Cyber Security - Research paper

profilesri.java47
research3.pdf

Webology, Volume 17, Number 2, December, 2020

289 http://www.webology.org

A Strategic Vision to Reduce Cybercrime to Enhance Cyber

Security

Mohammed I. Alghamdi

Department of Computer Science, Al-Baha University, Al-Baha City, Kingdom of Saudi Arabia.

E-mail: [email protected]

Received June 15, 2020; Accepted August 18, 2020

ISSN: 1735-188X

DOI: 10.14704/WEB/V17I2/WEB17031

Abstract

The cyber-security development for future generations is at stake as a global concern. The

existing strategic and policy structures on cyber security and awareness-raising at many levels

needs more investigation in order to formulate workable and efficient strategic vision that

addresses actual needs and challenges. The justification for this work is therefore to test the

robustness, in contrast with some of the most technologically advanced countries on the Asian

Continent and others like the USA, Japan, of Saudi Arabia's current cyber security strategy in

order to keep the NCSS up-to-date. This research aimed to develop a strategic vision to

combat cybercrime to enhance cyber security. The research results confirmed the approval of

the members of the study community to a medium degree on the reality of digital extremism

and cyber terrorism as seen by the researcher. Moreover, the approval of the members of the

study community was to a high degree on the role of combating cybercrime in promoting

human security as seen by the researcher. The members of the study community agreed with a

high degree on the obstacles identified by the researcher to combat cyber-crimes to enhance

human security in Saudi Arabia. There was a high approval of the study community members

on the strategic vision developed by the researcher to combat cyber-crimes to enhance human

security in Saudi Arabia.

Keywords

Cyber-Security, Strategic Vision, National Network for Cyber Security (NCSS), Cyber-Crime

Prevention.

Introduction

Technology is a continually changing expression in modern times, which has enhanced

security concerns and driven us to build a cyber-environment. A country's National

Network for Cyber Security (NCSS) reflects the cyber strength of the country, which is a

target and vision for a country's cyber safety. Researchers worked on NCSS by comparing

Webology, Volume 17, Number 2, December, 2020

290 http://www.webology.org

NCSS for international cooperation and harmonization between various nations and some

researchers worked for their respective governments in the policy framework (Sarker, K.,

et al., 2019).

The Internet has become a basic and critical need for people's lives and socio-economic

activities. Although it facilitates things for people, it also creates new risks. Never stopped

cyber-attacks and never will they, but they exponentially increase instead. That country

therefore needs an ICT infrastructure secure, efficient and robust. There can be a high risk

of a poor ICT infrastructure. Every interested cyber intelligence specialist can use ICT to

manipulate state-of-the-art government and industry classified information. However very

small attempts were made to estimate Saudi Arabia's strategic strength in the NCSS by

comparing the NCSS of the various nations.

Training in cyber-security is an effective response to an increasing number of intrusions

and attacks (Nagarajan et al., 2012). 80 percent of all vulnerabilities exploited by hackers

are due to human vulnerabilities (IBM, 2013) but cyber security is a priority of

information technology on tools and technologies (Hershberger, 2014). Human

vulnerabilities include employee incompetence, misinformed management and limited

training in cyber security, malicious insiders and third parties having access to a

company's network, but are not confined to them. Current politicians, government bodies

and academic researchers have come to know the need to improve cyber security

capabilities and increase awareness in the workforce and leadership (Evans & Reeder,

2010). After the breach of Target Organization information in 2013, an empirical review

of the attack found that the Target security systems recognized the intrusion. But the

management and the personnel involved in taking action lacked the know-how and skills

necessary (Hershberger, 2014).

Cyber security is then built on cyber defense or on a series of technical and non-technical

measures that allow a country to defend information systems that are deemed essential to

the creation of cyberspace. Cyber security could then be called a state desired by an

information system that would allow it to withstand cyberspace events that might

jeopardize the reliability, integrity or privacy of the data stored, processed, distributed and

the related services provided or made available by those systems. It uses security

techniques of information systems and is based on cybercrime combat and cyber defense.

As a prerequisite for technological growth and globalization dynamics as well as a

resource for sustainable development, cyber security concerns that entity (individual,

government, institutional, etc.) and represents thus cross-cutting challenges. These

Webology, Volume 17, Number 2, December, 2020

291 http://www.webology.org

challenges range from the securing of IT and IT systems (Industrial IT, IT management,

connected objects, etc.) to the economic, political and capacity-building strategies

(Willemant and Foulgoc, 2016).

The current combination of the exponential increase in internet flows and the increasing

connection between players and their information makes cybersecurity a comprehensive

and global issue. In addition, through the Agenda for Sustainable Development, the

Millennium Development Goals are one of 17 goals to be reached in 2030 for

technological development and capacity building in this region. In this regard cyber

security and cyber-crime prevention, as a means of ensuring this space for trade and

growth, constitute major issues in this process. Estimates suggest that cyber-attacks cost

the global economy about EUR 400 billion a year (El Melhem, J., et al., 2019).

Government organizations are also vulnerable to cyber-attacks. It has been shown over the

past 12 months that nearly 70% of organizations have reported that a successful cyber-

attack has affected their security. 65 percent of organizations say that there is a shortage

of qualified cyber response professionals. In a report, Kim and Solarwinds reported that in

the United Kingdom Government in 2017, almost two-thirds of the nation's largest

company was cyber-attacked over the past 12 months. Cyber security is therefore an

important government priority. Data theft or cyber-attack could cost government agencies

millions. It also harms an organization's image and can have devastating consequences for

the people.

In their analysis, Saad et al. (2016) analyzed the need to examine any gap in current

technology in network security at current times, thereby promoting the intensification of

researchers ' expertise while finding answers to these potential issues. Although such

systems might be more valuable, it is usually smaller networks, such as a campus

network, that are vulnerable to hackers. They studied in their paper the current field of

research based on a 6-fold survey, {what, where, how, who, how} and developed a mental

map to catch lacunae and the opening doors to network safety research.

Webology, Volume 17, Number 2, December, 2020

292 http://www.webology.org

Figure 1 Cyber-crime mitigation network security mind – map

Most cyber security attacks are due to human errors and attackers focus more on human

vulnerability exploitation (Evans, M., et al., 2019; Kelly, R., 2017; Islam, T., et al., 2019).

Consequently, it is increasingly important to understand human functions in promoting

cyber security. Joins on and van Steen (2018) suggested the incorporation of history,

actions and design for that reason of security tools and policies.

In the case of complex situations, Ganin et al. (2016) proposed a multi-criteria policy

framework incorporating risk assessments (threat, vulnerability and consequences) for

prioritizing countermeasures using user friendly technology. Dykstra and Orr (2016)

proposed a human decision-making evaluation framework for defining security risks and

responses context accordingly.

This research aimed to develop a strategic vision to combat cybercrime to enhance cyber

security in Saudi Arabia through the following steps:

1. Identify the nature and types of cybercrime. 2. Knowledge of the nature and dimensions of cyber security.

Webology, Volume 17, Number 2, December, 2020

293 http://www.webology.org

3. Identify the reality of digital extremism and cyber terrorism and its impact on cyber security.

4. Know the role of combating cybercrime in promoting cyber security. 5. Identify obstacles to combating cybercrime to enhance cyber security.

Methodology

An online survey was carried out in which 16 cyber security hazards rates were measured

on the basis of the previous research as an independent variable. A total of 200 web users

were surveyed. The study was carried out. The students' risk perception and precautionary

actions in terms of safety during internet usage were examined through a qualitative

empiric on-line analysis with psychometric methods. The survey found it clear that in

cases of crimes such as identity thieving, cyber bullying, social engineering, and loggers,

the perceived risk increased. Among the most optimistic predictors, we are afraid,

voluntarism, catastrophic and immediate threats. In addition the top scores are Internet

competence and its level of use. In fact, regulation was an important precautionary

measure. Identity theft was discerned as dangerous threat by students.

Results and Discussion

The research results confirmed the approval of the members of the study community to a

medium degree on the reality of digital extremism and cyber terrorism as seen by the

researcher. Moreover, the approval of the members of the study community was to a high

degree on the role of combating cybercrime in promoting human security as seen by the

researcher. The members of the study community agreed with a high degree on the

obstacles identified by the researcher to combat cyber-crimes to enhance human security

in Saudi Arabia. There was a high approval of the study community members on the

strategic vision developed by the researcher to combat cyber-crimes to enhance human

security in Saudi Arabia.

Strategic Steps to Avoid Cyber Crimes

Monitoring and

alerts

Network monitoring and alerting settings to detect suspicious activity are very important – a

malicious attacker should not be allowed to access and store sensitive data on a peripheral

device by means of comprehensive system monitoring.

Risk management

decision-making

By means of a risk assessment, they can determine how assets and a limited budget should be

expended. If the piece in question is downgraded or attacked by a virus, it will access

technical equipment, software system and allocate monetary risk value

Up-to-date

technology

The proper use of security technologies and the equipment necessary: The company will

remain vulnerable to hackers by outdated computer firmware, weak protocols and out - of-

date safety technology.

Security team A well-trained professional staff should be able instantly to protect sensitive and private

information – the IT department should be vigilant to know about common threats

Knowledge is

power To avoid cyber-crimes, maintaining good knowledge about potential threats and attacks

Webology, Volume 17, Number 2, December, 2020

294 http://www.webology.org

Conclusion

This decade has seen an exponential increase in the number of internet users. It's going on

all over the world. Each world now has the blessing and curse of technology from

underdeveloped to developing and developed countries. Cyber-attacks are increasing and

more complicated. This also increases. It's not restricted to a state but is beyond the

boundaries to make things worse, unlike federal crimes. Therefore, when there is no

proper infrastructure to combat it, it is more likely to remain undetected.

The development of cyber security policy is at a turning point. Cyber-security has become

a national priority, while the importance of' sovereignty' is increasing. National cyber

security policies are aimed at promoting economic and social prosperity and at protecting

cyber-reliant societies against cyber risk. Common elements of such approaches are

improving policy and organizational government coordination; strengthening the

collaboration between public and private sectors; emphasizing the need for fundamental

values such as the security of personal data, freedom of expression and the free flow of

information; and calling for better international cooperation.

Recommendations

1. Promptly prepare a draft law called (Cyber Security Law) that defines the controls of the

operators of telecommunications and Internet service providers in the Kingdom of Saudi

Arabia, and promotes the fight against cybercrime and the protection of the Saudi society

in cyberspace.

2. Establishing a national specialized cybersecurity authority to protect Saudi's cyberspace

and enhance infrastructure security.

3. Establish a specialized prosecutor to investigate, confront and control all types of

cybercrime.

4. Establishing a specific security unit at the Ministry of Interior specialized in combating

cybercrime and its tasks (attached in detail to the strategic vision).

5. The need to educate the Saudi society - individuals and institutions - ways to protect

against cyber-crimes.

References

Dykstra, J.A., & Orr, S.R. (2016). Acting in the unknown: the cynefin framework for

managing cyber security risk in dynamic decision making. In IEEE International

Conference on Cyber Conflict (CyCon US), 1-6.

El Melhem, J., Bouras, A., & Ouzrout, Y. (2019). Toward a Holistic Approach of

Cybersecurity Capacity Building through an Innovative Transversal Sandwich Training.

Webology, Volume 17, Number 2, December, 2020

295 http://www.webology.org

In Industry Integrated Engineering and Computing Education, Springer, Cham,

187-212.

Evans, M., He, Y., Maglaras, L., &Janicke, H. (2019). HEART-IS: A novel technique for

evaluating human error-related information security incidents. Computers & Security,

80, 74-89.

Ganin, A.A., Quach, P., Panwar, M., Collier, Z.A., Keisler, J.M., Marchese, D., & Linkov, I.

(2017).Multi-criteria decision framework for cyber security risk assessment and

management. Risk Analysis, 40(4).

Hershberger, P. (2014). Security skills assessment and training: The “make or break” critical

security control. SANS Institute Info Sec Reading Room.

IBM. (2013). The 2013 IBM Cyber Security Intelligence Index.IBM Security Services.

Islam, T., Becker, I., Posner, R., Ekblom, P., McGuire, M., Borrion, H., & Li, S. (2019). A

socio-technical and co-evolutionary framework for reducing human-related risks in

cyber security and cybercrime ecosystems. In International Conference on

Dependability in Sensor, Cloud, and Big Data Systems and Applications, Springer,

Singapore, 277-293.

Joinson, A., & Steen, T.V. (2018). Human aspects of cyber security: Behaviour or culture

change?. Cyber Security: A Peer-Reviewed Journal, 1(4), 351-360.

Kelly, R. (2017). Almost 90% of cyber attacks are caused by human error or behavior. Chief

Executive.net.

Kim, J. (2017). Cyber-security in government: reducing the risk. Computer Fraud & Security,

7, 8-11.

Nagarajan, A., Allbeck, J.M., Sood, A., & Janssen, T.L. (2012).Exploring game design for

cybersecurity training. In IEEE International Conference on Cyber Technology in

Automation, Control, and Intelligent Systems (CYBER), 256-262.

Saad, A., Amran, A.R., Afif II, Zolkeple, A.H., Said, A.I.A., Hamzah, M.F., & Salim,

W.N.S.W. (2016). Privacy and security gaps in mitigating Cybercrime: The review.

In IEEE 2nd International Symposium on Agent, Multi-Agent Systems and Robotics

(ISAMSR), 92-99.

Sarker, K., Rahman, H., Rahman, K.F., Arman, M., Biswas, S., & Bhuiyan, T. (2019). A

Comparative Analysis of the Cyber Security Strategy of Bangladesh. International

Journal on Cybernetics & Informatics (IJCI), 8(2), 1-21.

Willemant, R., & Foulgoc, S. (2016). Legal Aspects of Cyber-security. Action Canada Fr., 25,

18-19.