Technology and its influence on Cyber Activities. The Need for Adequate Cyber Security Policies to Manage its occurrences

Technology and its influence on Cyber Activities: The Need for Adequate Cyber Security Policies to Manage its occurrences

By:

Enowsoum Konrad Ph.D.

Abstract

The advancement in digital technology in contemporary epoch is believed to be a springboard for the proliferation of security threats and attacks that have gained prominence in the 21st century. The robust advancement in technological devices like rise of the internet age, manufacture of weapons of mass destruction and the rest. Ironically, this research has also stated clearly that these same technological devices can also guide in the implementation of cyber and security mechanisms towards the management of these attacks and threats. The study has as interest to unravel the relevant measures that have been considered over the years in managing the frequent occurrences of cyber-attacks and threats activities around the globe. A qualitative method of data analysis is the apt methodology guiding this study. The results of the paper show that attacks and threats have become dominant with rise in technology. This research paper has therefore proposed that for effective cyber and security policies to actually work, there should be more collaboration and information sharing among stakeholders.

Keywords: Technology, policy, security, cyber-attacks, cyber threats, cyber security.

Introduction

Public and private, security is a must especially in a contemporary digital world that is progressively pervading and taking full control in every area of our everyday lives. In fact, in the absence of security, the world will fall apart. With wanton Attacks from numerous cyberattacks wreaking havoc on unprepared citizens, businesses, and organizations, thereby putting their operations in jeopardy all caused by WannaCry. The critical role of cyber security in the era of information technology cannot be overemphasised in guiding stakeholders towards policies relevant in managing these security challenges (Perwej et al., 2021). In the course of the last few decades, there has been a remarkable progress made on cyber security. For instance, whenever one happens to come across a fraud, the first thing that comes to mind is cyber security.

In the age of frequent cyber-attacks and other malwares activities, the major preoccupation of all has been protecting our personal data we put on the internet; thus becoming a major concern for all. By 2020, it was estimated that more than 50 billion would have been the number of connected devices revealing a rapid expansion rate in recent years. The complexity of cyber infrastructure, leading to an increase in the number of vulnerable devices has come out of the exponential growth that has been experienced in the number of connected devices now in used today in all spheres of human’s life (Perwej et al., 2021: 669- 670).

The prevalent rate in cyber threats and other attacks has precipitated the need of cyber security to be considered as a matter of utmost concerned. More sophisticated techniques are now in used by attackers of cyber issues to target the systems. The impact of these cyber-attacks activities are being felt on individuals, small-scale businesses or large organisations. So, in order to deal with all these cyber threats faced by both IT and non-IT firms alike, there is the urgency of understanding the importance of incorporating Cyber Security and focusing on adopting all possible measures to be able to deal with cyber threats (Malla Reddy College of Engineering and Technology, 2021: 5). Going by the recent illustrations made on the epidemic of data breaches as illustrated by Malla Reddy College of Engineering and Technology, no system is immune to attacks. In this therefore, there is great need to institute and enforce mechanisms to monitor their cyber environment, identify vulnerabilities, and close up security holes as quickly as possible by every company that is involved with data management, transmission, storage or handling processes (Malla Reddy College of Engineering and Technology, 2021: 10).

There has been a significant role played by the internet for over two decades now with an increase in global communication and integration noticed our lives of around the world. Considering the low cost and Innovations involved in the area of technology have significantly led to an increased in the availability, use and performance of the Internet, which today has about 3 billion users worldwide (Tan et al., 2021). Technology accompanied by the advent of the Internet has brought with it a vast global network with billions of dollars that has been generated annually for the global economy (Judge et al., 2021).

At the moment, the impact of cyberspace in every facets of our being whether in the economic, commercial, cultural, social and governmental activities and even interactions of countries, at every given level, like; individuals, non-governmental organisations and government and governmental institutions, cyberspace is at the centre of all what is being carried out (Aghajani and Ghadimi, 2018). The control, management and exploitation of some vital and sensitive infrastructures and other relevant systems are known to have either form part of the cyberspace, and it is with the help of this cyberspace that we find the transfer of most of the information considered as sensitive is transferred to this space or can say basically it has been formed in this space (Akhavan-Hejazi and Mohsenian-Rad, 2018).

With the advancement of technology, leading to an unprecedented pace that has come with it, so too has there be the frequency of cyber threats and attacks that target our interconnected systems. To effectively safeguard against these malicious actors, it is crucial to continually monitor and analyse the emerging cybersecurity threats that pose significant risks. The field of cybersecurity, encompassing an array of measures and technologies, aims to protect computers, servers, mobile devices, electronic systems, networks, and data from digital attacks and unauthorised access. (Dave et al., 2023: 1). Advances in information and communication technology and the need for quick access to information have made these tasks more convenient to perform and pose serious security challenges that must be addressed by all stakeholders, from individuals to governments. Due to the advancement of technology security issues may be a risk to individuals, societies, and organisations.

The focus of this current paper in shaped in the following manner. The paper is structured in five different sections. The first part of the article has been focused on making a retrospective look at the introduction guiding this paper where the essential elements have been cross examined. The second segment is keen at identifying how the advent of different technological devices have worked towards fostering cyber-attacks and cyber threats activities in our current dispensation. The third phase outlines the measures or mechanisms that have been enacted by various stakeholders in managing the ravaging effects and outcome perpetuated by these activities; for the fourth angle the interest of this paper is delved at challenges that have impeded such countering mechanisms against cyber threats and the possible recommendations. The fifth and final section is the conclusion where summaries of analyses made are drawn and arrived at.

Technology Devices and their Relation to Cyber Threats and Attacks

The purpose of this section of this paper will be to demonstrate how advancement in technology has brought with it too vulnerabilities in occurrences of cyber threats in our daily experiences whether as individuals, enterprises, states and community of persons.

According to the Special Report published by the United Nations Development Programme (UNDP) in 2022 states that digital technologies are increasingly taken a central in our lives across the spectrum; be it consumers, citizens, workers and entrepreneurs and even in their personal relationships. The Special Report further demonstrates that there has been much expansion of capabilities and promotion of human security as a result of digital technologies. Another developmental strides seen in the era of digital technologies according to this Special Report is that it can expand human freedoms, boost productivity and facilitate humanity’s response to current challenges; such as tackling Anthropocene risks and tracking pandemics. Notwithstanding the niceties that digital technologies has made, these same technologies can also be great enablers in promoting cyber threats and attacks. A common example like mobile phones, which on one hand can enhance freedom and expand people’s capabilities to communicate and acquire information leading to, for instance, access to better health care services and directly increasing opportunities for community participation and mobilisation; on the other hand, have seen its use leading to the proliferation of all kinds of threats and attacks on cybersecurity (UNDP Special Report, 2022: 67).

Further evidences of technology and links to cyber threats are all round in people’s lives notwithstanding the fact that digital technologies become more widely used in commerce, governance and social life, they have been known to have posed new challenges for human security. Going, by some respondents’ opinions to a World Economic Forum (WEF) survey cited technological risks such as digital inequality, cyberattacks, data fraud and theft, and concentrated digital power among the most imminent threats. The security implications of digital technologies are often assessed through a national security lens. Applying a human security approach re-centres the focus on implications for people. For instance, cyberattacks on communication networks affect not only national security but also people’s access to information and freedom of association. Digital technologies can facilitate harm to people, such as bullying, harassment, fraud and misinformation. Other technology-related threats to human security can be associated with responses to the uncertainty generated by technology discussion. For instance, concentrations of control by technology providers or governments can disempower or abuse users (UNDP Special Report, 2022: 67).

Statistically, the UNDP Special Report has succinctly underscores that in 2021 that damage that was accrued related to cybercrime is estimated at about $6 trillion, marking an increase of up to 600 percent since the beginning of the Covid-19 pandemic in 2020. More than half of breaches involve identity theft (65 percent), followed by account access (17 percent) and financial access (13 percent). With enormous effect on many stakeholders as a direct result of increasing digitalisation, it becomes a daunting task in attempting to make an assessment of the impact of cyber threats events, on political or developmental aspects. For instance, attackers use malware programs to compromise the networks of large corporations and public institutions in supply chain attacks. An abundance of marketable material can be accessed as a by-product of the primary attack, which supports a growing market in stolen personal information (UNDP Special Report, 2022: 67).

Technology has also been seen to have tilted decision-making on country’s political and economic lives. Given that societies in many parts of the world rely on the uninterrupted operation of digital technologies for the delivery of essential services. The dependency of the use of digital technologies in having these essential services delivered to people, has brought forth new security concerns. The following past decade, cyber incidents such as Stuxnet (Baezner & Robin, 2017a), WannaCry, and NotPetya (Baezner, 2018a), or the interference in the American elections (Baezner & Robin, 2017b) have given the impression that cyber-attacks are becoming more targeted, more expensive, more disruptive, and in many cases more political and strategic. As a result, cyber incidents, understood as disruptions of the routine operations of digital technologies, have come to hold a prominent position in national and international security policy, with state actors trying to find adequate answers to counter the new threat. The relatively open nature of the Internet guarantees that it is, on numerous levels, an unsafe environment (Pillai 2012). As such, cybersecurity has come to encompass a wide range of issues such as critical infrastructure protection, cyberterrorism, cyber threats, privacy issues, cybercrime, and cyberwarfare.

The recent Information, Communication and Technology (ICT) has come with a revolution including the Internet, email, social websites, and satellite communications has revolutionised and transformed every aspect of human life thus, posing new challenges to national security. Taking a keen look at powerful web speeds, one is in no doubt that in saying that cyber protection is one of the world’s most squeezing needs, as cyber-attacks represent a critical danger to a nation’s security. To corroborate this assertion, the author opines that at approximately the same time, the nature of threats changed from external aggression to intrastate conflicts arising due to civil wars, environmental degradation, economic deprivation, and human rights violation. Thus changing the narratives on national security to now include within its ambit other issues of security apart from territorial protection, such as poverty, industrial competitiveness, educational crises, environmental hazards, drug and human trafficking, and resource shortages.

The relationship between technology and incidents of cyber threats and other security breaches is often seen in the industrial maritime and transport sectors. With the evolution of information systems and the diffusion of broadband communication has led to wide adoption of information and communications technology (ICT) in the maritime sector (Polemi, 2017). This has added value to industry through increased globalisation and access to new markets. In 2018, the value of the e-commerce alone of the maritime industry was reported to worth £26 trillion (United Nations Conference on Trade and Development (UNCTAD), 2018). However, a worrisome issue with making ICTs the backbone of industry is that it leaves systems vulnerable to cyber threats (Carrapico & Barrinha, 2017).

On the transportation sector a 2017 study by an insurance firm found that cyber-attacks cost a medium-sized company, on average, $3.79 million (Harry & Gallagher, 2018). This study ranked the transportation sector third in terms of cyber vulnerability. Cyber threats that emerge from technological advancement pose a major risk to maritime security (United Nations General Assembly, 2008). Despite these figures, the transport and maritime sector has not initiated any proportionate aimed at curbing cyber-attacks. Meanwhile, tremendous efforts should be made to reflect on the weight of the matter with international shipping alone losing a walloping sum of $183.3 billion industry (Tam & Jones, 2018) responsible for 90 percent of world trade from cyber threats (International Chamber of Shipping, 2020 cited in Kipkech et al., 2022: 1).

Technology flourish and freshness making it more challenging to detect cyber-crimes related to theft in credit cards and proliferation of fake apps. From last some couple of years, 689 million people in 21 countries experienced cybercrime in their daily lives. It has become so passable that many people equally fear online risks and real-world risks. Most of the people believe it has become more rigorous to stay safe online in the past five years than in the “real world”. Indians are cursorily becoming the largest users of several mobile applications and websites. Various security service providers say this make it more challenging in the field of security. So this is very convenient for cyber criminals to attack online through fake apps by putting them in play store (Singh, and Singh, 2019: 57). Nilesh Jain, the vice president of South East Asia and India Trend Micro puts it thus:

“With banking increasingly becoming an integral part of mobile device usage, attackers have begun building more sophisticated capabilities into their mobile banking malware. By staying under the radar, they steal more than just credit card data, and bypass security mechanisms,” notes (Nilesh Jain, vice president, South East Asia and India, Trend Micro cited in Sing and Singh, 2019: 57).

To draw the cuttings on technological devices and their susceptible nature to security threats, one of the very famous cases of cybercrime in virtual world worth mentioning is “The game Blue Whale challenges”, created by, 21-year-old Russian Phillip Bedecking, which was played by children in the virtual world, had claimed an estimates 130 lives across the world during 2015- 2016. According to Symantec, 45% of the most popular Android apps and 25% of the most popular iOS apps request location tracking, 46% of popular Android apps and 24% of popular iOS apps request permission to access device’s camera, and email addresses are shared with 44% and 48% respectively. Most of the consumers 58% say they are more likely to experience cybercrime than get the flu, so it’s no surprise that 76% of consumers say they are more of the time alarmed than ever about their privacy and 95% believe that it’s very important to require companies and organizations to give consumers control of their personal data, including 44% who believe it is absolutely necessary that companies do this, or consequently be fined (Sing and Singh, 2019: 57). Of course, it is clear that the various arguments tendered by different stakeholders is the realisation that technological devices are making their lives and activities more vulnerable to attacks than ever before.

The section that follows examines the mechanisms derived in managing these attacks on security.

Mechanisms of Managing Cyber Attacks and Threats

Fighting cybercrime requires a comprehensive and safer approach. This means that cybercrime does not occur with technical measures alone. It is critically important that law enforcement agencies can effectively investigate and prosecute cybercrime. Individuals ought to be educated about how to overhaul their organization's security designs and gadgets, just as how to utilize appropriate enemy of infection programming with the goal that their organizations are malware and infection-free. In considering how new technologies may serve as digital public goods, policymakers must go beyond technical solutions alone and also consider questions of values and ethics for instance, over advancing equality and minimizing harm (UNDP Special Report, 2022: 67). To mitigate these security challenges, individuals, organizations, and societies often employ various measures, including cybersecurity measures, legal frameworks, and education and awareness campaigns to promote ethical behaviour and discourage malicious intent (Admass et al., 2023: 1).

One of the major mechanisms adopted by stakeholders today as fighting as cyber threats is the application of Artificial intelligence (AI) and machine learning used for detecting threats, uncovering network vulnerabilities, and reducing IT workloads. Artificial intelligence and machine learning play a pivotal role in staying ahead of cyber threats (Waqas et al., 2022). Behavioural analytics enable the identification of anomalies and potential security breaches, while adaptive defence strategies leverage these technologies to predict and prevent attacks. In addition, machine learning and artificial intelligence (AI) can be used to automate many of the tasks involved in cybersecurity, such as intrusion detection, malware analysis, and vulnerability assessment. This can free up security professionals to focus on more strategic tasks. Organizations are turning to Machine Learning (ML) and Artificial Intelligence (AI) as effective tools in their cybersecurity armoury to tackle more sophisticated cyber threats. We investigate the enormous influence of ML and AI on cybersecurity and how they are altering cyber defences. However, there are anti-machine learning (ML) attacks.

Collaborative efforts through threat intelligence sharing and international cooperation create a united front against global cyber threats (Obi et al., 2024: 296). Speaking in 2021 on the need of a united stand to counter global threats perpetuated by attacks on the cyberspace, US President Joe Biden stated that “in the dynamic landscape of the digital age, the responsibility to secure our digital future rests on the collective shoulders of individuals, organizations, and policymakers” (Biden, 2021). By understanding the modern cyber threat landscape, implementing advanced defence mechanisms, and fostering a culture of cybersecurity awareness, we can navigate the challenges of the digital age and ensure a safer and more secure online environment for generations to come. Stay informed, stay vigilant, and let's safeguard the digital realm together. The global trends and significance of cyber security are being recognised more widely, which has prompted the creation of legal frameworks, international collaboration, and innovation landscapes. Guidelines and frameworks have also been created by international organizations like the United Nations and the European Union to advance cyber security and encourage international collaboration.

Regular software and security updates has also proven to be one of the most effective strategies to mitigate cybersecurity threats. Software developers release updates to address vulnerabilities and bugs that hackers may exploit, ensuring users have the latest security measures in place.

Cybercriminals constantly evolve tactics and techniques, seeking vulnerabilities in popular software applications, operating systems, and plugins to exploit. Failing to update software leaves users vulnerable to evolving threats, while consistent updates help stay ahead of cybercriminals and close security loopholes (Dave et al., 2023: 4-5). Regular software upgrades not only fix bugs but also address security vulnerabilities and improve system efficiency, preventing system failures and data loss caused by outdated or incompatible software. Updating software is easy through automatic updates or manual checks in software settings. Enabling automatic updates is recommended to ensure the software is always up to date without requiring active user involvement. Besides software updates, regularly updating the operating system, web browsers, antivirus software, and other applications is crucial. Neglecting these updates exposes users to known security flaws that developers have already addressed (Dave et al., 2023: 5).

As the digital landscape continues to evolve, regulatory frameworks and compliance standards have become instrumental in shaping cybersecurity practices across industries as relevant mechanisms to combat cyber threats. Understanding the regulatory landscape is not just a matter of legal adherence but a strategic imperative for organisations seeking to fortify their defences against an ever-expanding array of cyber threats. To this effect, Governments worldwide have implemented cybersecurity regulations to safeguard critical infrastructure, protect sensitive data, and mitigate cyber threats (Srinivas et al.,2019). These regulations vary by region but often share common principles. For instance, the General Data Protection Regulation (GDPR) in Europe, Health Insurance Portability and Accountability Act (HIPAA) in the U.S., and the Cybersecurity Law in China. Various industries have established standards to address sector-specific cybersecurity challenges (Pappalardo et al.,2020).

Compliance with these standards is often mandatory to ensure the integrity and security of critical systems and data. ISO/IEC 27001 for information security management, PCI DSS- Payment Card Industry Data Security Standard for the payment card industry, and NIST Cybersecurity Framework for critical infrastructure sectors in the U.S. Regulations often mandate stringent measures for the protection of personal and sensitive data (Li et al.,2021). This includes encryption, access controls, and regular data privacy assessments. Organizations must enhance data governance practices, implement robust encryption protocols, and ensure transparent data handling processes. Regulations typically require organizations to establish and test incident response plans and report cybersecurity incidents promptly. Organizations must develop incident response teams, conduct regular drills, and establish mechanisms for reporting incidents to relevant authorities. Compliance standards emphasise the need for continuous monitoring of networks, systems, and data. Regular audits ensure adherence to security policies and standards. Implementing advanced threat detection technologies, conducting regular internal and external audits, and maintaining comprehensive documentation of security controls.

Also implementation of Firewalls and Intrusion Detection Systems (IDS) a firewall is a network security device that tracks incoming and outgoing network traffic, allowing or blocking certain traffic based on predefined security rules. Employing firewalls enables businesses to separate their internal network from the public internet, safeguarding critical information. In addition to firewalls, organisations have also implemented intrusion detection systems (IDS), which monitor network traffic for suspicious and malicious activity, detecting anomalies and potential security breaches. IDS alerts system administrators or security personnel when an intrusion is detected, enabling immediate action. Firewalls and IDS work together to identify and block potential threats, providing an additional layer of protection against cyber-attacks. By controlling network access and responding to suspicious activity, organisations can significantly reduce the risk of cybersecurity threats. However, implementing firewalls and IDS alone is insufficient for comprehensive cybersecurity. Organisations should also adopt a multi-layered security approach, including strong passwords, encryption for sensitive data, software patching, employee training, and data backups. By integrating firewalls and IDS and embracing a multi-layered security approach, organisations can significantly decrease their vulnerability to cybersecurity threats (Dave et al., 2023: 5).

As cyber threats evolve in complexity and sophistication, especially with the development of Advanced Persistent Threats (APTs) which are mostly a sophisticated and prolonged form of cyber-attack often associated with nation-state actors (Lewis, 2023), the imperative to develop advanced defence mechanisms has become paramount (Ghiasi et al.,2023). Defending against APTs requires a multi-faceted approach, combining advanced threat detection tools, vigilant monitoring, and proactive threat intelligence sharing. (Obi et al., 2024: 297). Leveraging cutting-edge technologies and collaborative strategies, organisations can bolster their cybersecurity posture. Proactive defence measures involve anticipating and preventing cyber threats before they can manifest (Stein Gartner et al.,2021). Organisations implement continuous monitoring, vulnerability assessments, and regular security audits. They prioritise security awareness training for employees and enforce robust access controls and authentication mechanisms. Reduces the attack surface by identifying and patching vulnerabilities before exploitation.

While technological advancements play a crucial role in cybersecurity, the human element remains a pivotal factor in fortifying digital defences (Dutta, 2021). Understanding and addressing human vulnerabilities through cybersecurity awareness, education, and vigilance are essential components of a comprehensive defence strategy. Human error is a common entry point for cyber threats. Employee training programs are designed to equip staff with the knowledge and skills needed to identify and mitigate potential risks. Regular training sessions cover topics such as recognising phishing attempts, understanding social engineering tactics, and adhering to security best practices. Training empowers employees to become proactive contributors to cybersecurity. Enhances the organisation's overall security posture by reducing the likelihood of inadvertent actions that could lead to security breaches. Educates users to recognise and report potential threats, contributing to a security-conscious organisational culture (Obi et al., 2024: 302). Employee awareness programs highlight the potential indicators of insider threats. Regular monitoring of user activities helps detect unusual patterns that may indicate insider risks. Enables early detection and response to insider threats. Creates a culture of transparency and reporting, reducing the impact of accidental or malicious insider actions (Obi et al., 2024: 302- 303).

Training programs educate employees about common social engineering tactics, such as phishing emails, pretexting, and impersonation. Simulated phishing exercises help reinforce awareness and allow organisations to gauge the effectiveness of their training. Mitigates the risk of falling victim to social engineering attacks. Raises awareness about the tactics used by attackers, empowering individuals to recognise and resist manipulation. Insiders, whether intentional or unintentional, can pose significant risks to cybersecurity. These threats may arise from disgruntled employees, human error, or inadvertent sharing of sensitive information (Khan et al.,2022).

Building a security-conscious culture involves fostering a mind-set where cybersecurity is prioritized by all members of an organisation (Corradini, 2020). Leadership sets the tone by emphasising the importance of cybersecurity in organizational goals. Regular communication, newsletters, and internal campaigns reinforce the significance of individual contributions to overall security. Instils a sense of shared responsibility for cybersecurity. Encourages employees to be vigilant, report suspicious activities, and actively contribute to maintaining a secure environment. Social engineering exploits human psychology to manipulate individuals into divulging sensitive information or taking actions that compromise security (Bhusal et al.,2021).

Having examined the different mechanisms enacted by stakeholders in managing cyber threats, the section below paints a picture of the challenges involved in such efforts.

Obstacles towards Managing Cyber Attacks and Threats

One of the first obstacles encounter in the efforts towards managing the occurrences of cyber threats and attacks comes in the area of understanding of what the concept itself is all about. In fact, the lack of a clear and comprehensive definition emanating from cyber threat and attacks not only obscures the leading legal path, but also leads to diversity in interpretation and practice, and ultimately to the achievement of sometimes contradictory legal conclusions (Alhayani et al., 2021). Therefore, the importance and necessity of having an acceptable definition, at least for the beginning of the topic and its explanation, adaptation and analysis is very important, and a detailed study is necessary. So, it is therefore, left for governments, organisations and other relevant stakeholders in the policy-making process in the field of cybersecurity to come up with a clear definition of a cyber-attack that is accepted and favoured by the international community; without that, it will certainly continue to be very difficult for experts to address the complex and diverse dimensions and aspects of the issue and provide legal advice and analysis (Cao et al., 2021 cited in Li and Liu, 2021: 8177).

Changes in the field of cyber occur rapidly and are based on the constant development of computing and communication technologies. Cyber cohesion increases this acceleration. Each change creates a new era of vulnerability and response. Cyberspace is far from static and almost dynamic throughout (Varga et al., 2021). The distribution of cyber assets is widespread in all types of organizations, from closed and government-controlled systems to systems owned and managed by the private sector of society, each with different resources and facilities and different capacities and concerns are present on the scene (Zhao et al., 2021). Moreover, Internet access is not nowadays limited to the states and we saw over the last years the proliferation of non-state actors: anyone who can have access to a computer with an Internet connection or a smartphone can be the author of an attack, on the condition that he has the necessary skills. This feeds the question of whether it is possible to attribute the cyber-attack to a state or not. (Talem, 2020: 12)

The issue of the attribution of responsibility and of lack of sanctions has been identified as another severe obstacle in combatting cyber threats. The issue lies down in the of attribution of responsibility in cyberspace. Technical attribution can be very difficult to establish in cyberspace in general, but it is even more true concerning the Internet, since anonymity takes an important place. Indeed, technologies permit to act anonymously and hide the identity within cyberspace, using, for instance, proxies and other spoofing techniques (Rowe 2009). Considering the fact that some malwares are even conceived to hide any mark and to destroy themselves once they infected the system, example; Flame malware (Zaffagni 2012). Thus, it is more and more difficult, even if not impossible, to determine the real source of the attack and the source of the use of force (Office of the Director of National Intelligence 2018, 2-3 cited in Talem, 2020: 12).

Away from who takes responsibility in cyber threat, and even if the attribution of responsibility is possible, the lack of sanctions arises as additional legal and diplomatic issue within the international community. The only autonomous regime of cyber sanctions was established in the European Union as unique solution to the challenge of compliance with international law. Indeed, on 17 May, 2019, the Council established a legal framework which allows the EU to impose targeted restrictive measures to deter and respond to cyber-attacks that the EU institutions or member states receives, including cyber-attacks against third States or international organisations where restricted measures are considered necessary to achieve the objectives of the Common Foreign and Security Policy. It allows the EU for the first time to impose sanctions like a ban on persons travelling to the EU, and an asset freeze on persons and entities. In addition, EU persons and entities are forbidden from making funds available to those listed (Council of the European Union 2019).

The lack of cooperation and collaboration among different ICT firms and Law Enforcement Agencies (LEAs) according to the United Nations Office for Counter Terrorism (UNOCT) is major obstacle towards the fight against cyber threat activities (UNOCT, 2023: 22). Notwithstanding the good intentions and desires by LEAs and ICT companies to work together in countering terrorism. However, there are common challenges that limit the effectiveness and level of cooperation. Due to inherent differences in their motivations and interests, LEAs and the ICT companies may have conflicting perspectives, making collaboration a challenging process. Each operate with distinct mind sets and approaches that can create challenges to effective collaboration. To this, some common challenges which impact cooperation according to UNOCT include the following; Privacy & Human Rights Concerns cooperation between LEAs and ICT companies may raise substantial privacy concerns, particularly regarding sharing personal data. Private sector actors may be hesitant to share sensitive information with LEAs due to concerns about potential privacy rights violations. Secondly lack of Knowledge and Awareness or Miscommunication; Competing Interests; Legal Requirements; technical challenges; and resources (UNOCT, 2023: 22).

To be able to stand against cyber threats occurrences entails adequate training of the different personnel tasked with living up to the fulfilment of such set objectives. Unfortunately, this area has proven to be a very daunting task to be achieved given the numerous challenges regarding training. A series of challenges faced by participating organisations that may affect the implementation of an effective cybersecurity training programme are usually noticeable. Several organisations point to financial constraints limiting their ability to develop or provide access to training opportunities, and, worryingly, some of them are forced to select certain categories of users to be trained over others. Financial aspects are further accentuated by the fast-evolving nature of the subject matter, which can quickly render course content outdated, requiring updates and expansions, often at significant cost. Another challenge lies in users’ training fatigue, which may affect the effectiveness of the programme. High turnover in the workforce and the lack of authority over certain categories of personnel add additional layers of complexity. Field-deployed entities may at times face their own set of difficulties, much like for any other learning opportunities (UN, 2021: 41).

However, this dimension could not be fully explored in the context of the present review. Lastly, cybersecurity officers pointed out the general lack of enforcement in the event of noncompliance with training requirements and correlated the possible ineffectiveness of many training programmes with the absence of sanctions, rendering even mandatory training de facto optional. To ensure better enforcement, the Inspectors suggest that executive heads consider instituting a formal link between the completion of information security training and other corporate clearance procedures. This may involve tying security clearance for field deployment and the granting or extension of ICT system access rights to evidence of training, including “refresher” courses, having been completed. A precedent for this approach already exists in the sphere of physical safety considerations before duty travel, where clearance to undertake such travel is contingent on the completion of basic field security training, without which approval to proceed will be refused (UN, 2021:41).

Finally, the issue of oversight is highly encountered when it comes to the democratic governance principle of cybersecurity. Buckland et al., 2015 enumerated different oversight aspects seen in cybersecurity discourse. To these scholars the first of such oversight challenges centres around the exacerbated complexity of the network. Network complexity makes it difficult for oversight bodies, such as parliamentary committees to keep track of relevant actors, to gain knowledge of their existence and activities or even to acquire a legal mandate to do so. Second, oversight challenges are technical complexity. Because of the highly technical nature of cyber security challenges and responses, oversight bodies often lack the required expertise to understand and adequately oversee them. Third, oversight challenges are by legal complexity. Cyber security poses complex legal questions related (among others) to the right to privacy and freedom of expression. Fourth, oversight challenges are compounded by the heterogeneity of actors involved. In most instances, oversight institutions are organised along agency or functional lines. For example, a parliamentary committee may oversee intelligence services and activities, the armed forces, or justice. Fifth, oversight challenges are exacerbated by mandate perceptions. In general, government oversight bodies are concerned with the government agencies over which they have direct responsibility. This leaves the private partners of such agencies out of the reach of oversight, even in cases where they are directly funded by, or work in close collaboration with such agencies. Sixth, oversight challenges are exacerbated by the breaking of principal bonds. The actions of every government agent are connected in a chain of responsibility from principal to agent. For example, a Paris police officer is linked via his or her superiors to the prefect and, ultimately, to the interior ministry and the executive. (Buckland et al., 2015: 18-19).

The last portion of this paper will be dedicated to making inferences from the analyses make above and possible recommendations.

Conclusion

So far, this paper has focused on making the existing link between advancement in technological devices and its influence on the prevalent occurrence in cyber activities witnessed around the globe in contemporary times. The findings of this research paper indicate that there is a great nexus between technology and occurrence of cyber threat activities looking at the impact of the presence of internet, mobile phones and other web services devices. With the incidences of cyber-attacks gaining steam today, this has necessitated the need for various stakeholders to seek for mechanisms needed to combat these threats. It has been seen that such management efforts cannot be handled in a single territory but requiring international collaboration and cooperation in curbing the influence of cyber activities in our lives today. However, there are still enormous challenges noticed in the fight against cyber threats in the world even with globalised efforts put to counter such activities. In this light, this current study has put forth the following recommendations to better stakeholders’ battle against cyber threats today: providing constant and robust training to users of technological devices especially employees in organisations; continue stakeholder collaboration and cooperation and setting up tighter security mechanisms.

References

Admass, W. S. et al., (2023) “Cyber security: State of the art, challenges and future directions” Cyber Security and Applications: Elsevier B.V.

Aghajani, G., and Ghadimi, N., (2018). “Multi-objective energy management in a micro-grid”. Energy Rep. 4, 218-225

Alhayani, B., et al., (2021). “Best ways computation intelligent of face cyber-attacks”. Mater. Today ”: Proc.

Baezner, M., and Robin, P. (2017a). “Hotspot analysis: Stuxnet. Zurich”: Center for Security Studies: Zurich.

Baezner, M., and Robin, P. (2017b). “Cyber-conflict between the United States of America and Russia”. Zurich: Center for Security Studies

Baezner, M. (2018a). “Hotspot Analysis: Synthesis 2017: Cyber-Conflicts in Perspective”. Zurich: Center for Security Studies

Bhusal, C.S. (2021). “Systematic review on social engineering: Hacking by manipulating humans”. Journal of Information Security, 12, 104-114.

Biden, J. R. (2021). Interim national security strategic guidance. The White House, 8.

Buckland, B. S. et al (2015) “Democratic Governance Challenges of Cyber Security” DCAF HORIZON: Working Paper, No. 1

Cao, J., et al., (2021). “Hybrid-triggered-based security controller design for networked control system under multiple cyber-attacks”. Pp, 69-84.

Carrapico, H., and Barrinha, A. (2017). “The EU as a coherent (cyber) security actor”? JCMS: Journal of Common Market Studies, 55(6), 1254-1272. https://doi.org/10.1111/jcms.12575

Corradini, I. (2020). “Building a cybersecurity culture in organizations: How to bridge the gap between people and digital technology” (Vol. 284). Springer Nature

Council of the European Union. (2019). “Cyber-attacks: Council is now able to impose sanctions.”

Dutta, T.M. Choi, et al. (2020), “Blockchain technology in supply chain operations: applications, challenges and research opportunities, Transport”. Res. Part E: Logist. Transport. Rev. 142

Ghiasi, M., et al. (2023). “A comprehensive review of cyber-attacks and defense mechanisms for improving security in smart grid energy systems: Past, present and future”. Electric Power Systems Research, 215, 108975.

Harry, C., and Gallagher, N. (2018). “Classifying cyber events”. Journal of Information Warfare, 17(3), 17-31.

Judge, M. A., et al (2021) “Price-based demand response for household load management with interval uncertainty”. Energy Rep.

Khan, N. et al. (2022). “Understanding factors that influence unintentional insider threat: a framework to counteract unintentional risks”. Cognition, Technology & Work, 24(3), 393-421.

Kipkech, J., et al, (2022) “Cybersecurity and Disruptive Technologies”: Routledge Handbook of Maritime Security; Routledge

Lewis Jr, A.H. (2023) Cyber realism: a definition of and theory for cyber-based advanced persistent threat (APT) a power dynamic of the fifth domain (Doctoral dissertation, American Public University System).

Li, J et al., (2021) “Analysis of Cascading failures of Power Cyber-physical systems considering false data injection attacks”. Glob. Energy Interconnect 4(2), Pp. 204- 213

Li, Y. and Liu, Q. (2021) “A comprehensive review study of cyber-attacks and cyber security; Emerging trends and recent developments”: Energy Reports

Malla Reddy College of Engineering & Technology (2020) Digital Notes on Cyber Security

Obi, O. N. (2024) “Comprehensive Review on Cybersecurity: Modern Threats and Advanced Defence Strategies”: Computer Science & IT Research Journal Vol. 5, Issue 2, P.293310.

Office of the Director of National Intelligence. (2018) A Guide to Cyber Attribution. Washington DC: Director of National Intelligence. Accessed March 17, 2024. https://www.dni.gov/files/CTIIC/documents/ODNI_A_Guide_to_Cyber_A ttribution.pdf.

Pappalardo, S.M., et al. (2020) “Multi-sector assessment framework-a new approach to analyse cybersecurity challenges and opportunities. In Multimedia Communications, Services and Security”: 10th International Conference, Proceedings 10 (pp. 1-15). Springer International Publishing.

Perwej, Y. et al. (2021) “A Systematic Literature Review on the Cyber Security ” International Journal of Scientific Research and Management: Vol. 09, Issue12, Pp. 669-710

Pillai, P. (2012) “History of Internet Security.” http://www.buzzle.com/articles/history- ofinternet-security.html.

Polemi, N. (2017) “Port cybersecurity: Securing critical information infrastructures and supply chains”: Elsevier.

Rowe, N. C. (2009). “The Ethics of Deception in Cyberspace.” in Handbook of Research on Technoethics, edited by Rocci Luppicini and Rebecca Adell, 529-41. New York: Information Science Reference.

Singh, A. and Singh, S. K. (2019) “Technology Revolution gives Cybercrime a Boost: CyberAttacks and Cyber Security”: Research Gate.

Srinivas, J., et al (2019) “Government regulations in cyber security: Framework, standards and recommendations. Future Generation Computer Systems”, 92, 178-188.

Stein gartner, W., et al. (2021) “Threat defence: Cyber deception approach and education for resilience in hybrid threats model”. Symmetry, 13(4), 597.

Talem, C. (2020) “International Law in Cyberspace: Cyber Attacks as use of Force” Centre for Cyber Security and International Relations Studies: Conference Paper

Tam, K., and Jones, K. (2018) “Cyber-risk assessment for autonomous ships”. International Conference on Cyber Security and Protection of Digital Services (Cyber Security), 18.

Tan, S., et al., (2021) “Attack detection design for dc microgrid using eigenvalue assignment approach”. Energy Rep. 7, 469-476.

United Nations Conference on Trade and Development (2018) Review of maritime transport

United Nations Office of Counter-Terrorism (2023) “Cybersecurity and New Technologies: Establishing Legislative Framework, Transparency Mechanisms and Oversight for Online Data Collection and Guide for Establishing Law Enforcement Cooperation with Technology Companies in Countering Terrorism”

UN (2021) Cybersecurity in the United Nations system organisations

UNDP (2022) “Digital Technology’s Threats to Human Security” New threats to human security in the Anthropocene Demanding greater solidarity: Special Report

United Nations General Assembly (2008) Report of the secretary general oceans and the law of the seas.

Varga, S., et al., (2021). “Cyber-threat perception and risk management in the Swedish financial sector”: Comput. Secur. 105, 102239.

Waqas, M., et al (2022) “The role of artificial intelligence and machine learning in wireless networks security: Principle, practice and challenges”. Artificial Intelligence Review, 55(7), 5215-5261.

Zaffagni, Marc. 2012. “Flame, un virus encore plus redoutable que Stuxnet et Duqu.” Futura, March 17, 2024. https://www.futura-sciences.com/tech/actualites/informatique- flamevirus-encore-plus-redoutable-stuxnet-duqu-39051/.

Zhao, Z.-g, et al (2021) “Control-theory based security control of cyber-physical power system under multiple cyber-attacks within unified model framework”. Cogn. Robot. 1, 41-57.

[...]