Thesis Plan and Schedule Submit your thesis plan and schedule. This assignment must include the following: A page on “My Thesis Strategic Plan.” Mak

Thesis Plan and Schedule
Submit your thesis plan and schedule. This assignment must include the following:

A page on “My Thesis Strategic Plan.” Make sure that you give specific, measurable, attainable, realistic, and time-bound goals, and how you intend to accomplish them. If pieces of scholarly evidence support these goals, then you will earn more points.
A second page on “My Thesis Schedule.” You can use a table to show dates you will accomplish different components of the thesis. The syllabus and other academic resources could help in accomplishment of this task.
A third page on “Thesis Challenges.” You must let the professor specific challenges that might hurt your progress in the completion of your thesis.

Running head: EMERGING CYBERSECURITY THREATS 1

EMERGING CYBERSECURITY THREATS 12

Emerging Cyber Security Threats Methodology

Table of Contents
Introduction 3
Literature Review 6
Methodological approach 11
Methods of Data Collection 15
Qualitative Methods 15
Quantitative methods 17
Analysis Methods 17
Quantitative methods 18
Qualitative methods 19
Evaluation and Justification of the methods 20
Proposition for the Grad699 Paper 22
Conclusion 22
References 23

Introduction

Countries globally are dealing with an invisible threat to global cybersecurity. This threat targets leading technological inventions in most aspects of life, such as banking and communication, which rely on technology. There is a need for effective measures that can be adopted to mitigate this global challenge of cybersecurity (Abomhara, 2015). For this to be achieved, there is a need to understand the nature of this threat. In dealing with other global problems such as terrorism, the key to winning such wars is, understanding the enemy as much as possible. Having a clear picture of the enemy allows for appropriate measures to be adopted in fighting the enemy. Cyber-threats have evolved over the years. This is a vital characteristic of the enemy that can be used by countries to fight cyber threats that have been increasing in number over the years.
The evolving nature of cyber threats is a challenge. By cyber threats constantly evolving, it is hard for solutions to be found. The search for a solution to a threat is futile if a new threat is likely that is different from the one that has been solved (Abomhara, 2015). There is a need for a different approach in dealing with cyberthreats. Even though the evolving nature of cyber-attacks is a challenge, it presents experts a lee-way to come up with solutions for cyber-attacks that are likely early enough. This is one way that understanding the nature of cyber threats can help in coming up with mitigation factors. There is a need for more analysis on the nature of the emerging cyber threats in order to find mitigation measures or solutions to cyber-attacks where possible.
Looking into the nature of emerging cyber threats should happen urgently. The knowledge about the nature of emerging cyber-attacks should also be provided to the public. This is to ensure the best practices for defense and protection are established by the individual affected parties; these are the companies and private individuals. This can also allow for cooperation between parties where their teamwork can bring more value. The information about the nature of emerging cybersecurity threats is necessary for the record to be set straight. There are claims that cyber-attacks have been applied as a competitive weapon by companies. In order to achieve business success, some rival companies have funded attacks. This can be revealed by analyzing the existing research around the topic, which can further help explain the nature of cyber-attacks. As of the year 2021, it has been projected that the cyber-attacks will cost the world over 6 trillion dollars (Abomhara, 2015). There is a need for concrete ways of how cyber threats can be mitigated. To establish the nature of emerging cyber-attacks, research and analysis of existing data can provide a wealth of information. There is existing research that has been carried out in several areas including in military and regional organizations concerning cybersecurity. These sources can provide a comprehensive perspective that is required to meet the goal of establishing the nature of emerging cyber-attacks.
As technological inventions continue to come up, the routes that cyber-attacks can take are also increasing. The problem of cybersecurity is only likely to become more prominent (Abomhara, 2015). The need for knowledge around cyber-threats is required by companies, countries, and individuals in equal measure. Countries have had their data infiltrated through crucial infrastructure. Online threats also have been targeted at companies as well as individuals. For instance, countries’ economies have been affected by electrical failures due to cyber-attacks. Military equipment has failed at the time of need due to cyber-attacks, and national security secrets have been breached. Due to this, systems have been paralyzed, especially in communication. All these problems can be solved by coming up with mitigation factors to cyberthreats attacks; therefore, understanding the nature of cyber threats is necessary in order to decode the cyber-attacks problem or to lower their effects. On the other hand, companies have had their data lost, money stolen from their accounts, and they have also been blackmailed in order to keep company secrets safe.
Considering cyber-attacks are not a new phenomenon, some solutions to cyber-attacks already exist. Some of these solutions can still be effective in dealing with emerging cyber threats. Some, however, need to be done away with because they are no longer useful, or they have many negative consequences to them. For example, to companies, some measures have affected trust between employers and employees. As employers try to implement ways to ensure that any possible internal threats are neutralized, trust has been eradicated between them and the employees. Trust is, however, a very crucial factor in any working environment. Trust determines the amount of cooperation that can be applied. In ensuring that organizations and companies are cyber secure, an important aspect of performance should not be compromised. There is, therefore, the need for better countermeasures to cyberthreats that can easily intertwine with the companies’ structures. This creates the need for analysis into the nature of emerging cyber-attacks.
This research provides the nature of emerging cybersecurity threats. The information is based on research as well as existing data, which has provided a better perspective of how cyber-attacks have evolved. Based on this evolution of cyber-attacks, it is possible for experts to foretell the nature of cyber-attacks in the future. By foretelling mitigation factors can be easier to find. Several mitigation factors are also provided in the research, some of which are suggested by parties who have experienced cyber-attacks. The mitigation factors provided require to be applied on a large scale basis, for example, by citizens of an entire country in order to make them more effective.

Literature Review

As cybersecurity threats continue to increase in number, and as they continue to target individuals and companies, there is a need for urgent solutions. Studies and research papers have been published about cyber security by analyzing this knowledge; solutions can found on how to deal with cyber threats. The threats continue to evolve as technology advances, making it necessary for protection measures to be one step ahead of the attackers. There is a need for knowledge about the nature of cyber-attacks because by understanding them, solutions and prevention measures can be found by understanding the root cause of the problem. This has been achieved by Sutton (2017) as he provides a guide on how to deal with attacks. An analysis of the existing body of knowledge about the topic can help in meeting the goal of helping the public to understand emerging cyber security threats and ways to mitigate them.
Previous cyber threats were mainly centered on the perception of targets, and therefore the most lethal cyber threats included AI malware and ransomware. This has, however, changed, and the world is now cyber threat mature where some of the traditional cyber threats are no longer effective. What might be termed as a threat to a specific industry might not be a threat to another. For instance, in some industries, ransomware is the most dangerous threat; for example, in the manufacturing and healthcare industries (Osborn & Simpson, 2018). This not the case, however, for IT and corporate industries because they are most likely to be affected by attacks such as insider threats, disinformation, and privacy threats.
Emerging cyber-attacks are of this nature, and some of the previously used mitigation factors might not be as effective. Having a corporate company’s data available to the public is dangerous because attackers can steal identities and use them maliciously. Disinformation might be carried out on a corporate, and its biggest effect is instability as it was indicated in the US during the recent presidential elections. Smith (2018) agrees to the fact that the nature of cyber threats is changing, and he suggests ways through which these cyber-attacks can be avoided. The nature of most emerging cyber threats is that they are aimed at private individuals. Abomhara (2015) states that the number of cyber-attacks has increased among individuals due to the careless use of the internet with the advent of social media. Social media has made many people vulnerable because of its open nature that gives people the freedom to act without being accountable. Consequently, people exercise little or no caution when they are on social platforms, making them easy targets for cyber-attacks.
Peoples failure to exercise control is strongly supported by Fielding (2020) he is of the idea that social platforms are the people problem and the attackers rely on them because of the control they have taken over people’s lives. Social platforms act as the strongest link between the attackers and their targets. Computer fraud is more common as people continue to click on unknown sites that are causing the internet users consequences such as their data getting stolen or even being deleted. In a case study that was carried out in the UK, it was established that most people do not have enough information about cyber security that they can apply when making decisions about clicking on links they find on social media (Osborn & Simpson, 2018). This proves how vulnerable social platform users are and why they are an easy target for attacks.
Abomhara (2015) also states there are emerging threats that are termed as social cyber-attacks, whereby instead of normal phishing that targets emails in social cyber-attacks, the target is social media. Some of the recent attacks that have taken place involve attackers impersonating a victim’s family members, friends, or even colleagues. A link is shared, and once they click on the link, their information can easily be stolen, including passwords. This is especially dangerous for employees who access their social sites with company computers because they put at risk company information. This is an emerging form of attack, and the best way to ensure that such attacks are avoided is by making sure that authentication takes place on links before opening them. Also, limits on workplace devices should be set on computers that can be used to access social sites and those that should not. The nature of social cyber-attacks keeps varying. Attackers might even rely on regular content, including videos that need only to be played for the attacker to access personal information.
Another trend in emerging cyber-attacks is deepfake attacks (Osborn & Simpson, 2018). This is a trend that involves applying artificial intelligence to come up with fake images and sounds to be used as in manipulation. These can be used to blackmail respected individuals. Another trend that has emerged is synthetic identities. This involves bringing together genuine with untrue identities to come up with a real person’s impression. For instance, an attack can come up with a criminal identity that has an existing physical address, a social security number, and a real birthdate that is associated with someone. Attackers can use this created impression to hold attacks such as online fraud. The advances that are taking place in quantum computer development pose a huge threat to online company systems.
Quantum computers are very powerful, and they can be used to carry out attacks, including to cryptographic systems. The biggest advantage that cryptographic computers can give attackers is the swiftness to carry out attacks (Osborn & Simpson, 2018). For example, a code that a normal computer takes long to decipher, a quantum computer can break the code at a fast pace. The cyber-attacks nature is further likely to change due to the power that will be on the hands of attackers using quantum computers. There is also the threat of vehicle based attacks as cars continue to be connect5ed to the internet
There are several mitigation measures that can be adapted to deal with emerging cyber threats. Kerner (2019) and van der Meer (2015) present an approach that can be adopted in helping to lower the risks that are associated with cyber-attacks. The method can be applied by companies as well as individuals to ensure the attacks are prevented. Additionally, Quigley and Roy (2012) improve on the work of Siegel et al. (2002) to offer more information on risk management after a study that he carried out in North America. Managing risks and avoiding threats in advance is better, and it is safer than finding solutions after attacks have already caused damage. Their work is more recent than their predecessors hence more effective due to the technological advancement that has occurred over the years. According to Smith (2018), he insists due to the nature of emerging cyber-attacks, the best solution to put an end to them is coupling up human awareness with all other solutions and mitigation factors.
Human awareness is effective. Once people with skills such as identifying, analyzing, and combating threats adopt measures to stop cyber-attacks, they can be more successful. By having a natural skill to carry out analysis of an attack, a solution is likely to be found faster rather than only relying on tools (Smith, 2018). Yin et al. (2019) introduces sensors as an applied solution to cyber security. His idea is based on the sensors being able to point out intrusions before they achieve their purposes of causing harm and solving them in advance to prevent attacks. Also, Smith (2019) shifts focus to a cyber-security prevention measure that has not been effectively applied. Automation of skills can go ahead in helping prevent human errors that are the leading cause of cyber-attacks. Above all solutions, Kerner (2019) explains how trust is important in dealing with cyber threats. The information has to remain confidential to prevent it from landing in the wrong hands.
Health institutions are the main targets of high impact ransom-ware attacks because their services are vital and often lifesaving (Smith, 2019). For a long time, these institutions have not taken time to put in place data security measures. Additionally, health institutions do not take their time to restore backups of data in order to get them running again and safely, therefore, leaving room enough for attackers to carry out attacks. From existing evidence, the attacks that have taken place in health institutions have affected their ability to deliver services because attackers demand for ransom, which damages the hospitals’ ability to play their roles effectively. Due to the nature of data that is stored, some data changes its form once it lands on the possession of attackers. Therefore, even when the attackers pay their ransom, some of this data is lost completely. Fielding (2020) sheds more light on this by saying disruption-ware are forcing attackers to apply different techniques to carry out attacks, for instance, Remote Desktop Protocol (RDP) attacks through back door channels. IT infrastructure, therefore, needs to be improved in order to protect institutions from such attacks.
Governments have helped reveal the nature of emerging cyber threats as well as mitigation measures. Governments have also taken measures to deal with cyber-attacks that can be adopted by companies and some by individuals. Dulik (2019) and Sun et al. (2015) present some of the challenges that the military has faced around cyber security, and they also present some of the solutions that can be adopted. This information about solutions to threats is seconded by Fuller (2019) and Svilicic et al. (2019), who agree that finding ways to prevent possible attacks is more effective than trying to contain attacks that have already occurred. To borrow from, Kovacs (2018) highlights some of the unique solutions that have been adopted by European countries that are more advanced in finding solutions for cyber-attacks. Similarly, Wilson (2019) sheds light on the solutions that have been adopted by the American military. Falco et al. (2019) highlight the possible weaknesses that are likely to hinder cyber security and areas that companies should ensure that the weaknesses are adequately dealt with.
In summation the above literature provides a wealth of information about the nature of emerging cyber threats as well as mitigation measures that can be used to avoid the threats and also to find solutions. These sources can be used to provide data for the main research on the nature of emerging cyber security threats and their mitigation factors. These sources also provide real examples of some of the new cyber-attacks that have taken place in recent times to organizations as well as countries.

Methodology

In finding out the nature and the prevention mechanism of emerging cybersecurity threats, qualitative, quantitative and a mixture of methods of research are applied in researching to give information and other numerical data that can be used in order to give a more in-depth answer to the research questions (Flick, 2015). The research methods for this research are influenced by a number of reasons. First the research question has a theoretical aspect to it; therefore, this makes it necessary to apply qualitative methods to collect data that will be necessary for the research. Additionally, to answer the question of how likely the attacks are and in order to come up with the appropriate prevention mechanisms, qualitative methods of research require to be applied. The advantage of using qualitative methods in answering the research question is they allow the subjects to give their opinions towards the nature of the emerging cyber security attacks. This allows the researchers to have more comprehension of the research problem, enabling them to come up with more detailed hypotheses to the research question. Additionally, from the thoughts and opinions that are given by the subjects, trends can be established about the research question giving a deeper understanding of the nature of emerging cyber security attacks.
In order to generalize the results from the research, quantitative methods need to be applied. The problem is quantified in such a way that numerical data about trends is revealed, and these data can be transformed into statistics that can be applied. By the subjects giving their attitudes and opinions about the research problem, there is a need for a data collection approach that will quantify the variables such as opinions and behaviors (Wiek & Lang, 2016). From the qualitative and quantitative methods that are applied, various contradictions are likely to emerge between the findings that are collected. This makes it necessary for mixed methods to be applied in order to give a voice to participants and also to make certain that the findings of the study are based on the experiences of those who participated in the research.

Research tools
The best research tools to use on the subjects were surveys and interview to allow for more research data to be collected from the subjects. The tools that are intended to collect data are surveys and interviews.

Survey Questionnaire

QUESTIONS

NO

YES

NOT SURE

RATING

Have you reported a cyber-attack in the last 12 months?

Had you prepared for that type of cyberthreats?

Did you think the police could have helped you deal with the attack?

Did you think your peers could have helped you better than the police?

Have you ever experienced a cyber-attack before?

Do you deal with cyber-attacks often?

Do you think you have put in enough protection measures?

If you have been attacked before, has the nature of cyber-attacks changed?

On a scale of 1 to 10 how would you rate the most lethal attack you have experienced?

The interview questions will be mainly guided by the survey questions. Therefore interviewees will only qualify to answering the questionnaire questions. For those who are unavailable to be interviewed physically, the questionnaire will be sent along the interview questions.
Interview questions
1. Based on the cyber-attacks you have experienced what has been the common factor in all of them. Have they targeted the same or similar departments in the business or aspects of your technology life?
2. What are some of the measures you have implemented to prevent another future attack?
3. Has any of the new technology tools or software been aimed at by the attackers?
4. If you have experienced multiple attack which was the most lethal attack and which aspect of the business did it aim at?
5. Have any recent attacks been successfully stopped by the protection measures that you have put in place?
6. Do you have complete trust on the measures you have put in place to protect you from a possible future cyber-attack?
Data collected from these two tools will be analyzed to provide insight into the research question.

Methods of Data Collection

Qualitative Methods

Interviews and Questionnaires

The participants of the survey are people who have made a report to the police about a cyber-attack that has been carried out on them or to their businesses and companies in the 12 months period prior in America. From each state, two subjects are selected. Data from these subjects will best answer the question of the nature of emerging cyber security threats. Additionally, the subjects can help reveal the measures they have taken to ensure they are not attacked again or the avoidance measures they have been advised to take by cyber security experts. The survey questions were multiple-choice questions with a rating scale of the security level they had before the attack (Mackey & Gass, 2015). In selecting the subjects that are to be used in the survey, a simple random sampling method needs to be applied. To achieve this, a random number generator needs to be used. Selecting subjects based on this approach relied on chance entirely. Therefore those who have made reports to the police have an equal chance of being selected, and thus the sample that is selected is the best representation of the whole group and there no bias that is likely.
Based on the availability of the research subjects, there is a variety of measures that can be applied to collect data from the subjects. Subjects who cannot be available within a months time in the state where they have made a police report, phone calls can used, and for others, the questionnaires can be sent via mail. For the subjects who are in nearby states, the questionnaires can be physically presented to them. Out of the 100 participants that are selected, the rate of response is likely to be 77% to the research questions that are asked. The response is to be provided within a month’s time. Some participants are likely to respond late, while some are likely to fail to respond.

Existing data

In answering the research question, existing data is expected to play the biggest role in providing information because it is a cheap credible source of information. Additionally, the existing data provides a point of reference for comparing emerging cyber security attacks to those that have happened in the past. Most of the existing data sources to be used are past researches, publications, archival data, and books that contain helpful information that will help in forming the hypotheses. For easy retrieval of the sources, online tools such as libraries will be applied. The existing data sources that will be selected are only primary sources, and they will be selected based on their publication dates. The majority of the sources that will be selected should be less than five years old, with the majority of them having their publication date as 2019. For comparison purposes, two sources are more than ten years old will also be used. The data from these sources will help in revealing the nature of the emerging cyber security attacks and the change that has taken place over the years. The information from the existing data sources can be counterchecked where possible, with data from surveys to confirm the accuracy of the information.

Quantitative methods

Observations

For police departments that will allow access to the cyber-attack reports, an observation will be conducted. This data will be recorded by note-taking after permission is granted, and it will only be used for the purpose of the research. The observation will take a period of one hour to two hours, and from this, aspects such as trends in the number of attacks and their concentration will be revealed.

Existing data

The same data that will be applied for qualitative data will be applied for a quantitative approach. By using existing data, it will be possible to compile, and data from the past and compare it to that of the present.

Analysis Methods

After the data is collected, there will be a need for both quantitative and qualitative methods of analyzing the data.

Quantitative methods

Before analyzing the data that will be collected about the trends of emerging cyber-attacks, the data will be prepared by confirming that there is no missing data, outliers will be removed and the variables will be transformed so that they can be applied. By getting rid of the outliers analyzing the data will be easier, and there will be no need to apply complicated statistical techniques that are likely to complicate the research (Fletcher, 2017). By doing this, a simple analysis software tool can be applied. Pointing out missing variables and figures will allow for corrections to be made early enough before tabulation to increase the chances of accurate results. The software that will be applied for data analysis is R programming. This software is most preferred because of how easy it is to use, and it is also cheap to acquire, unlike other software that are expensive because they have to be applied in conjunction with other software. R programming will be able to provide detailed trend reports in a manner that is eye-catching to the readers.
The quantitative data will be presented in a regression model. This is because the data will be a representation of the nature of cyber security attacks over the years. The data representation adopted will be in a nonlinear regression model where the trend of cyber-attacks will be represented using a curved line. The complexity of cyber-attacks has increased over the years. The data collection method and the sampling method that is used in selecting participants are in line with the regression assumption about the independence of observation. The observations that will be made in the dataset will be reached at using accepted methods of sampling, and there will be no hidden relationships among the observations that will be made.

Qualitative methods

Considering the nature of the research question, which is largely demanding for a qualitative answer, analysis of the qualitative data needs to be deeper. The first step in analyzing the qualitative data will be going through the data and pointing out all the words that need to be defined by the research subjects themselves (Mohajan, 2018). However, if the subjects are unavailable, the words are to be defined by the researchers to the best of their ability. Ensuring they do not alter the meaning of the words or add any additional information. As a continuation of the content analysis stage, the categorization of the defined words, phrases, and sentences should occur to provide further details about the nature of the emerging cyber security threats. The content analysis will help in making inferences by finding out meaning and semantic relationships between words that will have been used in answering the questionnaires and concepts.
After the content analysis, thematic analysis will be applied next. This will allow for themes to be pointed out from examining the data and the trends from the research. The first step in thematic analysis is familiarization with the data (Mohajan, 2018). The data will be looked at, and the technological areas that will mainly be targeted for individuals and companies will reveal. These will likely be mainly in financial and communication areas. After familiarization, pointing out the themes will follow. By establishing the patterns, themes will be revealed. For instance, the emerging cyber-attacks nature will mainly aim at either causing disruption or aim at stealing data that can be sold or used to blackmail the victims. Considering that there was reliance on existing data in carrying out the research, a deductive approach of thematic analysis on the observations and interviews conducted will also be adopted. The existing data will provide a predetermined theme that can be reflected on when analyzing the results of the interviews based on existing knowledge.
Lastly, for the analysis of qualitative data, discourse analysis will also take place. The research subjects will be picked from different points in America. Therefore, their social situations are different, and this is likely to inform their word choice (Fletcher, 2017). Discourse analysis will help in revealing how particular words that the subjects are likely to use apply in real-life situations. As part of the discourse analysis, it will possibly be establish how language use relate to the social, political, and historical context as it will be used by the participants and also how the participants communicate their beliefs and assumptions so that they cannot be interpreted as facts. Additionally, discourse analysis will also be conducted on the existing data from the sources that will be selected to be used in answering the research questions. Discourse analysis is best suited for this research because of its emphasis on the contextual meaning of language rather than the rules of language use as it is the case for linguistic approach analysis.

Evaluation and Justification of the methods

In answering the research questions, what is the nature of emerging cyber security attacks? And how can they be avoided? The above methods are best suited for research. The main reasons why the methods are selected is the nature of the data sources that will be available and also due to the nature of the research questions which demanded for both qualitative and quantitative data. Using both qualitative and quantitative methods of research will allow for a more detailed answer to the research question because there will be more flexibility in looking for answers to the question. The gaps that will be left by the qualitative approach of collecting data are likely to be filled by the quantitative methods of collecting data.
After data collection, the analysis methods that will be applied will be influenced by the nature of the results that will be under analysis, and the analysis knowledge that the researchers will have. In collecting the data, there will be a heavy reliance on existing data in answering the research question. Content, thematic, and discourse analysis will be necessary to understand the data and to use it correctly, also in ensuring that the biases and assumptions are not taken as facts, which might affect the results of the research (Fletcher, 2017). These were the best approach