LATEST DEVELOPMENTS IN INFORMATION SECURITY CHALLENGES.
Several authors have listed the following as some of most recent challenges of information
security including;
Remote Workforce; where employees working from home and other places outside the
organizations perimeter pose frequent security issues for the organization [1, 2]. They may
accidentally provide cybercriminals access to their computers due to negligence, fatigue or
ignorance or even lose their devices. Mitigating this threat remains one of the biggest
challenges in information security [3-5]. An organization needs to define cloud-based security
controls and policies to protect the user's identity, device and the cloud.
Emerging 5G Applications [6-8]; various entities attempting to adopt 5G are ill-equipped to
evaluate and handle its dangers and this may have a huge impact on users' privacy and trust in
these entities. They need to identify the third-party attackers who continuously try to gain
illegal access to their systems.
Blockchain And Cryptocurrency; attack where attackers on blockchain-based systems employ
techniques such as phishing, social engineering, attacking data in transit and focusing on
coding errors [9-12]]. Blockchain-powered cybersecurity controls and standards are being
combined with other cutting-edge technologies like AI, IoT and ML to mitigate these threats.
IoT attacks; where attackers hijack IoT devices or platform to access sensitive data [13-16].
Attackers gain access to and inject malware on it and use it to access information belonging to
the firm. Mitigation solutions mostly rely on communication protection methods like
encryption.
Cloud Attacks; attacks target remote service providers using their cloud infrastructure [17] It
includes SaaS, IaaS, and PaaS service delivery paradigm attacks on service platforms [5].
Security awareness is one of the mitigating ways for cloud attacks.
Machine learning And AI Attacks; The rapid pace of advancement and adoption of AI and ML
technologies has created both optimism and uneasiness. While resulting in greater innovation in
various sectors as well as improvements to cybersecurity, AI has also led to innovation in
cybercrime [18]. The ML models could train themselves to achieve illicit or devious ends. Also,
the lack of clarity in how to ensure that AI technology-based systems are built, deployed,
monitored safely and ethically poses a major problem [19-22].
BYOD; personal devices are more likely to be used to breach business networks since they are
less secure and more likely to have security flaws than corporate devices [23], [24]. They also
stretch an organization’s boundaries [25], compromising its security controls and policies.
�Serverless Apps Vulnerabilities; serverless computing's event-driven nature and lack of
persistent states may create vulnerabilities in software development as local variables' values
don't hold true across instantiations [26]. This requires use of highly skilled information
security personell.
Mobile Malware; Attackers are focusing more on smartphones and tablets due to their wide
usage and pervasive nature.
Drone-Jacking; the new wave disturbing cyber experts [27, 28]. With many drones lacking
security features and toolkits for drone jacking available in the darkweb, it poses the next big
threat in information security and a challenge for researchers. The risks associated with drone-
jacking within the security sector range from the potential loss of highly confidential
surveillance footage to the destruction of property and even the loss of human lives. “Travel
in today’s volatile, politically charged global landscape is already fraught with multiple risks,
and the advent of drone technologically adds another dimension to the security risk mix.” [29,
30].
These security issues have pervaded all spheres of life; business, industry, academic and even
social. They have led to diminishing trust in online systems and devices, privacy and
accountability issues, thereby, threatening the core information security principles, CIA. The
challenges span through vehicular communications, healthcare industry, banking, manufacturing,
financial services, online retailing, law enforcement as a consequence, there is greater demand
for research into advanced techniques and protocols to secure information.
[1] Sarkar, K. R. (2010). Assessing insider threats to information security using technical,
behavioural and organisational measures. information security technical report, 15(3), 112-
133.
[2] Colwill, C. (2009). Human factors in information security: The insider threat–Who can
you trust these days?. Information security technical report, 14(4), 186-196.
[3] Tabrizchi, H., & Kuchaki Rafsanjani, M. (2020). A survey on security challenges in cloud
computing: issues, threats, and solutions. The journal of supercomputing, 76(12), 9493-9532.
�[4] Subashini, S., & Kavitha, V. (2011). A survey on security issues in service delivery
models of cloud computing. Journal of network and computer applications, 34(1), 1-11.
[5] Carroll, M., Van Der Merwe, A., & Kotze, P. (2011, August). Secure cloud computing:
Benefits, risks and controls. In 2011 Information Security for South Africa (pp. 1-9). IEEE.
[6] Fourati, H., Maaloul, R., & Chaari, L. (2021). A survey of 5G network systems:
challenges and machine learning approaches. International Journal of Machine Learning and
Cybernetics, 12, 385-431.
[7] Haider, N., Baig, M. Z., & Imran, M. (2020). Artificial Intelligence and Machine Learning
in 5G Network Security: Opportunities, advantages, and future research trends. arXiv preprint
arXiv:2007.04490.
[8] Chamola, V., Jolfaei, A., Chanana, V., Parashari, P., & Hassija, V. (2021). Information
security in the post quantum era for 5G and beyond networks: Threats to existing
cryptography, and post-quantum cryptography. Computer Communications, 176, 99-118.
[9] Sayeed, S., & Marco-Gisbert, H. (2018). On the effectiveness of blockchain against
cryptocurrency attacks. Proceedings of the UBICOMM.
[10] Ramos, S., Pianese, F., Leach, T., & Oliveras, E. (2021). A great disturbance in the
crypto: Understanding cryptocurrency returns under attacks. Blockchain: Research and
Applications, 2(3), 100021.
[11] Mehar, M. I., Shier, C. L., Giambattista, A., Gong, E., Fletcher, G., Sanayhie, R., ... &
Laskowski, M. (2019). Understanding a revolutionary and flawed grand experiment in
blockchain: the DAO attack. Journal of Cases on Information Technology (JCIT), 21(1), 19-
32.
[12] Averin, A., & Averina, O. (2019, October). Review of blockchain technology
vulnerabilities and blockchain-system attacks. In 2019 International Multi-Conference on
Industrial Engineering and Modern Technologies (FarEastCon) (pp. 1-6). IEEE.
�[13]Abomhara, M., & Køien, G. M. (2015). Cyber security and the internet of things:
vulnerabilities, threats, intruders and attacks. Journal of Cyber Security and Mobility, 65-88.
[14] Tejasvi Alladi, Vinay Chamola, Biplab Sikdar and Kim-Kwang Raymond Choo. 2022.
Consumer IoT: Security Vulnerability Case Studies and Solutions.
https://www.ece.nus.edu.sg/stfpage/bsikdar/papers/net_mag_20.pdf
[15] Y. Seralathan et al., "IoT security vulnerability: A case study of a Web camera," 2018 20th
International Conference on Advanced Communication Technology (ICACT), Chuncheon,
Korea (South), 2018, pp. 172-177, doi: 10.23919/ICACT.2018.8323686.
[16] Herzberg, B., Bekerman, D., & Zeifman, I. (2016). Breaking down mirai: An IoT DDoS
botnet analysis. Incapsula Blog, Bots and DDoS, Security.
[17] Bhadauria, R., & Sanyal, S. (2012). Survey on security issues in cloud computing and
associated mitigation techniques. arXiv preprint arXiv:1204.0764.
[18] Hayward, K. J., & Maas, M. M. (2021). Artificial intelligence and crime: A primer for
criminologists. Crime, Media, Culture, 17(2), 209-233.
[19] O'Sullivan, S., Nevejans, N., Allen, C., Blyth, A., Leonard, S., Pagallo, U., ... & Ashrafian,
H. (2019). Legal, regulatory, and ethical frameworks for development of standards in artificial
intelligence (AI) and autonomous robotic surgery. The international journal of medical robotics
and computer assisted surgery, 15(1), e1968.
[20] Rainie, L., Anderson, J., & Vogels, E. (2021). Experts doubt ethical AI design will be
broadly adopted as the norm within the next decade. Pew Research Center.
[21] Patel, H. (2023). The Future of Cybersecurity with Artificial Intelligence (AI) and Machine
Learning (ML).
[22] Broussard, M. (2018). Artificial unintelligence: How computers misunderstand the world.
mit Press.
[23] Aguboshim, F. C., & Udobi, J. I. (2019). Security issues with mobile IT: A narrative review
of Bring Your Own Device (BYOD). Information Technology (IT), 8(1).
[24] Downer, K., & Bhattacharya, M. (2022, February). BYOD security: A study of human
dimensions. In Informatics (Vol. 9, No. 1, p. 16). MDPI.
[25] Morrow, B. (2012). BYOD security challenges: control and protect your most sensitive
data. Network Security, 2012(12), 5-8.
�[26] Mondal, S. K., Pan, R., Kabir, H. D., Tian, T., & Dai, H. N. (2022). Kubernetes in IT
administration and serverless computing: An empirical study and research challenges. The
Journal of Supercomputing, 1-51.
[27] Westerlund, O., & Asif, R. (2019, February). Drone hacking with raspberry-pi 3 and wifi
pineapple: Security and privacy threats for the internet-of-things. In 2019 1st International
Conference on Unmanned Vehicle Systems-Oman (UVS) (pp. 1-10). IEEE.
[28] Yaacoub, J. P., Noura, H., Salman, O., & Chehab, A. (2020). Security analysis of drones
systems: Attacks, limitations, and recommendations. Internet of Things, 11, 100218.
[29] Schulzke, M. (2017). The morality of drone warfare and the politics of regulation. London,
England: Palgrave macmillan.
[30] Brundage, M., Avin, S., Clark, J., Toner, H., Eckersley, P., Garfinkel, B., ... & Amodei, D.
(2018). The malicious use of artificial intelligence: Forecasting, prevention, and mitigation.
arXiv preprint arXiv:1802.07228.
