literature review
Please update my paper the same as the attached reference paper also consider the feedback from the professor.
Feedback: As we discussed in our course a proper literature review for a dissertation is a critical assessment of the resources you have gathered, read, and analyzed/reported on surrounding your topic and subjects surrounding your topic, and then identifies a “gap” in that literature that your research will attempt to address. Your submission does not strongly support a gap in the literature to support your research.
Your current draft is not at proficient graduate-level writing. As suggested during our course, you would benefit greatly from working with the Writing Center. Unfortunately, I am unsure there is sufficient time to work with them this week prior to grades being posted for the course.
Blockchain-Enabled Security and Data Integrity in Cloud Applications
DSRT 736
Professor Name
7/11/2020
(
Running head: BLOCKCHAIN ENABLED SECURITY AND DATA INTEGRITY
) (
1
)
Blockchain-Enabled Security and Data Integrity in Cloud Applications
Introduction
The rapid advancement in digital technology has resulted in new challenges that revolve around data security. When a disaster or attack strikes, any organization’s survival depends on offsite data recovery (Malomo et al., 2020). Organizations need to keep their data safe by implementing a strong authentication and cryptography key vaulting approach. Finding a provider that can provide secure and resilient cybersecurity solutions that will protect offsite data for businesses and organizations can be challenging. Numerous studies have demonstrated the impact of cyber-attack losses on the organization; they would potentially lead to huge disruptions and massive losses and damages (Malomo et al. 2020). The cloud-based attacks have been going up in recent years; the attackers are taking advantage of poor security practices and cloud users’ vulnerabilities and service providers (Christidis et al., 2016). As cloud computing services increase, a vast number of security issues and risks are presented. Such attacks call into question the different security measures and solutions that are in place to offer protection even as attackers continue to take advantage of those weaknesses. Blockchain cloud computing has been fronted as a feasible solution and considered a framework that can be applied to enhance offsite digital assets (Christidis et al., 2016).
(
BLOCKCHAIN ENABLED SECURITY AND DATA INTEGRITY
) (
10
)
Literature Review
Introduction to Blockchain
Blockchain is one of the fastest-growing new technology. This research aims at investigating the potentials and possibilities that blockchain technology will bring into life. The increased demand for data and information in the business environment has necessitated a more secure and seamless technology of sharing and storing data. Technology presents solutions in line with modern-day challenges presented by the emerging and growing threat presented by cybersecurity (Brodkin, 2008). Even if they exist, other technologies that can offer the same services as blockchain technology, technology has an edge in the issues of enabled security and data integrity in cloud environments and applications. In line with this, advanced research is in progress to establish the technology’s full potential and capacity. In general, as the technology is new, the available literature is not as extensive as one could have expected (Natoli et al., 2016).
However, the technology itself is already in use in multiple areas, such as in Bitcoin transactions.
Blockchain has come across as one of the leading if not the leading technology, amongst other technological advancements and developments such as cloud computing. This paper looks at and questions both the possibilities and the potential of blockchain technology if used properly.
The recent surge in demand for information and data within the business environment has brought about the dire need for far better, seamless, and safer technologies to store and disseminate data and information. Currently, technology has brought about varied solutions to the modern-day challenges that have been presented by the upcoming threats that are presented by cybersecurity. It is despite other technologies that seemingly offer the same service as blockchain tech does. Here,
technology is tasked with dealing with data integrity and security challenges within the various cloud environments alongside their numerous applications (Brodkin, 2008).
Introduction to Cloud Computing
Cloud computing represents a wide range of cloud computing services that help individuals and organizations choose how, where, and when to use cloud computing. It offers various solutions like software as a service (SaaS), remote desktop session host (RDSH), platform as a service (PaaS), and infrastructure as a service (IaaS), among others. Cloud computing has many benefits (Müller et al., 2015). For example, it reduces operational costs; in recent years, cloud technologies have also become a basis for business innovation and new business models. More organizations are switching to cloud solutions. It is estimated that close to 77 percent of all enterprises use cloud services to some degree (Müller et al., 2015). Such adoption provides them with advantages such as better networking, real-time interaction. It provides the convenience of access to mature solutions made available on such platforms (Smirnova et al., 2020). Such advantages provide the IT teams with greater flexibility and agility, enabling them to be more responsive and efficient.
History of Cloud Computing
Cloud computing is classified into two models as a service model and the deployment model. The service model is a service-oriented architecture provided as a service by an entity or organization. The different services listed earlier include infrastructure as a service, platform as a service, software as a service, mobile backend as a Service, function as a service, and serverless computing. The deployment model categories are private cloud, public cloud, and hybrid cloud (Christidis et al., 2016). A public cloud deployment supports all the users who want to use the
computing resource. In contrast, a private cloud is dedicated to a specific organization. The hybrid cloud uses an interconnected infrastructure for both private and public clouds.
It started in the early 1990s where IBM tried to put a set of mainframes as a datacenter.
Early 1990’s, the concept of Remote Job Entry (RJE) and time-sharing is introduced, and IBM was the key player. IBM used its mainframes as a concept data center to write the code and handover to the operators (Hu, 2015). They started using the cloud symbol as the central connection point to the servers connected to the network infrastructure.
In the 2000s, Amazon entered the market with a simple concept called Elastic Cloud Compute (EC2). Their main idea was to share the computing resources virtually with the internal team. In 2006 Amazon started it as part of its subsidiary called Amazon Web Services and was popularly known as AWS (Hu, 2015).
In 2008 Internet Search Engine giant Google release a similar virtual compute resource called Google App Engine. After 2008 the IT firms started switching to use these cloud resources rather than using their hardware.
In 2010 Microsoft entered into the competition with its cloud solution called Microsoft Azure. Moreover, many other companies, like Rackspace, IBM, and Oracle, also started their cloud computing products.
Cloud Computing Benefits
More and more organizations are adopting cloud solutions like Google Docs, SalesForce.com, and Office 365 to their daily operations. Research has shown that around 77 percent of all enterprises use one cloud service to a certain extent (Müller et al., 2015). The service
provided through cloud computing provides enterprises with better capabilities. For example, the platform as a service (PaaS) can be used in renting computing infrastructure (Sether, 2016).
Individuals and organizations can rent or subscribe to cloud computing infrastructure for different applications accessed via the internet. The software as a service (SaaS) allows the user to rent software from a cloud computing vendor at an affordable cost instead of buying it at a high cost to own and manage it (Sether, 2016). Vendors provide the service as a managed solution that makes it affordable and reduces maintenance costs.
There is a developing pattern in utilizing cloud environments for ever-developing storage and data processing needs. In any case, receiving a cloud computing worldview may have positive just as negative consequences for service shoppers’ data security. Other significant security issues exist in current cloud computing environments (Christidis et al., 2016). After examining the security mechanisms that significant cloud service providers authorized, a risk analysis approach can be utilized by a forthcoming cloud service for breaking down the data security risks before placing his confidential data into a cloud computing environment.
Risks Associated with Cloud Computing
As much as cloud computing is overwhelmed by advantages, it also poses a certain degree of danger and disadvantages to its users. Firstly, cloud computing poses a risk of company cloud resources being compromised as the API’s are accessed via the web. These are the gateways used by clients to interact with cloud services. If security is not configured correctly, they may be compromised by hackers. Secondly, moving to the cloud increases the complexity of operations in the IT team. They ought to have the skill level and capacity to operate and maintain data migration from local servers to the cloud. This kind of complexity introduces new forms of risks such as lack
of proper implementation methods and a lack of knowledge on policies. Abuse of authorized access is another common form of risk. An example of this is an IT administrator downloading clients’ files to use for his gain (Boixo et al., 2019).
According to the big analyst firm Gartner (2020), there are seven significant risks fraught with cloud computing. These risks are associated with any cloud vendor. Privileged user access, Regulatory compliance, Data location, Data segregation, Recovery, Investigative support, and Long-term viability are the top seven risks that users often overlook.
Cloud computing and Blockchain technologies
Cloud computing is best described as the hands-on availability of various computing resources by an individual over the internet upon demand. This technology’s beauty is that the individual bypasses the need to access the same computing power by signing into the internet and does not mingle with software and hardware. It is ingenious to most organizations as it assists them in minimizing the wastages and unnecessary organizational costs. Cloud computing is evolving at a high rate. It has proved to be far more comfortable and faster as there is improved manageability. The tech requires very little maintenance. The above has made the tech advantageous. It assures the workplace’s further acceleration as the resources are rapidly adjusted concerning the various fluctuations (Natoli et al., 2016).
Blockchain technology has come across as a disruptive technology because of its nature as being much decentralized, transparent, and very secure. Its development has resulted in the cloud of things resulting from integrating both the internet and cloud computing technology. Here, blockchain tech has issued various innovative solutions concerning the limitation of the cloud of things by decentralization, data privacy, and network security. The blockchain technology’s
efficiency is brought about by the cloud of elasticity and scalability functionality. The integration of both the cloud of things and the blockchain technology has resulted in data security robustness.
The combination of cloud and blockchain technology has provided crucial solutions for implementation and application in various fields like the smart industry, upcoming intelligent cities, smart medical care, and even innovative, smart transportation sectors (Tharani et al., 2020). For example, blockchain allows for a transaction to be made in the absence of an intermediary. It can be applied in a host of financial services like online payment, remittance, or digital assets. It can also be applied in the Internet of Things, security services, and public services in various ways. That is possible because the fields take advantage of blockchain capabilities like being immutable, meaning that it cannot be tampered with once it is packed into the blockchain. Given that it is distributed, it avoids a single point of failure situation.
As the argument above ascertains, yes, integrating both these two technologies is tech’s future. It is developing into a solution of eradicating the need for centralized computer models. The various advantages of integrating both blockchain and cloud computing tech leverage the blockchain technology alone provide individuals with data protection resources from notorious computer hackers. It reduces fraudulent occurrences and cases alongside the probability of compromising data and even stealing the same. Then it ascertains the use of blockchain technology as it is currently the most secure technology of the pair; because of its decentralization feature, data copies are usually in the user’s hands, maintaining their database’s safety. The data and information in blockchain tech are not centralized because of the decentralized feature. The data and information are alternatively stored on a node; this is the computer network tasked with verifying the various on-going transactions in the organization (Kantarci et al., 2015). The integration of both the blockchain and cloud computing technologies will, in the future, provide the ideal
organizational solutions to their respective challenges. Together with their similarities, the differences in both these technologies bring an efficient, ever-developing, and evolving solution to both data integrity and security.
Blockchain as Disruptive Technology
In recent years there have been some misconceptions about Blockchain as Bitcoin, and it is only used for cryptocurrencies. Many organizations felt the blockchain disruptive technology and started experimenting with this Ledger technology upon research. Some of the organizations to experiment with blockchain technology are Starbucks, PepsiCo, Etc. These retail operations and sales sector organizations experienced profits and improved efficiency by reducing efforts and time. Thus, blockchain can have a massive impact on the economy in many sectors.
Blockchain is a reasonably new technology that has presented many potentials. This new technology materialized during 2009 as a public ledger of Bitcoin transactions (Sharma et al., 2019). Blockchain technology is getting applications within an extensive range of fields, smart contracts, digital assets and stocks, record keeping, cloud storage, ID systems, and ridesharing, among others. This new technology is getting the globe by storm. Through its regionalized, apparent, and safe form, blockchain has materialized as a disorderly technology for the subsequent generation of various industrialized appliances. One of its applications is in cloud computing facilitated through cloud computing. Within this setting, blockchain offers innovative solutions to deal with the Cloud of Things’ challenges regarding data privacy and network safety, decentralization to enhance blockchain operations’ effectiveness.
Recent findings in blockchain’s application are how Ledger technology can improve efficiency other than the financial sector. How can we improve the consumer device or consumer
usage application? How can this disrupt the transportation sector? What impact and advantages of this system can bring over the traditional financial system? This way, many questions, and concerns are arising with the evolution of this technology. One of the critical developments in citizen engagement could be voting (Sangita et al., 2015). Voting is the fundamental right of every citizen. Every individual will try to cast their vote or make use of it. In general, this voting procedure happens manually. It means one has to go to a designated place, also called a polling booth. The citizens use the ballot paper or the electronic voting machine, which prints the ballot paper. There is much scope for abusing this system. Blockchain voting could eliminate these problems. The voters are provided with tokens or coins in the digital wallet. Then they can send the token or coin to their chosen representative. Thus, voting is recorded as a transaction, and it cannot tamper (Natoli et al., 2016). It can help provide the cryptographic proof-of-work system that can prove the integrity of the election data.
Blockchain technology is not ready to be implemented in a short time. Since each country differs in currencies and security policies, it would be susceptible to capacity problems, system failures, unanticipated bugs, and technically unsophisticated users. The second problem is energy consumption. Blockchain technology uses hashing and proof-of-work concept by utilizing miners in the network. The miners need high computation power, which results in the consumption of more energy. The third challenge is governance, where governments will restrain themselves. The incentives for the miners are inadequate to maintain infrastructure and collaboration. There will be several other forces that try to control the network. Another challenge is blockchain, a job killer since it is a platform for radical automation (Natoli et al., 2016). Blockchain may be resistant to centralization and control. However, political or economic rewards are significant enough to capture it by the powerful forces.
Businesses across the globe have started integrated blockchain technology into their systems. It results in a range of benefits in the business model, especially with cloud computing and significant data growth. After a transaction is made and verified, the transaction is stored in a block together with an infinite number of other transactions and packaged with the user’s information (Sharma et al., 2019). The task of verifying the transactions is done by a network of computers rather than a human being. After verification, the transaction is flagged with a green light and stored in a block together with other verified transactions. After that, the block is given a unique hash and then added to the Blockchain (Sharma et al., 2019).
Blockchain technology is currently being tested in different work cultures to experiment with the benefits and limitations and not have it. Blockchain has gained popularity fast because it has revolutionized the way transactions are made. Typically, the time taken to complete transactions is usually long and is expensive as well. However, blockchain does not need third-party facilitators to process transactions, thus making the process faster.
The technology behind the blockchain relies on the combination of three technologies:
· Cryptographic keys are two keys, namely the private and public keys, that help perform successful transactions among two parties by generating secure digital signatures.
· It is a peer-to-peer network containing a shared ledger. The ledger securely stores transaction-related information for each individual (Boixo et al., 2019).
· A means of computing – This is a way of storing and recording transactions and network records.
Security Impacts of Hackers
Blockchain technology is one of the best tools currently available to protect data from hackers. It prevents impending fraud and reduces the possibility of data being compromised or stolen. For hackers to access or destroy a blockchain, they will have to destroy every user’s computer in the global network. In case of any interference, the undamaged computers will keep functioning to authenticate and store a record of all information on the network unless a hacker simultaneously depletes the whole network. The impossibility of bringing down an entire network increases with the number of users on a particular network. Therefore, large blockchain networks have a lower risk of being hacked due to their complexity. The intricate configuration gives blockchain technology the capability to offer security to the information stored and shared online (Kantarci et al., 2015).
Implementing Blockchain for Data Security
Rapid developments in digital technology have brought about new risks around data security. Blockchain provides secure data authentication and essential cryptography vaulting techniques. It refers to blockchain capabilities that are naturally encrypted, making it possible to provide proper validation. Blockchain technology has proven to be strong enough to address how to secure data and avert mischievous cyber-attacks. Blockchain technology motivates its users to re-design and reformulate their data security concerns compared to other traditional methods (Tharani et al., 2020). Blockchain is revolutionary and has found applications in different fields such as finance, healthcare, and sports. The tremendous increase in its use can be attributed to the advantages and capabilities that blockchain provides. For example, the initially required applications to be run through a trusted intermediary can be operated separately without a central authority but still achieve the same functionality with the same certainty. Given that there is no need for trusted intermediaries, there is faster reconciliation between parties.
Improvements and Advantages of Blockchain Technology
Blockchain technology operates on a distributed ledger technology. A distributed ledger means that it disintegrates large amounts of data into smaller parts and distributes them across a whole network of computers. Therefore, it does not have a central control center, which helps secure data (Smirnova et al., 2020). The technology also checks its data across the computer networks and validate the information regularly with each other. The blockchain technology also provides a decentralized network of the database, which is very transparent. It also offers encryption and validation procedures to protect user data.
Data Integrity Issues
Data integrity is defined as the accuracy and validity of data in its existence. According to James, compromised data does not benefit companies because of vital information loss (Zafar et al., 2017). For fear of losing information, companies focus on maintaining data integrity as a solution to other issues. Data can be interfered with in various ways. Therefore, enterprises should ensure that when they transfer data, it is intact and undistorted. In this case, validation procedures and checking methods are kept abreast of data integrity.
According to computer experts, data integrity is essential for various reasons. First, valid and accurate data eases search-ability, recoverability, traceability, and connectivity. Data integrity enables stability and performance in the process of boosting maintainability and reusability. Data can be compromised, resulting in various issues.
For one, data integrity can bear the issue of bugs, hacking, viruses, and other cyber threats.
When this category of problems attacks company data, essential information is lost or stolen by unknown people. Besides viruses, data integrity can experience transfer errors due to the
unintended changes or information interfered with during transfer. Another issue is the human errors that can be malicious or unintentional by individuals. Mostly, human error compromises physical machines and hardware, such as a disk crash. If companies cannot be keen on handling data, privacy issues can also take advantage and compromise everything.
Data Privacy Issues
Data privacy is a section of data security that ensures proper handling of information at par with its regulatory obligations (Liu et al., 2015). Although data integrity and privacy are often used interchangeably, they mean different. Hence, while data security safeguards data from hackers’ interference, data privacy controls how information is gathered and shared. Data privacy cannot be far from the reasons why data integrity is essential.
First, organizations request data from associates to directly link with the consumers on the ground. As such, it helps build a better relationship healthy for the company. Therefore, keeping confidential the same information even benefits the enterprises. Secondly, data privacy is an entitled right of an individual, and thus it is free from uninvited surveillance. Gloria suggests that keeping safe and silent one’s credentials is critical while in contemporary society.
Analysts have studied data privacy issues and came up with several (Zafar et al., 2017). One of the problems found was leaking confidential data to third parties. Secondly, she listed the illegal gathering of data and assumption regulatory restrictions such as CCPA and GLBA as related issues of the subject. In her argument, Maggie confirms that blockchain was the only remedy to both integrity and privacy matters.
Blockchain Address on Data Privacy and Integrity Issue
It is recommended that when using blockchains, parties should first assume that they write every data into the blockchains to be easily managed (Crosby et al., 2016). However, copying
every data into the blockchains to solve integrity issues is costly and slow at the same time. Therefore, to address the integrity problem, experts recommend keeping the data on the chain and the encrypted data or taking alternative options as follows.
First, save a hash of data straight onto the un-permission blockchain in the Bitcoin or Ethereum. Equally, a member can store a hash of data onto a personalized blockchain. The last option that one may consider is utilizing data anchoring software to present data into blockchains. Through these options, data integrity can be maintained hence safeguarding information. This consideration is preferable because it makes data visible everywhere on the blockchain.
Some researchers hint that blockchains can no longer solve volatile privacy issues (Crosby et al., 2016). However, in the case that blockchains can be used, experts suggest that they will assist in replacing usernames and passwords to manage individual information. On that note, Samuel and Jonte claim that blockchains will help track and store every confidential data because of its immutable nature.
IoT Devices Used at Home
The internet of things, commonly referred to as IoT, comprises digital devices, computing gadgets, animals, and objects uniquely designed with identifiers. These identifiers have the potential to transfer data through a network without either human-to-human or human-to-machine coordination (Marin et al., 2015). Manuel also lists various IoT devices used in homes. Some of the standard IoT machines used at home include the nest cam indoor camera, smart coffee-maker, SmartMat intelligent yoga mart, TrackR bravo tracking device, Linquet Bluetooth tracking sensor, Etc.
Data Storage
The IoT devices are overwhelmingly outnumbering the number of people. Equally, through their number, there has been more data that comes with challenges. Specialists suggest that out of IoT devices, there come amicably large files, images, and videos that cannot be singly stored (Marin et al., 2015). Thus from their nature, Marin and colleagues recommend the use of zips to store the IoT data. Unlike other small files, IoT documents can be compiled and zipped for easy storage. They argue that when these files are compressed, it becomes easy to store and send them to individuals. After compressing such data, the cloud can now accept the information for safe storage.
Compromising IoT Data
Just like any data, IoT data can also be compromised. Anything negative is possible once the data is susceptible to the public Internet (Xiao et al., 2018). Therefore, at exposure, IoT data can be stolen by unknown people or even distorted. Also, exposed viruses or malicious programs, or hackers can attack IoT data. Usually, the hacked data end up being lost, never to be recovered again. When individuals fear for their data safety, experts recommend using the VPN to protect the data when it is passed from one device to the other. That way, malicious people cannot access the information for interference.
The Uniqueness of Blockchain Technology
Blockchain can be defined as a list of growing records called blocks of data. It is resistant to modifications by design. Since it is a distributed ledger, it is decentralized, and no single entity has complete control of it. Several unique and outstanding features make blockchain technology a success (Christidis, 2016). There are quite a several unique and outstanding features that make
blockchain technology a success. Blockchain is a secure means of managing transactions. It has a decentralized feature meaning the copies of data are in the user’s hands, and the database remains safe. It uses cryptography to cipher and to decipher transactional data throughout the process (Sangita et al., 2015). Since blockchain is decentralized, there is not a central location for data storage. Data is stored in computers on a network called nodes, responsible for verifying the transactions.
The Relation between Cloud Computing and Blockchain
Blockchain has emerged as a disruptive technology due to its transparent, decentralized, and secure nature. It has created a Cloud of Things built by combining cloud computing and the Internet of Things. In this case, blockchain technology has provided innovative solutions to solve the Cloud of Things limitation through decentralization, network security, and data privacy (Christidis, 2016). In contrast, the Cloud of Things provides elasticity and scalability functionalities to enhance blockchain technology’s efficiency. Therefore, the integration of blockchain into the cloud of things has enabled robust data security. Blockchain with cloud technology has found applications in different fields such as smart cities, smart industry, smart transportation, and smart healthcare (Natoli et al., 2016). Integrating blockchain in cloud technology is the future direction to replacing centralized computing models.
Cloud Computing Model
The security layers in a cloud computing model are the endpoint layer, the private network layer, the virtual datacenter layer, the cipher space cloud-services layer, and the internet. The endpoint layer restricts access to protect data in use. Also, it secures software patches. The private network layer protects data in transit and isolates both database servers and web applications. The
virtual data center layer uses firewalls and IDS to protect a data center and isolated virtual data center environments (Smirnova et al., 2020). The cipher space cloud-services layer protects the data center from malicious internet content and ensures that datacenter regulations are followed. On the internet, threats devices such as mobile phones and laptops are trying to read and write information to the servers.
Servers Remote Location
As the servers in cloud computing are remote, the risk of hardware failure is eliminated.
Employees of cloud computing companies such as Azure actively monitor the data centers’ hardware to ensure the servers’ uptime. Also, cloud computing offers disaster recovery and backups strategies for data. If one data center fails, the workload is transferred to another datacenter without affecting organizational data (Tharani et al., 2020).
CIA Triad Model
The CIA Triad is a triangular-shaped model designed to guide an organization in designing policies for information. The first element in the triad is confidentiality. This aspect allows companies to undertake measures that prevent sensitive information from reaching the wrong people. A typical blockchain transaction is arranged into blocks aligned in a blockchain that links each new block. The data elements in a blockchain are not stored in a central location but done across the blockchain networks, ensuring the security of data elements stored. A CIA triad employs the conventional security approach that emphasizes implementing the three main principles: confidentiality, integrity, and availability. The blockchain leans more towards the integrity and availability of the information that is inside. As a result of the decentralized nature, the data remains transparent to everyone that shares the data elements.
Training needs to be done on password-related best practices and data categorization and encryption to instill this measure. Integrity relates to data accuracy and consistency throughout its life cycle (Kantarci et al., 2015). To ensure data integrity, an organization may use access controls to prevent users from modifying data they are not authorized to perform. They may use version control to track the changes that have been made on a document over some time. Availability refers to having data available to all authorized personnel at any given time. It can be ensured by maintaining hardware and performing frequent software updates. Occurrences such as redundancy and bottlenecks may heavily impact an organization (Information security, 2020).
Blockchain Protection
Ultimately, blockchains can be used to protect the IoT data from any danger. According to experts, data in a blockchain is kept on multiple nodes worldwide, filling the loopholes failing.
Therefore, nodes should approve and verify the required information and data (Xiao et al., 2018). Secondly, most blockchains are public and visible. This characteristic implies that everyone across the networks can see them. In the same line, history can be tracked, transactions can be seen, and the block is identified. However, if one needs the actual data, they must have a private key to access the content. This request ensures that there is transparency for all online company operations. Specialists embrace blockchain storage because once the information is stored, it is impossible to compromise it (Xiao et al., 2018). Finally, blockchains use improved encryption algorithms to protect information making it confidential. Usually, this process applies to financial operations that do not bear any risks with them. Thus by using the blockchain structures, IoT devices can receive and pass information in a similar way; economic operation only allows secure communication between two sides.
References
Boixo, I., Mora, J., & Ruiz, J. (2019). Proof of concept for an XBRL report indexer with integrity and non-repudiation secured by blockchain using a smart contract: XBRLchain demo.
Brodkin, J. (2008). Gartner: Seven cloud-computing security risks. Infoworld, 2008, 1-3.
Christidis, K., & Devetsikiotis, M. (2016). Blockchains and smart contracts for the internet of things. Ieee Access, 4, 2292-2303.
Crosby, M., Pattanayak, P., Verma, S., & Kalyanaraman, V. (2016). Blockchain technology: Beyond bitcoin. Applied Innovation, 2(6-10), 71.
Kantarci, B., & Mouftah, H. T. (2015, June). Sensing services in cloud-centric Internet of Things: A survey, taxonomy, and challenges. In 2015 IEEE International Conference on Communication Workshop (ICCW) (pp. 1865-1870). IEEE.
Liu, C., Yang, C., Zhang, X., & Chen, J. (2015). External integrity verification for big outsourced data in cloud and IoT: A big picture. Future generation computer systems, 49, 58-67.
Malomo, O., Rawat, D. & Garuba, M. (2020). Security through block vault in a blockchain-
enabled federated cloud framework. Appl Netw Sci
5, 16 https://doi.org/10.1007/s41109-
020-00256-4
Marin, L., Pawlowski, M. P., & Jara, A. (2015). Optimized ECC implementation for secure communication between heterogeneous IoT devices. Sensors, 15(9), 21478-21499.
Müller, D.S., Holm, S.R., and Søndergaard, J. (2015) “Benefits of Cloud Computing: Literature Review in a Maturity Model Perspective,” Communications of the Association for Information Systems: Vol. 37, Article 42.
http://aisel.aisnet.org/cais/vol37/iss1/42
Natoli, C., & Gramoli, V. (2016, October). The blockchain anomaly. In 2016 IEEE 15th International Symposium on Network Computing and Applications (NCA) (pp. 310-317). IEEE.
Sangita, D., Ankita, C., & Reshamlal, P. (2015). A review of issues and challenges of cloud computing. Int. J. Innov. Adv. Comput. Sci, 4(1), 81-88.
Sether, A. (2016). Cloud Computing Benefits. 10.13140/RG.2.1.1776.0880.
Sharma, P., Jindal, R., & Borah, M. D. (2019, December). Blockchain-based Integrity Protection System for Cloud Storage. In 2019 4th Technology Innovation Management and Engineering Science International Conference (TIMES-iCON) (pp. 1-5). IEEE.
Smirnova, T., Polishchuk, L., Smirnov, O., Buravchenko, K., & Makevnin, A. (2020). Research of cloudy technologies as а services. Cybersecurity: Education, Science, Technique, 3(7), 43- 62.
Tharani, J. S., Tharmakulasingam, M., & Muthukkumarasamy, V. (2020). A blockchain-based database management system. The Knowledge Engineering Review, 35.
Xiao, L., Wan, X., Lu, X., Zhang, Y., & Wu, D. (2018). IoT security techniques based on machine learning: How do IoT devices use AI to enhance security? IEEE Signal Processing Magazine, 35(5), 41-49.
Zafar, F., Khan, A., Malik, S. U. R., Ahmed, M., Anjum, A., Khan, M. I., & Jamil, F. (2017). A survey of cloud computing data integrity schemes: Design challenges, taxonomy, and future trends. Computers & Security, 65, 29-49.
Zheng, Z., Xie, S., Dai, H., Chen, X, and Wang, H. (2017). An Overview of Blockchain Technology: Architecture, Consensus, and Future Trends, 2017 IEEE 6th International Congress on Big Data. DOI 10.1109/BigDataCongress.2017.85
Runninghead:
Biometric Authentication as a Solution to Social Engineering
1
Biometric Authentication as a Solution to Social Engineering 13
Biometric Authentication as a Solution to Social Engineering
Biometric Authentication as a Solution to Social Engineering
Introduction
Technology is vital, and it is evident that it is evolving rapidly in the world today. As the world embraces technological changes through social media networks, online-based transactions, and automated engineered processes, there have been everlasting challenges that have continued to impact and handicap the specialized services due to social engineering Many countries use biometric authentication, which plays a crucial role in their businesses. The technology uses identifications such as fingerprints and palm print, among others. When registering the employees, the company must collect their details such as finger and iris print. These templates get added to the database to provide features that resolve the identity. Aldawood & Skinner (2019) argue that a company’s biometric system can verify an individual’s identity with pre-stored information in their database.
Therefore, biometric authentication is vital to solving social engineering challenges within the organization. Many countries have continued to develop over the years. These countries include the United States of America, Russia, China, and many more. However, numerous challenges continue to incarcerate most people living in these countries, and the challenges emanate from cybersecurity attacks. The paper’s focus is to study the use of biometric authentication as the solution to social engineering. The study is divided into the following topics: the overview of social engineering, social engineering’s role in cybersecurity, and its effects on organizational data. Cybersecurity and psychological factors leading to cyber theft, hacking, and lastly, the article discusses the preventive measures to mitigate social engineering, including antiviruses, strong passwords creation of awareness to embrace biometric authentication of protecting organizational data.
Literature Review
Biometric Use as Solution and how it Curbs Social Engineering
Biometric is a technology that can measure and evaluate a human being’s behavioral characteristics such as voice and signature; it also analyzes biological features such as iris’s pattern, palm, and fingerprint (Fianyi & Zia, 2016). These features are stored in the computer and cannot get forgotten or misplaced. Everyone has unique features, and no one has a similar anatomical characteristic like the fingerprint (Fianyi & Zia, 2016). Therefore, it serves as a solution to social engineering by distinguishing individuals based on these characteristics.
Unlike the passwords that one can easily forget, biometric technology does not fail because it stores a person’s biological information. It is the most effective method to curb social engineering because criminals cannot steal a person’s physical features (Fianyi & Zia, 2016). An excellent example of biometric technology is the phone’s fingerprint, which most smartphone operators use to verify identity. The organizations such as banks use biometric to prevent unauthorized individuals from gaining access to sensitive places such as money safes; to access these locations, people must get verified by fingerprint, usually placed at the door. If a criminal wanted to steal from the bank, their access would get denied by the biometric since it only gives access to legitimate employees who are registered. Research shows that biometric technology has reduced criminal activities in the United States have failed to get access to people’s data because of biometric technology (Fianyi & Zia, 2016). Biometric technology is vital to prevent social engineers from accessing critical information.
Various studies have been carried out concerning biometric technology in the recent past. Studies reveal that approximately 90% of organizations and learning institutions have already introduced biometric security to protect their data from social engineers and to ease the burden of monitoring their employees (Aldawood & Skinner, 2019). Supermarkets and malls use biometric security to prevent theft by ensuring every item is registered with a security code that must be scanned before exiting. Biometric technology ensures no one steals anything from these organizations; hence, it is a social engineering solution.
Social Engineering
Social engineering is a technique that cybercriminals used to manipulate people to acquire and access confidential information. They do not use coercion to gain this information; instead, they motivate people to share information such as the identification number, phone number, and year of birth to create fake accounts to withdraw money from the bank and carry out criminal activities. Social engineers manipulate people using a non-technical attack to reveal confidential information (Abass, 2018). Cybercriminals attempt to seek confidential information by tricking people to give bank information or password or access people’s personal computers without their knowledge to install soft wares that allow them to steal passwords, control the computer, and access bank information.
Research reveals that social engineering has two categories: deception, human-based and, computer-based fraud, which involves deceiving the user to provide confidential information by making them believe they interact with a real computer user (Abass, 2018). Social engineers use websites to steal vital information from workers. Most employees nowadays have computers in the workplace. Social engineers have mastered the art of creating offers that, after clicking you win or sharing the information with a given number of people, there is a chance to win money. The employees might use the company’s email and password to log in to these websites allowing the criminals to access the organization’s vital information (Kumar et al., 2015). Social engineering is a serious challenge to people’s confidential information. The following are the most common examples of social engineering:
· Phishing- in this process, the attackers strategically incorporate misleading emails to the targeted users, use of the website by creating adds which the users can be attempted to use, and instant or sending messages with the aim of getting access to the users’ accounts and stealing the data (“9 Examples of Social Engineering Attacks | Terranova Security”, 2020).
· Lance Phishing- this is a phishing type, but in this process, the attackers use email to complete the attacks against the targeted group of people or the entire organization.
· Tailgating- As the name subject works by befriending an employee or making favors to the targeted employees to pay later. The best type of payment is getting the desired information due to the high level of trust.
· Baiting- In this process, attackers promise the users a reward or prize for giving a certain type of information. This type of social attack is very tempting because people are greedy, desperate for things like money.
· Malware- Casualties are fooled into accepting that malware is introduced on their PC and that they will be taken out if they pay.
· Pretexting- It utilizes bogus character to fool casualties into surrendering data, for example, pretending to be one of the family members who need some information, but in the real sense, they are not.
· Close following- This depends on the trade of data or administration to persuade the casualty to act. For instance, a message can keep on appearing on your site a thousand times, and then the user is feed-up, and in return, he or she accepts the message with a view that it will not create any disturbance anymore.
· Vishing- This refers to pressing phone messages to persuade casualties to act rapidly to shield themselves from capture or other danger. For example, some attackers pretend to be customer providers who need to get some information quickly, and if they do not give the information, they threaten to close their lines or sites.
· Water Holing- this is one of the most serious social assault which contaminates the site and the entire system with malware at a go.
The one consistent idea connecting these social designing methods is the human component. Cybercriminals realize that exploiting human feelings is the ideal approach to take. Generally, organizations have zeroed in on the specialized parts of online protection – however, it’s an ideal opportunity to adopt a people-driven strategy to network safety mindfulness. Studies suggest that cyber insecurity will continue to rise if strength measures fail to get implemented. The following human emotions make humans venerable and encourage the success of attacks.
Fear
In most situations, attackers use our common situation to install fear in humans; for instance, you get a voice message that says you’re under scrutiny for charge tax fraud and that you should call quickly to forestall capture and criminal examination. This social designing assault occurs mostly during the tax pay season when individuals are worried over their duties. Cybercriminals go after the pressure and nervousness that accompanies documenting charges and utilize these dread feelings to fool individuals into agreeing to their conning voice message. This is one of the most efficient ways of conning people which the cyber attackers use.
Covetousness or greed
Suppose you could basically move $10 to a speculator and see it change or grow to $10,000 with no exertion for your benefit? Cybercriminals utilize the real human feelings of trust and avarice to persuade casualties that they truly can get something in vain. A deliberately phrased bedeviling email advises casualties to give their financial data, and the assets will be moved immediately.
Interest and curiosity
As the saying says, curiosity kills the cat the Cybercriminals focus on functions catching a ton of information, including curious people, and afterward exploit human interest to fool social designing casualties into acting. For instance, after the second Boeing plane crash accident, cybercriminals sent messages which connections that professed to incorporate spilled information about the accident. Actually, their main target was to introduce a rendition of the worms on users’ PC. This worked perfectly well because people are curious.
Supportiveness and helpfulness
Naturally, People need to trust and help each other on different occasions because they think their time will come when they need to be helped. In the wake of examining an organization, cybercriminals target a few workers in the organization with an email that seems as though it originates from the administrator. The email requests that they send the supervisor the secret key for the bookkeeping information base – focusing on that the chief requirements for the information are to ensure everybody gets paid on schedule. The email tone is dire, fooling the casualties into accepting that they are assisting their chief by acting quickly. Such messing is very convincing, and many people can be encountered such a dilemma in their workplace.
Urgency
Most of the attackers use an urgent tune to convince users. For instance, in this case, you get an email from client service that you entrust and often purchase and informs you that they need master card conformation in order to record the purchase. The language used in such email requires you to react faster to ensure that hoodlums don’t take your Visa data. Without reconsidering because you mostly use the online store, you will defiantly send all card information required also you may find yourself disclosing other personal information like email and phone numbers which they can easily use to get the passwords. A couple of weeks after the encounter you may get a call from the bank department informing you that a lot of dollars have been withdrawn from your account to purchase deceitful goods. This kind of awareness, when created people they can have some guide on how attackers use emotional venerability to ground people.
Role of social engineering on cyber insecurity
Social engineering has numerous impacts on people’s daily lives, also leads to cyber insecurity. Therefore, social engineers can access information by manipulating people to provide confidential information. According to Abass (2018), research reveals that in 2015, cyber insecurity cases had risen by 95% due to inadequate security systems in most organizations in the United States of America. Organizations should encrypt their network with a virtual private network (VPN). A VPN is a software to ensure the data is not intercepted by cybercriminals while sending it to another destination; thus, it ensures it is safe (Kyeremeh et al., 2019). Comparing the two studies, it is worth noting that cyber insecurity will continue to rise if strength measures fail to get implemented.
Effects of Social Engineering on Organizational Data
Social engineering posits adverse effects such as theft on organizational data. One of the challenges is identity theft. Abass (2019) argues that approximately 90% of internet users daily receive phishing messages and emails from hackers. Identity theft involves information regarding the credit card, unauthorized document access, which can put the organization at risk of theft. Cybercriminals carry out shoulder surfing, which refers to watching over someone’s shoulder while operating an electronic device to steal confidential information such as passwords, enabling them to access bank accounts. According to a survey, 95% of the United States attacks in most business organizations are due to social engineering (Abass, 2018). Social engineers’ most common stealing methods from organizations are phishing emails and online advertisements on social media. Phishing refers to a criminal’s act of pretending to be recruiting employees and asks for confidential details from people to help them conduct cyber-attacks (Williams & Joinson, 2020).
They also persuade computer users to click specific links and provide sensitive information, enabling them to hijack the system. In most situations, attackers use our typical conditions to instill fear in humans; for instance, you get a voice message that says you’re under scrutiny for charge tax fraud and that you should call quickly to forestall capture and criminal examination. This social designing assault occurs mostly during the tax pay season when individuals are worried over their duties. Cybercriminals go after the pressure and nervousness that accompanies documenting charges and utilize these dread feelings to fool individuals into agreeing to their conning voice message. This is the efficient ways of conning people which the cyber attackers use
Research shows that social engineers attacked 60% of Information and Technology companies (IT) in the United States in the year 2016; these attacks continued to increase by 2017, and by 2020 cases of cybersecurity have risen exponentially due to flawed security system in organizations (Kyeremeh et al. 2019), (Williams & Joinson, 2020). Therefore, organizational data is at risk due to the tricks used by social engineers to acquire secretive information.
The lack of knowledge and awareness is why social engineering is growing day by day. There are protection measures that people and organizations need to embrace to improve their data security system’s quality. The use of strong passwords will enable organizations to avoid social engineering attacks. People must use two-factor authentication, which is vital to protect the organization from malicious hacks. Social engineers used many media sites such as Facebook, WhatsApp, Instagram, Twitter, emails, and many more. Lastly, it is vital to log out of the accounts when done. Cybercriminals take advantage of cookies. This information’s that the website stores from the user’s computer to access social media accounts whenever they leave them logged in; these cookies get stored in the browser. (Aldawood & Skinner, 2019). Therefore, it is essential to clear the browser history after using the computer to avoid unnecessary hacks.
Cyber theft
Cyber theft is mostly committed by cybercriminals who want to get money through questionable origins. It is a criminal activity that mainly targets the computer or a network device. Cyber theft employs highly skilled techniques to acquire information that would help them steal from individuals or organizations. They target computers by sending viruses that damage the device, steal, or delete the data. Most organizations continue to receive numerous cyber-attacks; one of the most popular attacks is malware attacks. A malware attack involves a computer infected with a virus, affecting its functionality (Bossler & Belenblum, 2019). Therefore, cyber theft deletes information or steal data from the computer, which may help hackers steal money. According to Bossler & Belenblum (2019), the number of research concerning cyber theft has continued to grow over the years; most of the works in this area focuses on studying and exploring how cyber theft has continued to affect organizations in most parts of the world. The European Society of Criminology (ESC) reveals that cyber thefts have increased in the United States.
Psychological factors as contributors to cyber theft
Psychological factors such as an individual’s personality, mostly if they work in a low environment, may compel them to turn into cyber thieves. For instance, if someone is working in a bank and the atmosphere is not conducive, their pay does not equal the work, this may prompt them to hack the systems to steal money. Motivation is crucial in ensuring that people do not turn into hackers, especially those who work in such environments (Bossler & Belenblum, 2019). Therefore, cyber theft emanates from psychological factors such as personality and lack of proper motivation, so it is essential to ensure employees get treated relatively; otherwise, they may turn into thieves.
The research to determine how psychological factors may compel people to embrace cyber theft is growing. Bossler & Belenblum (2019) note that psychological factors, such as stress and burnout, can also lead to cyber theft. Research carried out by cyber theft scholars is considered a vital source of information for every country’s policy formulators. Governments should intervene by educating the vulnerable people on the need to stay vigilant; they should also implement laws to ensure cybercriminals get incarcerated to mitigate the levels of cyber thefts (Sarre et al., 2018). Lastly, there is exponential growth in cyber theft, scholars have embraced innovative methods, and their research is making significant impacts, especially in the United States of America.
Hacking
When the world continues to grow and become more sophisticated due to technology, the reason for hackers getting motivated to access people’s personal information and data also increases. According to Alsalim et al. (2017), a hacker is someone who illegally tampers with information in a computer system. Therefore, the definition of hacking is an attempt to exploit a private network or a computer system to achieve an illicit purpose. The common types of hacking are grey, black, and white hat hackers. Hacking leads to damage of digital data because hackers have skills in using computer software.
Hackers try to blackmail people and organizations using their information. Hackers will try to acquire specific information to help them threaten national security. Most politicians’ trust built with their audiences has been eroded by fake posts that originate from genuine account owners. Anonymous posts have been released on social media, propagating fake news that Russia interfered with the 2016 US elections, which resulted in economic and political tensions between the presidents of two nations; that is, Donald Trump and Vladimir Putin. (Alsalim et al. 2017), (Parsons, 2020). Therefore, people need to be vigilant to avoid falling into the traps of hackers. Further, Abass (2018) notes that research reveals technical disaster is a recipe for hacking. Besides. In 2011, the number of cybercriminals in the United States rose exponentially due to the lack of an appropriate firewall to prevent hacking.
Preventive Measure against Social Engineering
Social engineering can be curbed through various methods. However, it is vital to select the most effective solutions to enhance people’s information security. Non-governmental organizations are assisting to curb cyber theft. For instance, the (SDF) Secure Domain Foundation helps individuals and organizations expose, avoid, and arrest cyber criminals involved in hacking information by analyzing data to provide a secure connection to the internet users (Secure domain Foundation, 2020). According to Bendovschi (2015), Google has begun developing strategies that counter cyber-criminal activities. They have developed Project Zero to analyze vulnerability and codes from companies to create and enhance software that mitigates cyber-attack risks among internet users worldwide. Therefore, the shortcomings that emanate from social engineering are manageable when stringent countermeasures are employed.
Use of Passwords
A strong password is one that both human beings and computers cannot easily detect because it has complex characters that include a combination of words, symbols, and letters, making it difficult for social engineers to access. Salahdine & Kaabouch (2019) argue that a strong password must have eight characters or more; that is, it must be long enough. For instance, instead of using “Password1” as the password, instead, use a strong one like “Inerduytr@1”. Using a strong password is because most hackers exploit the systems quickly. Strong passwords are crucial to preventing cyber theft; they need to log in first for someone to access the computer. It is also vital to ensure the password remains a secret that means no one should know your password. After all, criminals guess the password.
Therefore, a strong password is recommended. Research has revealed that approximately 1.5 billion people worldwide get scammed every year due to a lack of strong passwords, giving cybercriminals easy access to people’s accounts starting in 2015 (Salahdine & Kaabouch, 2019). Federal Bureau of Investigation (FBI) shows that 60% of financial institutions in the United States faces fraud cases from social engineers due to inadequate knowledge of the risk factors; this has increased cybercrimes rates (Norris et al., 2019). The high speed of hackings emanates from creating weak passwords, enabling cybercriminals to have an opportunity to hack.
Use of Antivirus
An antivirus protects a computer from hacks, spam attacks, viruses, and other related threats. A virus is a program designed by cybercriminals and enters the computer system; it spreads and replicates, affecting computer performance, equivalent to a human body virus. The antivirus enables the computer to counter any virus attacks. It is vital to install an antivirus on the computer because it cannot get eliminated in its absence. Antiviruses are developed by social engineers to illegally steal or hack the computer system to acquire information (Bendovschi, 2015). Researchers argue that it is crucial to verify the security systems to ensure that the antivirus is operating to protect the computer from malicious hackers (Safarkhanlou et al., 2015). Research conducted by Safarkhanlou et al. (2015) note that antivirus applications such as Kaspersky and Avira are essential in curbing virus infection in computers. These applications are used by approximately 20 billion people all over the world. Therefore, to avoid malicious attacks from cyber thieves, every individual or organization needs to install antivirus applications on their computers.
Why Passwords and Antiviruses are not a Solution
People use similar passwords in almost all the online platforms, making it easy for the attackers to access because one disclosure will mean losing all personal information. Numerous online users do not change default passwords; this implies that attackers can quickly access personal data through these passwords. More so, default passwords are freely accessible from all available manuals; additionally, they are pretty simple to figure. Passwords are regularly shared among employees who work in standard organizations (Salahdine & Kaabouch, 2019).
Social engineers use a perpetual scope of strategies. They use persuading messages on the websites to approach individuals to share their usernames to compromise their antivirus security. Most attacks are not virus-based, which makes antiviruses impractical in curbing such attacks. (Safarkhanlou et al., 2015). Antiviruses fail to offer individuals full protection from social engineer’s attacks.
The password cracking system has advanced the use of similar passwords for a long time makes it easy for hackers to gees the passwords. Secret key breaking instruments are getting great at speculating passwords due to technological advancement. The innovative advances inside this zone go super quick – it is merely a question of time before passwords are viewed as substantial to getting access. Individuals regularly utilize too weak passwords (Salahdine & Kaabouch, 2019). This can even make it workable for individuals to figure the secret word without the guide.
Antiviruses are effortlessly taken through social designing. A shockingly level of individuals share their login data. Passwords are sent over unstable websites, for instance, the use of an unprotected network, which makes it simple to get the passwords sent through the same means. Associations’ secret word information bases get hacked substantially more frequently, and employees do not figure it out. Much of the time, the programmer assault never gets detected, or it takes a long to be noted. It implies that the programmers can utilize the passwords and get the targeted information (Salahdine & Kaabouch, 2019).
Biometric authentication
Biometric authentication is a security cycle that depends on a person’s exceptional organic characteristics to check their real identity. Generally, a Biometric authenticator compares the data or the stored information with the captured dater, to affirm the user’s credibility. The biometric verification is used to administer both physical and software fraud, for instance, buildings, houses, organizations, rooms, and computer registers (Malathi & Jeberson, 2016).
Biometric authenticators are used by most secret services, for example, the military, to ensure security because it is hard to fake individual biological traits. More so, acknowledging biometric confirmation has been contributed by its convincing character: it is hard to lose data because Thumbprints made on earth seals cannot be used to open or access data on behalf of the owner. A current biometric confirmation has been improved by precise with the appearance of electronic information bases and digitizing all the pieces of information (Malathi & Jeberson, 2016).
Types of biometric authenticators
The retina is the first type of biometric authenticators; it produces a picture of a person’s inner vein of the eye using light. Iris examiners are used to identifying users by distinguishing the shape of the pupil of the user’s eye. Finger scanning is a computerized adaptation that uses the ideology of ink-and-paper printings, looks at the users’ identity by checking the human finger’s branches. Finger vein ID: it uses the vascular in a person’s body to detect the user, for example, in a person’s finger. Facial acknowledgment: it is a framework that works with codes known as face prints that distinguish nodal found in the user’s face. Voice recognizable depends on the qualities of the sound made from the state of the speaker’s mouth and throat (Malathi & Jeberson, 2016).
Why use biometric authenticators
· It has High security and assurance. Biometric ensures a high level of confidence; it uses the rightful person by verifying non-duplicable aspects of a person, for example, DNA. A security breach faces other data protection methods because they are readily available or obtained by funders (Malathi & Jeberson, 2016).
· The biometric authenticators make it hard for fraudsters to circumnavigate. Additionally, modern authenticators depend on non-error characters like robots, hard to bribe or pass through if you are not an authorized person. (Malathi & Jeberson, 2016).
· Biometric authenticators are convenient and fast. Malathi & Jeberson (2016) note that the Use biometric authenticators are easy and quick, for instance, placing a finger on the sensor and looking at the scanning device. S More so, forgetting the passwords is a forgone because the primary password is in you, and you have not necessarily remembered it.
· They are Non-transferable. Biometric verification requires its information is available upon approval. You can’t move or share a physical biometric carefully – the best way to use most biometric confirmation frameworks is with an actual application
Creating Awareness to Employees
Biometric authentication protects the employer’s and employees’ information from social engineers. It is vital because it distinguishes real employees from fake ones; the technology gives a person the true identity by storing personal information such as palm print, which uses the palm to verify an individual, making it easy to detect the hackers (Kloppenburg & van der Ploeg, 2018). Since 2008 research has shown that society has become digital, 80% of people use digital technology, thus, increasing the number of cyber-crimes because most users are vulnerable due to inadequate security systems like weak passwords (Kloppenburg & van der Ploeg, 2018).
The employers should educate the employees to ignore unspecified links sent to them and avoid malicious emails from hackers; they should report such to the organization’s relevant authorities. Employers should install biometric authentication to mitigate the challenge of cyber theft (Malathi & Jeberson, 2016). The topic is vital because it raises awareness among the employees to embrace biometric authentication to avoid getting hacked.
The technology of biometric authentication security plays a vital role in securing businesses and other large organizations and learning institutions. The Security curbs theft because it includes the iris scanning cameras mounted on walls; they pick unique eye patterns, scan, and store the data to distinguish individuals at the workplace, thus curbing cybercrime (Malathi & Jeberson, 2016). As the world embraces biometric authentication, security posits numerous challenges to people’s health and could lead to cancer due to radioactivity. According to Malathi & Jeberson (2016), biometric authentication is harmful to people due to radioactivity. The study notes that those who work in large organizations where biometric technology is used are at a higher risk of contracting cancer due to radioactivity.
Summary
In summary, biometric technology evaluates people’s biological features. It is essential in protecting data from social engineers. Social engineering is the act of manipulating people to acquire sensitive information. Social engineers develop attacks and techniques that allow them to penetrate well-protected environments, thus compromising user’s data integrity and confidentiality; the damages caused by social engineers most of the time remain untraceable. Most organizations have developed techniques to curb the everlasting cases of hackings due to cyber-attacks. An example of a method is through biometric authentication, which is a process that secures people’s data from cybercriminals; this form of security matches the features of an individual to verify who they are as a way of securing their personal information. The paper has discussed how it has resulted in cyber insecurity in the US. An Individual’s personality could compel people to become social engineers.
The technology of biometric authentication security plays a vital role in securing businesses and other large organizations and learning institutions. Preventing social engineering requires strong passwords, antiviruses, and awareness for employees to embrace biometric authentication technology. Biometric authenticators are fast and convenient. The reason why passwords are not a solution is because, people use. The study noted that use of antivirus and strong password are essential in securing computers from malicious attacks from the cyber theft. It can also can be used to raise awareness among employees working in various organizations
References
Abass, I. A. M (2018). Social Engineering Threat and defense: A Literature Survey. Journal of Information Security. 9, 257-264. https://doi.org/10.4236/jis.2018.94018.
Alsalom, M., Alsalim, A, M., Al-Madhagi., & Shahen, S, M. (2017). Information Security Threats: Computer Hacking. International Journal of Advanced Research. Vol 5(1), pp. 349-356. http://dx.doi.org/10.21474/IJAR01/2753.
Aldawood & Skinner. (, 2019). Reviewing Cyber Security Social Engineering Training and Awareness Programs—Pitfalls and Ongoing issues. Future Internet. 11(73), pp. 1-17. http://doi:10.3390/fi11030073.
Bossler, A, M., & Beremblum, T. (2019). Introduction: New directions in cybercrime Research. Journal of Crime and Justice. Vol 42, 5, pp.495-499. https://doi.org/10.1080/0735648X.2019.1692426.
Bendovschi, A. (2015. Cyber-Attacks – Trends, Patterns, and Security Countermeasures. Procedia Economics and Finance. Vol 28, pp. 24-31. https://doi.org/10.1016/S2212-5671(15)01077-1.
Fianyi, I., & Zia, T. (2016). Biometric Technology Solutions to Counter Today’s Terrorism. International Journal of Cyber Warfare and Terrorism. 6(4). 28-40. https://www.researchgate.net/publication/309818563_Biometric_Technology_Solutions_to_Countering_Today’s_Terrorism.
Kumar, A., Chaudhary, M., & Kumar, N. (2015). Social Engineering Threats and Awareness: A Survey. European Journal of Advances in Engineering and Technology, 2(11), 15–19. http://www.ejaet.com/PDF/2-11/EJAET-2-11-15-19 .
Kyeremeh, K., Bright, B., & Mutilda, A. (2019). A Sty into the Social Engineering Risk and Its Effects in the Public Institutions. Electronic Journal. Vol 1, pp. 1-28. https://www.researchgate.net/publication/333981453.
Kloppenburg, S., & van der Ploeg, I. (2018). Securing Identities: Biometric Technologies and the Enactment of Human Bodily Differences. Science as Culture, 1–20. https://doi.org/10.1080/09505431.2018.1519534.
Malathi, R., & Jeberson, R. (2016). An Integrated Approach of Physical Biometric Authentication System. Procedia Computer science. Vol 85, pp. 820-826. https://doi.org/10.1016/j.procs.2016.05.271.
Norris, G., Brookes, A., & Dowell, D. (2019). The Psychology of Internet Fraud Victimisation: a Systematic Review. Journal of Police and Criminal Psychology, 34(3), 231–245. https://doi.org/10.1007/s11896-019-09334-5.
Parsons, D. (2020.). The Impact of Fake News on Company Value: Evidence from The Impact of Fake News on Company Value: Evidence from Tesla and Galena Biopharma Tesla and Galena Biopharma. Retrieved April 25, 2020, from https://trace.tennessee.edu/cgi/viewcontent.cgi?article=3363&context=utk_chanhonoproj.
Safarkanlou, A., Souri, A., Norouzi, M., Hassan, S., & Sadroud, H. (2015). Formalizing and Verification of an Antivirus Protection Service using Model Checking. Procedia Computer Science. Vol 57, pp. 1324-1331. https://doi.org/10.1016/j.procs.2015.07.443.
Salahdine, F., & Kaaabouch, N. (2019). Social Engineering Attacks: A survey. Future Internet. Vol 11(89), pp. 1-17. https://doi.org/10.3390/fi11040089.
Sarre, R., Lau, L. Y.-C., & Chang, L. Y. C. (2018). Responding to cybercrime: current trends. Police Practice and Research, 19(6), 515–518. https://doi.org/10.1080/15614263.2018.1507888.
Williams, E. J., & Joinson, A. N. (2020). Developing a measure of information seeking about phishing. Journal of Cybersecurity, 6(1). https://doi.org/10.1093/cybsec/tyaa001.
The Secure Domain Foundation (2020). Empowering the Internet Community’s Fight Against Cybercrime. Securedomain.org. Retrieved November 16, 2020, from https://securedomain.org/.