See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/347453494

Network Security: Cyber-attacks & Strategies to Mitigate Risks and Threads

Preprint · December 2020

DOI: 10.13140/RG.2.2.30846.00320

CITATIONS READS

0 2,294

1 author:

Priyanka Dedakia
Bournemouth University
1 PUBLICATION 0 CITATIONS

SEE PROFILE

All content following this page was uploaded by Priyanka Dedakia on 18 December 2020.

The user has requested enhancement of the downloaded file.

 Network Security: Cyber-attacks & Strategies to
Mitigate Risks and Threads
Priyanka Dedakia
Department of Computing and information
Bournemouth University
Bournemouth, U.K.
s5229407@bournemouth.ac.uk

Abstract— Network security is a set of rules and procedures of traffic that must filter. They also faced challenges related
designed to prevent and track unauthorized access, misuse, to the number of false positives reported. As a result,
manipulation, or rejection of a computer network and companies turn to new technologies such as machine
resources accessible from the web and their availability to learning to detect malicious and unusual traffic in a more
suitable policies. Many security devices increased and efficient way.
implemented to protect against cyber threats also prevent an
intentional data breach. Despite this e-art, the 'golden age' of We can increase security by identifying threats, educating
cybercrime continues, as data breaches and security attacks on them about cybercrime, using two-factor authentication,
companies globally. What threats are we facing today? How to conducting risk assessments, and knowing risk factors.
deal with libido risks? The purpose of this paper is to
communicate the updated view of network security firms and II. LITERATURE REVIEW
present some recommendations to address the current security
and status of researchers. Cyber-attacks are becoming a daily reality for businesses
and individuals of all kinds. Cybercrimes are not widely
Keywords— Cyber-attacks, Cyber-crime, Cyber-attack modes, known and typically hamper the protection of various types
Strategies. of attacks, their capabilities, information security, and lack
of understanding of possible outcomes. [7].
I. INTRODUCTION
Cyber-attacks are more common to find modern and In the international literature, we can find many
creative approaches to penetrate user systems, steal sensitive definitions of cybersecurity, cybercrime, etc., aim to violate
data, and influence the database. The idea is to control privacy, integrity, and data availability. Technological
malicious content and endanger users' data, which brings advancements are also advancing in the Progress of
them enormous losses. Cybercriminals have developed many cybercrime, creating new ways to carry out attacks, achieve
approaches to attack devices. Recently, cyber-attacks have hard-to-reach goals, and stay on track. However, traditional
gone through by tech giants like Facebook, Amazon, five- cyber threats are still the number one origin of an attack.
star hotels, etc. Nationwide attacks have also taken place in Different kind of attacks have been identified and
countries like Australia, India, etc. Cyber-attacks are considered in international literature:
widespread and essential to understanding the scale of the  During an attack, this occurs when someone
attack. Mitigate future attacks and develop appropriate plans interrupts the conversation between the two parties,
and strategies to overcome risks and threats [4]. so that any message sent from source A to source B
Data plays an important role and is a prerequisite for reaches the attacker before reaching the target. The
performing a crucial activity to protect data from harmful downside of this type of attack is that unauthorized
content and malware. Current digital data has a lot of access to it can gain access to confidential
capacity where cyberspace is the leading source for information or modify the information / messages
performing all digital actions through virtual connections that the attacker is going through.
globally. It has changed the era of business. In the current  Brutal attacks include frequent attempts to access
situation, most business is done over the Internet, connecting secured information (for example passwords,
anyone from any part of the world in minutes, making it encryption, etc.). Details will be available until the
more flexible for modern business operations. While digital correct key is
data and digital marketing have paved the way to the next
 DDoS (Distributed Daniel of Service) is a kind of
level, cybercriminals are following suit and finding many
ways to target users' systems and access their network pages attack that limits the accessibility of data to a
and crack passwords easily, like most users. Use certain extent so that the attacker fills the victim
compromised or weak passwords that are easy to crash and (for example server) with commands and therefore
access your network site [2]. stops working.
Cyber-attacks can range from the theft of personal data to
attempts to blackmail specific targets. There are always a III. RESEARCH METHODOLOGY
few at stake for companies: cyber-attacks protect both The study began by focusing on the current state of
individual companies and companies. Cybercriminals have cybercrime, a review of specific international literature,
been exposed to independent and corporate networks due to including legal issues, and an analysis of lead events from
unauthorized access, malware, and negotiate service. The previous years. The goal is to provide a universal overview
device used to protect against network security threats is full of cyber-attacks globally, understand the potential impact on
operations and companies or individuals, and take disclose them all. Information to the public; however, the
countermeasures to counter the threats. This research results show that the effects of cyber-attacks are often
established attacks identified and detected over the past three related to loss of details, operational interruptions, lost
years. Every day, cyber-attacks and limited intelligence revenue, and property damage. Common types of attacks
organizations around the world reveal cybercrime where include full name, first name, date of birth, personal
some attacks are hard to recognize. Authors can't obtain identity, addresses, medical records, phone numbers,
complete data for analytical purposes. However, based on the financial details, email addresses, login details (usernames,
study, key market players in security and consultation have passwords), and unauthorized access to insurance.
been able to identify and identify the history of attacks,
Information
news, and attacks over the past three years, with data
released by surveys and surveys worldwide. There have been
over 15 million attacks with information based on this type V. ARGUMENT
of malware service.
Network security is the protection of your network. The
network can be private, such as an internal network, or
IV. RESULT
public. Network security includes preventing misuse of or
A. General result unauthorized access to the web or its resources. For this
reason, each user provides a unique username and password
Based on the study, critical attacks in the security and to access the network. The network administrator supervises
consulting industries are collected and reported a population the web. No business or organization can be completely
of over 15 million attacks during news and events: Cenzic,
secure against cyber-attacks. Archive the best things to do is
CISCO, FBI (Federal Bureau of Investigation), FireEye,
Kaspersky, McAfee, Mandiant, Sophos, Symantec, Verizon, to take all possible precautions for them. Cyber-attacks are
PriceWaterhouseCoopers, and hackmageddon.com. an era that threatens life and humans, and my increasingly
complex framework has not been carefully built and may be
Report and threat predictions support the notion that a victim of financial and reputation attacks.
psycho attacks are on the rise. The tendency to describe the
increased behavior of thugs and the possibility of cyberwar, Organizations have definite procedures and defense systems
enhanced by hackers. Techniques and tools to hide your that might protect infrastructure and sensitive information.
identity/location and retrieve sensitive data. The high value Organization security is a universal term that covers a vast
of data on security hygiene and IoT devices also estimates 50 number of innovations, gadgets, and cycles. In the least
billion Internet-connected devices by 2019. The results
complex terminology, a set of rules and parameters aim to
outline a reality that attackers continually develop new ways
ensure the integrity, confidentiality, and availability of
to exploit networks, programs, and data. Another trend
identified is the sustainable growth of Mobile attacks from information in a computer organization using both
one year to another. programming and innovative hardware. Any association that
pays little attention to the countermeasures industry must
B. Main drivers take inadequate security measures to protect their
organizations from the evolving risk.
One of the interesting facts revealed in this study is that
when looking at the root cause of security breaches, less than
50% of cases are intentional criminal attacks, caused by VI. CYBER ATTACK MODES
intentional attacks, human error, and systems. It is divided
into three elements of vulnerability. The success of the Hackers look for various ways to compromise users'
criticize is due in the part to the attacker's skills and learning, access to the system and misuse personal data for enormous
and the protection on the part of the victim - that is, defective losses. Cyber-attacks include phishing attacks, virus attacks,
programs, human error, and lack of adequate control to worms, Trojan horses, software crashes, distributed denial
ensure information security. According to the Vulnerability of service, malware, spies, social engineering attacks,
Trend Report, 96% of apps analyzed and identified one or threats, and robots.
more serious errors, with an average of 14 errors per
application [6].
A. Phishing Attack
C. Attacks It is widespread everywhere and expands every day. The
aim is to steal critical data like user credentials, financial
It is difficult to determine the exact number or rate of
details like credit card details, and anything of potential
different types of attacks during the investigation. Common
value by disguising itself as a unit loyal. Attract the target
attacks include denial of service, malware, viruses, worms
by revealing details without hesitation.
and Trojans, malware, malicious intruders, stolen hardware,
phishing, social engineering, and web attacks. However, this B. Malware
end is divided into four categories: cyber-crime, cyber It is an application designed to disrupt the unique
bullying, cyber warfare and hockey. functionality of a mobile phone, desktop computer, or
D. Impact hosted device. Identifies the script or executable code. Users
click on the source of the malware and accidentally install it.
When it comes to the impact of cyber talks on their
This app then interferes with the device and starts tracking
victims, it is difficult and impossible to calculate the exact
everything according to its capabilities.
costs that companies will need to restore their business,
customer trust, and image, especially if companies never
 Among all cyber attacking modes, Phishing is one of the through the web, and Network sources addressed
common attacks and can carry out from anywhere in the with encrypted codes. The receiver must have
world. It is one of the most widely used methods by hackers decryption codes to view the message.
as they find it easy to trick the customers and gain access to  Use strong passwords and change them frequently
their devices is practiced in this type of attack. A phishing to protect yourself from attackers/hackers.
attack sends an email or an instant message to a user with a  Finally, it is crucial to educate the employees and
link attached to the mail that replicates the same background train them regularly with modern technologies and
to convince the users to trust the post as if it is from create awareness on cyber-attacks about controlling
authenticated sources and is accountable. Users who are them on a primary level and how to protect their
unaware of such attacks will be redirected to the hacking data from malware [15].
site and lose control of the device when they click on the
provided link. Similarly, this is the case with other attackers
who tend to gain access over a network connection through VIII. CONCLUSION
Internet network, WIFI modem, and by injecting malicious Security is an important issue for large computer
content through attacked mails and pen drive, etc. [1]. companies. There are various definitions and ideas for
measuring safety and risk from the perspective of others.
Internet, email, and network connectivity is essential for
VII. STRATEGIES TO BE CONSTRUCTED BY MANAGEMENT
today's small businesses and poses many threats to IT
Strategies play a crucial role in every business as it will systems and corporate privacy. The security system must be
guide the firm in the right direction to achieve its targets. It flexible for end-users to use comfortably.
also focuses on all business activities by conducting Network security compromises the network and its
thorough analysis and monitor all the business activities by connections. Network security needs to create and develop
focusing on the weak areas of the firm that are most likely based on business needs. The main business gaps through
vulnerable to cyber-attacks [9]. which hackers gain access need to be analyzed. When an
attacker enters your network and cuts your connection, it is
The following are the strategies to be considered by the a network attack that severely damages your database and
Organizational Management to mitigate the risk and treats: its data transmission mechanisms. These network attacks are
 It is essential to deploy high-end security massive and can lead to huge losses. Sometimes the loss of
mechanisms to protect the network security from repeating itself is unacceptable. In end-user usage, a lack of
malware and malicious content. strong passwords and security software is noted. The study
 To allow access to sensitive data and restrict access identified all measures to be taken against cyber-attacks.
based on needs and preferences, you should use the Therefore, it is crucial to develop plans and strategies from
principle of minimal privilege. the outset to better deal with the situation as there is no way
 All the devices we use must be protected by to escape from these attacks. The only option is to protect
antivirus software at all times. the network from attacks by proactively measuring and
 The Internet connection is shield by using a proactively enforcing adequate security mechanisms.
firewall and Wi-Fi masking.
 Use the least specific concepts to allow and limit
IX. FUTURE WORK
access to sensitive data according to your needs
and preferences. Malicious and other attacks increase their severity and
 The user must follow a two-step verification damage. Since there is less response time, companies need
process where authorization steps must obey to to be more proactive in ensuring security. Reactive safety no
prevent data loss. longer works. This is why companies need to have a good
 A good network connection is a counsel to use with understanding of future trends, risks, and threats to protect
additional security layers like firewall, Virtual their companies from high security.
Private Network, and security provisions that Typically, the network security system device depends on
enable adequate security measures. the command-line interface (CLI). In recent years, computer
 Human errors and system crash are common issues and network management work has been performed
which will penetrate to further loss of data. The remotely using web-based tools. In today's highly connected
organization must focus on core business activities era, whether it's a GUI or a CUI, networking tools are
associated with sensitive data security policies with essential.
strict rules and regulations.
 Third-party users and external providers should not ACKNOWLEDGMENT
be allowed to access sensitive data.
My sincere thanks to Dr.Philip Davies for his valuable
 High-level advanced security systems must be
and constructive suggestions in planning and developing of
implemented with disaster recovery plans and
this research work. I would also like to thank Professor
procedures which provide an alternate source of Festus Adedoyin for his patient advice, enthusiastic
data if a backup provision countenance by the encouragement, and helpful comments on this research work.
management every year [3].
 Encryption of data must be followed irrespective of
its privacy to data and data transfer mechanism
 I would also which to thank Department of computing,
Bournemouth University, U.K for their continuous help and
support.
Finally, I wish to thank my parents and husband for their
support and motivation throughout my study

REFERENCES

[1] Creasy, J., & Glover, I. (2013). Cybersecurity incident response

guide.
[2] Goel, S., Che, V. (2005). info security risk analysis a matrix-based
approach.
[3] Forester Research (2015). shield Your holding and client knowledge
from larceny And Abuse.
Retrieved from https://www.forrester.com/reports/
[4] Sumner, M. (2009). info Security Threats: A Comparative Analysis of
Impact, chance, and state. InfoSystems Management, 26(1), 2-12. doi:
10.1080/10580530802384639.
[5] Wang, P., Chao, K. M., & Lo, C. C. (2013, 11-13 Sept. 2013). a
unique Threat and Risk Assessment Mechanism for Security Controls
in commission Management. Paper found at the e-Business
Engineering (ICEBE), 2013 IEEE tenth International Conference on.
[6] Akhtar, S., Yates, B. (2013) intelligence Management, first Edition,
Butterworth-Heinemann, 9780124071919, 56-255.
[7] Uma, M., Padmavathi, G., 2013. A survey on numerous cyber-attacks
and their classification, International Journal of Network Security, 15,
5, 390-396.
[8] Cenzic, 2014 Cenzic, Application Vulnerability Trends Report: 2014,
description accessible at WWW.cenzic.com.
[9] Wang, P., Liu, J., 2014. Threat analysis of cyber-attacks with Attack,
Journal of Information Hiding and Multimedia Signal Processing, 5,
4, 778:787.
[10] Importance of Network Security found at
http://www.content4reprint.com/com¬-puters/security/importance-
of-network-security-system.htm.
[11] Marin, G.A. (2005), "Network security basics", Insecurity & Privacy,
IEEE, Issue 6, Vol. 3, pp. 68-72, 2005.
[12] Wu Keel; Zhang Tong; Li Wei; Ma Gang, "Security Model supported
Network Business Security", In Proc. of Int. Conf. on pc
[13] Technology and Development, 2009. ICCTD '09, Vol. 1, pp. 577-580,
2009.
[14] Anonymous. FBI: Cyber-attacks surpassing terrorism as a major
domestic threat. https://www.rt.com/usa/fbi-cyber-attack-threat-739/.
Accessed 25 November 2013.
[15] Rosso, B. (2015). Vital steps for responding to cyber-attacks.
Retrieved from
http://www.informationage.com/technology/security/123459644/6-
critical-steps-responding-cyber-attack
[16] Nakashima E, Peterson A. Report: law-breaking and undercover work
value $445 billion annually. The Washington Post.
https://www.washingtonpost.com/world/national-security/report-
cybercrime-and-espionage-costs-445-billion-
annually/2014/06/08/8995291c-ecce-11e3-9f5c-
9075d5508f0a_story.html.
[17] Cherty A, Singh D, Singh V. A comprehensive study of social
engineering-based attacks in an Asian country grow an abstract
model. International Journal of Data and Network Security. 2012;
1(2):45-53.
[18] Kizza J. M., (2014) “Computer Network Security and Cyber Ethics
4th Edition” pp 60-81. ISBN 978-0-7864-9392-0.
[19] Podhorec M., (2012) “Cyber Security Within The Globalization
Process”, Journal of Defense Resources Management, Vol. 3, Issue
1(4).
[20] Cleary F. and Felici M., (2014) “Cyber Security and Privacy:
Communications in Computer and Information Science”, 3rd Cyber
Security and Privacy EU Forum, CSP Forum, May 2014.

View publication stats