The Importance of Network Security in Protecting Sensitive Data and Information
- Nwakeze Osita Miracle
- 259-270
- Jul 6, 2024
- Computer Science
The Importance of Network Security in Protecting Sensitive Data and Information
Nwakeze Osita Miracle
Department of Computer Science, Chukwuemeka Odumegwu Ojukwu University, Uli
DOI: https://doi.org/10.51584/IJRIAS.2024.906024
Received: 24 May 2024; Received: 05 Jun 2024; Accepted: 10 Jun 2024; Published: 06 July 2024
ABSTRACT
Network security has remained a major concern especially in the modern world where technological advancement is rapidly evolving. This study explores the concept of data and information security especially in today’s environment where cyber risks like malware, phishing, DDoS, and insider threats are rampant. It covers the fundamentals of the network’s security measures such as Firewall, IDS, Encryption, Access control, VPNs, and Security Auditing & Monitoring. A qualitative analysis of secondary data and case studies such as the Equifax data breach and the Yahoo data hack is used to assess the effectiveness of these security measures in the real world. Regulatory compliance is also encouraged through the use of standards like GDPR, PCI DSS, and HIPAA to ensure that companies meet the set requirements; failing to do so attracts fines, lawsuits, or loss of reputation among other consequences. Measures like regular software updates and patching, secure user authentication, network segmentation and security consciousness among the workers should be adopted. These are important in avoiding risk occurrences, minimizing threats and providing a hardy protection for new risks. This will be a detailed step by step guide to help organizations improve their network security, manage compliance and data protection in the interconnected world of today, with a focus on the importance of strong network protection in ensuring data integrity and trust.
Keywords: Network, Security, Intrusion Detection Systems, VPN, Encryption, Malware, Attack
INTRODUCTION
Network security has evolved into a significant discipline within the field of data and information networks management, especially when defending sensitive and confidential information (Sunyaev & Sunyaev, 2020).Companies, irrespective of their size or sector, rely heavily on digital platforms for data storage, processing, and transfer, which include valuable information like financial records and customer profiles, and intellectual assets and trade secrets that are arguably the most important and guarded information of a particular organization (Bagale et al., 2018; Stergiou et al., 2018).
Simultaneously, as we approach the forecasted landscape of cybersecurity in 2030, the digital transition across all sectors is accompanied by a significant challenge: cyber-attacks and vulnerabilities, which are growing each day (ENISA, 2022). The digital security arena is today more complex and dangerous; hence very strong measures should be put in place to face the wide range of possible challenges that can crop up (Leitner et al., 2019). Network security which is a very important device against cyber enemies consists of complex protocols, processes, and technologies, which are utilized to guard computer networks, devices, and data repositories from unwanted intrusions, targeted attacks, and breaches (Thomas & Stoddard, 2011).
Although money is the primary category of damage from a cyber security breach, it is still in the minority compared to the full extent of its consequences (Malliouris, 2021). Hence, those cases can bring about damaged reputation, loss of consumer confidence and reliability, and even legal troubles (Agrafiotis et al., 2018). In addition to this, the typical emerging technologies like the Internet of Things (IoT), cloud computing models, and artificial intelligence (AI) using very diverse and advanced features should be considered by the existing security frameworks (ENISA, 2022).
This investigation which focuses on the importance of network security as a main pillar of data and information protection in the digital era becomes a real challenge. It entails examination of the dynamic threat landscape, determination of the protective role of network security solutions, and presentation of techniques and methods that would be suitable for organizations to adopt in order to successfully maintain an updated defensive posture and step ahead of the emerging threats.
METHODOLOGY
This paper adopts a qualitative research approach and secondary data to assess the role of network security in safeguarding information in the digital environment. It employs literature review to establish some of the major network security elements like firewalls, intrusion detection systems, encryption techniques, access control systems and virtual private networks. Based on the case scenarios and practical examples, the paper analyzes the efficiency of the specified measures in protecting data from unauthorized access and maintaining its integrity and availability. Examples like Equifax data breach and the Yahoo data hack demonstrate how security breaches can occur and the importance of implementing solid security measures. The study also evaluates the effects of compliance with the regulations such as GDPR, PCI DSS, and HIPAA, focusing on the legal, financial, and reputational repercussions of non-compliance.
Definition of Network Security
Network Security is the set of measures implemented to give computer networks the privilege and integrity of information they transmit and store (Kizza et al., 2013). It comprises different technology, means, and policies among others which ensure intended authorized users and enhance the security of network systems and the data in them (Alhassan & Adjei-Quaye, 2017).
Crucial Role of Network Security in Safeguarding Sensitive Data
Protecting data and information from a variety of threats, including as malware, phishing efforts, unauthorized access attempts, and insider threats, is a critical function of network security. Organizations may reduce risks and avoid possible harm to their assets, reputation, and operations by putting strong network security measures in place (Mugal, 2018). Some of the roles of data security in safeguarding information include:
- Preventing Unauthorized Access
- Protecting Data Integrity
- Ensuring Data Confidentiality
- Maintaining System Availability
Figure 1: The Critical Role of Network Security in Today’s Digital Landscape (Source: Kadre, 2023)
The key contribution of network security in rendering data confidentiality service should not be underestimated as data breaches and cyberattacks present huge danger and risk to both organizations and private individuals (Sharma & Barua, 2023). The 2021 Cost of a Data Breach Report survey by IBM has shown that the average global cost of a data security breach is equal to $4.24 million, and the healthcare sector was paying the highest average cost per compromised record at $9.23 million (Almulihi et al., 2022).
An example is the Equifax breach of data in 2017 that affected over 147 million customers, of which the company had to deal with a colossal amount of financial loss, litigation expenses, and a damaging impact on the brand (Sivrieva, 2018). Such cases vividly demonstrate the essentiality of strong network security procedures that perform the duty of prohibiting unauthorized access and guarding the data that is client sensitive (PII, monetary data, and trade secrets).
Cyber-attacks and other types of malwares, especially ransomware attacks, are very dangerous for companies because of how much cyber threats affect them (Loanid et al., 2017). Ransomware renders the victims’ critical data or systems useless, thus, the attackers demand payment in return for decryption keys (Kharraz & Kirda, 2017)). The 2021 SonicWall Cyber Threat Landscape Report witnesses a 62% increase (500 million attacks) in ransomware assaults worldwide when compared to the year 2020 (Perova, 2022).
Among citizens, the effects of hacker attacks are felt too as personality can be targeted through identity theft, financial fraud as well as privacy violations because of the leakage of secret information (Draper, 2006). The Yahoo data hack incident in 2013 when about 3 billion user accounts were compromised can be a great illustration of how extensive the global impact can be (Bhadouria, 2022). The IBM Cost of a Data Breach Report 2020 states it takes a minimum of 280 days to detect and remediate a breach (Ponemon Institute, 2020). Additionally, 85% of data breaches are caused by humans, according to the 2021 Verizon Data Breach Investigations Report. (Verizon, 2021).
Key Components of Network Security
1. Firewalls
The firewall is an essential component of network security which is an initial barrier protecting from cyber threats and unauthorized users. They stand at the forefront of network security by monitoring traffic and enforcing predefined security rules between incoming and outgoing traffic (Chopra, 2016). However, they have boundaries that prohibit them from checking encrypted traffic and authenticated insiders (Pandey, 2011). It has been proved by cases that firewalls can be used to protect against DDoS attacks or to stop the IP addresses that attempt to take advantage of the network services’ weaknesses (Chopra, 2016).
2. Intrusion Detection Systems (IDS)
IDS are not only capable of identifying and quelling such activities but essential in providing information on potential network security problems (Staddon et al., 2021). They watch network traffic patterns, log files, and system activity events to find anomalies that could be indicative of a malware attack or intrusion. Although IDS work as continuous threat hunters, they might produce false alarms, or fail to detect highly advanced, zero-day attacks (Khan, 2023). Despite this, IDS remains the key instrument in ensuring network security state.
3. Encryption
Encryption is the fundamental key to protecting data confidentiality and integrity from communication to storage (Seth et al., 2022). It translates plain data into ciphertext, thereby making it unintelligible to unauthorized parties except for those who have a decryption key. Encryption reduces the possibility of information interception, eavesdropping, and free accessing, and it allows the data to be always kept safe (Mugal, 2018). Nonetheless, encryption does not exclude the possible attacks against endpoints or the weaknesses in the encryption protocols (Sinclair & Smith, 2008). Encryption governs online banking transactions, messaging applications, and data-at-rest encryption, needed to protect stored data from unauthorized access.
4. Access Control
Access controls authenticate users and restrict access privileges that were defined before in conformity with the principle of least privilege (Kizza et al., 2013). Access control is a vital mitigation strategy for mitigating the risks of insider threats, unauthorized data access, and privilege escalation attacks (Sinclair & Smith, 2008). On the other hand, the administration of well-designed, coherent, and effective access control policies and their enforcement across heterogeneous network environments may become a complicated task. Real-life demonstrations of such effectiveness include RBAC preventing unauthorized changes to systems, MFA aiding secure user authentication, and network segmentation limiting the movement of attackers laterally.
5. Virtual Private Networks (VPNs)
Virtual Private Networks (VPNs) are key to creating secure, encrypted routes for remote access and communication, especially on public networks (Stewart, 2013). They prevent snooping, interception, and those who sit in the middle of the transmission of data, hence maintaining privacy and secrecy. Furthermore, VPNs authenticate the connectivity of a remote user besides securing the data stream between the endpoints. But VPNs sometimes have issues that include: (1) scalability, (2) performance overhead, and (3) vulnerabilities in VPN protocols (Stewart, 2013).
Figure 2: Major Components of Network Security Source: (Source: Çıngı, 2023)
6. Security Auditing and Monitoring
Routine security audits and continuous monitoring are the necessary parts of the network security process, which allows you to find out everything about vulnerabilities, compliance gaps, and system errors (Agrafiotis et al., 2018). Awareness and monitoring contribute to forward threat detection, incident response, and policy enforcement. Unlike matters, resource-exhausting camera surveillance solutions may be faced with a problem of real-time analysis and alert overload (Sleem et al., 2020).
7. Intrusion Prevention Systems (IPS)
IPS acts as a missing link between IDS by taking direct actions and responding to detected threats in real-time enhancing network security posture (Möller, 2023). They run on autopilot, reacting to threats with actions such as blocking malicious IP addresses, blocking known attack vectors, and responding to security incidents (Möller, 2023). It is characterized by its ability to block threats on the go, but it does so with a certain degree of error and performance degradation if configured improperly (Seth et al., 2022).
Common Threats to Network Security
Figure 3: Emerging threats to network security (Source: ENISA, 2
1. Malware Attacks
Malicious software programs including viruses, worms, trojans, and ransomware are the greatest network security threats in the digital age known as malware attacks. AV-TEST Institute gives the statistics that over 350,000 are malware samples detected daily and this fact emphasizes that these threats are widespread (Dewanje and Kumar, 2021). Attacks based on malware are severe as high data loss, system damage, financial damage, and credibility loss can result. The 2017 WannaCry ransomware assault, which compromised more than 200,000 systems globally, prevented operations and inflicted serious financial damage (Algarni, 2021).
2. Phishing attacks
A common cyber threat is phishing attacks, wherein emails, websites, or social media messages of actual entities are forged to manipulate users (Perova, 2022). Over 200,000 distinct phishing sites were identified by the Anti-Phishing Working Group (APWG) in Q2 alone, demonstrating how often fraudsters employ it in their schemes (Hill, 2019). The use of phishing can result in putative of account entities, financial fraud, identity theft, and illegal access. In 2016 the phishing attack on the DNC led to email leaks and disclosure of sensitive information and may be regarded as a denotable instance of the effect of phishing attacks (Krejsa & Suh, 2017).
3. DDoS (Distributed Denial of Service)
These types of attacks encompass bots connected to mega networks that send huge surges of traffic to block and shut down systems. According to Arbor Networks’ 16th annual report, Worldwide Infrastructure Security Report, 58% of the 2020 respondents were exposed to such kinds of DDoS attacks, exposing the actuality of this disruption (Unger, 2021). DDoS attacks may lead to service disruptions and damage the operations of an organization as well as cause the organizations to incur financial losses (Arafiotis et al., 2018). The 2018 GitHub DDoS attack brought to the fore the ruinous effects of these attacks on user service availability globally (Saleem & Naveed, 2020).
4. Insider Threats
These are threats to organizations’ security created by their staff or their contractors, who either wilfully or unintentionally create breaches (Wall, 2013). According to the 2021 Verizon Data Breach Investigations Report, 17% of all data breaches were the result of insider threats, a sign of the critical nature of this internal vulnerability (Dhadouria, 2022). Insider threats are a potential source of data leaks, intellectual property theft, financial damages, and reputation issues. The Snowden affair in 2013 is a vivid example of an insider threat that can undermine the national security and privacy level, which increases sensitivity about the appropriate control and preventive mechanisms to insider threats (Sinai, 2016).
5. Man-in-the-Middle (MitM) Attacks
This involves interrupting communication between two parties and changing the data, therefore, the confidentiality and integrity of the data are threatened (Malik, 2019). The Imperva study revealed that 35% or more organizations fell prey to a man-in-the-middle attack in 2020 (Vatsyayan et al., 2022). MitM attacks can cause several problems such as information stealing, unauthorized access, and information tampering. MitM methods utilized in BEC (Business Email Compromise) show how these attacks are exploited for fraud purposes, altering email conversations to take advantage of the victims (Feliciano, 2023).
6. SQL Injection Attacks
This takes advantage of the weaknesses to alter SQL statements which consequently exposes the database security to danger (Clarhe-Salt, 2009). One of the greatest dangers to online security, according to the Open online Application Security Project (OWASP), is SQL injection due to its frequency and the destructiveness of attacks (Woschek, 2015). Modifying data, data theft, or database contamination can be done through SQL injection. The 2019 Capital One data breach comprised a SQL injection attack where information of more than 100 million customers was exposed, and how such vulnerabilities turned into liabilities when cybercriminals exploited them (Khan et al., 2022).
7. Zero-Day Exploits
A vulnerability that software developers are unaware of is called a zero-day exploit, contributing to their effectiveness during cyber-attacks (Bompos, 2020). Zero-Day Initiative consortium revealed over 1200 zero-day vulnerabilities in the year 2020 showing the constant discovery of these vulnerabilities by researchers as well as various threat actors (Wagner, 2019). Subsequently, the system can be compromised, a data breach can occur and there can be a wide security lapse as well.
Benefits of Network Security
Implementation of a sturdy network security acts by availing some benefits that contribute to the robustness and reliability of the system and data within the organization. One of the main advantages is that it helps to preserve data integrity, which implies data correctness and uniformity throughout its lifetime (Feliciano, 2023). Network security measures like encryption, controls on access, and intrusion detection systems (IDS) make sure that there are no unauthorized modifications or tampering with data, which helps preserve its data integrity and reliability (Mugal, 2018).
Maintaining confidentiality is one of the aspects that is guaranteed by network security measures (Seth et al., 2022). Encryption of information, secure data transmission protocols, and access control mechanisms limit access privileges to authorized people only, hence protecting it from unauthorized access (Mugal, 2018). This confidentiality and assurance are very vital in the data protection of sensitive data like PII, financial records, and intellectual data (Almulihi et al., 2021). Efforts like redundancy, load balancing as well as disaster recovery planning aim to keep vital systems and data available and functional even when a crisis or an attack is underway (Snedaker, 2013).
Network security procedures that are built correctly assist businesses in adhering to applicable regulations or standards, such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR) (Parker, 2020). Strict data protection, privacy, and security measures—such as access limitations and the encryption of sensitive data—are mandated under these recommendations, notification procedures in case of data leaks, and regular security audits. Implementing these rules by setting up reliable evidence security systems is the best way for organizations to show their desire to protect customer data and be on the right side of the law (Parker, 2020).
Customers and stakeholders demand that companies endlessly protect their privacy as well as privacy rights. Through the deployment of robust network security mechanisms, businesses impart confidence to consumers because they exhibit the will to safeguard data, privacy, and the information security culture (Perova, 2022). This relationship-building role is fundamental for developing long-lasting customer relations, preserving brand reputations, and highly going up to the level of a competitor.
Importance of Complying with Data Protection Regulations and Industry
Adherence to data protection regulations and industry standards with strong network security measures is beside the point of providing a secure environment for secrets. The guidelines and requirements are detailed in regulations and standards helping to guarantee data security, privacy, and integrity (Parker, 2020). Breaching this act can bring up some strong issues such as legal repercussions, a negative reputation, and a loss of customers’ confidence (McGeveran, 2018).
However, the primary regulation that companies need to be on the alert for is the General Data Protection Regulation (GDPR) (Mulligan et al., 2019). GDPR applies primarily to the businesses operating within the EU or processing the data of EU citizens where it imposes strict data protection measures, like, obtaining consent for data processing, encrypting and pseudonymizing data, maintaining data integrity and confidentiality, and breaching data procedures to be reported timely (al & Aviv, 2020). Companies that do not comply with GDPR can be penalized with a fine of up to 20 million euros, or 4 percent of their yearly revenue, whichever is more (Wolff & Atallah, 2021).
Companies that handle credit card data are subject to another crucial regulation called the Payment Card Industry Data Security Standard (PCI DSS). (Morse & Raval, 2008). PCI DSS defines criteria for securing payment card data, which include network security measures like firewalls, encryption, access controls, and regular vulnerability tests (Williams & Adamson, 2022). Non-compliance can cause monetary fines, suspending the privilege of payment processing, and a bad reputation resulting from the data breaches.
The Health Insurance Portability and Accountability Act (HIPAA) must be complied with by healthcare companies. HIPAA regulates the safeguarding of personally identifiable health information (PIHD) and establishes many security measures to ensure the privacy, accuracy, and accessibility of PIHD (Takyi, 2019). Non-conformance with the provision of HIPAA is subject to enormous fines, legal liabilities, patient mistrust, and institutional reputation.
For accurate and constant regulatory compliance in network security, organizations must have the right strategies and practices in place. These include but are not limited to conducting frequent risk assessments and auditing to determine weaknesses, implementing security controls including encryption, access controls, IDS systems, etc., and conducting security awareness training for employees. However, the organizations should develop incident response plans and procedures of data breach notification, and work in compliance with the regulations and legal requirements.
Methods for Network Security/Protection
Implementing key strategies for network security is essential to protect sensitive information, prevent security incidents, and mitigate cyber threats effectively. Some of the best practices include:
- Regular Updates and Patches: Having software, operating system, and application versions updated with security patches and fixes, is crucial. The risks come from the fact that software flaws may be used to penetrate the system illegally or launch an attack (Cohen, 1979). Periodic updates are meant to reduce these potential weaknesses and tighten the security of the network.
- Strong Authentication Methods: The strong authenticity techniques that utilize multi-factor authentication (MFA) require the users to provide multiple credentials before they can access their system/data, which in turn adds one extra layer of security. It almost eliminates the issue of authorized access through stolen or existing tools (Manteigueiro, 2020).
- Network Segmentation: Segmenting networks with a restricted form of access controls that block after a breach secures the network and limits the possible effect of the breach. (Kafi & Akter, 2023) Segmentation cubs the flow of threats and narrows the path of attackers within the network, minimizing the negative impact of widespread damages.
- Firewalls and Intrusion Detection/Prevention Systems (IDPS): Traffic monitoring tools based on firewalls can be deployed to prevent malicious requests from coming in and bot attempts from accessing unauthorized channels (Chopra, 2016). Besides identification policies, IDPS complements a firewall by actively detecting and responding to suspicious actions and possible security threats in real-time (Seth et al, 2022).
- Encryption: Encryption of sensitive information both while at rest and when being moved makes it incomprehensible even if data gets intercepted or accessed by unauthorized entities, therefore the data will not be readable without a decryption key (Mugal, 2018).
- Employee Training and Awareness: One of the main sources of cybersecurity incidents is human error or human factors, where people fall for phishing emails or use weak passwords (Alsharif et al., 2022). Employees’ competence in security matters rises when they undergo training and this in turn lowers the possibility of security breaches (Herath & Rao, 2009).
CONCLUSION
In conclusion, this article thoroughly explained the vital function of network security in the safekeeping of vital information and data in the current world of networked and fast-changing digital technology. Keynote points identified here cover the different cybersecurity threats organizations are prone to, which can include malware, phishing, DDoS attacks, insider threat, and so on. Such threats can create severe problems such as financial losses, tarnished reputations, and legal liabilities.
Ultimately, having a strong network security is the prime requirement for the cyber defense efforts against cyber threats, unlawful network access and data leak. It is impossible to underestimate the importance of it because it helps ensure the confidentiality, integrity, and availability of data, which is essential in protecting enterprises and individuals from various security incidents in the digital age.
REFERENCES
- Agrafiotis, I., Nurse, J. R., Goldsmith, M., Creese, S., & Upton, D. (2018). A taxonomy of cyber-harms: Defining the impacts of cyber-attacks and understanding how they propagate. Journal of Cybersecurity, 4(1), tyy006.
- Algarni, S. (2021). Cybersecurity attacks: Analysis of “wannacry” attack and proposing methods for reducing or preventing such attacks in future. In ICT Systems and Sustainability: Proceedings of ICT4SD 2020, Volume 1(pp. 763-770). Springer Singapore.
- Alhassan, M. M., & Adjei-Quaye, A. (2017). Information security in an organization. International Journal of Computer (IJC), 24(1), 100-116.
- Almulihi, A. H., Alassery, F., Khan, A. I., Shukla, S., Gupta, B. K., & Kumar, R. (2022). Analyzing the Implications of Healthcare Data Breaches through Computational Technique. Intelligent Automation & Soft Computing, 32(3).
- Alsharif, M., Mishra, S., & AlShehri, M. (2022). Impact of Human Vulnerabilities on Cybersecurity. Computer Systems Science & Engineering, 40(3).
- Bagale, G. S., Vandadi, V. R., Singh, D., Sharma, D. K., Garlapati, D. V. K., Bommisetti, R. K., … & Sengan, S. (2021). Small and medium-sized enterprises’ contribution in digital technology. Annals of Operations Research, 1-24.
- Bhadouria, A. S. (2022). Study of: Impact of Malicious Attacks and Data Breach on the Growth and Performance of the Company and Few of the World’s Biggest Data Breaches. J. Sci. Res. Publ.
- Bhadouria, A. S. (2022). Study of: Impact of Malicious Attacks and Data Breach on the Growth and Performance of the Company and Few of the World’s Biggest Data Breaches. J. Sci. Res. Publ.
- Bompos, K. (2020). Development Time of Zero-Day Cyber Exploits in Support of Offensive Cyber Operations(Doctoral dissertation, Monterey, CA; Naval Postgraduate School).
- Chopra, A. (2016). Security issues of firewall. J. P2P Netw. Trends Technol, 22(1), 4-9.
- Çıngı, İ. (2023, December 6). Cybersecurity Studies-4 (Network Security). Medium. https://medium.com/@iremcingi/cybersecurity-studies-4-network-security-d5066ee519f6
- Clarke-Salt, J. (2009). SQL injection attacks and defense. Elsevier.
- Cohen, F. (1997). Information system attacks: A preliminary classification scheme. Computers & Security, 16(1), 29-46.
- Dewanje, A., & Kumar, K. A. (2021). A new malware detection model using emerging machine learning algorithms. International Journal of Electronics and Information Engineering, 13(1), 24-32.
- Draper, A. (2006). Identity theft: Plugging the massive data leaks with a stricter nationwide breach-notification law. Marshall L. Rev., 40, 681.
- (2022). Cybersecurity Threats Fast-Forward 2030: Fasten your Security-Belt Before the Ride! ENISA. https://www.enisa.europa.eu/news/cybersecurity-threats-fast-forward-2030
- Feliciano Cruz, E. Y. (2023). Employee Guide to Cybersecurity and Cyber Threats. Computer Science;.
- Gal, M. S., & Aviv, O. (2020). The competitive effects of the GDPR. Journal of Competition Law & Economics, 16(3), 349-391.
- Herath, T., & Rao, H. R. (2009). Protection motivation and deterrence: a framework for security policy compliance in organisations. European Journal of Information Systems, 18, 106-125.
- Hill, K. B. (2019). Phishing Website Classification Using URLs and Machine Learning(Master’s thesis, Alabama Agricultural and Mechanical University).
- Ioanid, A., Scarlat, C., & Militaru, G. (2017, September). The effect of cybercrime on Romanian SMEs in the context of wannacry ransomware attacks. In European Conference on Innovation and Entrepreneurship(pp. 307-313). Academic Conferences International Limited.
- Kadre, P. (2023). The Critical Role of Network Security in Today’s Digital Landscape. linkedin.com. https://www.linkedin.com/pulse/critical-role-network-security-todays-digital-landscape-kadre/
- Kafi, M. A., & Akter, N. (2023). Securing financial information in the digital realm: case studies in cybersecurity for accounting data protection. American Journal of Trade and Policy, 10(1), 15-26.
- Khan, M. J. (2023). Securing network infrastructure with cyber security. World Journal of Advanced Research and Reviews, 17(2), 803-813.
- Khan, S., Kabanov, I., Hua, Y., & Madnick, S. (2022). A systematic analysis of the capital one data breach: Critical lessons learned. ACM Transactions on Privacy and Security, 26(1), 1-29.
- Kharraz, A., & Kirda, E. (2017). Redemption: Real-time protection against ransomware at end-hosts. In Research in Attacks, Intrusions, and Defenses: 20th International Symposium, RAID 2017, Atlanta, GA, USA, September 18–20, 2017, Proceedings(pp. 98-119). Springer International Publishing.
- Kizza, J. M., Kizza, W., & Wheeler. (2013). Guide to computer network security(Vol. 8). Berlin: Springer.
- Krejsa, H., & Suh, H. (2017). Phishing in Troubled Waters. Center for a New American Security (CNAS), 5.
- Leitner, C., & Stiefmueller, C. M. (2019). Disruptive technologies and the public sector: The changing dynamics of governance. Public service excellence in the 21st century, 237-274.
- Mallik, A. (2019). Man-in-the-middle-attack: Understanding in simple words. Cyberspace: Jurnal Pendidikan Teknologi Informasi, 2(2), 109-134.
- Malliouris, D. D. (2021). Finance & cyber security: uncovering underlying and consequential costs of security breaches and investments(Doctoral dissertation, University of Oxford).
- Manteigueiro, J. P. D. P. (2020). Authentication and Identity Management for the EPOS Project(Doctoral dissertation).
- McGeveran, W. (2018). The duty of data security. L. Rev., 103, 1135.
- Möller, D. P. (2023). Intrusion detection and prevention. In Guide to Cybersecurity in Digital Transformation: Trends, Methods, Technologies, Applications and Best Practices(pp. 131-179). Cham: Springer Nature Switzerland.
- Morse, E. A., & Raval, V. (2008). PCI DSS: Payment card industry data security standards in context. Computer Law & Security Review, 24(6), 540-554.
- Mughal, A. A. (2018). The Art of Cybersecurity: Defense in Depth Strategy for Robust Protection. International Journal of Intelligent Automation and Computing, 1(1), 1-20.
- Mulligan, S. P., Freeman, W. C., & Linebaugh, C. D. (2019). Data protection law: An overview. Congressional Research Service, 45631, 25.
- Pandey, S. (2011). Modern network security: Issues and challenges. International Journal of Engineering Science and Technology, 3(5), 4351-4357.
- Parker, M. (2020). Healthcare Regulations, Threats, and their Impact on Cybersecurity. In Cybersecurity for Information Professionals(pp. 173-202). Auerbach Publications.
- Perova, K. (2022). Creating guidelines and best practices against phishing and ransomware attacks for healthcare personnel.
- Ponemon Institute. (2020). Cost of a data breach report 2020.
- Saleem, H., & Naveed, M. (2020). Sok: Anatomy of data breaches. Proceedings on Privacy Enhancing Technologies.
- Seth, B., Dalal, S., Jaglan, V., Le, D. N., Mohan, S., & Srivastava, G. (2022). Integrating encryption techniques for secure data storage in the cloud. Transactions on Emerging Telecommunications Technologies, 33(4), e4108.
- Sharma, P., & Barua, S. (2023). From data breach to data shield: the crucial role of big data analytics in modern cybersecurity strategies. International Journal of Information and Cybersecurity, 7(9), 31-59.
- Sinai, J. (2016). The nonviolent lone actor: the insider threat in information security. In Understanding Lone Actor Terrorism(pp. 280-294). Routledge.
- Sinclair, S., & Smith, S. W. (2008). Preventative directions for insider threat mitigation via access control. In Insider attack and cyber security: Beyond the hacker(pp. 165-194). Boston, MA: Springer US.
- Sivrieva, G. (2018). The Equifax Breach Amid a Lawless Landscape: Changes are Afoot for Privacy & Data Security due to the European Union’s General Data Protection Regulation. Wayne L. Rev., 64, 553.
- Sleem, L., Noura, H. N., & Couturier, R. (2020). Towards a secure ITS: Overview, challenges and solutions. Journal of Information Security and Applications, 55, 102637.
- Snedaker, S. (2013). Business continuity and disaster recovery planning for IT professionals. Newnes.
- Staddon, E., Loscri, V., & Mitton, N. (2021). Attack categorisation for IoT applications in critical infrastructures, a survey. applied sciences, 11(16), 7228.
- Stergiou, C., Psannis, K. E., Gupta, B. B., & Ishibashi, Y. (2018). Security, privacy & efficiency of sustainable cloud computing for big data & IoT. Sustainable Computing: Informatics and Systems, 19, 174-184.
- Stewart, J. M. (2013). Network Security, Firewalls and VPNs. Jones & Bartlett Publishers.
- Sunyaev, A., & Sunyaev, A. (2020). Internet computing(pp. 237-264). New York, NY, USA:: Springer International Publishing.
- Takyi, H. (2019). Security, Privacy, Confidentiality and Integrity of Emerging Healthcare Technologies: A Framework for Quality of Life Technologies to be HIPAA/HITECH Compliant, with Emphasis on Health Kiosk Design(Doctoral dissertation, University of Pittsburgh).
- Thomas, T. M., & Stoddard, D. (2011). Network security first-step. Cisco Press.
- Unger, A. (2021). Susceptibility and Response of Small Business to Cyberattacks(Doctoral dissertation, Utica College).
- Vatsyayan, V., Chakraborty, A., Rajarajan, G., & Fernandez, A. L. (2022). A detailed investigation of popular attacks on cyber physical systems. In Cyber Security Applications for Industry 4.0(pp. 1-42). Chapman and Hall/CRC.
- Verizon: 2021 Data Breach Investigations Report; Computer Fraud & Security: New York, NY, USA, 2021.
- Wagner, D. (2019). Building More Resilient Cybersecurity Solutions for Infrastructure Systems. Systems Engineering in the Fourth Industrial Revolution, 415-443.
- Wall, D. S. (2013). Enemies within: Redefining the insider threat in organizational security policy. Security journal, 26, 107-124.
- Williams, B., & Adamson, J. (2022). PCI Compliance: Understand and implement effective PCI data security standard compliance. CRC Press.
- Wolff, J., & Atallah, N. (2021). Early GDPR penalties: Analysis of implementation and fines through May 2020. Journal of Information Policy, 11, 63-103.
- Woschek, M. (2015). Owasp cheat sheets. OWASP Foundation, 1-315.