Remote Access Security: Optimum Strategy and Solutions for Small and Medium Scale Enterprises (SMEs)

Small and medium enterprises (SMEs) are depending more on their ICT framework however they do not possess the ability to direct it reasonably because of monetary impediments, limited assets, and insufficient specialized expertise. A sizeable number of SME executives expect that ICT security per remote access in their organizations is only like introducing a firewall and refreshing the antivirus program as frequently on a case by case basis. Remote access initiatives, against hacking systems and approaches, remote access controls, and numerous other related aspects are only investigated solely after security breaches. To improve remote access security in an organization comprehensively, four aspects including organizational, work process, data, and technical aspects must be figured out. With SMEs’ limited spending plans and more requirements for remote employees, it is exceptionally evident that they will remain easy prey for attackers since they cannot bear the cost of the typical secure remote access technologies and solutions. This paper explored a more ideal solution that will fit into the usual SME low remote access security financial plans but at the same time sufficiently powerful to protect them from digital and other IT attacks.

Securing SCADA Energy Management System under DDos Attacks Using Token Verification Approach

The advanced connection requirements of industrial automation and control systems have sparked a new revolution in the Industrial Internet of Things (IIoT), and the Supervisory Control and Data Acquisition (SCADA) network has evolved into an open and highly interconnected network. In addition, the equipment of industrial electronic devices has experienced complete systemic integration by connecting with the SCADA network, and due to the control and monitoring advantages of SCADA, the interconnectivity and working efficiency among systems have been tremendously improved. However, it is inevitable that the SCADA system cannot be separated from the public network, which indicates that there are concerns over cyber-attacks and cyber-threats, as well as information security breaches, in the SCADA network system. According to this context, this paper proposes a module based on the token authentication service to deter attackers from performing distributed denial-of-service (DDoS) attacks. Moreover, a simulated experiment has been conducted in an energy management system in the actual field, and the experimental results have suggested that the security defense architecture proposed by this paper can effectively improve security and is compatible with real field systems.

Leveraging Machine Learning in Financial Fraud Forensics in the Age of Cybersecurity

Financial sectors are lucrative cyber-attack targets because of their immediate financial gain. As a result, financial institutions face challenges in developing systems that can automatically identify security breaches and separate fraudulent transactions from legitimate transactions. Today, organizations widely use machine learning techniques to identify any fraudulent behavior in customers' transactions. However, machine learning techniques are often challenging because of financial institutions' confidentiality policy, leading to not sharing the customer transaction data. This chapter discusses some crucial challenges of handling cybersecurity and fraud in the financial industry and building machine learning-based models to address those challenges. The authors utilize an open-source e-commerce transaction dataset to illustrate the forensic processes by creating a machine learning model to classify fraudulent transactions. Overall, the chapter focuses on how the machine learning models can help detect and prevent fraudulent activities in the financial sector in the age of cybersecurity.

Crafting Strategies of Security Breaches

In recent years, the number of financial technology players and users have increased at a significant rate due to the rapid technological advancement in financial technology. While smart devices are providing more useful features to users, they have also made it possible for cyber threats to migrate from desktops to smart devices. Thus, it is important for smart device users to be aware that their device could be exposed to cyber threats and that users could protect their devices by employing data-centric cyber security measures. This study reveals how financial technology business model responded to the breach phenomenon by employing data-centric protection approaches. The result is very interesting. Data-centric security is very needed as it is capable of protecting data as a whole. It provides a gapless protection, meaning to say, the data are encrypted and classified wherever it moves. With persistent protection and cross-platform operability, data-centric security will eliminate gaps and keep data protected.

Cybersecurity and Privacy in Smart Cities for Citizen Welfare

In smart cities, technologies and systems of various types, from manual sensors to data collection devices, cooperate to improve citizens' wellbeing. They take advantage of information technologies and the internet of things (IoT) to increase citizens' welfare through the implementation of services with distinct objectives, like reducing energy consumption and improving transport routes and health services. Due to their functionalities and characteristics, IoT devices work interconnectedly and collect large amounts of data. In this context, cybersecurity and privacy arise as topics of central interest, as security breaches can lead to personal data exposure and service interruptions and malfunctions, thus directly affecting citizens' welfare and the implementation of the Sustainable Development Goals. This chapter discusses how cybersecurity risks affect smart cities' operations and citizens' welfare. It presents some current cybersecurity techniques and how to apply them in the smart city context. It also reviews some open issues and future directions.

Handling Trust in a Cloud based Multi Agent System

Cloud computing is an opened and distributed network that guarantees access to a large amount of data and IT infrastructure at several levels (software, hardware...). With the increase demand, handling clients’ needs is getting increasingly challenging. Responding to all requesting clients could lead to security breaches, and since it is the provider’s responsibility to secure not only the offered cloud services but also the data, it is important to ensure clients reliability. Although filtering clients in the cloud is not so common, it is required to assure cloud safety. In this paper, by implementing multi agent systems in the cloud to handle interactions for the providers, trust is introduced at agent level to filtrate the clients asking for services by using Particle Swarm Optimization and acquaintance knowledge to determine malicious and untrustworthy clients. The selection depends on previous knowledge and overall rating of trusted peers. The conducted experiments show that the model outputs relevant results, and even with a small number of peers, the framework is able to converge to the best solution. The model presented in this paper is a part of ongoing work to adapt interactions in the cloud.

DATA BREACHES AND DIGITALISATION

The report provides an overview of the importance and benefits of examining personal data breaches in the context of a global trend such as digitalisation. Regardless of the extremely negative consequences that security breaches have, both for the individuals whose data are affected and for the data controllers / processors, data breaches are valuable sources of information.

University Computer Network Vulnerability Management using Nmap and Nexpose

Over the past few years, the advancement of technology in universities have led to rise in the number of vulnerabilities in University computer Network (UCN). To ensure robustness and hardness of UCN, an efficient Vulnerability Management System is required. The focus of current work is on the importance of vulnerability management in a UCN. A plethora of tools are used for vulnerability scanning and assessment. This paper also focuses on the implementation of vulnerability scanning tools on UCN. Assessment of scan results is done to identify vulnerabilities in the network that need to be resolved on priority basis. Based on the scan results obtained after scanning the network using scanning tools, the decision can be taken to mitigate the vulnerabilities on priority basis. Vulnerability Management in a UCN is a stepwise procedure that needs to be implemented to keep the network secure. An effective VM framework is important and inevitable to prevent cyber security breaches in a UCN as it regularly checks for new vulnerabilities on and also provide solutions to remediate or resolve the vulnerabilities. The scanning tools used for the current work were Nmap and Nexpose. Nmap was used for information gathering of network and Nexpose was used for scanning the network for vulnerability detection.

When do businesses report cybercrime? Findings from a UK study

Although it is known that businesses report cybercrime to public authorities at a low rate, and this hinders prevention strategies, there is a lack of research on companies’ decisions to report cyber victimisation. This paper analyses the UK Cyber Security Breaches Survey to explore factors associated with cybercrime reporting by businesses. Results indicate that the type of cybercrime is relevant to the reporting decision, and that the likelihood of reporting increases when cybersecurity incidents generate negative impacts and when the company places high priority on cybersecurity. However, we find no association between having cybersecurity insurance and reporting. Finally, while having outsourced cybersecurity management is associated with reporting to anyone outside the organisation but not to public authorities, in-house cybersecurity teams seem more inclined to report to public authorities. Findings are discussed in relation to the role of the private cybersecurity sector and the criminal justice system in combatting cybercrime.