Cyber Security Threats In A Ghanaian Small-Scale Organisation. The Primary Focus Is To Develop A Cybersecurity Culture Framework And Evaluate Its Impact On Ghanaian Small-Scale Organisations.
A Cybersecurity Culture Framework and Its Impact on Ghanaian Organizations
So, I, Tweneboah Sarfo, certify that this dissertation and everything in it are mine.
This is always fully attributed when I reference the published work of others.
When I quote someone else's work, I always give the source. Except for these quotes, this dissertation is all my own work.
I have thanked all major sources of assistance.
If my study builds on earlier work or is part of a wider collaborative research initiative, I have specified who did what and how much I contributed.
I have read and understood the consequences of academic misconduct.
I also promise that I got informed consent from everyone who worked on this dissertation, as required by the school's code of ethics.
This work is dedicated to the Almighty God, My family, and My bosses in the Army.
I believe that my success in this program is directly attributable to God. Also, I'd want to give props to Captain TRANHAM for inspiring me and to Mr. Suresh Sureshkumar, my supervisor, for his unrelenting work in getting my dissertation published. Additionally, I appreciate the encouragement from all my Arden University professors. My sincere appreciation goes to my wonderful wife, Ms Charity Animah Sarfo. I appreciate the help and encouragement I've received from my peers. May God bless them all. Comment by Owner: Distribute your text evenly between margins. Comment by Owner: Check recommended line spacing and font size.
TABLE OF CONTENTS Comment by Owner: Add table of figures and tables.
AUTHORSHIP DECLARATION ……………………………………………………………. i
DEDICATION …………………………………………………………………………………. ii
TABLE OF CONTENTS………………………………………………………………………. v
LITERATURE REVIEW……………………………………………………………………… vii
RESULTS AND DISCUSSION………………………………………………………….. ix
CONCLUSIONS AND RECOMMENDATION……………………………………….. xi
Abstract Comment by Owner: Your abstract should include: Introduction, Methods, Results and conclusion. Usually around 100–300 words
Cybersecurity is the practise of protecting information, hardware, and software from malicious intrusions through a network. To protect information assets, people need to adopt a certain mindset, set of beliefs, set of values, and body of knowledge known as the cybersecurity culture. While Ghana has made great strides in embracing and employing ICTs, the country's businesses have not yet developed a culture of cyber security. Lack of a framework to provide direction, focus, guidance, and a consistent strategy for resolving cybersecurity issues is one of the challenges facing the ICT industry in Ghana. When there is no cybersecurity framework in place, dealing with cybersecurity problems becomes challenging since there is no guidance or direction on how to prevent, respond to, or mitigate cybersecurity breaches or risk, or how to increase employee awareness of these issues. As a result, preventing cyberattacks in Ghana requires a cybersecurity framework that promotes a cybersecurity culture. The subject under investigation is "How can a cyber security cultural framework be established to confront cybersecurity concerns for grassroots users of cyberspace in Ghana?" Thus, an interpretivist approach is required to deal with the contextual nature of the question this study aims to address. This research made use of a constructivist or interpretivist theoretical framework.
Introduction Comment by Owner: Start on anew page. Comment by Owner: Expected here are: Background – an overview of the topic and its merit as a research topic Rationale – justification for the study Case study – if relevant, an overview of the organisation or study context Aim, Objectives and Research questions Dissertation Structure Comment by Owner: Comment by Owner: Your introduction should not more than 800 words.
Businesses in Ghana are more susceptible to cyberattacks due to the widespread usage of web-based extensions. The vulnerabilities observed in Ghanaian SMEs also contribute to the prevalence of these assaults. Messaging, distributed computing, online interfaces, virtual entertainment, web banking, the internet of things, and similar web-based extensions have all been used by Ghanaian businesses. Cybercriminals are now able to take advantage of these developments, and most of their crimes go unreported and unrecognized. One of the difficulties encountered by ICT organisations is the absence of a system that provides leadership, focus, direction, and a standardised approach to managing network security. Most Ghanaian NGOs are founded through social data agreements, making it crucial to safeguard vital information, infrastructure, and personnel from cyberattacks. Comment by Owner: ? Comment by Owner: Introduce acronyms before using them. E-g: Small to Medium (SME)
Adoption of ICT, computerization of different bases, and construction of web networks in even the most distant areas of Ghana have all been undertaken with the aim of closing the country's digital divide (Ouassini & Amini, 2021). The targets of the attempted digital assault are also exposed. There is a significant lack of most instructions and techniques to avoid, respond to, and mitigate network security events and hazards, as well as further enhance employee understanding, when it comes to managing online security concerns without a network security system. If these prerequisites are met, it is envisaged that Ghana's small and medium-sized enterprises would be protected against cyber assaults.
The Internet of Things is a network of networked devices that exchange data and instructions via a distributed network of sensors, gateways, and other nodes. The method of transmission may be hardwired or wireless, depending on the gadget in question. Barker et al. (2020) state that, right now, the Web of Things is the best place for developers to focus their efforts. As the complexity of the web of things grows because of mechanical coordination and collaborative effort, so too does the possibility that network security will be compromised. Information falsification, information control, information and IP fraud, and hacking are all common in the gambling industry. More and more Internet of Things (IoT) devices are being produced and deployed for widespread use. The growth of massive, decentralised computing and information corporations also presents promising prospects for the expansion of the IoT sector (Barker et al., 2020). Web of Things (IoT) technologies must still pass the test of internet security.
The term "Cybersecurity Culture" (CSC) is used to describe an organization's collective knowledge, attitudes, perceptions, suspicions, norms, and preferences with regards to network security, as evidenced by the actions of those responsible for the development of data. The goal of the CSC is to ensure that the representative makes data security a central component of their work, trends, and leadership. Strong CSCs emerge organically from employees' attitudes and actions toward data resources in the workplace when data security is properly managed, and CSCs may be formed, coordinated, and modified as a part of the larger hierarchical culture of a company (Corradini, 2020). After all, businesses need to properly comply with and adjust their CSCs to new developments and dangers, shifting goals and cycles, and ever-evolving projects. A successful CSC fosters a culture of security among workers and helps them become more resistant to digital dangers, particularly those that are introduced in a user-friendly fashion, all without impeding their ability to take advantage of the most promising prospects for the company.
CSC refers to the practises of representatives regarding network security to safeguard associate data assets or get the optimal degree of online protection, and it also includes their secret data, beliefs, insights, mentalities, assumptions, standards, and values. Incorporating and capitalising on aspects outside of science and strong leadership are necessary to cultivate a compelling CSC (Barker et al., 2020). To foster a successful CSC, it is essential to acknowledge the significance of human brain research, humanistic components, and societal effects. Representatives, more than anyone else, should take a close look at both their immediate working conditions and the larger systemic issues that affect everyone. The guidelines stress the need for creating a CSC working group inside the company. This committee will be responsible for using modern technology to manage evidence-based CS, as well as for regulating CSC programmes and technology, monitoring the execution of CSC exercises, and guaranteeing that the organization's overall network security plan is upheld (Barker et al., 2020). The potential future results of the company's CSC programme have been increased by the consolidation of a core group of five express regions into one organisation. When it comes to the CSC programme, this central team requires backing from upper management, too.
An organization's projected CSC should be used to define the organization's most important goals and the performance standards that will be used to determine whether those goals have been met. Some of these objectives will be company-wide initiatives, while others will be decided upon at more localised levels. Training in Distinguishing Objectives and Their Related Success You may use the rules to refine your current CSC setup and define metrics (Corradini, 2020). Create a baseline for where you are now and measure how far you are from your intended destination. You can use one of three common routes: Stop mediating your present CSC issue. Use your CSC mediation skills to work through the problem at hand. Reduce the number of steps in both the first and second methods.
The organization's status and its goals should inform the actions it takes and the strategy it employs to implement those activities. The company needs to think about the following, in particular: The organization's focus areas, the language to employ when discussing those areas, and the desired results Choose either the middle value or the corresponding physical activity. You can learn more about the precise impact of your choice of activities if you carry them out separately and observe the results. Join forces and carry out the procedure simultaneously to find out the full impact of your efforts ("Foundations of the high-performance information security culture framework," 2021). Prior to going on to the next step, it is recommended that you repeat the previous steps and examine, reflect upon, and learn from the outcomes.
The company's acquisition and assessment of the opportunity are crucial first steps. To achieve this goal, existing values, culture, beliefs, and practices, as well as their origins, must be understood. This data is easily available across all teams and divisions (Corradini, 2020). Depending on the group, department, and/or nature of the job at hand, there may be varying requirements that must be met to ensure success. Furthermore, the organisation may be unaware of certain roadblocks to development unless those responsible for those areas bring them to management's attention.
Everyone in a company should feel empowered to contribute to the development and execution of a data security plan to foster a culture of shared ownership, appreciation, and support. This prevents security measures from being overly intrusive or complicated and instead ensures they are in line with the organization's practical and developmental contrasts. To be effective, a methodology must accomplish many things well: reinforce solid administrative viewpoints and actions; be scheduled similarly to other business opportunities to ease confirmation; centre on a flexible system suitable for long-term usage; and be quantifiable to prove performance. Metrics allow managers to regularly analyse their plans and assess their effects, allowing for more accurate assessment and more frequent strategy updates (Dawson et al., 2022). Because this method of network security is used by many businesses, employees may regard it as a suggestion rather than a requirement, even though most security incidents in businesses are the result of human error. In essence, advancement is useless to the organization's safety if it is not properly planned and exploited. Rather than aiming to restrict safe behaviour, increasing CSC influences prospects, develops safety awareness, and produces a tightly hierarchical society.
The development and rollout of an efficient CSC programme within a company is a complex endeavour that calls for the participation of top-level management and a wide range of stakeholder representatives. Culture is more than just caring; it also includes the establishment of norms, values, and beliefs. To achieve this goal, top-level management, CS contractors, and reps will need to have a common understanding of the roles, duties, and procedures that each play in preventing and responding to cyber-attacks (Dawson et al., 2022). Each company has its own unique culture; thus, to build a CSC that will last, top-down knowledge of the company's general culture, procedures, strategies, work habits, and cycles is essential.
There are risks of employees rejecting or ignoring the message, innovation, and labour of CS if CSC projects and exercises become too tough; this is especially true if CSC is not integrated in a hierarchical culture and fails to fulfil representative requirements and practises. Workers should be involved in the CSC formation process rather than being imposed upon. It is normal to expect top-level buy-in and public endorsement of the company's planned CSC to lend credibility to the initiative and signal its significance (Corradini, 2020). If your company or organisation is looking to establish a solid CSC, the advice in this section will be invaluable. This policy is based on previous CSC documentation and standards, as well as knowledge and best practises discussed at our conferences with CSC specialists and representatives from diverse organisations working on CSC tasks.
Changing a company's security culture is difficult since it calls for people to alter their worldviews, habits, and even their unspoken assumptions about how to keep a network secure. There are a variety of approaches that may be used to set up and manage a CSC effectively. Statements, mottos, awareness programmes, role models, prizes, and affirmations are all ways in which senior management responsibilities may create a new safety culture attitude. These obligations will reshape the hierarchical culture and provide the foundation for new approaches to data security across the business. Identify issues plaguing the corporate world (Dawson et al., 2022). The attitudes and actions of employees should be analysed in the context of the company. See what the situation is right now. Cybersecurity in an organisation should be evaluated in terms of its quality, arrangements and techniques, samples, assumptions and beliefs, and data before any further steps are taken.
Just as crucially, the ideal significance of business encounters should be conveyed and described. Targets and KPIs must be established for such a huge pool of potential customers. Calculate the mean distance from the present state to the ideal state (Dawson et al., 2022). Security strategies can be used to shape future objectives, cycles, and job instructions, signalling a shift away from distinguishing characteristics and toward clear and focused smart goals. Training employees on what they should do, how they should do it, and why they should stop doing it is crucial to persuading them of the need to alter the present safety culture. The curriculum should be designed with these goals in mind. Keep in mind that adjusting a culture takes time and effort. All representatives should be aware that their current employer is not a suitable match.
CSCs need metrics for measuring progress and receiving continuous feedback from boards and representatives. The goals may need to be amended if we discover them to be difficult to reach or unacceptable for representatives, but employees are continually pushed by management through incentives and approvals in the face of performance monitoring. It is possible to renegotiate and improve the final culture we seek over time. Metrics play a crucial role in defining both the present and intended CSCs, as well as progress accomplished, in the context of cultural transformation and data security. They confirm the appropriateness of security actions taken in a new network security culture by proving their efficacy, and they give helpful criticism for employees and management. Scalable, reproducible, and comparable large-scale measurements are required for reliable conclusions. Additionally, they should be doable, relevant, and provide helpful feedback on potential future developments (Dawson et al., 2022). Care must be taken to ensure that all selected measures are appropriate for the CSC. Metrics like "the number of workers that attended network security training" and "the results of a survey on network security information and competence" are comparable measures that may be used to evaluate a representative's degree of knowledge and understanding. As a result of their lack of relevance to the attitudes and worldviews of employees, these perspectives are inappropriate for gaining insight into CSC.
Analysing worker behaviour is possible by studying the real-world results of CSC implementation. Some cybersecurity technologies gather this data to help determine how often an organization's network is attacked, how often it can thwart such assaults, and how long it takes to discover an attack. Employee-sent phishing and malware assaults are another source of information on staff behaviour regarding network security. Specialized equipment evaluating staff workouts is another way to test for consistency. Finally, it's crucial to evaluate the network's disposition and protective beliefs, even if doing so is more challenging.
Employees' contributions and responsibilities to online communities, as well as their knowledge of network security risks, management roles and responsibilities, critical asset availability, cutting-edge, high-performance, and user-friendly specific tools, and strategies, can all be discussed via correspondence channels to improve the CSC. The confidentiality, propriety, and openness of any correspondence inside the company about this matter Analysing the expected practises of staff, generally, as well as their moods and feelings about cybersecurity safety and authoritative practises, awareness of place, social correspondence, disclosure of episodes, and what they see as standards for direct and hierarchical exercise, can provide insight into the beliefs and suspicions of workers.
To raise security awareness, small-scale organisations in Ghana might benefit from CSC, which is especially helpful for restricted commodities. Larger companies that already have an established IT security operation may find the framework restrictive. The government and the hidden industries worked together to consciously design this structure. The modular components of a CSC allow for extensive personalization and low costs. The CSC system's focus is on ensuring the integrity of an organization's IT infrastructure and providing some sense of direction without being process-centric ("Foundations of the high-performance information security culture framework," 2021). Money, modern/employee wellbeing, and functional risks are only some of the opportunities that may be addressed by focusing on network protection. A further non-biased feature of the system is the incorporation of internet protection risk factors into normal operations at businesses across the country.
In the realm of cyber security, fashions come and go.
The following trends are having an outsized effect on cyber security:
Web server: Attacks on online applications to steal information or propagate malware are still a real concern. Cybercriminals use hacked legal web servers to deliver harmful programs. However, there is a serious risk posed by data-stealing attacks, many of which are well publicised in the media. We now need to provide more attention to securing online infrastructure and web-based software. Web servers provide the perfect environment for these hackers to collect information. Always use a secure browser, but especially while making financial or other significant online purchases, to reduce your risk of falling victim to cybercrime.
What the cloud and its related services have to offer
Nowadays, organisations of all sizes are progressively adopting cloud services. To put it another way, Earth is climbing closer to the sky every day. As a result of this development, traffic may now avoid conventional checkpoints, which is a major problem for online safety. In addition, as the use of cloud computing continues to expand, new measures will need to be taken to ensure that sensitive information is protected within online apps and cloud services. Many worries have been voiced concerning the security of cloud services, despite their efforts to establish their own models. The cloud has many benefits, but it's important to remember that as it develops, so do potential security risks.
Specific threats and advanced persistent threats
The Advanced Persistent Threat (APT) represents a new generation of malicious programs. For a long time, web filtering and intrusion prevention systems (IPS) have played a crucial role in spotting these kinds of targeted attacks on networks (mostly after the initial compromise). Network security must combine with other security services to identify assaults as attackers grow more audacious and elusive. Therefore, we need to strengthen our security measures to forestall any attacks in the future.
Wireless data systems
There are no longer any barriers to talking to people throughout the world. A fundamental issue with these mobile networks, however, is security. Devices like tablets, phones, PCs, and so on are making firewalls and other security mechanisms less effective since they need protections beyond what the installed software provides. The safety of these wireless networks is an ongoing concern. Since mobile networks are especially susceptible to cybercrime, extra precautions should be taken whenever a security flaw is discovered.
Differentiated Protocol for the Internet
IPv6, the newest version of the Internet Protocol, is gradually being implemented to replace IPv4, the current protocol version that has served as the backbone of our networks and the Internet. Protecting IPv6 requires more than just a simple transfer of IPv4 features. IPv6 is a protocol that will completely replace IPv4 to expand the number of accessible IP addresses, but it also introduces some significant modifications to the underlying security model. Therefore, IPv6 migration should be prioritised to lessen the impact of cybercrime as soon as feasible.
The Code's Encryption
Encryption refers to the method of encrypting communications (or data) so that it cannot be deciphered by outside parties such as snoops or hackers. Using an encryption algorithm, a message or piece of data is transformed into unintelligible cypher text via an encryption system. A message's encoding method can be determined by using an encryption key. Data confidentiality and integrity are safeguarded from the start through encryption. Increased encryption use, on the other hand, introduces new challenges to the field of cyber security. Data transported across networks (such as the Internet or e-commerce), mobile phones, wireless microphones, wireless intercoms, and so on are all examples of data that might benefit from encryption while in transit. Therefore, one may check for data loss by encrypting the code and looking for leaks.
Therefore, these tendencies are some of the ones that are altering cyber security on a global scale.
Opportunities and dangers
The three parts of a vulnerability are the susceptibility or defect in the system, the attacker's access to the problem, and the attacker's ability to exploit the flaw. It is possible for an attacker to cause indirect harm to the software's stakeholders if a fault (also known as a bug) occurs at any point during the development process, including during coding, compilation, and implementation. Those who have a vested interest in a piece of software, such as users and the software's creator, are known as stakeholders. Depending on the severity of the flaw, a hacker may be able to start an attack and take advantage of it. Serious repercussions may result from a breach of high-level security. As a rule, managers of information technology are expected to overlook security flaws and other problems with their systems. After hiring an IT security agency or consultant, the company's IT infrastructure will be safeguarded adequately with minimal involvement from IT management. Security stress reverse testing, which searches for and detects blind spots or the number of flaws, can be used as a regular replacement for penetration testing, preventing catastrophic security failures. Companies that invest in ethical hackers are the ones that usually conduct these kinds of tests. In the next two parts, we will go through the most typical types of software and web security holes.
When it comes to software, some of the most typical security holes are:
Incorrect implementation of authentication and session management: Attackers can compromise credentials like passwords and logins, keys, and session tokens, or assume the identity of another registered user, if these features are not handled appropriately.
A SQL (Structured Query Language), OS (Operating System), or LDAP (Lightweight Directory Access Protocol) injection issue occurs when a user unwittingly receives malicious data in response to a request or command. The user may unwittingly provide the attacker access to sensitive information by executing the attacker's malicious data in the form of requests or command codes.
The Various Forms of Assault
A cyberattack is an electronic attack again among others’ a computer network, a website, or any other linked electronic device. A successful assault might compromise the security of the network and any data stored on its systems, as well as the system's availability, integrity, and confidentiality. Different types of include, tacks include a. Unauthorized attempts to gain access to a computer system or its data
DoS assaults, which overwhelm and crash websites, are becoming increasingly common. There are many different techniques to launch a denial-of-service attack. Teardrop is one such method, in which data packets of variable sizes are sent across a network.
The server has reached its storage capacity and is experiencing a buffer overflow.
Smurfing is the practise of bombarding a network with unnece
Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we\'ll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.
Why Hire Collepals.com writers to do your paper?
Quality- We are experienced and have access to ample research materials.
We write plagiarism Free Content
Confidential- We never share or sell your personal information to third parties.
Support-Chat with us today! We are always waiting to answer all your questions.