Security Aim of Internet of Things and Modern Technology for Business Organizations
Posted: January 4th, 2023
Security Aim of Internet of Things and Modern Technology for Business Organizations
Cardiff Metropolitan University
Cardiff School of Management
Advanced Entry MBA Program
The growth of technology has introduced new ways of doing business and comes with threats that entrepreneurs must consider preventing single fatalities. Companies are increasingly becoming aware that IoT and other forms of technology present security risks, which could have fatal repercussions if the group fails to use appropriate preventive and mitigating measures. Cases of cyber-attacks, impersonation, hacking, identity theft and unpermitted access to confidential data are some of the concerns occurring from current technology use. Unless businesses take bold measures to address the matter, they are likely to run at a loss besides experiencing considerable damage to the systems. The dissertation shows the importance of developing and sustaining the capacity to identify threats, and why acting swiftly to attacks prevents fatal outcomes. Businesses cannot do without technology now that almost all aspects of operations require innovative approaches. The only way to survive in a highly competitive market is to implement proper measures based on extensive research. The defensive mechanisms organizations develop to counter the security concerns emanating from the use of IoT should be able to prevent cases of phishing, malware attacks, man in the middle, brute force, and social engineering that are some of the online attacks that IoT users are likely to encounter. Businesses should not wait until it is too late to save the situation because that could have detrimental effects to the organizational operations. Instead, they should develop structures to help them predict and prevent possible attacks from happening or having devastating impact on operations. Organizations in their attempt to achieve readiness should emulate other firms that perform exceptionally well in averting potential threats that may occur from the use of IoT devices and other modern technology. Also, businesses may follow some of the already established models for combating online and electronic attacks while ensuring that they have the capacity to run a stable response mechanism. The dissertation conducts a systematic literature review of existing current literature to examine how firms deal with IoT-related issues, and reveals how organisations understand the kind of risk that they face, and are taking considerable measures to prevent online and other IoT-connected attacks.
Table of Contents
1.4 Research Aim and Objectives. 6
1.8 Outline of Subsequent Chapters. 8
2.1 The Emergence of the Cyber Threat. 14
2.2 Security Concerns Associated with IoT. 15
2.3 Current Security Tools, Practices and Interventions. 19
3.3 Data Collection and Analysis Methods. 22
5.2 Validity and Reliability. 29
1.1 Purpose of the Project
The project seeks to investigate through a systematic literature review of current sources the areas or concerns that receive the attention of businesses today concerning security challenges occurring from the use of IoT and similar technologies.
1.2 Background Information
Increased technological transformation has resulted in many facets of life being linked and influenced by digital communication. The Internet of Things (IoT) constitutes a significant evolution in a digital world that can affect every person and all businesses. Even as IoT is expected to create many transformations, researchers discover that technology is likely to develop numerous security problems that organizations must address to avoid interruptions or attacks. Businesses are increasingly becoming aware of the threats IoTs pose and are stepping up their preparation by embracing security interventions, practices, and tools that they hope will fortify the company against violations. Organizations use mechanisms such as fog computing, blockchain IoT security guidelines, and machine learning. The blockchain IoT security solutions pay attention to increasing the general precision, confidence, and visibility within the IoT component.
1.3 Research Questions
1.4 Research Aim and Objectives
- The research seeks to evaluate the general orientation of businesses to the execution of IoT security.
- The study seeks to analyse the IoT security concerns presently affecting business activities.
- The research hopes to examine how contemporary organizations identify the security loopholes created by IoT systems and devices.
- To evaluate how firms deal with IoT challenges and how they regain from online invasion.
- To come up concrete recommendations on the prospects of executing IoT components within modern businesses, without creating any inconvenience while advancing security.
1.5 Methodology
The dissertation conducts an inductive research that relies on a set on data to make general conclusion. The study utilizes a systematic review of existing literature, which synthesizes quantitative and qualitative research types. The nature of the research questions requires a critical assessment of the currents works investigating how businesses deal with IoT and other related technologies. The task entails identifying the most relevant articles and relevant texts that explicitly address the research questions most effectively and directly. The sampling approach begins with creating a preliminary inclusion and exclusion format, which allows the study to address the research questions, ensure the included texts meet the required standards and adequately scope the analysis. All the literature offering data for the study was published from 2010 to 2020 to develop relevant and applicable information. Acquiring data from current research serves as the primary way of collecting data. The search terms the study uses to gather relevant data, including but not limited to IoT, digital technology, Internet of Things, AI, cybersecurity, and intervention tools, among others. The search extends further to other published and non-published works that are relevant for inclusion. The team in charge of the study achieves validity by ensuring that all the included literature are credible. Moreover, the team achieves validity by ensuring that the research method and technique are targeted to measure precisely what the study seeks to examine, and to affirm that it is of high quality. Thus, the team in charge of the study first conduct a thorough research of the applicable techniques based on available knowledge.
1.6 Scope
The study explores the broad research of security matters and interventions in existing industrial and scholarly research to understand security issues related to IoT that attract most businesses’ attention.
1.7 Limitations
The study’s major limitation relates to the concerns with the quality evaluation tools that businesses can use to prevent threats from the use of IoT and other modern technologies. Posadzki and Ernst (2019) inform that tools and instruments have limitations that may affect their functionality. Siddaway et al. (2019) give an example where considerable challenges occur when quality assessment entails computing values or weights depending on several variable factors. Siddaway et al. (2019) write that it may be hard to arrive at the correct conclusion in such scenarios. However, the report tries to mitigate the drawback by selecting toolkits that are not prone to errors and are likely to yield the desired results.
1.8 Outline of Subsequent Chapters
The other chapters of the research give vital information that could help to answer the research questions. The literature review evaluates existing literature on the subject and compares information and data from various works. The literature review is the most extended section of the report because most of the descriptions of how businesses deal with security threats occurring from the use of IoT and other related technology fall here. The methods section follows, and here the report gathers data through systematic review to answer the research questions. The data and analysis section follows, and here the report evaluates the collected data to give readers a more comprehensive perception of the subject. The data and analysis section relies on current research to develop an argument that could impact researchers, learners, IT practitioners, and entrepreneurs. The next part is recommendations, and here the study provides guidelines that may help organizations combat the cybersecurity concerns emerging from the use of IoT and other modern technologies. The final section is the conclusion, which gives an overview of the entire report by recapturing the significant points. Reading the end would give the reader a glimpse of the whole report.
IoT refers to the physical devices connected to the internet via attached sensors and systems, engaging with the web to give meaningful outcomes and convenience to the users and community at large. IoT is a rapidly transforming collection of different technologies that interact with the real life. The IoT devices and apparatus can be a result of joining the worlds of operational technology (OT) and information technology (IT) (Boeckl et al., 2019). Most IoT apparatus are the outcome of the fusion of mobile computing, Big Data, cloud computing, affordable hardware, embedded systems, and other technological innovations. IoT equipment can offer analytical functions, networking for technological tools, and can elevate operations in places that previously did not have appropriate structures and information storage capacity (Boeckl et al., 2019). IoT can also facilitate innovative efficiencies and industrial functions for the equipment, such as troubleshooting, distant reach for evaluation, and configuration (Boeckl et al., 2019). IoT has the capacity to evaluate information about the physical world, and utilize the outcome to better impact on decision-making, change the physical environment, and foretell forthcoming scenarios and events.
No one object can be termed as constituting IoT infrastructure because the technology comprises of numerous irregular and unrelated networks. Boeckl et al. (2019) write that while the full scope of IoT is yet to be correctly defined, it us largely vast. Every industry has its type of IoT apparatus, such as specialized equipment in a health facility, and smart road networks in the transportation sector, and there are many other forms of IoT devices that each industry can use. EY’s 2015 study on the connection between cybersecurity and IoT shows that the technology will facilitate the creation of a flexible environment that gives all forms of services, ranging from smart retail and logistics to home computerization, and from smart city operations to smart environmental management (EY, 2015). The description by EY indicates that very soon, the IoT will gain the capacity to sense, and will be developed with the ability to visualize and to perform analytical functions, which will be easier for everyone to access (EY, 2015). The idea that IoT and other modern types of modern technology have the ability to transform vital aspects of life is what encourages individuals and businesses to incorporate the innovations to their individual and collective practices. The emergence of IoT and other related technologies does not imply that machines communicate or talk to each other, but people are increasingly interacting with each other using devices (EY, 2015). The IoT usually serves as the medium for communicating with people. IoT and other forms of contemporary technology will more and more rely on powerful sensors, smart apparatus, and cloud computing that will involve numerous functions to sustain the operations. The problem is that the extremely interconnected structures and environments required to facilitate the functioning of the interlinked system are yet to exist, and the operations with cloud computing need much progress, principally with regard to security development (EY, 2015). The considerable transformation will have to occur in different areas because of the escalating concerns on these platforms, due to the growing demands of the information that needs support. Also, the widening number of interrelated apparatus in circulation being utilized for interactions has caused further obstacles in achieving data confidentiality, adequate governance, data safety, and trust (EY, 2015). Taking all these issues into account, several challenges and opportunities that warrant quick attention emerge, and notably much need to happen to create a comprehensive strategy that would prevent cyber threats and strengthen cybersecurity.
IoT will create a future where the internet makes it possible to embed systems and objects with computing capability and sensors, with the objective of being able to interact with each other. Although Internet of Things focus more on machine-to-machine connections, the real change underlying the innovation is advancing how people converse with each other in more indirect ways. Machines may eventually gain the capacity interact, but until today the concept is not universal and does not apply to all forms of networks (EY, 2015). Even if machines can connect to each other, it is factual they will always serve as tools of human communication (EY, 2015). The ever-growing network capacities of machines and everyday apparatus utilized in the office, at home, and in vehicles, mobile technologies, supply chains, and modern infrastructure, present better opportunity for business advancement and buyer satisfaction. Most IoT apparatus will very soon use sensor-based innovations, and the developers hope that the technology will transform operations in many key areas. The sensors will send data to a given machine or server, which in turn will evaluate the data to produce helpful information for the user (EY, 2015). The sensors in business context will serve as data collectors, and cloud computing will be an avenue for keeping and evaluating the data. Business leaders will increasingly rely on the concept of Big Data analytics to convert the raw data into helpful content.
Business structures for deploying IoT may differ for every firm, depending on whether it is performing the core functions, manufacturing, or essential services. For example, the retail and merchandizing industry could gain from future innovations in IoT (EY, 2015). For instance, if a new buyer wants to purchase a shoe, his or her size could read by the measurement sensors. The data can then be transmitted via the cloud about the available inventory, and the inventory could then be replaced depending on predicted trends and real-time analytics. Developers hope that the growth of technology will facilitate the production of sensors that facilitate activities in other areas, and many operators expect to elevate their practices in the coming years.
IoT is steering change within the business digital landscape – and it is fast turning into the must-have component of entrepreneurial technology, basically because the technology offers numerous opportunities. IoT presents new business opportunities because with the web of interconnected devices, data and people will offer organizational opportunities to many operational areas (EY, 2015). Organizations will get the chance to use IoT and other forms of technology to better understand the needs and desires of their consumers and can make operations such as inventory management and supply chain more effective and flawless. Businesses are increasingly embracing IoT because it provides the chance to increase revenue production. Today, there are many opportunities that remain untapped for economic effects by identifying creative means to use IoT technology to facilitate revenue generation and value formation through cutting expenses and by increasing the productivity of assets. Using IoT will simplify the decision-making process because the use of smart devices is increasing, resulting in more choices, improved facilities, more precise fact finding, and better facilities, thus facilitating the decision-making process (EY, 2015). Implementing IoT in business is likely to lower costs the prices of IoT components such as microchips, GPS apparatus, sensors, and cloud apparatus have dropped, implying that the cost of IoT apparatus will go down as well. Businesses that use IoT will enjoy increased safety and security because with the help of cameras and powerful sensors the chances of avoiding online and physical threats increase. (EY, 2015) Businesses that use IoT will witness great development in smart manufacturing practices because organizational and logistics solutions will be formed specifically to improve services, quality, and controls. Firms will increase their smart manufacturing processes such as machine learning, which entail using automated decision-making and intelligence, as well as machine communication, which provides the chance for more collaboration and interaction (EY, 2015). Other smart manufacturing processes the business will develop with the use of IoT, include improved networking, whereby networked regulation of manufacturing equipment happens, and practical asset management, which advocate for preventive maintenance and diagnostics.
Businesses must consider how IoT will affect the various sectors, and determine whether the technology is beneficial or not. Important operational areas, including agriculture, manufacturing, education, and communications among others have embraced bolder measures to facilitate their use of IoT and more growth is likely to impact on many other areas that offer vital services (EY, 2015). The health sector has in the past decade acted as one of the major beneficiaries of IoT. Although by no means global, future solutions may be available, including information that informs health practitioners about medical history and possible ailment, and microcomputers and sensors planted in the human body to assess health conditions and even signal any emergency when necessary. IoT is fast impacting the education sector because stakeholders in the sector have started to transform traditional practices into automated platforms (EY, 2015). For example, interactive smart classes help learners increase their engagement, while learners’ tracking systems and automatic attendance registers could help to make learning institutions more safe and secure. Developing internet-enabled classrooms will be a significant achievement for many developing nations (EY, 2015). The manufacturing firms that use internet-enabled structures and systems give different outcome, making them more efficient and safer through mechanized process controls. Also, IoT impacts on the financial sector because the operations in this area are already relying on the internet for many functions. Considerable rise in technology and infrastructure in the coming generations of IoT-embedded apparatus could further encourage the expansion of monetary transactions, with technological emergences such as smart apparatus helping consumers to efficiently check their assets.
2.1 The Emergence of the Cyber Threat
While the use of IoT is increasingly becoming acceptable, security concerns related to the technology are escalating and are transforming so fast. In the contemporary society of constantly using technology for many functions and failing to enact adequate security controls to protect businesses and individual users, online violations are no longer something that people speculate, but is something that can surface at anytime and anywhere causing massive devastation. Businesses must understand that cyber attackers are working on new ways of penetrating the security systems created by organizations, reaching everything from individual user data to IP address (EY, 2015). The attackers engage in such practices to cause harm, damage, disruption, and to take away intellectual property. Every time, their violations become increasingly harder and intricate to handle. Such occurrences make it difficult to tell precisely the nature of threats that will occur next month or even next year, or in a decade’s time (EY, 2015). It is only possible to predict that the threats will be more devastating than those happening today. Technology analysts are also certain that as old forms of cyber threats disappear, new forms will erupt to replace them. The uncertainty requires businesses to be clear about the mitigation or preventive measures that must be place to evade possible threats and attacks.
Despite the growing cyber threats, it is apparent that implementing appropriate cybersecurity measures is increasingly difficult to implement and deliver. The conventional organizational structures are slowly fading and the available security defense structures are experiencing considerable pressure and criticism. Point intervening approaches such as encryption, patching, and the use of antivirus still serve as the widely applicable approaches for combating cyber violations that are on the increase, but regrettably such defensive methods have become less defensive and ineffective over time as attackers develop new approaches to invade systems. The report by EY (2015) informs that nearly 70% of the widely utilized IoT apparatus have vulnerabilities. It is worrying based on the report that only 56% of businesses that use IoT devices may not be able to detect impending attacks, which puts them at great risk.
2.2 Security Concerns Associated with IoT
The interaction of people, businesses, and devices in the modern business world, presents a whole new platform of vulnerability where cyber attackers can utilize unsusceptible access points to get into the system. The general landscape of risk of the business is only a bit of a potentially contrasting and unclear world of real and potential threats that often emanate from totally unanticipated and unpredicted threats, which can have a devastating effect (Boeckl et al. 2019). The speed of transformation is a major concern because in this post-economic-crisis times, organizations change and move swiftly. Activities such as the launching of new products, marketing expansion, development of new technology, mergers, and acquisitions are all on the increase. Nonetheless, all these transformations have an intricate effect on organizational breath and strength in terms of enhancing cybersecurity, and its capacity to put up with the speed of change (Boeckl et al. 2019). Also, the development of intricate network systems as it happens with mobile computing has resulted in fading organizational limits, with information technology getting closer to the end user and further from the business. Using the internet through a tablet or smartphone has made it possible to access organizational information anywhere (EY, 2015). Inevitably, a single vulnerable apparatus can result in another vulnerable system, and it is almost impossible to prevent all the loopholes for all apparatus or devices. For cyber attackers, it would not be hard to identify a target for their infringement. Organizations must understand that the scope of vulnerability, including rootkits, botnecks, and zero days will expand, and so will be the number of casualties (EY, 2015). Business and IT specialists must know that it is easier for a violator to put a Trojan in a smartphone, if the device is linked to a PC which has already been violated. With even more apparatus connected, it would increase the risk of a cyber attacker to penetrate the system.
Organizations are increasingly embracing regulations and governance structures to overcome the compliance issues that remain a major concern to many businesses. Increasing confidentiality regulation is a tendency that is expected to carry on in the near future. As corporations enlarge IoT security features, these may disturb individual goals of privacy. A well-structured IoT framework should have well-identified and clear expectations on procedures of protecting privacy, taking into account that legislation may vary in some places (EY, 2015). The governance and compliance concerns have some relationship with privacy and data protection issues. Apparently all smart apparatus hold data about their users, ranging from where they work to their dietary intake among other essential information. All devices qualifying as Internet of Things gather accurate data from different sources, which are suitable from an analytical position, but users may not be at ease using the same information with unknown individuals who are likely to interfere with the credibility of the data (EY, 2015). With the exchange of data from multiple electronic devices, there will be a lot of opportunities for analytical firms; the analytical components will gain the ability to evaluate or determine the business surroundings around the users, but also, the monetization of online content can generate substantial safety and confidentiality apprehensions. The emerging issue is whether users are comfortable sharing their information with unknown people, and whether that does not appear like a violation of individual privacy.
Businesses must consider other cyber security concerns that are likely to occur from the use of IoT and other modern technology. Organizations should develop ways of protecting important infrastructure for identifying loopholes to penetrate any computer network or system will be simpler for any violator because there will be numerous ways of launching an attack (EY, 2015). Closed operating systems have for many years assigned IP addresses that can be reached from outside, so that cyber attacks make their way out of the office environment and into vital infrastructures, such as transportation and power production systems and other automated structures (EY, 2015). The other challenge relates to cloud computing, which has been a vital aspect for IoT from the start. The cloud offers an avenue for IoT to flourish. However, businesses still face many constraints when it comes to data or cloud security in the cloud. Firms usually find out when it is too late that the security standards of their cloud provider may not match the required specifications, or do not meet their objectives (EY, 2015). The violation of the IAAS at Amazon is a perfect example of such violations. Such incidences have raised mixed perceptions among critics with some terming the act a form of hacking. With the concepts of Big Data coming into play, there will be much data generated for the service givers as well. With the excess data within their disposal, the storage servers will have to be secured and updated every time (EY, 2015). The risk for interactive links will increase because the devices and sensors will be relaying communicative crucial personal data all the time on the avenues. Keeping important data on the cloud heightens the threats of spam because it is possible to electronically reposition the servers from one place to another depending on their requirement. Hence, no specific way exists for blocking spam.
The technological advancement facilitates the advancement of cybercrime, thus more sophisticated ways of launching attacks, access to even complicated to infiltrate targets and remained unmonitored are emerging continuously. However, conventional cyber threats remain the cause of the most rampant attacks. Bendovschi (2015), who lectures at the Burcharest Academy of Economic Studies, says in her article, which explores the effects of technological growth in a world bound to automated processes, online activities, cloud computing, and social networks, that organizations must watch out for various possible forms of attacks that could disrupt operations and business patterns. Man in the middle violation is a serious threat that can expose organizational data to attackers. The attacks happens when the criminal interferes with both sides of the communication process such that any message moving from one party to the other must first reach the invader before arriving at the destination (Bendovschi, 2015). The threats posed by this nature of attack involve of unauthorized reach to confidential data or possibilities to change the message that arrives at the target destination by the intruder (Bendovschi, 2015). Another type of online attack that could occur from the use of IoT is brute force violation, which involves repeated attempts to get entry to safeguarded information, such as encryptions and passwords, until the invader finds the precise key, and data can thus be retrieved (Bendovschi, 2015). Businesses must also watch out for the Distributed Denial of Service (DDoS) attack that tampers with the availability of records, in the way the intruder floods the unsuspecting user or server with commands, thus rendering them non-functional. Also, attackers use malware to cause malfunction to systems. Bendovschi (2015) is a generic definition describing the various forms of destructive software, utilized by the attacker to tamper with the privacy, presence, and integrity of information. The most rampant types of malware are; scareware, trojans, viruses, ransomware, worms, and ransomware (Bendovschi, 2015). Organizations must consider other threats that have equally destructive effects.
Phishing and social engineering are threats businesses must consider while using IoT and other technological apparatus and platforms. Bendovschi (2015) describe phishing as a style aiming to take personal data without permission by pretending to be a useful and trustful source, for example, a website. Organizations seeking to establish strong response and defense mechanisms should consider social engineering as a possible threat emerging from the use of IoT and other forms of technologies, because the practice facilitates the unpermitted retrieval or access to data through human communication.
2.3 Current Security Tools, Practices and Interventions
Dealing with the issues emanating from the use of IoT and other modern technology requires an organization to take appropriate measures that would help to respond to cybercrime. An effective approach would be to follow the three distinct phases that EY identifies to be effective in achieving cybersecurity maturity. The aim of the three As (activate, adapt
and anticipate) is to implement advanced cybersecurity guidelines at each category. The organization at stage 1 (activate) should develop a stable basis of cybersecurity (EY, 2015). Forming the basis entails a comprehensive guideline of security information guidelines, which will offer essential, but not the best defense against cyber threats and attacks. Businesses at this phase create their essentials, which is they activate the cybersecurity system (EY, 2015). Organizations seeking to create a strong response mechanism should then move to the second stage, which is adaptation. The business or IT leaders make considerable changes at this category to safeguard the company from attacks and threats. The team implementing the change should remember that threats also transform, and the basis of information security structures must adapt to put up and match the transforming business needs and dynamics, lest they will become more ineffective with time (EY, 2015). Businesses at this phase try to maintain their cybersecurity and keep it up-to-date that is they should adapt to the transforming needs. The third step (anticipate) EY identifies as being suitable in responding to cybercrime requires businesses to establish tactics to recognize and prevent possible cyber attacks (EY, 2015). The implementers at this stage must know precisely what they want to safeguard their most precious assets, and rehearse suitable reactions to possible attacks.
Businesses use other innovative tools, intervention approaches, and practices to deal with the threats and attacks occurring from the use of IoT within modern firms. Aldowah et al. (2018) describe the blockchain IoT security as one of the widely used protective tool that helps businesses protect their systems and IoT devices. The blockchain structure has effective protection against interfering with data, restricting reach to IoT devices, and permitting compromised systems and tools in an IoT network to be locked or shut down. Hyundai is an example of a company that has in the recent past created a blockchain system that is specifically formulated for IoT security. The Hyundai Digital Access Currency (HDAC) allows the firm to create an authorized private network. One distinctive feature that makes the HDAC unique is its ePow that lowers monopolization in mining practices. Also, the blockchain is effective because it incorporates authorized, public, and private blockchain into one system. Fog computing is another approach that many organizations use to safeguard their IoT systems. The approach allows for the formation of an additional protective layer between end users and IoT systems, thus offering for improved mitigation and detection of security concerns before they interfere with the entire system. Fog computing also significantly minimizes the amount of information being relayed to and from cloud, lowering latency due to local calculation while reducing risks (Aldowah et al., 2018). Organizations also use machine learning as a tool for preventing attacks against the IoT tools and devices. Machine learning is part of artificial intelligence that offers systems the capacity to automatically learn and advance from experiences without being obstinately programmed. Machine learning pays attention to the creation of computer software that can reach data and utilize it to learn without human intervention (Hassija et al., 2019). Machine learning can help to implement intricate algorithms that condition IoT systems to prevent threats that could affect wireless networks. Organizations should consider implementing these tools that have the ability to safeguard the firm against online attacks.
2.4 Where the Research Fits
The study calls on all businesses that use the internet to be cautious on how they conduct their operations. The literature review shows how it is imperative to equip workers with relevant skills on how to mitigate potential online attacks, which could cause devastating outcome. Organizations see the urge to be conversant with advanced preventive measures that would safeguard them against the techniques attackers use to penetrate unprotected systems. The study suits all forms of organizations, including learning institutions, business facilities, health centers, government agencies among others that constantly interact with IoT devices.
3.1 Introduction
The study employs inductive reasoning that makes general generalizations from particular set of data and observations. The research relies on the data it gathers from relevant sources to come up with appropriate conclusion (Siddaway et al., 2019). The approach is more suitable for the study because the dissertation already has a set of research questions and objectives that it seeks to examine and respond to them.
The research strategy for the study is a systematic analysis of the available literature, while paying attention to both qualitative and quantitative aspects. The approach involves carrying out a systematic review of published and unpublished works that provide answer to one or more of the research questions. The task in this case entails identifying and evaluating the largest possible quantity of research that could possibly give the suitable answers to the research question in an explicit and direct manner. The research strategy has several advantages, with the ability draw helpful lessons and conclusions being one of the merits. The methodology is suitable because it permits the researcher to examine the literature, while looking at the inconsistencies, gaps, and relations as they relate to the research questions. Also, the systematic approach is more suitable for the study because it permits for the evidence-based production of the effects of current research on the subject matter.
The qualitative and the quantitative aspects of the systematic reviews are very important in completing the study. The quantitative aspect is presented through estimations, measurements, and counting, while the qualitative approach considers the depth and details of the literature and research. Each type of research design has its strengths and limitations because of the omission of essential insights produced differently by either approach. The review of literature in this case starts with a comprehensive scooping procedure entailing several stages.
3.2 Sampling Strategy
The sampling strategy starts with formation of inclusion and exclusion criteria to allow the study to examine, particularly, the research questions being asked. Also, the approach makes it possible to only include the relevant and useful articles that address the research questions. Best analysis of the systematic review procedure requires a consistent use of the inclusion and exclusion criteria throughout the research. Literature that meets the study criteria will fall into the inclusion category. The study tries to create a comprehensive justification for the inclusion and exclusion approach on an empirical and theory basis. A vital consideration for the inclusion of a literature is it must be published between 2010 and 2020. Also, the following factors form important inclusion criteria for literature in the study; the research questions, the definitions of the literature being discussed, the variables that each study uses, the research design, the participants, and the research timeframe (Siddaway et al., 2019). All sources are written by qualified and reputable scholars, and they address relevant issues to the subject under investigation. Another important factor is that all articles are published in English. The research process then progresses to searching the literature after re-examining the inclusion and exclusion guidelines.
3.3 Data Collection and Analysis Methods
The literature identification exercise relies on an elaborate search approach. The strategy helps to locate the suitable place for retrieving the sources. The sources come from searching key terms such as AI, Big Data, intervention tools, IoT, Internet of Things, cybersecurity, and other related terms. The analysis method looks at the suitability of the literature and considers the effectiveness at which each work responds to the research questions.
A suitable source of data based on the selection process is Boeckl et al. (2019), where the authors explores some of the security issues related to IoT. Boeckl et al. (2019) inform how security challenges in business organizations can fall into four main categories or layers. The first is the application, the second is middleware, the third is network, and the fourth is the sensing layer. Most if the IoT devices and systems have one or more of these layers and each category presents its unique share of security concerns. Also, the 2015 report by EY offers valuable insight into the nature of threats that businesses face regarding the use of IoT devices and other forms of technology. Tyler (2018) describes the possible ways businesses use to prevent their systems from attacks and the findings from the article can be of great value to businesses.
The study shows how businesses know that they stand at a risk of becoming a victim of cyber attack and threats if they do not implement suitable measures to combat violations. The expansion of IoT and other forms of technologies put more businesses in fear of losing vital resources and infrastructure (Boeckl et al., 2019). The study reveals that over the recent years, cyber attackers and hackers armed with intricate and dangerous malware have unlawfully acquired documents, money, and personal information from individual users and accounts all over the globe (Boeckl et al., 2019). The analysis shows how the internet can be the most essential tool in every-day life, school, or business, but at the same time can cause devastating effects, especially when someone or an organization becomes a victim of cybercrime.
The study shows that businesses are in a better position of handling cyber attacks when they understand the scams that are likely to interfere with their activities when they interact with the cyberspace. It emerges that businesses must watch out for the phishing attacks, which are rampant, and involves the attempts to get personal or sensitive information from an online or computer user (EY, 2015). The business can be in a better position to prevent phishing scams by knowing how scammers create fake websites to imitate real websites with the objective that the susceptible users will feed in personal information such as their home address, social security number, and passwords (EY, 2015). The study informs that identity theft is another concern many businesses have to deal with and stop the use of fraudulently acquired information to engage in crime or make unnecessary purchases. The analysis illustrates that online harassment is a major concern for businesses, and it is associated with the harassment emanating from the use of social media platforms (EY, 2015). Online harassment takes a similar approach invasion of privacy, which entail the practice of someone trying to intrude on the personal life of users. The study shows how invasion of privacy may entail hacking into a personal computer, following online operations, and reading private mails (EY, 2015). Also, the study reveals how cyberstalking is becoming a major concern among businesses where attackers would go to any measure to try and assess the online activity of a user (EY, 2015). Knowing the various types of online threats and attacks and how they manifest may provide the chance to understand what appropriate measures would work out well in mitigating the situation.
The review analysis reveal that businesses understand the threats they are likely to encounter when interacting with IoT devices and other forms of technology, and have enacted measures to combat the potential violation that could disrupt their functions. Overall, organizations try to take control of their online reputation after knowing exactly how damage can affect the firm’s online reputation (Tyler, 2018). Firms know that the most appropriate way to safeguard their reputation is to watch what they do and say over online avenues. Many organizations take the initiative to defend their devices. The study reveals that while many firms lose essential information on their systems, not so many firms take effective measures to lock or strongly safeguard their devices (Tyler, 2018). However, others are already taking bold measures, and are creating effective passwords to protect their devices and systems. Some businesses create unique and long passwords that they keep to themselves, while others rely on a password manager such as the iCloud keychain that is more secure. The companies create strong passwords to safeguard sensitive personal information, and tend to use social networks more cautiously.
More fundamentally, the study reveals that failing to take appropriate mitigating measures could result in adverse effects of cybercrime based on the statistical evaluation of the global impact. Grant Thonton (2017) projects that the total financial impact of cybercrime could reach $6 trillion by 2021. Grant Thonton (2017) reveals that the size of data breaches increased by 1.8%, while the average cost of data violation reached $4 million in 2016. Grant Thonton (2017) further shows how the projected market magnitude of the cybersecurity sector would be $170 billion in 2020, and that the ransomware violations increased by 6000% in 2016. Moreover, the research shows that the estimated economic losses from man-made and natural catastrophes amounted to $158 billion in 2016. The statistical overview reveal that it is important to take proper preventive measures to avoid such devastating repercussions.
The study shows how using IoT devices and increasingly interacting with cyberspace expose users to possible threats and attacks that could jeopardize their safety as well as the computer systems. Businesses and other stakeholders learn that phishing attacks affect their operations, and that the best way of dealing with the concern is to use a phishing filter application on the web browser to effectively scan the websites that users wish to visit to identify whether they are safe to explore (EY, 2015). Regarding identity theft, businesses must learn how to closely monitor their accounts to protect the group and individual identity using the least costly approach. Firms should not hesitate whenever they notice any suspicious operations, and should take the initiative to report the matter to the relevant authorities (Tyler, 2018). The organization should act proactively when it learns about such violations and should not waste much time.
The awareness calls on businesses to first understand the potential threats they could face before taking suitable measures to mitigate the problem. The study educates on how the internet is an intricate platform where cybercriminals develop tens of thousands of fake websites weekly (Tyler, 2018). The increasing rate at which online violators conduct their activities may be the reason why the world continues to encounter escalating cases of cyber attacks and threats. Consequently, businesses should adhere to some of the developed structures that would help to prevent violations while promoting sustainability. Companies learn that preventing threats and attacks from the use of IoT devices and other technological innovations require timely identification of the possible threats and taking immediate action to tackle the issue before the group suffers a major loss (Boeckl et al., 2019). Identifying the threats as early as possible and taking adequate measures to contain any disruption are necessary because many firms hold vital and sensitive information, which if exposed could ruin significant aspects of the business operations (Tyler, 2018). The study shows how businesses must keep an eye to their workers because the members of staff are one of the essential aspects of the organization, and handle the secrets of the business. Leaders must learn to motivate their workers and discourage them from exposing confidential information to protect the firm from violation (Tyler, 2018). The findings create the urge for business leaders to keep a backup of all the transactions and messages exchanged between members of staff to be able to trace any suspicious activity or abnormality (Tyler, 2018). Managers understand the importance of checking how workers use passwords, and how they protect them from unpermitted persons.
5.1 Data Analysis
The study shows that businesses turn to IoT devices and other forms of technology because of the many opportunities they stand to gain. Nonetheless, the study shows that it is imperative to develop protective mechanisms that would safeguard the firm in case of an attack. It is apparent that IoT facilitates transformation within the digital environment, and it is increasingly becoming a vital requirement in terms of technological preparedness and capacity. Businesses will have the opportunity to use the Internet of Things and other emerging innovations to get a clear perception of their purchasers and what they require. For example, the firm will implement practices that elevate the functions of supply chain management and public security. Using advanced technology, including IoT will offer the chance for business revenue expansion because there are numerous unexploited opportunities for economic effects by identifying creative methodologies to use IoT technology to facilitate revenue growth, and create value through reducing expense and increasing the productivity of assets. The opportunity to reduce the cost of business and the possibilities of enhancing safety and security make modern technology very appealing to businesses that believe using the latest innovation put it ahead of the rest.
Businesses turn to superior technology with the hope of enjoying the economic benefits of IoT and other forms of new technology. The account by EY (2015) shows that just like other sectors where demand rate usually match the rate of supply, Internet of Things and other better forms of technological innovations also have comparable economic repercussions, with the prospective for much money waiting to be produced to benefit people in the public and private sectors. With the advancement of IoT and other forms of technology, many ICT technologies will expand in parallel. For instance, Big Data and cloud computing markets offer IoT a podium from which to develop and transform. IoT will provide chances for firms that produce IoT devices, and also for those firms which are offering services connected to IoT. Other groups that are likely to benefit from the transformation of technology include those that manufacturer IoT products and those providing services related to internet-enabled devices and tools. The companies making sensors, as well as other operators, including marketers and application manufacturers are all set to benefit from the development of technological innovation. The estimations from different operational areas indicate that revenues from machine-to-machine interactions alone will generate at least $900 billion. The economic benefits of using the latest technology should not overshadow entrepreneurs such that they forget the risk landscape and how that could impact their operations.
Business must consider the various areas the threats may occur and take necessary actions to prevent any possible violation. The internal employees fall among the risk landscape because they can pose some threat to the electronic system. Data collection and application could also pose significant risk, especially if the firm lacks the appropriate defense mechanism. The physical environment presents some challenges as well because it is highly likely the firm will experience considerable threat in an environment where the response mechanism is low, and where the possibility of attacks is high (EY, 2015). An organization should consider how the availability or absence of IT infrastructure, impact on its ability to identify and prevent attacks that could affect the organizational systems. The company must also consider the threats that could occur from the interaction with third-party vendors and suppliers (EY, 2015). The firm must verify that its suppliers adhere to the right guidelines for combating cyber attacks and adhere to protocols that protect all parties into the interaction. Understanding the risk landscape offers the chance to enact counter-measures that would protect the business and its fundamental assets.
The findings of the data challenge businesses to reach out for some of the most effective tools to protect their operations from cyberattackers who are advancing their attacking methods. The findings show that firms and individual users must focus on their online reputation because once an abnormality happen it is very difficult to rectify the situation (DesMarais, 2012). The organization should try out some of the many methods available for protecting the firm against attacks before things get out of hand, and it becomes very difficult to contain the situation (DesMarais, 2012). It is upon leaders to take the right security choices, lest the firm fails to excel in the contemporary environment where technology facilitates business operations as well as presents considerable threats.
5.2 Validity and Reliability
The study assesses the inter-rater reliability depending on threes quantitative specifications and goals, including the Kappa coefficient, the inter-rater agreement, and sampled research. Also, the study takes suitable measures to achieve the uttermost validity of the assessment process and its outcome through a keen analysis of the search outcome. The study pays particular attention to understand whether the search outcome suggest any reliability within the inclusion and exclusion model, and whether the outcome of the search suggest that the new terms are essential for valuable additions to the entire search practice. The study uses various quality assessment tools to assess the selected sources for possible bias and quality. The tools are; Avoiding Bias in Selecting Studies, the GRADE Working Group, and JAMAevidence. Nevertheless, the study conducts additional researches to be certain that the search process identifies a suitable set of evidence from diverse fields, research perspectives, and theoretical aspects.Overall, the strategies mentioned above allows for carrying out a systematic review that is validity and evokes high level of confidence.
5.3 Limitations
The primary challenge in the study relates to the quality assessment toolkits that are applicable for this research. The tools do not provide any surety that they are free from errors, which may cast some doubts. The tools are likely to produce unbearable errors when computing complex sets of data, which could make it hard to determine the quality of the evaluation process. However, the study tries to settle on quality assessment toolkits that do not pose any significant threats.
5.4 Recommendations
The business may already have effective IT policies, technologies, and processes, but the leaders and IT professionals should ask whether it is adequately prepared to handle emerging concerns. Early warning and identification of violations are necessary to be ready, implying that the attention of cybersecurity has transformed to threat intelligence. Most firms already know their operational and information systems face considerable threats, as well as for their goods and services. A suitable approach is to first know the nature of such threats and understand how they present themselves. Business leaders must remember that a business in a state of readiness to combat cyber attacks displays a completely different perception, sees the world differently, and reacts in a way the cyber attackers would not anticipate. Developing effective structures require behaviors that are well-though and collaborative, and relies on learning, preparation, and rehearsal. Dealing with issues emanating from IoT and other forms of technology requites the business to understand that no firm or political power can every foretell the coming of or subvert all, or even most assaults, but they can lower their probability of being a target, strengthen their resilience, and reduce damage from any violations.
Striving to learn the concerns that are likely to occur from the use of IoT and other forms of technology requires the company what it takes to achieve a state of readiness in dealing with threats and attacks. The report by EY (2015) informs that a state of preparedness entails creating and executing a cyber threat intelligence plan to promote the development of strategic company choices and weigh the values of security. An organization that claims to be ready must have the capacity to create a cybersecurity ecosystem that brings together business networks, suppliers, services, and essential partners. The group that claims to be ready to deal with issues occurring from technology takes a cyber economic directive by knowing the important assets and their values, and investing adequately in their fortification. A business seeking to attain a state of readiness should have the ability to utilize the concepts of cyber threat intelligence and forensic data analytics to predict and assess where the possible threats are emerging from and when, and using this information to enhance preparedness and response. The leadership of a corporation that is ready in suppressing potential violations through IoT platforms should ensure that every member of staff knows the importance for stable administration, transparency, and user control. Businesses may not have the ability to regulate when security lapses happen, but they can restrict how they react to them, including expanding detection capabilities, which is usually a good place to begin (EY, 2015). The attempts to achieve a state of readiness are important because a security operations center (SOC) that functions appropriately can act as the basis of improved detection.
Organizations must ask several pertinent questions and try to come up with their answers to help them anticipate cybercrime and other attacks that could tamper with the systems. The study informs that businesses need to transform their way of acting and thinking to cease from being simply responsive to current and future threats. A study by Global Information Security indicate that less than 7% of the 1800 companies examined had a dedicated team to fight threats using appropriate intelligence (EY, 2015). The findings of the study show that a huge gap still exists in the way organizations employ intelligent personnel to safeguard the firm from the possible attacks via IoT devices or other electronic avenues. Businesses must know that the only option to move ahead of the cyber attackers is to know how to predict their violations. Achieving the desired goals implies that the organizational cybersecurity system should be able to respond to several concerns (EY, 2015). For example, the organization should consider the things happening in the external environment and find out how they can learn from the situation. The firm should consider how other successful firm deal with emerging threats and attacks, and pick lessons that may help to strengthen response and reaction. The company should be able to tell how it could be hardened because of the attacks and to become resilient in handling emerging issues. The business leaders should ask whether the firm can tell the difference between a targeted attacks and a random attack to know what response mechanism to take in mitigating the issue. Also, the company should be able to estimate the economic effect of a cyber attack, as well as consider the possible regulatory and legal repercussions of a severe attack (EY, 2015). Considering how serious an attack can be lead to the strengthening of available frameworks, and encourages the development of better structures. Also important, organizations are in a better position to deal with the security issues emanating from the use of new technology by identifying how the firm can help other organizations or institutions in the ecosystem deal with attacks and threats. Finding answers to these questions helps to understand the level of preparedness at the organization, and motivates the stakeholders to take appropriate and more competitive measures.
Following the leading cybersecurity initiatives and practices may offer viable solutions to businesses that contemplate about advancing their response mechanism and resilience. The team should always try to know the macro and micro environment because comprehensive awareness is essential to knowing the broader threat overview and how it connects to the firm. Using cyber threat intelligence can offer suitable solutions to prevent cyber attacks because the model considers both the internal and external features that could facilitate an attack or threat, draws concepts from past, current, and future practices. Another trend that may elevate cybersecurity practices is continually learning and evolving because nothing remains at its previous state as time moves. The report by EY (2015) informs that nothing is static, including the business and its operating environment and the criminals, thus the need to make continuous developments and improvements. The organization should be confident always about its incident reaction and crisis response strategy considering that firms that anticipate violations often review their response capacity. More fundamentally, the firm should align its cybersecurity plans to business objectives (EY, 2015). The organization should ensure that cybersecurity becomes a vital issue of concern on the agenda. The business leaders should include all stakeholders to know how cybersecurity permits the corporation to be innovative, able to form new avenues to reach buyers, and to handle emerging risks. Organizations must know that to be prosperous, the information security team requires proper leadership guidance in offering the necessary financial support to promote and create more appropriate security protocols, to grow cybersecurity awareness within the members of staff, and to foster collaboration with business partners.
Organizations seeking to protect their devices and systems from attacks can take other effective approaches now that online threats and attacks are becoming a concern for most firms. A suitable approach is to conduct regular audits because as the firm continues to grow, it eventually reaches a point where it may be hard to protect all data and to reduce the possibilities of being attacked (Tyler, 2018). For this task, the company can hire cybersecurity specialists or consultants to perform the audit or can recruit a full-time cybersecurity officer who will handle all the security-related issue and safeguard the security of the business (Tyler, 2018). Closely related to performing regular audits is conducting a continuous cybersecurity risk assessment to mitigate the threats. Business leaders need to know that cybersecurity risk assessment is a form of risk management, and one of the essential factors that add to the growth of the business as it keeps it safe from exposure to competitors or rivals who are always looking for loopholes (Tyler, 2018). Also important, managers should try to acquire in-depth awareness about the potential risk factors because the more information they have about the risks in their business, the more effective defensive mechanisms they will be able to embrace to protect the company (Tyler, 2018). Leaders should understand the nature of their business and carry out adequate research regarding all the potential threats and attacks that could harm the foundation (Tyler, 2018). The appropriateness of the plans the business takes would determine whether it manages to keep attackers at bay or whether it would succumb to violations.
The study illustrates the importance of embracing features that would prevent cyber threats and attacks while using IoT and other modern forms of technology. The report examines the general perception of organizations to the implementation of IoT security, and assesses the IoT security issues presently tampering with business operations. Businesses worry that attacks such as man in the middle, brute force, DDoS, malware, phishing, and social engineering puts the system at a considerable risk, forcing the firm to take suitable protective measures. The study offers valuable information regarding how organizations identify the security lapses created by IoT devices and systems. The study provides valuable insight into how businesses try to combat the cyber threats and how they pick up after an attack. The recommendations from the study can help businesses improve their defense and response mechanism, and organizations should not relent in their attempts to fortify their systems. The key lesson from the study is that whereas advanced technology such as IoT devices provide numerous opportunities, it is imperative for businesses to enact measures that would protect key infrastructure from damage. The study gives suitable recommendations that may help to handle IoT components in a way that protects the organization from possible attacks. The dissertation responds to all research questions, including satisfactorily explaining how businesses perceive online attacks, describing the security threats emerging from IoT use, and examining the approaches organizations use to remain safe.
7 REFRENCES
Aldowah, H, Rehman, U,& Umar, I, 2018, Security in internet of things: Issues, challenges and solutions. In International Conference of Reliable Information and Communication Technology (pp. 396-405) Cham, Springer.
Boeckl, K, et al. 2019, Considerations for managing Internet of Things (IoT) cybersecurity and privacy risks, National Institute of Standards and Technology, Gaithersburg.
DesMarais, C 2012, Tools of protecting your online reputation. Available from: < https://www.techlicious.com/tip/tools-for-protecting-your-online-reputation/> [July 20, 2020]
EY 2015, Cybersecurity and the Internet of Things, EY, London.
Grant Thonton 2017, Cyber-crime: Avoid paying the price. Available from: < https://www.grantthornton.ae/globalassets/1.-member-firms/uae/may-2017-onwards/cybercrime_avoid-paying-the-price_2017.pdf> [February 3, 2021]
Hassija, V, et al. ‘A survey on IoT security: Application areas, security threats, and solution architectures,’ IEEE Access, vol. 7, pp. 82721-82743.
Posadzki, P, & Ernst, E 2019, ‘A guideline for conducting systematic reviews. A Guide to the Scientific Career: Virtues, Communication, Research and Academic Writing, pp.311-320.
Siddaway, P, Wood, M, & Hedges, V 2019, ‘How to do a systematic review: A best practice guide for conducting and reporting narrative reviews, meta-analyses, and meta-syntheses,’ Annual Review of Psychology, vol. 70, pp. 747-770.
Tyler, A 2018, 10 essential steps for preventing cyber attacks on your company. Available from: < https://www.itproportal.com/features/10-essential-steps-for-preventing-cyber-attacks-on-your-company/> [July 20, 2020]
FINAL WORD COUNT
| CHAPTERS | FINAL WORD COUNT |
| Abstract | 311 |
| Introduction | 810 |
| Literature Review | 3797 |
| Research Methodology | 629 |
| Result Findings | 601 |
| Discussion | 2806 |
| Conclusion | 183 |
| TOTAL | 9,137 |
Expert paper writers are just a few clicks away
Place an order in 3 easy steps. Takes less than 5 mins.