How Do Organizations Seek Cyber Assurance? Investigations on the Adoption of the Common Criteria and Beyond

Self Cite

The increasing sophistication of malware threats has led to growing concerns in the antimalware community, as malware poses a significant danger to online users despite the availability of numerous defense solutions. This study aims to comprehensively review malware evolution and current attack trends to identify effective defense mechanisms. It reviews the most recent journal articles, conference proceedings, reports, and online resources published during the last five years. We extensively review the malware landscape from 1970 to the present and analyze malware types, operational mechanisms, attack vectors, and vulnerabilities. Furthermore, we explore different defensive strategies developed in response to these evolving threats. Our findings highlight the increasing sophistication of malware attack trends, including a surge in cryptojacking, attacks on mobile devices, Internet of Things devices, ransomware, advanced persistent threats, supply chain attacks, fileless malware, cloud-based attacks, exploitation of remote employees, and attack trends on edge networks. Defense strategies have also evolved in parallel, emphasizing multilayered security measures to counter these dynamic threats. This study highlights the critical need for robust, multilayered security measures to combat dynamic malware. Despite these advancements, some open challenges and significant research gaps remain, which require further innovation. This review serves as a valuable guide for cybersecurity professionals by identifying the key trends, challenges, limitations, and future cybersecurity research opportunities.INDEX TERMS Malware evolution, malware attack trends, defense mechanisms, malware detection, machine learning, deep learning. D. INCREASED NUMBER OF TARGETED RANSOMWARE ATTACKSRecent malware trends have highlighted increased targeted ransomware attacks, in which hackers access a network or system, encrypt data, and demand a ransom to restore access. This increase in ransomware attacks is driven by several factors, including potential financial gains, easy operation, the rise of ransomware-as-a-service platforms, and the popularity of cryptocurrencies like Bitcoin [97]. Ransomware attacks are wide-ranging, targeting everything from desktops and mobile devices and increasingly involving IoT devices.

Section: ) Assessingmentioning

confidence: 99%

A Review of State-of-the-Art Malware Attack Trends and Defense Mechanisms

Ferdous,

Islam,

Mahboubi

et al. 2023

Self Cite

“…[10], [11], [12], [16], [17]. In this regard one research identifies barriers to adopting cybersecurity [19], using a survey of 258 organizations.…”

Section: 2-factors That May Determine the Adoption Of Cybersecurity P...mentioning

confidence: 99%

“…On the other hand, there are works oriented to explore a set of techniques or tools through simulation or cases [13], [14], [14], [14], [18]. In this sense, the works that use sustainability reports [10], surveys of organizations [19], and literature review plus cases to generate a diagnosis [17] stand out.…”

Section: 2-factors That May Determine the Adoption Of Cybersecurity P...mentioning

confidence: 99%

See 1 more Smart Citation

Adoption of Cybersecurity in the Chilean Manufacturing Sector: A First Analytical Proposal

Gatica-Neira,

Galdames-Sepulveda,

Ramos-Maldonado

2023

This paper focuses on adopting cybersecurity procedures in Chilean manufacturing companies in the context of the Fourth Industrial Revolution's data-driven demands, which have exposed vulnerabilities in cybersecurity. This analysis is based on data from the Fifth Longitudinal Survey of Companies -ELE 5conducted by the National Institute of Statistics. Using the TOE adoption model, we employ binary and ordered Logit and Probit models with data from 574 companies and 17 explanatory variables. The objective is to gain insight into the factors influencing the adoption of cybersecurity processes, complementing the existing literature, which often focuses on developing specific technologies or conducting comprehensive analyses of digital transformation. The study highlights the significance of company size in explaining the adoption of cybersecurity procedures and reveals the relevance of explanatory variables as the depth of adoption increases. The findings underscore the need for public policies that facilitate the implementation of existing regulations, such as ISO 27.001, particularly for small companies. Additionally, the study emphasizes the importance of fostering a "culture of cybersecurity" across different sectors of society.

“…Trust is the crucial factor for the successful introduction of new products, including Information and Communications Technology (ICT) [2]. With a trusted and secure computing environment, ICT systems and products will consistently behave in expected ways and protect the users against different security threats [3]. Those behaviors are usually enforced by hardware, software, and the security function of the products.…”

Section: Introductionmentioning

confidence: 99%

On the Development of a Protection Profile Module for Encryption Key Management Components

Sun

Chan

et al. 2023

Self Cite

The ability of a cryptographic system to protect information from attacks depends on many factors, including the secrecy of the encryption key. A crucial aspect of any cryptosystem is how it manages the encryption keys. Encryption Key Management (EKM) spans the entire life cycle of the key, including the key's generation, usage, distribution, renewal, and destruction. Given the security sensitivity, it is desirable to adopt a widely accepted standard when developing an encryption key management system. Through rigorous development of security requirements and following standardized validation, evaluation, and certification, the consumers' confidence in the security of the EKM system will be enhanced. The Protection Profile (PP), defined in the Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC), specifies the security functional and assurance requirements for a specific technology. In this work, we propose a PP Module that is the new evolution of the PP covering trusted security features for EKM, which is based on its compliance with the Network Device collaborative Protection Profile (NDcPP). In particular, by analyzing threats and vulnerabilities of EKM systems, corresponding security objectives and requirements are proposed in the PP, along with the specification of evaluation activities. The quantum-safe aspect of key distribution protocols is further investigated to support EKM products with quantum-resistant algorithms and quantum key distribution features. In addition to presenting the development methodology and implementation process for the PP Module of EKM, we distill lessons learned from developing and validating the PP Module to inspire future research efforts on defining security requirements with the CC.