastructure (Stouffer, 2023). This was discovered after a security researcher had accidentally discovered data from the said company with no password protection and notified the company of the incident, upon which investigations were conducted immediately, only to note that a data breach of over 7 TB had already occurred (Stouffer, 2023). These and many incidents and case studies on how detrimental cyber threats can provide a comprehensive insight into the need for corporate and business entities to establish advanced cyber security mechanisms to deter cyber criminals from infiltrating their systems, which may cause great havoc (Stouffer, 2023).

Common cyber security gaps crippling organization information technology security.

Cybersecurity has become a complex industry that is growing day by day. Due to the complexity and sophisticated tools used in infiltrating company vital data, at times, it becomes difficult for companies to have adequate data protection techniques due to a lack of understanding of the types of vulnerabilities they are dealing with and a lack of knowledge on the existing gaps in cybersecurity (Robinson, 2023). Knowledge and understanding of the opportunities for advancing cybersecurity form the foundation for organizations to define various cyberattacks and their impacts on business (Robinson, 2023). At this level, let us assess and identify paramount cybersecurity. Every organization should know how to streamline its security infrastructure and protect critical organizational data and systems from future attacks.

According to a study conducted by Mechdyne_admin (2023) on common cybersecurity gaps expanding business entities to threats, it was found that one of the critical cybersecurity gaps increasing vulnerability and chances of attacks by cybercrimes is associated with a continuous lack of effective risk management and governance. It must be known that a practical cybersecurity approach should be composed of the executive leadership. IT security governance is an essential aspect of a cyber threat management plan. Also, the need for sufficient user awareness of existing types of cyber threats and their impacts is another gap increasing the exposure of businesses to significant cyber-attacks. A layer of security is pivotal to any organization (Robinson, 2023). Over 35% of cyber-attacks occur after system users unknowingly allow intruders to access vital data through phishing and social engineering manipulations. Whenever new systems, programs, and even software are added to an organization, it is necessary to create awareness of how they work and how they should be protected by avoiding clicking links from unknown links or sites or using default passwords (Robinson, 2023). Another serious cybersecurity gap is the need for practical approaches to vulnerability reporting (Saeed, 2023). Effective risk management practices should always include data reporting and analysis. Whenever an organization fails to develop and implement practical data reprint and vulnerability analysis interventions, it becomes easy for cybercriminals to become opportunistic and launch attacks on such organizations (Saeed, 2023).

Unpreparedness is another challenge that exposes businesses to cyber-attacks and increases the chances of experiencing catastrophic impacts and disruption of business operations. As mentioned earlier, there is an increase in the complexity and frequency of cyber-attacks worldwide (Saeed, 2023). With this trend, every organization should be prepared for how to prevent such attacks. Many businesses must test existing risk management and incidence response plans to assess their effectiveness and identify gaps and opportunities for future improvement (Saeed, 2023). Additionally, it has become challenging for business entities to identify and analyze the types of threats they are likely to face from the world of the cybersecurity industry. Adequate cybersecurity preparedness entails having a list of potential cyber threats along with a comprehensive analysis of the likelihood of each attack and a mechanism to respond to each attack for quicker restoration of business operations. Nevertheless, most business organizations would prefer to implement this approach to secure a firm security culture that could secure their IT systems from major external severe attacks (Saeed, 2023).

Moreover, the need for policies and best security practices for IT Asset Management is another critical challenge many organizations face. IT security requires corporates to have a strong understanding of existing IT systems and the data. Data and IT systems are the primary assets of any organization that aspires to improve its productivity and gain a more decisive competitive advantage (Salim & Madnick, 2018). The IT asset management plan should include technology infrastructure and software, mainly workstations, applications, printers, and servers. There is also a need to develop an IT asset management plan to include mobile devices such as laptops, tablets, and phones and, finally, consider Internet of Things systems as one of the components of IT assets. Under the Internet of Things systems, companies should protect call equipment and wireless speaking systems. There is also a need to conduct a compressive security gap analysis to help corporates identify and determine systems, devices, and software likely to increase security vulnerability and adopt evidence-based threat mitigation measures to resolve existing gaps (Salim & Madnick, 2018).

Other security gaps organizations must be aware of regarding cybersecurity are the need for progressive employee or user training and education in phishing and other social engineering threats. For a long time, organizations have taken employee and user training programs in social engineering and ethics hacking as the basis for creating organization security best practices. Employees and system users are critical stakeholders in cybersecurity, and their training will provide insight into the trends in cybersecurity issues and how to identify them. The lack of such training and education platforms increases the vulnerabilities and chances of users becoming cyber-attack victims (Salim & Madnick, 2018). This program should be implemented and progressively updated to ensure employees are remediated on hidden vulnerabilities. Also, lack of patch management is a growing concern among organizations. Sometimes, negligence can harm organization systems and other IT assets (Salim & Madnick, 2018).

Types of cyber risk, attacks, threats, and cybersecurity issues impacting organizations

Having identified and assessed a wide range of cybersecurity threats influencing today's business, let us turn to significant cyber threats and risks every business entity must be vigilant of to avoid future attacks (STANCIU, 2023). Before illuminating various types of cyber-attacks and perhaps shed more light on how such attacks are launched, it is imperative to mention that cybercrime has increasingly and drastically expanded in recent years in the world of technology and complete migration to digital platforms (STANCIU, 2023). Reasons for this advancement and increase in cyber-attacks have been associated with the fact that cybercriminals have also advanced technology and improved the efficiency and complexity of attacks. Not all cyber-attacks are intriguing due to a thirst for money; some cybercriminals want to cause mayhem and problems by disrupting the normal operations of organizations or government agencies. Some also occur to reduce competition in markets of products and services.

To begin with, the most common types of cyber-attacks include malware attacks. Malware attacks are described as the use of malicious programs or codes that are developed to harm computers, servers, and networks. It is the most notorious type of cyberattack because it comprises many subsets of attacks. Under the umbrella of malware attacks are subsets such as worms and trojans. For a better understanding of various forms of threats and attacks launched in the form of malware, it is good to note that a trojan is a malware attack that appears to have been shared by a legitimate program, application, or software, often disguised as a native OS. Still, it may appear like harmless free download software (STANCIU, 2023). This type of attack is often installed using social engineering approaches like bait websites. Other types of malwares are worms, mobile malware, and adware. In this aspect, mobile malware is a type whose design targets only mobile devices (STANCIU, 2023). This type of attack is typically delivered via malicious downloads, smishing, and utilization of insecure WI-FI. On the other hand, worms are self-contained programs that can replicate themselves and generate several copies, which are spread to other devices or software after an attack is launched. Other types of malwares include botnet, which delivers malware attacks as payload through emails containing malicious content attack (Stouffer, 2023).

The second type of cyberattack is a denial-of-service (DoS) Attack or phishing. To understand these attacks, Denial-of-Service (DoS) Attacks are described as malicious attacks whose mode of invasion involves flooding the network with a false request to disrupt business operations. System users often need help executing their duties or performing any operation whenever this attack is launched. Its impacts include holding business operations at a standstill (SÜZEN, 2023). It becomes impossible for system users to access emails, online accounts, or critical IT resources needed to facilitate business operations. Other than denial of service attacks, there are also Distributed Denial of Service (DDoS) attacks, which, unlike the DoS, never result in data loss and perhaps originate from a single system; the Distributed Denial of Service (DDoS) attacks originate from multiple systems or devices, faster to spread and extremely hard to block since they are launched in several systems (SÜZEN, 2023).

Third is phishing, the most popular and common type of cyberattack that typically utilizes emails as the primary point of launching the attacks. Phishing attacks can also be achieved via SMS, phone calls, social media, and social engineering approaches (SÜZEN, 2023). Phishing attacks aim to entice target victims to accept revealing sensitive information to cybercriminals. The target is usually to get confidential data such as passwords and password reset codes, which criminals use afterward to confiscate important business accounts and account numbers, among other vital information. At times, other than luring and enticing target victims into revealing sensitive, confidential data, cybercriminals may also lure the victims into downloading malicious software that installs viruses that collect vital data from infected devices. Some examples of phishing techniques used by cybercrimes include but are not limited to spear phishing, a type of cyber-attack in which cybercriminals target a specific organization or even individuals using their emails (Tietsort, 2023). This phishing attack aims to acquire and steal sensitive data, more so login credentials, or infect target systems and devices with malware. Other than spear phishing, there are also whaling and phishing attacks. Whaling attacks are a form of social engineering attack where the target victims are C-level executive employees and others serious about getting data such as passwords and credit card numbers (Tietsort, 2023).

Cyber-attacks such as spoofing have also become common and rampant in recent years. In this kind of cyber-attack, cybercriminals pretend to be trusted parties that are legitimate but also reputable and known. The essence of doing so is to advance their targets in engaging with target victims and luring them into granting access to secure systems with sensitive data. The aim is stealing and compromising systems for malicious gain. There are three types of spoofing attacks (Tulane School of Professional Advancement, 2021). These include domain spoofing, in which the attacker impersonates a known business entity or individuals using fake emails or websites to fool the target victims. Another type of spoofing is addressing resulting protocol and email spoofing, the primary objective of which is stealing valuable data from business entities.

Moreover, cyber-attacks include identity-based attacks, code injection, insider threats, supply chain attacks, and IoT-based attacks. Attacks on IoT entail cyber threats that target IoT devices and networks. It is the most dangerous form of attack since, after successful attacks, cybercriminals gain access to control of IoT devices, and this may lead to compromise of data, confiscation of data, and even joining the infected IoT devices to establish a botnet attack used to launch DDoS attacks (Tulane School of Professional Advancement, 2021). On the other hand, DNS tunneling attacks entail cyber-attacks that are opportunistic to domain name system queries. This is aimed at bypassing existing security measures. Once hackers gain access to the said system, they can engage in command-and-control operations. In such a case, the said tunnels provide the hacker with routes to unleash malware attacks and enhance data infiltration.

Finally is the insider threat, which many organizations overlook due to over-trusting their employees. Studies have shown that, often, IT teams and other experts in IT departments are the leading cause of cyber threats. In most cases, former employees whose employees have been terminated are the key ring leaders of the insider threats. Besides, some motivators, such as financial gains in exchange for confidential data, entice employees to engage in malicious activities that threaten business.

Significant impacts of cyber-attacks on business and vulnerable organization

As highlighted in various concepts of cybersecurity risks and threats, cyber-attacks have become an inevitable part of today's world. Even though there has been tremendous growth and awareness of cyber-attack challenges, numerous cases are reported daily (Tulane School of Professional Advancement, 2021). One of the significant challenges or impacts caused by cyber threats is the increased cost of data breaches. As has been the case for many years, many business entities and organizations in the United States have progressively faced the dire financial consequences of the highest data breaches. According to the IBM report 2022 on the total costs of Data Breach (CODB), most United States organizations are the primary target for cyber-attacks and have been slammed with an average data breach amounting to $9.44 million per incident (Tulane School of Professional Advancement, 2021). When this figure is compared with the rest of the global community, whose data breach cost is $4.35 million, it can be concluded that United States business entities have suffered significant losses from cyber-attacks (Tulane School of Professional Advancement, 2021). Statistics from reputable sources such as NIST show that the average cost of global cyber security has been estimated to cost the world economy over 20 trillion dollars by 2026. This is a 1.5 increase in the average cost of cyber security compared to the 2022 average cost of data breaches worldwide (Tulane School of Professional Advancement, 2021). There are also increased cost cybersecurity issues witnessed or experienced by incurring several outlays such as insurance premiums, public relation transport, and other costs such as notifying the affected parties about data breaches experienced (Tulane School of Professional Advancement, 2021).

Other than increased financial losses and the cost of data breaches, it is also good to note that organizations have suffered prolonged operational disruptions after cyber-attacks. This primarily affects severely impacted organizations with insufficient capacity to restore normalcy (Tulane School of Professional Advancement, 2021). With the increased complexity and availability of several tools for cyber-attacks, cybercriminals are at liberty to use any means of attacks to handcuff normal operations of corporations to disrupt business or gain malicious benefits such as ransom. An excellent example of such attacks is associated with companies such as Mastercard and Visa, where sympathizers of WikiLeaks launched attacks on Mastercard and Visa and barred the companies from accessing their websites by causing temporary crashes (Tulane School of Professional Advancement, 2021).

Operational disruption simultaneously causes alteration of business practices. For example, many companies have reverted to other methods of data storage to avoid exposure to severe cyber-attacks. Additionally, cyber-attacks may result in reputational damage and loss of PD revenue. Studies have shown that most companies that fall victim to severe cyber-attacks have significantly lost their brand equity due to brand damage. Whenever customers, suppliers, and shareholders learn that the companies they trust with their data are victims of serious cyber-attacks, leading to access and even compromise of sensitive data, they tend to feel less secure in such cases. (Tulane School of Professional Advancement, 2021). The loss of revenue comes in many ways. After successful cyber-attacks, news spreads throughout various social media and media houses. This creates tension and fear among customers associated with victim companies. To secure their financial and other critical data, such customers move to different companies where they are more secure, and in so doing, the amount of revenue generation declines (Tulane School of Professional Advancement, 2021). Finally, cyber-attacks can lead to theft of business secrets, identity theft, or stolen intellectual property. Business secrets such as product design, technologies, data marketing, and pricing strategies are the most valuable organization assets in this digital world. Whenever such information is stolen and sold to the black market, the victim companies may suffer a decline in their competitive advantages, an aspect of data that may further affect revenue generation (Tulane School of Professional Advancement, 2021).

Various strategies can be employed to reduce cyber risk and cybersecurity issues.

According to the recommendations provided by the National Security Agency, for organizations to reduce the risk of vulnerability to cyber threats and cyber security risks, there is a need to ensure that they conduct progressive patching, updating, upgrading, and even replacing old devices that may be prone to security flaws. IT teams should apply software updates immediately after the patches from reputable vendors are available. This should be done promptly as it may take a long time to note the availability of the patching software of upgrades but rather be automated. Also, there is a need to create new cyber security policies, which must be regularly updated to help restrict and control access to sensitive accounts or data and systems. Organizations should implement a zero-trust framework, ensuring that accounts' access rights and privileges are only assigned sparingly to users who need them to accomplish assigned duties (Hoffmann et al., 2020, p. xx). After the duties are done, they are changed to avoid leakage. There is a need to have documented procedures on how secure russeting of passwords is done with well-elaborated ways of providing user access privileges. Companies should also enforce what is known as signed software and program execution policies. This should be done by system administrators where the company OS should protect itself via secure boot by ensuring that devices boot using only secure software (Hoffmann et al., 2020).

Additionally, the Business Operations, CFO/Treasury, and IT Management must work collaboratively to ensure a formal disaster recovery plan. A well-crafted disaster recovery plan is the foundation for effectively managing and mitigating cybersecurity risks (Hoffmann et al., 2020). The plan must account for business continuity measures and areas of data security and restoration procedures. Disaster management disaster recovery plans should not be static but continuously reviewed and new updates added to ensure that business entities stay up to date in fighting risks that come with cyber-attacks. Business entities are also advised to leverage hardware security always to perform risk access and penetration test success and penetration tests. It is also wise for organizations to separate networks using application defenses such as firewalls and antiviruses, which block and restrict improper traffic Companies' networks. Companies should also adopt and implement cyber security training programs to help educate system users and other stakeholders on the significant risks of cyber threats and how to deal with them (Hoffmann et al., 2020). Also, using threat reputation services and leveraging multifactor authentication can minimize access to vital data.

Summary

Cybercriminals have developed complex tools to assess and identify significant leakages and vulnerabilities within organizations' IT systems. Most vulnerabilities are linked to the continuous use of obsolete and old devices, systems, programs, and organizations. Organizations can stay up-to-date and improve their IT security. Besides that, the lack of vulnerability and penetration tests and insufficient incidence response planning and protocols, along with a lack of policies guiding and restricting the accessibility of sensitive data and systems by unauthorized employees, is a significant challenge that in no way of the other exposes corporate to running into cybersecurity risk. It is almost impossible for organizations to completely secure their IT systems from cyber threats when there is no quality and reliable incident response plan and protocols. It should always be remembered that incident response planning and protocol should often be remediated and managed from the top down. Many organizations have suffered the impacts of cyber-attacks because of insufficient vulnerability and penetration testing. To avoid these attacks, patch management, continuous risk assessment, penetration tests, employee and system user training, use of reputable software, access control rights and privileges, and implementation of current cybersecurity policies will effectively reduce potential risks to cyber threats and associated repercussions.

References