Friday, September 13, 2019

Challenges in Cyber Security for Business in Australian IT Companies

Discuss About the Cyber Security for Business in Australian IT? With the increasing use of technologies like Internet of Things, Cloud, and Big Data, even the critical infrastructure of companies is exposed to risks. The global internet penetration today is estimated to be 3.4 billion. The dependence on technology is increasing in Australian IT companies and so is increasing the risk of security threats that the systems of these companies face. These threats include identify theft, Botnet attacks, ransom ware attacks, data manipulation, cyber warfare, and more  ( Commonwealth of Australia, 2015). In this research, the security challenges that are faced by the Australian IT companies would be studied in order to understand their impacts on companies as well as to identify security solutions or mitigation strategies that can help overcome these challenges in IT companies. The research makes use of both secondary and primary investigation on the security threats and solutions. Cyber security incidences in Australian organizations including identity theft, data theft, and frauds have increased in past few years which have affected the image of the brands in the country. Thus, cyber security has become a national priority of Australian government. The national losses in Australia that have occurred due to cyber security threats make up 1% of its GDP which is over $17 billion dollars per year. The government has formulated a cyber security strategy to make Australia a safe place for business. The security strategy targets cleaning of cyber infrastructure, strong penalties for cyber criminals, and accountability of CEOs to security, reduced disruption it services due to cyber threats, and increased confidence of consumers in cyber space  (Cisco, 2013). In the Australian IT organizations, maintaining security is the cyber space is a big area of concern. 6.2% of the data Espionage which is a targeted attack popular with cyber criminals have affected IT companies in 2015  (Bakhtiari, et al., 2015). Social Engineering which is an attack launched on people are so sophisticated that they can penetrate been the most hardened system such that any level of network security cannot prevent the attack. As per the internet report of Akamai State, 4.18% of the DDoS attacks had originated from Australia in 2015  (James, 2016). The aim of this research is to explore the challenges in cyber security in Australian IT companies and identify solutions to overcome these challenges such that security can be enhanced. To achieve the aim of this research, certain research questions are required to be answered including: Based on these research questions, certain objectives of the research can be formulated as follows: In this research, the security challenges faced by IT companies in Australia would be explored using a mixed research methodology involving a Literature Review data analysis and snowball sampling, and a needs assessment survey method in which IT managers would be involved as respondents who would be answering a research questionnaire. The data analysis of the secondary data obtained from the literature study would be used for creating the questionnaire for the primary survey which would thus, help in testing the effectiveness of each solution identified in the snowball sampling of the past researches  (Bendassolli, 2013). This section explores the process of sampling, data collection methods, variables to be used in primary survey, research model, and data analysis methods that would be used in this research. Researcher would take 30 respondents for the survey based on convenience and purposive quota sampling techniques. The sample would include IT Managers and Security professionals from Australian IT organizations. For identifying the challenges that would be explored in this research, a snowball sampling method is used in which past literature and research studies are explored to identify security challenges and their mitigation strategies. There would be seven types of security attacks that would be explored including Denial of Service, Insider Attacks, Phishing attacks, Web Application attacks, brute force attacks, social engineering, and malware attacks. For each of these attacks, the solutions would also be identified in the literature review and would be included in the survey questionnaire for testing their effectiveness in enhancing security of an organization  (Bhattacherjee, 2012). Some of the issues are already identified in previous researches and their mitigation strategies are also identified and thus, literature review would first form the basis for data collection on the security issues and solutions. Based on this literature review, a snow ball sampling would be used to collect data on security concerns and solution methods  (Bickmore, 2012). The papers that would be used for snowball sampling would be published between 2006 and 2016. This would be done to primarily identify security issues faced by organizations as well as solutions that have been tried by various companies across the world  (Wisdom & Creswell, 2013). On the basis of this data, the questions for the survey would be presented to test if the same problems and solutions can be applied to the case of IT companies in Australia. A primary data would be collected for further exploration of the challenges and mitigation strategies used in IT companies. This data would be collected from respondents through an online survey that would be posted on Survey Monkey website. In case respondents do not reply, the researcher would make calls to them to ask them to fill the questionnaire or would take the responses and fill the questionnaire himself  (HP Enterprise, 2015). The research involves a primary data collection and analysis for which certain variables would be created based on the data collected and the questions asked in the survey  (Bryman & Bell, 2011). These variables would store data on security challenges, their impacts on business, and mitigation strategies. These three variables would be independent while there would also be dependent variables that would include security enhancements and security levels that would be studied and measured along the independent variables to understand if specific security mitigation or threat prevention methods were successful in enhancing security in respective organizations  (Kumar & Ahuja, 2014). This research uses a mixed research methodology that involves collection of secondary qualitative data that would be analysed using thematic analysis and the primary survey data that would be analyzed using statistical analysis methods. The choice of mixed methods is made as this research needs to explore the concept of security in IT companies to explain and make interpretations. As mixed research allows exploration of the idea from different perspectives and at different levels, a deeper understanding of phenomenon can be obtained  (Cameron, 2009). A mixed research method can use any of the research design strategies from the following designs: Sequential explanatory: In the sequential explanatory research design, first the primary data is collected and analysed and then secondary data is collected and analysed in support. Sequential Exploratory: In the sequential exploratory research design, first the secondary data is collected and analysed and then primary data is collected and analysed in support. Sequential Transformative: In this method, primary and secondary data are collected and analysed separately but the collective results are then interpreted  (Wisdom & Creswell, 2013). Concurrent Triangulation: In this method, two methods are used for cross-validation of findings from each other. Concurrent Nested: In this method, one method may be nested inside the other method of investigation Concurrent Transformative: In this type of analyses both method are used for evaluation of a theoretical perspective. In this research, a sequential approach to mixed research would be used such that the secondary data on security threats and mitigation strategies would first be collected and analysed to identify themes of security concerns and solutions. These themes would then be used for developing a questionnaire for the primary data collection and analysis. This analysis would test the methods identified as solutions for security in the secondary research  (DHS, 2009). Data analysis would be conducted in two parts. In the first part, the literature data would be analyzed using snowball sampling to identify security threats and mitigation strategies from secondary research papers. One the basis of the results obtained in this investigation, a questionnaire would be prepared for the primary research and the data obtained from the survey would then be analyzed using statistical analysis on SPSS. Different variables would be explored and studied for correlation to understand if they have an impact on other variables. Correlation would be tested for understanding relationship between threats faced and security measures taken, security levels and security measures, and security measures and threat impacts. Upon finding the correlation between specific variables, a regression would be used to identify if they have a causal relationship between them. The research would involve a hypothesis testing where very mitigation strategy would be tested as causing s ecurity enhancements or preventing impacts of security threats on an organization  (DHS, 2009). The results from the analysis of the literature review including previous research reports would be a set of security concerns and mitigation strategies that are identified by previous researchers or their respondents in their researchers. The data would result into emergence of certain themes that would be used for developing primary research questionnaire  (Cameron, 2009). The result of the primary survey would be a statistical testing through which the identified mitigation strategies would be tested on specific security threats to understand if the strategies worked. The outcome would reveal the impacts of each type of threat on an organization as well as assess the effectiveness of the mitigation strategies behaving security in an IT company  (Bulusu & Sudia, 2011). The result of the primary analysis would reveal the security enhancement methods that have been effective in protecting systems of IT organization or help in mitigating impacts of security problem. The research would have limited sample size and thus, the results cannot be generalized for a wider audience. Another limitation is that the survey is conducted online which can make it difficult for the respondents to understand the purpose of the research and thus, in some cases, respondents may not choose to respond to the questionnaire. Since the survey is conducted online without intervention from the researcher, the respondent would respond to questions as per their own understanding which may differed from the objectives of the researcher. Another limitation of this research is that it tests only 7 security threats for IT companies and thus, it does not present solution for all kinds of security threats that can be faced by an IT organization. The aim of this study is to explore the security challenges faced by IT companies in Australia and identify methods that can help overcome these challenges by these organizations for which the research would make use of a mixed methodology. It involves study of past literature on security threats and solutions which are used to identify threats and solutions that can be tested for the Australian IT companies through the primary survey to understand which methods have been effective for protecting IT systems of companies and overcoming specific security threats. This research can be useful for organizations that are operating in the Australian market and are into IT space to understand what could be the potential security challenges that they would face while operating in the country and how they can use specific protection or motivation methods to enhance their security systems. This would also contribute to the body of knowledge on the security research as it not only studies the ch allenges and explore possible solutions but also tests the solutions to understand their effectiveness in ensuring security in an IT organization Commonwealth of Australia, 2015. AUSTRALIA’S CYBER  SECURITY STRATEGY: Enabling innovation, growth & prosperity, s.l.: Commonwealth of Australia. Sogeti’s, 2014. DIGITAL USER EXPERIENCE RESEARCH, s.l.: Aberdeen International Airport. Bakhtiari, S. et al., 2015. Australian Industry Report, s.l.: Australian Governmetn. Barnett-Page, E. & Thomas, J., 2009. Methods for the synthesis of qualitative research: A Critical Review, London: ESRC National Centre for Research Methods. Bendassolli, P. F., 2013. Theory Building in Qualitative Research: Reconsidering the Problem of Induction. Forum:Qualitative Social Research, 14(1), pp. 1-25. Bhattacherjee, A., 2012. Social Science Research: Principles, Methods, and Practices. Florida: Scholar Commons. Bickmore, T., 2012. Qualitative Research Methods: A Data Collector’s Field Guide, s.l.: FAMILY HEALTH INTERNATIONAL. Bryman, A. & Bell, E., 2011. International Business Management Research. 3rd ed. s.l.: Oxford UniversiReferencesData Collection Method ty Press. Bulusu, S. & Sudia, K., 2011. A Study on Cloud Computing Security Challenges, Sweden: Blekinge Institute of Technology. Cameron, R., 2009. A sequential mixed model research design: design, analytical and display issues, s.l.: Southern Cross University. Cisco, 2013. Australian Government Cyber Security Review, s.l.: Cisco. DHS, 2009. A Roadmap for Cybersecurity Research, s.l.: DHS. HP Enterprise, 2015. Cybersecurity Challenges, Risks, Trends, and Impacts: Survey Findings, s.l.: MIT. James, C., 2016. Cyber Security Threats, Challenges and Opportunities, s.l.: ACS. Kumar, A. & Ahuja, C., 2014. Cyber Security Research Developments: Global and Indian Context, s.l.: NASSCOM. Wisdom, J. & Creswell, J. W., 2013. Mixed Methods: Integrating Quantitative and Qualitative Data Collection and Analysis While Studying Patient-Centered Medical Home Models, s.l.: U.S. Department of Health and Human Services.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.