literature review for Ransomware and phishing for information security in business organizations
literature review for Ransomware and phishing for information security in business organizations
Attached the paper .
APA format.
Running head: RANSOMWARE AND PHISHING 1
RANSOMWARE AND PHISHING 2
Ransomware and phishing for information security in business organizations
Introduction
Phishing is a category of social engineering attacks that primarily focuses on stealing data. The attack may expose all the login’s credentials as well as the business’s credit card numbers. The attacker masquerading as a legitimate entity dupes a victim by having access to text message, instant message, or email account. On the other hand, Ransomware is a malicious attack where cybercriminals use software and block users from accessing their data. System files are encrypted and added extensions to the attacked data by digital extortionists. Data is held hostage till the ransom is paid.
Topic overview
Ransomware and phishing can lead to devastating consequences for both individuals and organizations. The business may suffer from funds stealing, unauthorized purchases, and identity theft. Phishing is used to acquire a foothold in government and corporate networks to advance more massive attacks (Richardson, 2017). The latter involves employee’s compromise to bypass security perimeters, gain access to secured data, and distribute malware in a closed environment. Organizations exposed to these attacks typically succumb to severe financial losses, market share decline, reputation, and trusted consumers. Considering the scope, a phishing attack can escalate to a security incident in which organizations take years recovering.
Problem statement
Ransomware affects every opportunistic target utilized by an organization’s devices ranging from computers and smartphones (Kettani, 2019). Companies can lose resources, files, and finance. Ransomware usually demands $200 -$300 bitcoins to unlock files. IT cost, productivity, network modifications, and legal fees are other losses businesses incur. Besides, companies are forced to acquire credit monitoring services for customers and employees. Phishing and ransomware variants extend features that compromise data and exfiltration anti-detection components. This factor caused a distributed service denial. Attackers can lock cloud based-backups during persistent synchronization.
Securing networks is a mitigation strategy. Organizations should have incident response plans and backup critical. Additionally, they should ensure end-users and respond to compromise attacks.
Purpose statement
The research aimed to investigate appraisal, threat, and efficacy on both phishing and ransomware attacks. The research was based on understanding phishing and ransomware concepts. Understanding comprises knowing the definition of both terms, studying how they work, and analyzing possible impacts on business and individuals. The research would help in coming up with possible mitigation strategies. It would also explain the issues related to both forms of attacks.
Research questions
The research was based on what is the qualitative description of phishing and ransomware attacks? The study also answers on how both attacks work and organizations are affected. Additionally, there is an evaluation of the possible impacts of phishing and Ransomware on organizations? What should organizations do to secure and protect their computers against the attacks? How the attacks affect the business operations as well as financial status?
Hypothesis
Perceived and severe phishing and ransomware attacks result from an increase in future intentions of protective information access and more exceptional detection ability, leading to increased email consideration.
More significant efficacy responses related to keeping up with phishing and ransomware techniques are linked with; Increase in future intentions to expose secured information. Increased detection ability is due to more knowledge related to suspicious cues in emails and conventional approaches utilized in phishing and ransomware emails (Thomas, 2018). There is an increase in response costs of countering advancing both attack techniques due to decreased intentions to access secured information.
Theoretical perspective
The heuristic-systematic model is used to research phishing victimization. It is a theoretical exploration and framework. Phishing and Ransomware have risen to become a severe threat to the organization’s information security systems. However, there has been a limitation, in theory, grounded on the burgeoning phenomenon. The theory argues that the heuristic-systematic model is an ideal framework for researching the psychological methods which underlie phishing and Ransomware attack effectiveness.
Significance of the study
The study is aimed at benefiting businesses as well as organizations. The document contains a qualitative analysis of how phishing and ransomware attacks occur. It also includes the possible effects if an attack is successful (Coppola et al., 2019). There are possible mitigation strategies that businesses can utilize to deal with phishing and ransomware attacks.
Delimitations
Ransomware and phishing attacks have become popular. This has led to curiosity among organizations over a sense of information security. However, training employees is an aspect that ever plays a role in phishing and ransomware mitigation. Due to increased numbers of deceptive, cunning, and intelligent scams sent daily, employees cannot stand a real chance incomplete reduction of both attacks; the attacks are epidemics of their own. But they can play a crucial role by being updated and careful of any threat signal.
Organizations should also apply next-generation strategies to fill the possible gaps and empower employees efforts in countering attacks. Encryption, database security, and multifactor authentication are active factors that should be turned into deterring phishers. New upcoming strategies should also be used, such as email verification programs and sender reputation.
Limitations
Organizations have been affected by the growing culture of distraction. The IT department may feel suspicious from the management pressure and click to malicious link or download a suspicious file. The disturbance is more likely under a stressful environment or daily and tight schedule tasks.
Phishing and ransomware attacks can entirely be undetectable. Some attacks are technologically advanced so that the security departments cannot notice with them with naked eyes (Mukhopadhyay, 2018). The attacks can trick employees via targeted operations that impersonate interior executives and highly-recognized sellers. Another limitation is that in some instances, curiosity may rise to be more reliable than the overall sense of security. Traits and interests are common in humans; Attackers utilize the advantage and make people click on links despite security awareness. Employees in an organization may cost the business by exposing it to a threat because of curiosity.
Definition of terms
Victimization: The consequences of a deliberate and intentional action taken to oppress, harm, or benefit someone.
Extortionists: An individual who practices acts of extortion using violence, intimidation, and threats to pressure someone to hand in money.
Heuristic-systematic model: Is a model of processing information that came from persuading research in social psychology.
Research design
The research starts with an introduction. The section contains a brief explanation of what is ransomware and phishing attacks. The second section is the topic overview. It explains how both of the attacks happen and their effect on the organization. The third section is the purpose and problem statement. The article contains the problems being addressed and the aim of the study. The fourth section is the hypothesis and research questions. The chapter analyzes the general content of the research paper as it provides answers to the questions. The fifth section is the theoretical perspective. The article comprises a systematic heuristic theory that explains the nature of the two attacks. The final section includes limitations, terms, delimitation, and study of phishing and Ransomware.
Summary of chapter one
Phishing mainly focuses on stealing data. On the other hand, Ransomware is a situation where criminals utilize software to block users from accessing their data. Both attacks have the capability of causing devastating damage to business operations. Organizations may suffer from severe financial losses, which may take many years to recover.
Proposal for research
The title of the research is (Ransomware and phishing for information security in business organizations); It mainly focuses on organizations and how they are impacted by phishing and ransomware attacks. The study answers the question of what phishing and ransomware attacks can be described. It also explains how both of the attacks work. Besides, it answers the question of what are the impact and consequences of both attacks on an organization. The research is based on a theoretical approach, resources and strict analysis the context.
References
Richardson, R., & North, M. M. (2017). Ransomware: Evolution, mitigation, and prevention. International Management Review,13(1), 10.
Lam, T., & Kettani, H. (2019, April). PhAttApp: A Phishing Attack Detection Application. InProceedings of the 2019 3rd International Conference on Information System and Data Mining(pp. 154-158).
Thomas, J. (2018). Personal cybersecurity: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. Thomas, JE (2018). Particular cybersecurity: Empowering employees to combat spear phishing to avoid identity theft and ransomware attacks. International Journal of Business Management,12(3), 1-23.
Coppola, J., & House, D. (2019). Suspicion in Phishing and Organization Risk.
Mukhopadhyay, A., Biswas, B., & Gupta, G. (2018, December). Cyber insurance for correlated risks from phishing attacks: A decision-theoretic approach. InProceedings of the 13th Pre-ICIS Workshop on Information Security and Privacy(Vol. 1).
