Cybersecurity

The Six-Source Essay: Expanded Synthesis
Mobile devices are associated with many harmful cybersecurity effects. Extant literature has examined the detrimental effects of using mobile devices at individual and business levels. For example, Aldakheel and Zakariah (2021) found that the extra features and functionalities of mobile devices are the sources of cyberattacks and targets of cyber criminals. Through sharing messages and files, attackers penetrate the critical information infrastructure of mobile devices and access, change, download, and delete the secret information stored in the gadgets. Access to classified information may lead to adverse consequences for personal life and corporations. For instance, Drew (2012) found that attackers can penetrate mobile health devices linked to various patients, healthcare givers, and departments to manipulate and misuse patient information.
Besides, hackers can control and configure device settings to commit fraud. These findings have theorized that devices operating under default settings are unsafe for storing sensitive information (Aldakheel & Zakariah, 2021). Drew (2012) argued that mobile devices are weak targets for attackers to steal sensitive information, including personal identity, bank accounts, intellectual properties, and organization secrets. According to Markelj and Bernik (2015), stolen and lost mobile devices pose severe data breach risks to gadget owners and their organizations. Criminals can penetrate mobile devices and spread viruses and malware, which can steal and delete classified information. Therefore, devices with manufacturer vulnerabilities and inactivated security settings are the weakest links for cybersecurity risks to individuals and organizations.
System defense strategies protect data, IT systems, and networks from malicious attacks. Ambore et al. (2017) examined various defense strategies for protecting networks, information, and information systems against cyber-attacks. First, Ambore et al. (2017) explained that defense strategies prevent security incidents and data breaches and monitor and respond to threats that damage systems and networks. Perimeter defense strategies, such as the intrusion detection system, monitor for malicious activities and policy violations around networks and IT systems. Nevertheless, the effectiveness of these intrusion detection systems depends on the activation of security settings in the devices. Besides, research has established that access control, user authentication, system firewalls, anti-virus, data encryption, and cryptography systems may be inadequate solutions to modern cyber threats (Ambore et al., 2017).
Aldakheel and Zakariah (2021) found that intrusion detection systems assess data security from various locations on the networks and systems, detect internal and external threats and remedy the issues. According to Aldakheel and Zakariah (2021), IT experts have employed signature-based and behavior-based malware detection methods to protect networks and systems. Nevertheless, these detection methods can only detect previously detected malware with the support of anti-malware vendors but cannot see new malware. Therefore, researchers recommend using machine learning techniques combined with heuristic analysis to provide effective detection solutions (El Gbouri & Mensch, 2020). Advanced malware detection techniques such as machine learning and deep learning have proved more efficient in solving intrusion problems in various research fields. Based on these findings, heuristic, machine learning, and deep learning techniques may provide viable virus detection solutions
Cybersecurity threats require effective methods to prevent their occurrence. Extant literature has explored the various authentication techniques and strategies to avoid intruder cyber-attacks. Drew (2012) discussed four identity authentication techniques for protecting mobile devices based on knowledge, biometrics, behavior, and double-factor. Knowledge authentication verifies the user through specific personal authentication checks such as passwords, PINs, and patterns keyed on the screen (Drew, 2012). Nevertheless, Aldakheel and Zakariah (2021) contend that anyone can easily pass information authentication by retrieving the secret code through shoulder surfing. Ambore et al. (2017) suggest biometric-based authentication is more secure than knowledge-based techniques because it exploits unique human biometric characteristics like face contour, fingerprints, and iris patterns.
However, it is challenging to record the biometric data in the system using this approach. The behavioral-based technique exploits the user’s unique behavior, such as habits, style of tapping the screen, walking style, and voice, as authentication codes (Drew, 2012). The advantage of behavioral biometrics is that it uses unchanged body traits and stores less private information. Lastly, the double-factor technique uses two secret verification codes to authenticate the user. According to Aldakheel and Zakariah (2021), the method is complex for intruders to breach, and it is more secure. Critically, the users face difficulties providing multiple verification codes when accessing their devices.
Cybersecurity threats come with hefty costs to users and organizations. El Gbouri and Mensch (2020) examined the costs associated with security threats to mobile devices and found that cyber threats may cause significant financial and life loss to individuals and corporations. Ambore et al. (2017) agree that attacks on mobile devices can lead to the loss of funds, company intellectual properties, and the destruction of mobile devices and stored data. With the proliferation of mobile technologies in the corporate world, employees carry their smart devices to access office work remotely, making them prime targets for physical attacks and gadgets (El Gbouri & Mensch, 2020). Therefore, possessing a mobile device by an employee may lead to a physical attack, death, loss of the device, and stealing of personal and company funds. Research has theorized that the most trusted employees of an organization are more vulnerable to cyber-attacks and risk privacy breaches in their companies (Aldakheel & Zakariah, 2021). Accordingly, the possession and access to classified information by criminals, such as mobile banking data, medical information, company transactions, and client-related data, can be used to commit fraud that leads to significant financial losses. El Gbouri and Mensch (2020) discovered that mobile Malware like GGTracker, RufFraud, and DroidDream installs more malware and steals money and personal data from Android OS smartphone users. Various malware, such as viruses, spyware, worms, and Trojans, destroy mobile devices, software, and stored data. Consequently, individuals and organizations incur substantial costs to replace the appliances and new software and hire IT experts to reconfigure the devices and install new software (El Gbouri & Mensch, 2020). Therefore, mobile security threats may lead to financial losses, device damage, software destruction, and loss of life.
Literature on the security risks and consequences of using mobile devices by individuals and organizations is extensive. Markelj and Bernik, 2015) assessed the security risks of using mobile devices for personal and organizational purposes. The researcher found that mobile devices are associated with risks of shoulder surfing, unauthorized physical device access, unintentional data disclosures, and vendor back doors (Markelj & Bernik, 2015). Research links shoulder surfing and unauthorized physical device access risks with harmful consequences of confidential data leakage (Drew, 2012). Employees’ increased use of personal devices to access organization work renders the company’s IT system vulnerable to internal and external cyber-attacks.
According to El Gbouri and Mensch (2020), contemporary organizations have implemented the Bring Your Own Device (BYOD) policy, which allows staff to bring their mobile devices for personal and work-related use, which transfers the risks to the workplace. As a result, malicious software in the personal apps of workers may contaminate the corporate network with malware. Research has theorized that using personal laptops, tablets, and smartphones at the workplace increases the risk of corporate networks through data leakage, unsecured Wi-Fi, phishing, network spoofing, improper session handling, spyware, and broken cryptography (Markelj & Bernik, 2015). Similarly, Yesilyurt and Yalman (2016) observed that most smartphone users are vulnerable to unintentional data disclosure and vendor back door risks. These risks contribute to the leakage and breach of confidential data. In contrast, vendor backdoor data leakage is more severe than that arising from unintentional data disclosure.
Operating systems are the software that helps the programs in mobile devices run. However, the presence of security threats adversely affects the functionality of operating systems. Yesilyurt and Yalman (2016) examined three types of hazards affecting mobile operating systems: malware, vulnerabilities, and attacks. According to Yesilyurt and Yalman (2016), malware is illegal and malicious software that targets private information in devices and causes device breakdown for the information to be stolen or become unusable. In addition, illegal software such as Trojans, worms, viruses, and spyware exploits vulnerabilities on the devices to penetrate and destroy data.
Malware attacks occur primarily through unpatched vulnerabilities on the device operating systems and outdated systems. El Gbouri and Mensch (2020) present two types of vulnerabilities: device hardware and software. Device agedness and insecure ports through which the devices connect to the internet are significant hardware vulnerabilities that expose devices to hackers. On the other hand, using open-source systems, using outdated OS, and downloading applications from third-party application stores pose serious software vulnerabilities (Yesilyurt & Yalman, 2016). Patching IT system vulnerabilities, updating OS, using closed systems, and downloading applications from secure app stores are effective strategies to secure OS from malware attacks. The other threat to operating systems is criminal attacks to penetrate the devices. Attacking techniques such as hacking and intrusion are used by criminals to access sensitive information.
 
References
Aldakheel, E., & Zakariah, M. (2021). Mobile devices and cybersecurity issues authentication techniques with machine learning. Journal of Management Information and Decision Sciences, 24(6), 1-15. https://www.academia.edu/81419259/Mobile_Devices_and_Cybersecurity_Issues_Authentication_Techniques_with_Machine_Learning.
Ambore, S., Richardson, C., Dogan, H., Apeh, E., & Osselton, D. (2017). A resilient cybersecurity framework for mobile financial services (MFS). Journal of Cyber Security Technology, 1(3-4), 202-224. https://doi.org/10.1080/23742917.2017.1386483
Drew, J. (2012). Managing cybersecurity risks. Journal of Accountancy, 214(2), 44-48. https://www.journalofaccountancy.com/issues/2012/aug/20125900.html.
El Gbouri, A., & Mensch, S. (2020). Factors affecting information security and the widest implementations of bring-your-device (BYOD) programs. ACET Journal of Computer Education & Research, 14(1), 6-12. https://acet.ecs.baylor.edu/journal/ACETJournal_Vol14/BYOD%20Programs_with%20Dr.%20El%20Gbouri%20and%20Mensch.pdf.
Markelj, B., & Bernik, I. (2015). Safe use of mobile devices arises from knowing the threats. Journal of Information Security and Applications, 20(1), 84-89. https://doi.org/10.1016/j.jisa.2014.11.001
Yesilyurt, M., & Yalman, Y. (2016). Security threats on mobile devices and their effects: Estimations for the future. International Journal of Security and its Applications, 10(2), 13-26. https://doi.org/10.14257/ijsia.2016.10.2.02