ANALYSIS AND DISCUSSION OF ‘WHOLESOME GROWING’ SOCIALLY ENGINEERED HACKING SCENARIO
Executive Summary
This report deals with the introduction measures that are related to the data breach, in relation to any particular organization. In the first half of the report, the analysis of the breach and the causes behind the data breach are discussed which would also talk about the main prevention measures that are associated with the generation of the risk factors and the data breach measures. The proposed interventions would also talk about the personal and transferable skills that are associated with human behaviour and online activity. In the next half of the report, the ethical issues will be discussed that would talk about the research knowledge and the cognitive skills. In the next half of the report, the ethical and moral issues will be discussed that would talk about human interventions and the mitigation of cyber security measures. This would also relate to the social engineering threats that would be associated with the professional skills and the solutions that are generated. In the last phase of the report, the evaluation of the cyber security outcomes will be discussed.
Introduction
Since Covid 19 started people are staying at home and gaining interest in developing some of the new IT skills. Hacking the human mind is a very popular one. Though it is not at all acceptable from anyone the skill is growing and so is the intention of doing the wrong but interesting things. This is creating a danger in humanity as this hacking skill brings in a lot of suspicions and bad things into the world. Over the last couple of years, there has been tremendous growth in information and security and management, and it is the most common topic related to information technology within the people’s domain. As with the increasing cyber crimes and hacking the information management system include these two branches along with everyday use technology. Cyber security is the subject that deals with the protection of privacy information, safety intervention, this process of protecting information from any misuse and also preventing the same from any damage or leak within the unauthorized groups. In this era, humans are much dependent on social media and technology. There is a significant impact of social media on human and business organizations. This may be positive, as well as negative. With the increase in the use of this social networking, hacking and cyber crimes are also increasing. In today’s world a considerable part of a business shift towards an online platform, peoples use this online platform for numerous things such as personal interaction, money transactions, banking, business purposes, industrial purposes, border safety and security. For many others, therefore, it is necessary to have a system that manages unethical behaviours in social networking and prevent any inauthentic functionality.
1. Data Breach
A data breach is a process of accessing unethically protected data that are sensitive or confidential, or it is the activity through which any protected data unfolds in an unauthorized way.
A data breach cannot be related to data loss, because data loss means there is no more extended access of data due to some technical faults or hardware failure, human mistakes or any other reason which are intentional or unintentional mistakes (Akrout et al. 2019). Still, a data breach is an activity of accessing any protected by unauthentic persons, or it is the process of disclosing any sensitive or confidential protected data to unauthorized users. The protected data can be in the form of customer information, employee information, personally identifiable information, or personal health information, transactional information, social security pins or codes. This can include essential data such as legal and corporate information, trade plans, managerial acquisitions, customer and suppliers information, technical processing, manufacturing process or designing (Bambauer, 2020). Not every time data breaches are intentional, sometimes users send information accidentally to the wrong person or receiver through mails or uploading on the wrong sites. It has been found that according to Verizon’s report on data breach investigation, about 17% of data breaches are unintentional or accidental. This report also suggests that most of the data breaches are targeting the financial aspects of organizational facts and information.
1.1 Relation with the organization
Impacts of data breaches on wholesome growth
Data breaches can affect any organization in different ways. The impact of data breaches may be a financial, legal, reputational, operational impact, which explains here.
1.2 The financial impact of Data Breaches
Companies often face financial losses due to this activity; it includes regulatory fines or payment details or statements. It can be seen that there is a drop in value in Wholesome Growth as there is a significant impact of the data breach on the financial sector of the company (Bátfai, 2020). This consequently increases the chances of loss in future revenue if a data breach occurs property intellectual. This also tends to result in a loss of competitive benefits and market trends.
1.3 The legal impact of data breaches
There is a vital role of class actions law protocols in any kind of individual information in the wholesome Growth company. Sometimes certain operations are performed by the company whenever there is a deemed out of compliance and preventions from payment processing with some major provider of payment cards.
1.4 Impact on Reputation
It is not that easy to find how much data breach can affect the reputation of that company, it can easily be said that this impact is for a long time and the damage to the reputation of a company is longer to compensate (Brack, 2017). This influences the individual executives, which sometimes leads to fired or resign forcefully in order to compensate for the damage caused by the data breaches.
1.5 Operational impacts of data breaches
Data breaches in an organization sometimes cause an interruption in the regular operational activities that typically occur during the process of investigation (Brown et al.2017). There may be chances of a total loss of important information because of the data breaches, and this hurts the most as the replication process takes too much time.
2.0 Analysis of the Breach
This is the process through which an unauthenticated user can access any sensitive protected data or information, and through various methods, they are able to unfold any protected data with miss-intentions referred to as data breaches. Here an unauthorized viewer or user can be still important private information such as any customers or employees individual information, information related to money transactional, national security (Buzu, 2020). There are many sources of data breaches.
2.1 Mitnick social engineering attack cycle
2.1.1 Attack formulation:
In this part, the goal has been identified by the attacker and then the target has been identified. The target can be from any organization or can be an entire organization. This can be said to be the formulation of the attack on the basis of the identification of the target and then gathering information from the targets.
2.1.2 Information gathering:
Gathering information is the most important part of targeting an individual or an entire group of individuals. The information helps the attacker to build trust over the target. If the proper relation is not built with the attacker then they will not get the justified data or information. In this step, the attacker gathers all the information from several sources and thus identifies all the possible resources which will help the attacker to make sure all the necessary parts will help the attacker to determine the necessary steps.
2.1.3 Preparation:
In this part, the attacker duly analyzes all the gathered information and then determines the steps to attack the firm or can be said to be an individual. This is the process of taking all the necessary decisions which include developing the attack vector. This includes the goal, target, medium and the techniques that will the attacker follow. Here in this process, all the plans have been made accordingly.
2.1.4 Developing relationship:
Here in this process, the attacker tries to build an adequate relationship with the target so that the target does not hesitate to share their valuable information with the attacker. This can be done by sending emails that have been described in the case study. Or can be developed by sharing emails that contain malicious content.
2.1.5 Exploit the relationship:
Here in this process, the attacker uses several techniques to manipulate the target emotionally and one manipulated they got the desired moment to attack the victim and thus making sure that the attacker is now can enter the system of the victim and get all the data which they need to infuriate the entire firm or can be said any individual.
2.1.6 Debrief:
This is the last process of getting the trust of the target victim so that they do not feel that this was a cyberattack and hence making sure to remove all the traces from the system of the firm or from the system of the individual. It makes target belief that this was nothing but a security break down and the alternate one helps the firm or the individual to repair those.
Thus from the Mitnick attack cycle, it can be said that the provided case study is entirely described by this process of formulating the threat. From the very beginning, the attacker loads the malicious data on the USB drive. In other words, that was a corrupted drive that can harm the pc and then all the business data was at risk. When violet got the USB that was the attack formulation and when she went on to plug it into the PC was the preparation and the information gathering part. On the other hand, if she puts on the USB drive then it would be a huge challenge for the entire business data and information. In spite of that, if Daisy did not stop Violet then it is obvious that the attacker made her believe that this is the normal procedure to open a USB drive in this way. Here the huge question and the security threat that arises is the knowledge of cyber security. If the workers of that firm have adequate knowledge about the cyber threats then it would be impossible for the attacker to get into their system and thus not be able to process further. On the other hand if Violet opens the folder then she needs to go through the entire process and then needs to fulfil the attacker’s demand for bitcoin while losing all the valuable and necessary data. Thus the Mitnick cycle can be related to the provided case study of the wholesome growing.
2.2 Causes behind Data Breaches (In relation to Case study 3)
A general example of a data breach is sensitive data-stealing from a corporate website database by a hacker. Data Breach is undesirable for any company or organization as it reveals important information regarding employees, customers, finances, trading, which are protected but steel can be stolen by the hacking process with various techniques and methods. Wholesome Growing companies are also not unaware of this activity (Cerrudo and Apa, 2017). Data breaches can happen in any kind of organization, institution, or health sector. In the hospital, there is a chance of data breach by screening the health information of any patient’s by any unauthorized employee of that hospital. Some time lack of strong password protection or major software related issues like missing up-gradation, missing security patches all these factors can lead to data breaches in that organization (Chung et al. 2018). Wireless networking, login credentials, open sources are the causes of having data breaches. On the other hand, social engineering most probably via email phishing or spectating unauthentic can also increase the chances of passing the secure information or login credentials to the attackers or unauthorized users. Then this information can go to the wrong hand or criminals. Consequently, this can lead to malware infections and unethical activities. Data breaches by hackers or cyber criminals sometimes lead to disclosing the information which is under government agencies or enterprises that can be exposed inadvertently.
2.3 Prevention Process of Data Breaches
It makes it very difficult to predict and prevent cyberattacks as cybercriminals imply new and high levels of strategies and techniques to unfold protective data to access the data by unauthorized users (Erdodi and Zennaro, 2020). Although there are some methods by following this, it can be possible to reduce this kind of unauthenticated activity and restrict cybercriminals and hackers and make them successful in their bad intentions.
2.3.1 Identification of the risk
This is very important to identify the type of risk related to the data breach and therefore take actions accordingly with the proper methods and techniques. From the research, it has been found that only 65 to 70% of the organization takes action once a year. And only 30 to 355 companies perform a re-evaluation process to handle the risk at least one time a year (Felin et al. 2019). This is necessary to examine the people, software applications, hardware, electronics media, devices and gadgets and regularly replace those if any kind of threatening cyber activities are found in it. There are frequently new risks generated, therefore identifying those risks and resolving these as quickly as possible is very important to maintain safety and security. Risk assessment should be performed by each company as well as for the case of wholesome growth companies also needs to follow this in order to have a risk free environment [Referred to Appendix 1].
2.3.2 Protect the data
There are many safeguards available to protect important data. And implementing the most appropriate one will help to protect the data and make it safe from cyber threatening. If there is any situation that occurs like confusion in how to begin then always start with the regulatory compliance guidance (Fragnito, 2020). There is another helpful resource which is using CIS controls which are regularly updated for the purpose of internet security. In below, there are explanations about some basic safeguards.
2.3.3 “Encryption”
This is a very effective way to avoid cyber threats and is very less costly. Encryption of data makes the data more protected as if the data is encrypted, then it will become useless for performing any malicious activity (Hatfield, 2019). Hence there is no risk of stealing data because encrypted data cannot be sellable by the cybercriminal or hackers as this data becomes useless for them. Therefore this encryption method is a useful technique to prevent a data breach.
2.3.4 “Data access governance.”
Regular entitlement and evidence and monitoring the data accessibility can reduce the chances of cyber threats and prevent any malicious activities.
2.3.5 “Training and awareness.”
Half of the chances of data breaches are due to the employee’s mistakes, and they might be much responsible for the breaches as because of lack of communication and unaware of the main security policies (Hildebrandt, 2018). Therefore to prevent these events, it is important to give them proper training and make them aware of the policies and strategies to make them able to deal with the attack. Provides the capability of how to respond that will reduce the chances of a data breach.
2.3.6 Applying regular detection process
Many of the time data breaches will remain unnoticed for a long time, and this increases the risk. Therefore, it is necessary to detect the breaches regularly and then respond to it accordingly and the necessary steps to be taken to reduce or remove the risk (Howard and Borenstein, 2018). it has been found that wholesome growth fails to detect about 65 to 68% of data breaches. Hence they need some improvement and strategies in order to enable the regular detection process in order to minimize the risk related to the data breaches.
2.3.7 Be ready for responding.
The planning needs to be built when there is any data breach. In response, everyone needs to communicate and discuss it and develop a strong strategic plan’s useful method regarding the next step to prevent this activity [Referred to Appendix 2].
Build the ability to Recover
They should have a strong plan to recover the stolen data or recover the data which is destroyed.
2.4 Risk factors related to the data breach
There are mainly two types of risk related to the data breach. One is the risk related to the people, and the other one is the risk related to the gadgets. Often some people are granted access to sensitive information or many times they are allowed for regulating important information among some specified people or groups, but most probably their intentional or accidental activities may lead to the data breach happens in the organization and which in results effects on the operation of that company and causes for some malicious activities by cybercriminals and hackers (Hugentobler, 2017). Risks are related to the devices as well as the electronic devices or gadgets that are used for storing data can be stolen or lost, and consequently, data with it also might possibly go to the wrong hand which can cause a data breach.
3.0 Proposed Interventions
3.1 Personal and Transferable Skills
In the modern era of technology, the usage of the software is on the top, and thus the industries and organizations are partially dependent on technology and online software which reduce the workload as well as being too accurate with respect to humans. Therefore the industries preferred to use these modules to make their work made irrespective of time and human effort (King et al. 2018). But on the other hand, it can be said that the greater the number of software usages bigger the chance of getting attached to the cyber risks that can create huge issues on maintaining the confidential data of that organization or the same is related to a common people who are using such technologies to compensate the works that they need to do manually like banking and other utilities. Thus the chance of getting hacked has increased. There are several processes of manipulation that can be described in a single term that is “Social Engineering”. Here the activities that can cause a huge risk take place by manipulating the users psychologically so that they could make a mistake while operating and thus giving all the important data or sensitive information to the malware (lin et al. 2019). The process is done by several processes which can be described by below-mentioned points-
3.1.1 Identification of the attack ground
In this process, the attacker tries to identify the victim to whom the attacks can be made, which allows them to make the necessary steps that they need to follow to enter the system of the victim (Martinelli et al. 2017). First, the attacker gathers information about the victim and then analyzes the aspects they go for the method that can be used to get the victim. And thus they get the information to make sure that the system can be hacked or can be engaged with the selected method.
3.1.2 Hoodwink the victim to obtain the ledge
In the next process, the attacker engages the target with various malicious threats that can be the security threats which is saying that the users system is in danger and thus they try to get the attention of the user and thus holding trust that the provided methods can help the victim to get rid of the threats (Nosco et al. 2020). To make that happen they use to make sure that the threat comes again and again so that the user trusts it from the core and thus doing the steps that have been provided, the victim enters the malware, and thus the attacker took charge [Referred to Appendix 3].
3.1.3 Gaining the data over time
To make sure that the attack relates to the user relevant they used to make sure that there are no such malware issues that can hamper the victim’s security aspects, and thus they expand their foothold to hold the trust of the victim (Nurse, 2018). Once they are sure of the victim’s trust, they execute their task and hence get all the necessary information of the victim or can be said of the organization which is on target.
3.1.4 Getting out of the track without any trace
Executing all the operations, the attacker then processes the necessary steps, which includes putting an end to the traces that have been made by the malware. This is the process where the attacker makes sure that all the malware activities have been removed so that the victim thinks that the threats are resolved, and the system is stable, but on the other hand, all the information has been stolen by the attacker, and thus the attacker comes out of the process without any trace and hence acts as a natural end of the malware process.
3.2 Human Behaviour related to online activity
Communication, which is the main aspect of any person or can be said the basis of the growth of the industry by sharing information from one end to another. Communication is the key to gathering information by sharing and thus by gaining the information they could make a change to the entire system of thinking and can bring revolution to new aspects of evolving challenges and handling them (Rowlinson, 2020). In this process of gaining information, the internet is the main source where the effectiveness of communication increases while it is flexible in nature and thus cost-efficient. This does not require any particular software and thus making it more convenient to the entire world. There are too many applications available on the internet through which the communities can interact with each other and hence share information and binding the persons with the same interests and culture. On the other hand, it can be said that social media is putting a huge effect on the information sector wherein social media people are able to connect with the whole world and thus getting GB all the information with respect to their interest (Samal, 2019). Thus it can be said that the influence of social media will enhance in the future more and more. This impact of social media will hamper the way of interaction of the humans by means of sharing posts that engage the rude behaviour toward an unethical thing that is happening on the web or in the community thus making it vulnerable for the entire society to make further decisions on their own (Sawyer and Hancock, 2018). This will also hamper the socio-industrial aspects like if one is not that socially presentable then they will not be able to interact with the potential employers which will affect their chance to get a job of their interest. This is the negative impact of social media but on the other hand, if the post is more relevant to the culture then it will help one to communicate with the world irrelevant to the social aspects and thus it will help to find jobs. This kind of behaviour is one that can be observed by analyzing the human interaction with the internet and the communicational software (Shoshitaishvili et al. 2018). This behaviour depends on the communities which can be online or can be offline thus the behaviours can be determined by implementing adequate surveys and data analysis which will help to understand the behaviours of the individuals [Referred to Appendix 4].
3.3 Ethical issues that are relevant to the human behaviour modification in an organization
If an organization wants to grow their business and keep themselves free from any social and security threats then they are liable to maintain proper organizational ethics to build a proper environment for their company to make sure that the confidential data is safe from internal threats as well as external (Taveras and Hernandez, 2018). Maintaining ethics is the key point where the companies must focus on and thus helps the firm to determine the factors that are affecting their business profitability and the way of conducting various actions. One company must analyze the ethical behaviours by three steps which are-
3.3.1 “Personal Ethics”
This cannot be understood by analyzing any individual as it varies from man to man. Each person has their own perspective and has a different religion (Wilcox and Bhattacharya, 2020). The organization behaviour can put an effect on personal ethics and thus it is not possible to maintain each and every individual in respect to the values of any individual.
3.3.2 “Professional Ethics”
It is the key factor for any organization by setting up a proper guideline that has to be followed by all the employees which will help them to identify their line of work.
3.3.3 “Organizational Ethics”
It is nothing but the process of establishing the proper culture within the organization and thus confirming the entire process of work is more ethical. Thus it can be said that organizational ethics define the positive and negative impacts that can affect the productivity as well as the morality of the employees within the organization. And those ethics can be described as “sustainability” management or “fraudulent activity management or can be “diversity management”.
3.4 Research Knowledge and Cognitive Skills
The process of gaining the cognitive skills is nothing but training one’s mind to acquire knowledge so that they could pay attention to their work properly and could understand the way of working with the information that helps to determine the knowledge. Paying attention is one of the most attentive skills that have to be had by all the employees of any organization so that they could focus on their individual work very carefully (Zhu et al. 2018). On the other hand, the divisible attention skill helps one to stay focused while they are working on two files and thus helps the work done with perfection. While the skill of long term memorizing is the one that helps one to remember the tasks and thus can revive information from that task whenever required. On the other hand, the skills that have to be obtained by all the employees is the local knowledge of solving things as early as possible. This process helps one to identify the key factors of any problem, why it arises and how to solve it. Thus it can be said that all the skills are related to each other and thus obtaining them in one firm could allow them to grow their sustainability and thus growing their business on the next level [Referred to Appendix 5].
4.0 Discussion of ethical and moral issues
4.1 Human Interventions to mitigate cyber security threats that target humans (Scenario 1)
In the modern era of technology, data and information are the most valuable asset for any individual or can be said to be any individual. Nowadays all the data has been stored online and thus the risk of getting attacked by the malwares are getting too high to manage all the data safely. Spending on the case study of “Wholesome Growing” it can be said that in scenario 1 where one found a corrupted USB that leads to the loss of confidential data of the company which is the biggest example of irregular human interventions which cloud make any firm vulnerable with respect to the data security of that company. So to prevent this kind of action the organization must focus on updating their software so that the patches could get regular updates which help to prevent the risks associated with the software (Zimmermann and Renaud, 2019). On the other hand, depending on the case studies scenarios 2 and 3 it can be said that the employees are not that aware of the cyber threat and thus they put on the malicious pen drive into the pc and therefore all the important personal data was hacked by the attacker. Thus IT must invest money to provide necessary “cyber security training” to all their staff so that they could identify the risks and thus prevent them. In this way, the firm could safeguard all their important and confidential data from the malwares.
4.2 Social Engineering threats to individuals and organizations
Social engineering depends on the human behaviour of surfing the internet and thus it is one of the most dangerous activities that can be performed by an attacker. There are many ways of attacking the victims; they target the ways where “human interactions” are involved. That is-
4.2.1 Baiting
In this process, the attacker uses social or can be said the physical media to run their operation. Here the attacker builds trust over the victim and flashes some activities that contain malware. When the user enters the particular site or clicks on the flash tit enters the system of the attacker and thus the attacker gets all the required data. This is one of the common types of hacking the data but dangerous as well.
4.2.2 Scareware
Here in this process, the attacker creates fake pop-ups which contain malware and when the victim clicks on that popup they allow the hacker to enter their system and steal all the data from the device (Zook and Graham, 2018). It can be done to any individual or can be done to any firm that has confidential data stored on their system. It can be done while surfing the internet over any browser and can be done while installing any software. There an advertisement comes up with some malware messages that say that the victim’s system is affected by any suspicious virus which has to be resolved. Whenever the user clicks on the link that got hacked and the attacker gets all the data. This is the most dangerous way of hacking.
4.2.3 Phishing
In this process, the attacker created a fake webpage and sent it to the victim. For example, the attacker sends an email to the victim and the email can contain any social media links. Whenever the user opens that link the page that has been made by the attacker flashes over the victim’s screen and looks very accurate with respect to the actual webpage that should be popped up. Thus when the victim enters the password the attacker got that and now they are able to enter the victim’s profile whenever they want.
4.3 Professional Skills
The skills that have to be there within an organization or in any individual is the technical knowledge of the computers so that they could identify the issues and hence making the way of operating systems more convenient. On the other hand, the problem understanding and problem-solving skills have to be there. This is a way by which one company could determine the risks and thus making their employees aware of the cyber risks and thus preventing them from making sure of their data security. It can be said that all individuals must have knowledge of computers so that they can understand which they are clicking. It can be said that these are the skills that have to be there within an organization to prevent cyber attacks and thus prevent the firm from getting vulnerable to the attacks of the malwares.
4.4 Cyber security solutions (Scenario 3)
The fundamental aspect of social engineering is to carry out a malicious activity over the internet to generate an enthusiast any user by engaging them in any activity that could bring them any pleasure or on the other hand some activities that tell them about the ways that could hamper their security on the basis of cyber threat. Thus sometimes it is very difficult to measure the associated risk with them as it depends on human behaviour over the internet. To prevent this all the individuals should be aware of the cyber security threats that could make their system vulnerable that has taken place in Wholesome Growing in relation to Rowan who received a suspicious email. Thus they should not open any suspicious emails which contain the virus and the malwares to enter the system (Демидов, 2020). Nowadays the emails are the most trusted source of getting any information and thus the attackers target the emails to get their work done. Therefore all the systems should have proper anti-malware software installed so that those emails can be deleted automatically and thus making the system more stable and out of the risk of malware attacks. On the other hand, the internet is the very source of many offers that helps to bring the opportunity to win some huge amount of cash or tells that the one could win some attractive offers that cloud change the lifestyle of the person. Thus it can be said that the attackers play with the emotion and curiosity of the victim. Therefore the victims should be aware of these things so that they could stay out of all these malicious activities.
4.5 Needs of the organization that addresses different human factors (Scenario 1)
Wholesome Growing has several important data as well as several confidential activities that are directly connected to the clients and thus very important for the company to identify the risks and the various activities that will help the company to maintain the profitability of the company. It can be said that the employees are the one who handles all the data and information and thus all responsibility goes to the employees to make sure that all the data is safe from the malwares and thus the human factors are the most important key to the safety of that data. The human factor contains the attention which directly relates to the observation power of any employee which helps one to determine the previous risks that have been done and therefore those can be prevented by the employees. On the other hand, the decision making ability is another huge factor for any organization. Thus it can be said that all the employees of that organization are liable to make sure that all the employees are able to determine the risks and hence prevent them. Meanwhile, the employees must have the reasoning ability to identify the previously happened risks and thus making the firm more safe and secure from the malware activities. Depending on the case study it can be said that the “Wholesome Growing” attacked the firm with fewer human factors and thus it was easy for them to enter their system just by a USB. These factors should be considered by any firm to prevent the risks and safeguard their data and information from malicious attackers.
Case Study 2
In relation to case scenario 2, it has been noticed that there was a person who was seated beside laurel. This has resulted in some kind of misleading activities that has caused something unusual in the situation of Wholesome growing. Basil was the person who was not sure about the sensitive data that was about to be stolen from Laurel’s desk. This has caused a certain doubt where Basil had no access to the main building still how the person managed to come there? This raised the question of personal and security threats that could have been a bit stronger in wholesome growing. The lack of security has been highlighted here that could have been a bit stronger.
4.6 Evaluation of the cyber security threats that are relevant to the perspectives of the organization (Case Study 3)
There are various threats that will affect the entire business of Wholesome growing in terms of data and information safeguarding. Some organizations spend too much money on protecting their data but the main focus should be the process of building proper software that will protect the whole firm from threats. They must build the framework which will determine the cyber threats and thus preventing them the system will be free from the malwares. Another big threat is the “Synthetic Identities” which contains a webpage with malicious data. These data are made of real and fabricated data which looks very close to the original page. This leads the person to enter the malicious page which will take them to the attacker system and thus all the data of the individual got hacked. The system or can be said the pc that has been used by the organization should have the updated anti-malware system which will help the firm to identify the cyber risks and thus making the firm more stable. As in the modern era of technology, the attackers are mostly attacking the firms with fewer security aspects and thus the firms must be aware of the risk to prevent them with all the possible ways that they need to take.
Reference list
Journal
Akrout, I., Feriani, A. and Akrout, M., 2019. Hacking google ReCaptcha v3 using reinforcement learning. arXiv preprint arXiv:1903.01003.
Bambauer, D.E., 2020. Information Hacking. Utah L. Rev., p.987.
Bátfai, N., 2020. Hacking with God: a Common Programming Language of Robopsychology and Robophilosophy. arXiv preprint arXiv:2009.09068.
Brack, D.C., 2017. Social Engineering-The Most Underestimated APT: Hacking the Hu.
Brown, B., Bødker, S. and Höök, K., 2017. Does HCI scale? Scale hacking and the relevance of HCI. interactions, 24(5), pp.28-33.
Buzu, I., 2020. Hacking Creativity-Authorship in the Digital Age. Available at SSRN 3660361.
Cerrudo, C. and Apa, L., 2017. Hacking robots before Skynet. IOActive Website, pp.1-17.
Chung, W., Liu, J., Tang, X. and Lai, V.S., 2018, November. Extracting textual features of financial social media to detect cognitive hacking. In 2018 IEEE International Conference on Intelligence and Security Informatics (ISI) (pp. 244-246). IEEE.
Erdodi, L. and Zennaro, F.M., 2020. The Agent Web Model–Modelling web hacking for reinforcement learning. arXiv preprint arXiv:2009.11274.
Felin, T., Felin, M., Krueger, J.I. and Koenderink, J., 2019. On surprise-hacking.
Fragnito, M., 2020. Commoning Molecules: Decolonising Biological Patents by Gender Hacking Protocols. Journal of International Women’s Studies, 21(7), pp.152-168.
Hatfield, J.M., 2019. Virtuous human hacking: The ethics of social engineering in penetration-testing. computers & security, 83, pp.354-366.
Hildebrandt, M., 2018. Preregistration of machine learning research design. Against P-hacking.
Howard, A. and Borenstein, J., 2018. Hacking the Human Bias in Robotics.
Hugentobler, H.K., 2017. Hacking the Organization: Organizational Transformation by Design. The Design Journal, 20(sup1), pp.S522-S530.
King, C.R., Zhang, A., Tessier, T.M., Gameiro, S.F. and Mymryk, J.S., 2018. Hacking the cell: network intrusion and exploitation by adenovirus E1A. MBio, 9(3).
lin kaiying, C., Lindtner, S. and Wuschitz, S., 2019, June. Hacking Difference in Indonesia: The Ambivalences of Designing for Alternative Futures. In Proceedings of 2019 on Designing Interactive Systems Conference (pp. 1571-1582).
Martinelli, F., Mercaldo, F., Nardone, V. and Santone, A., 2017, July. Car hacking identification through fuzzy logic algorithms. In the 2017 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE) (pp. 1-7). IEEE.
Nosco, T., Ziegler, J., Clark, Z., Marrero, D., Finkler, T., Barbarello, A. and Petullo, W.M., 2020. The Industrial Age of Hacking. In 29th {USENIX} Security Symposium ({USENIX} Security 20) (pp. 1129-1146).
Nurse, J.R., 2018. Cybercrime and you: How criminals attack and the human factors that they seek to exploit. arXiv preprint arXiv:1811.06624.
Rowlinson, A., 2020. Growth Hacking for eCommerce: Building Your Way to Success.
Samal, M.S., 2019. Human Hacking: How Hackers Exploit and Hack Humans. Journal of the Gujarat Research Society, 21(17), pp.637-647.
Sawyer, B.D. and Hancock, P.A., 2018. Hacking the human: the prevalence paradox in cybersecurity. Human factors, 60(5), pp.597-609.
Shoshitaishvili, Y., Bianchi, A., Borgolte, K., Cama, A., Corbetta, J., Disperati, F., Dutcher, A., Grosen, J., Grosen, P., Machiry, A. and Salls, C., 2018. Mechanical phish: Resilient autonomous hacking. IEEE Security & Privacy, 16(2), pp.12-22.
Taveras, P. and Hernandez, L., Midwest Association for Information Systems MWAIS 2018 Saint Louis, Missouri Supervised Machine Learning Techniques, Cybersecurity Habits and Human Generated Password Entropy for Hacking Prediction.
Wilcox, H. and Bhattacharya, M., 2020, March. A Human Dimension of Hacking: Social Engineering through Social Media. In IOP Conference Series: Materials Science and Engineering (Vol. 790, No. 1, p. 012040). IOP Publishing Ltd..
Zhu, H., Elfar, M., Pajic, M., Wang, Z. and Cummings, M.L., 2018, July. Human augmentation of UAV cyber-attack detection. In International Conference on Augmented Cognition (pp. 154-167). Springer, Cham.
Zimmermann, V. and Renaud, K., 2019. Moving from a ‘human-as-problem” to a ‘human-as-solution” cybersecurity mindset. International Journal of Human-Computer Studies, 131, pp.169-187.
Zook, M. and Graham, M., 2018. Hacking code/space: Confounding the code of global capitalism. Transactions of the Institute of British Geographers, 43(3), pp.390-404.