ArticlePDF Available

UNDERSTANDING CYBERSECURITY CHALLENGES OF TELECOMMUTING AND VIDEO CONFERENCING APPLICATIONS IN THE COVID-19 PANDEMIC

Authors:
Kenneth Okereafor at National Health Insurance Authority (NHIA), NIGERIA
Kenneth Okereafor
  • National Health Insurance Authority (NHIA), NIGERIA
Philip Manny at Agora Nexus / Alliance Media Group
Philip Manny
  • Agora Nexus / Alliance Media Group
Mustafa Shuaieb Sabri at Harrisburg University
Mustafa Shuaieb Sabri
  • Harrisburg University
Download full-text PDF
Read full-text
Download citation

Abstract

As a result of restrictions in mass gathering and imposition of social distancing to curtail the spread of COVID-19, there is an unprecedented adoption of telecommuting and video conferencing as innovative technological alternatives for remote work and office administration, colloquially referred to as teleworking, mobile working, home working or "work from home (WFH)". The combination of telecommuting and video conferencing comes with the benefits of reduced overhead, increased productivity and minimal risks of exposure to infectious diseases including the COVID-19 which is spread through human clusters. Unfortunately, the popularity of telecommuting and video conferencing applications has also opened up potential avenues for cyber-attacks and other hostile hacking incidents that target porous networks and unsafe systems and applications, thereby raising serious ethical, cyber security and privacy concerns. This paper examines a comprehensive overview of cyber security issues related to telecommuting and video conferencing applications including their vulnerabilities, threats, and impacts.
Content uploaded by Mustafa Shuaieb Sabri
Author content
All content in this area was uploaded by Mustafa Shuaieb Sabri on Sep 23, 2021
Content may be subject to copyright.
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
UNDERSTANDING CYBERSECURITY CHALLENGES OF TELECOMMUTING
AND VIDEO CONFERENCING APPLICATIONS IN THE COVID-19 PANDEMIC
Kenneth Okereafor, PhD
Deputy General Manager - Database Security,
Department of Information and Communications Technology,
National Health Insurance Scheme (NHIS) Abuja, NIGERIA.
nitelken@yahoo.com
Phil Manny
Founder & Director Agora Nexus
Director West Africa Alliance Media Group.
phil.manny@agoranexus.com / phil@alliances.global
ABSTRACT
As a result of restrictions in mass gathering and imposition of social distancing to curtail the
spread of COVID-19, there is an unprecedented adoption of telecommuting and video
conferencing as innovative technological alternatives for remote work and office
administration, colloquially referred to as teleworking, mobile working, home working or
“work from home (WFH)”. The combination of telecommuting and video conferencing comes
with the benefits of reduced overhead, increased productivity and minimal risks of exposure
to infectious diseases including the COVID-19 which is spread through human clusters.
Unfortunately, the popularity of telecommuting and video conferencing applications has also
opened up potential avenues for cyber-attacks and other hostile hacking incidents that target
porous networks and unsafe systems and applications, thereby raising serious ethical, cyber
security and privacy concerns. This paper examines a comprehensive overview of cyber
security issues related to telecommuting and video conferencing applications including their
vulnerabilities, threats, and impacts.
Keywords: COVID-19, cyber-attack, cybercrime, cyber security, remote work,
telecommuting, teleworking, WFH.
1.0 INTRODUCTION
Having spread to all corners of the globe, the infectious coronavirus disease (COVID-19) has
influenced a global restriction on social congregation of all types including the traditional
workplace. With this reality, millions of businesses have been forced to contend with the
option of managing a completely remote workforce with the aid of telecommuting and related
technologies. COVID-19 and the mass shift to WFH has provided a digital rocket and a huge
cultural shift operationally for every organization across the global. Many technology
vendors have already adjusted relevant portions of their product and service offerings to
reflect the booming global adoption of WFH. Similarly, organizations across all sectors are
implementing remote work policies for their employees, in accordance with this trend.
13
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
Technology giants Microsoft, Facebook, Amazon, Twitter, Google, and many others have
updated guidelines for their employees to work remotely and balance productivity. At the
same time, they are focusing attention on fine-tuning potential connectivity flaws previously
existing on their products and services.
The cyber security risks arising from inherent vulnerabilities in remote technologies are not
particularly new, but as the social distancing policies of the pandemic compel employees to
work more from home and as people seek new ways to stay connected, malicious hackers
around the world are also taking advantage of the widespread changes in the workforce
attitude and the increase in online activities, to launch large-scale phishing attacks, phone
scams and other computer-based exploits against these vulnerabilities. Successful cyber-
attacks lead to data loss, reputation damage and technology apathy; and potentially
undermine the efforts to contain the spread of COVID-19. In this paper, the first of two
series, we examine issues arising from working from home including cyber security risk
factors, technological apathies, and impacts of cyber-attacks.
The rest of the paper is structured as follows: Section 2 discusses the basic components of
telecommuting and video conferencing applications. Section 3 examines the challenges of
remote work and reviews their cyber security implications. Section 4 focuses on the business
and technical impacts of WFH-based cyber-attacks. Section 5 concludes the paper with
summary remarks.
2.0 COMPONENTS OF TELECOMMUTING AND VIDEO CONFERENCING
Telecommuting also called teleworking is the technology-assisted practice of working
remotely or from home by the combined use of internet-connected communication systems,
email facilities, the telephone, and other online digital applications. It is the application of
computer software and high-speed telecommunication systems to implement workplace-
related communications remotely. The video conferencing component is a variation of
remote real-time video interaction where participants cluster in a fixed location as opposed to
individual participation in traditional teleworking. However, an innovative integration of a
video conferencing session as a representative of singular teleworking participant is possible
where the segmentation of large participants from different geographic locations is required.
Video conferencing solutions can be used for two-way live communication with limited
possibilities of interaction with the audiences. Application areas include virtual meetings,
online training, technical support, webinar sessions, business conferences, chats rooms,
messaging and file sharing, as well as multiparty internet telephony communications.
The current wave of telecommuting has been triggered by the demands of the COVID-19
pandemic and can therefore be referred to as episodic or situational as it is not a scheduled
type of routine telecommuting, but one that has been necessitated by an emergency situation.
As a result, each vital component of telecommuting presents a unique security challenge [1]
that must either be mitigated or closely monitored to minimize the chances of its
14
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
circumvention by malicious hackers and internet fraudsters. The components of
telecommuting are reviewed below.
2.1 High Speed Data Networks
Fast networks provide the channel through which remote communication links are established
and maintained throughout a telecommuting session. They provide the platform for good
connectivity required for the systems to retain good quality audio, video, text, and image.
Anything that affects the quality and easy accessibility of the data network, could impact on
the output, and could potentially diminish the system’s integrity and cyber security rating.
Available connectivity options include fiber, radio, Wi-Fi connections, mobile networks, etc.
The ability of the network component to maintain the confidentiality, integrity and
availability of data being transmitted across the session, provides a fair assessment of the
overall security of the service, and is usually a basic for technological evaluation.
2.2 Cloud Services
Cloud services are essential for hosting the platform for telecommuting to strive. Cloud
services [2] are virtual computing resources (data storage and computing power), made
available to users by cloud computing providers on demand via the internet without direct
active management by the user. While it is attractive to take advantages of cloud computing,
the security aspects in a cloud-based computing environment remain at the core of interest [3]
[4].
For the purpose of supporting the remote work, cloud services include the application
software, visual presentation utility, web-based plug-ins, dedicated web portals, instant
messaging, voice over internet protocol (VOIP), and other complementing programmers. E.g.
shared documents programmers such as file storage and synchronization services Google
Drive and Microsoft One Drive, web-based document management application Google
Docs, and file hosting service Drop Box, all operate under the cloud software as a service
(SaaS) model.
2.3 Terminals
Terminals are the end-user connecting devices through which communications and exchange
are initiated, received, or controlled from in both telecommuting and video conferencing
applications. They include smartphones, laptops, tablets, desktop computers, alongside their
peripherals: webcams, monitors, speakers, earpieces, styluses, etc. The functionality of these
terminals at any point in time during an established session contributes to the security status
and to how safe the transmitted data eventually becomes.
2.4 Security and Protective Utilities
There is a huge list of protective systems that all together add up to provide protection at various
stages of a telecommuting session. In addition to protecting the terminals and complementing the
cloud services, they also ensure the safety of the medium through interoperability with systems
from multiple vendors. Security tools also provide encryption of on-going communications to
prevent or minimize the risk of eavesdropping on confidential
15
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
information. They also provide quality of service balancing, monitoring and alert
mechanisms. E.g. endpoint protections, as well as utility protocols such as virtual private
network (VPN) and voice over internet protocol (VoIP).
2.5 Telecommuting Applications
Many telecommuting applications exist from multiple vendors in various forms, serving
audiences from diverse backgrounds. Zoom, Cisco WebEx, Slack, Citrix, Skype, and
Microsoft Team are among the numerous telecommuting Apps available today. Although the
underlying concept remains the same across all applications, the technology implementations
and specific features defer from vendor to vendor. E.g. Zoom’s waiting room feature
performs similar functions as Microsoft Team’s lobby, providing a temporary screening
facility to allow the meeting organizer to carry out due diligence on each potential participant
prior to granting admittance.
3.0 CHALLENGES OF TELECOMMUTING AND VIDEO CONFERENCING
Challenges are viewed from three broad but interwoven perspectives, namely technological
apathies, cybersecurity risk factors and philosophy of cyberattacks on WFH platforms.
3.1 Technological apathies and cultural issues
3.1.1 Employee perspective of technology
From an employee standpoint, there are so many areas of challenge to consider including: the
role of the individual in the organization, the assigned level of access to company assets, the
operational competence and psychological balance to work alone, IT security awareness, the
convenience of the remote environment, as well as technology reliability.
As most organizations transition from traditional architecture to cloud and internet based,
many are compelling their staff to sign WFH policy documents as a code of conduct.
However, with the increase in phishing emails of over 300% since lockdown, the long-term
psychological stress associated with such compulsion needs to be addressed, especially as
activity surveillance and productivity monitoring are becoming a norm. In general, the overall
WFH cultural changes encompass the technological apathies.
3.1.2 Geography related apathies
The technology reliability in the specific geographic location of the remote workers is an
important challenging factor in examining convenience in the shift to WFH, cloud and
internet-based architecture. E.g. remote workers in some technologically advanced parts of
the world have routine access to reliable 4G (soon to be 5G) unlimited mobile data as well as
up to 62MB fibre to the home (FTTH) internet service. These incentives make accessing,
downloading, or completing any cloud and internet-based work very easy, as opposed to less
developed regions of the world where there are issues of power supply, bandwidth, and
access to quality internet services.
16
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
3.1.3 Convenience of the working environment
A very important aspect of consideration for the remote worker is the working environment.
Many do not have the luxury of a dedicated home office or workspace away from distraction
from kids, visitors, and domestic chores. Furthermore, chances of data errors exist from
environmental distractions as people working from home get easily distracted by combining
work with domestic endeavors including laundry, personal emailing, private web browsing,
etc.
For most people, going to the office physically is a sanctuary which entails a 100% focus on
the job. Therefore, in looking at the remote environment, the psycho-emotional effects of
being isolated and not experiencing the pleasure of seeing and interacting with colleagues
deserves serious consideration.
3.1.4 Attitudinal adjustment conflict
Those who have been regularly working from a home office prior to the pandemic as an
integral part of work flexibility, and already conversant with using telecommuting
applications for remote connections and client interactions around the globe, are most likely
to adjust faster to the current COVID-19 induced WFH shift than others. For such people, the
current shift is less of a change. However, those whom it is new to are more likely to
experience a transitory period of adjustment during which initial resistance and conflict are
expected, in addition to some level of isolation and loneliness.
3.2 Cyber security Risk Factors
A number of direct and indirect factors account for the cyber security incidents on WFH
systems, and they present burning issues which organizations have to contend with while
employees work from outside of a traditional office environment. By design, remote
communication systems such as telecommuting and video conferencing applications are
bandwidth intensive. This means that they rely heavily on the quantity and quality of
connectivity to sustain communications sessions. It also means that anything that affects the
stability or quality of the connectivity among the participants could degrade the outcome or
lead to total failure, respectively.
Despite their numerous benefits, telecommuting and video conferencing systems have
inherent vulnerabilities which cybercriminals and internet spammers take advantage off to
perpetrate attacks.
3.2.1 Insecure networks
Poor network conditions and inadequate bandwidth are two major network-related issues
with remote video technology. Up to the early 2000s, the legacy internet telephony systems
were characterized by high latency, jitters, and echoes on Sipura, Media ring, Delta3,
Net2phone and other early VOIP platforms [5]. With progressive research by the Internet
Engineering Task Force (IETF), the Institute of Electrical and Electronic Engineers (IEEE)
and vendor markets, contemporary solutions have surmounted these initial hiccups.
17
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
An unsafe network, especially one comprising of an unregulated, unprotected, or unencrypted
channel is a major weakness which can be taken advantage of by malicious hackers to launch
cyber-attacks and diminish the quality of the session or disrupt the session entirely. The
porosity of an insecure network is easily spotted by the malicious hacker during pre-attack
vulnerability scanning while searching for exploitable loopholes. Loopholes in an insecure
network can include unencrypted channels, factory default device access credentials, weak
authentication protocols, outdated devices drivers, unpatched software, and obsolete
operating systems.
3.2.2 Capacity gap with ignorant employees
Ignorance of basic cybersecurity requirements for online engagement particularly for remote
collaboration is an indication of corporate capacity gap. An ignorant employee constitutes a
major risk to the security of telecommuting as a remote work tool. E.g. early signs of
ignorance begin to manifest when virtual meeting notices and login ID for a teleworking
session are announced on social networks, making it difficult to monitor and verify the
identity of potential participants.
3.2.3 Data security ethical issues
The inability of corporate organizations, employees, and participants in a teleworking session
to adhere to online etiquettes regarding sharable information on open networks can become a
serious privacy concern that challenges the safety and confidentiality of sensitive data. This
also includes how individuals are able to manage their connecting terminals before, during
and after each telecommuting session.
3.2.4 Unsafe terminals
An unsafe terminal is one with an underlying security issue or having a poorly protected
operating condition capable of affecting the confidentiality, integrity, or availability of the
data it processes or of the system it is meant to support. The presence and use of an insecure
terminal in a telecommuting session particularly one running on obsolete software or housing
an unpatched utility poses a danger to the safe operation of the session. Such insecure
terminal presents loopholes which cybercriminals are able to exploit to attack the remote
work session either by introducing a disruptive bug or by intercepting the transmitted data
and listening in on confidential communication, both of which could potentially result in
privacy invasion.
3.2.5 Insider collusion
One of the corporate threats very difficult to manage, and one that is very rampant among
organizations, is the conspiracy of direct involvement of an employee in initiating, aiding, or
facilitating a cybercrime by deliberately providing an intruder access to a yet-to-be-mitigated
loophole on the system. Collusion in telecommuting occurs when two or more legitimate
participating employees release meeting IDs or other connection credentials to non-members
for malicious intent, or when identified errors are deliberately overlooked to the advantage of
the intruder.
18
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
3.2.6 Social engineering
Teleworking platforms are very vulnerable to social engineering attacks due to the
weaknesses in humans which are mostly taken advantage of by cybercriminals. Social
engineering methods use psychological tricks to create deception [6], which in turn makes
people to perform actions that could divulge personal and corporate confidential information
[7] rather innocently. It is a psychological exploitation which scammers use to skillfully
manipulate humans and carry out emotional attacks on innocent people [8], such as on
telecommuting and video conferencing platforms.
On a WFH session, a scammer assumes a name that matches a legitimate participant’s
identity and gains access to the session where he can remain passive throughout the episode.
The ability of the attacker to remain passive and extract confidential information constantly
from the session compromises the confidentiality of the entire system. In an extreme case, the
attacker may choose to become active by disrupting the session through posting of derogatory
comments and offensive images which may lead to an outright discontinuation of the session.
Such disruptions have ethical and reputational connotations, and could be very scandalous.
3.2.7 Distraction errors
The distraction of mixing WFH and domestic affairs increases the risks that the remote
worker can inadvertently introduce malware links into the company’s computer network
thereby exposing employers and colleagues to various degrees of cyber-attacks, where over
90% of which are delivered by email related services. Many remote workers are likely to fall
victim to distraction errors including wrong entries and delayed responses, given the
currently disrupted management communications occasioned by the COVID-19 lockdown.
3.3 Cyber-attacks on WFH platforms
3.3.1 Man-in-the-middle attack
In the man-in-the-middle (MiM) attack, the attacker, using special hacking tools, intercepts a
telecommuting communication channel and eavesdrops on on-going conversation. The
purpose of this attack can be passive or active. A passive man-in-the-middle attack simply
intercepts the conversation, and records or merely listen in without disruption. Such passive
attacks only have impact on the data confidentiality as the attacker can capture confidential
picture, record secret data or access sensitive documents being transmitted along the
communications channel. An active MiM attack on the other hand seizes data between two
nodes [9], causes actual disruption and modification [10] or alters part of the intercepted data
such that its content, quality, and integrity are compromised. Advanced forms of MiM attack
can also completely delete data from the channel, or cause delayed delivery of data
exchanged over the virtual meeting session.
MiM attack is possible on any unencrypted or poorly secured cloud based remote work
application, whether WebEx, Zoom, Microsoft Team, or others. The concept of zoom
bombing is a MiM attack specifically targeted at gaining unauthorized access, wherein the
19
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
adversary inserts his clandestine identity into the session, and listen in, gathers corporate
sensitive information that can potentially be used for espionage or other cybercrimes.
Vulnerability in the zoon app is the potential for people to take advantage of the publicly
announced session logon and join the meeting and in the middle of the conversation begin to
post inappropriate content or use other forms of offensive attack such as cyber bullying to
disrupt the session.
3.3.2 DDoS attack
With a distributed denial of service (DDoS), the attacker’s target is to disrupt the entire
teleconferencing session by deliberately overloading the system with so much unnecessary
traffic that it overwhelms its capacity to cope, thereby leading to a malfunction, a breakdown
or incessant bouts of reboots. A DDoS impacts negatively on system performance and can
potentially lead to participants’ frustration.
4.0 IMPACTS OF CYBERATTACKS ON WFH APPLICATIONS
The consequences of successful breaches and cyber-attacks [1] on WFH applications could
have an overbearing impact on work quality and turnaround time but could also impose
privacy implications.
4.1 Identity theft
Sensitive data being transmitted across unsafe telecommunication channels and poorly
protected telecommuting terminals can be intercepted by internet fraudsters and used for
fraudulent bank transactions, gain unauthorized assess, activate ransom advantage, or be
simply modified for use in future cyber criminalities. Depending on the nature and sensitivity
of the stolen corporate data, loss of trade secrets can threaten the survivability of the
organization. In the healthcare sector, loss or unauthorized modification of patient’s medical
records can lead to misdiagnosis and fatalities both which have long term reputational
consequences.
4.2 Privacy issues
Data leaks are rampant among insecure telecommuting systems due to poor access control
mechanisms to detect, prevent of proactively respond to cyber security breaches. The
resulting privacy breaches have a long-term negative effect on the reputation of the
organization and could trigger costly litigations, operational disruption, or overall ripple
effect on operational sustenance.
4.3 Accessibility issues
With slow networks, remote working could become a nightmare affecting the prompt
availability of data at the point of need. Delayed access to data could impose life-threatening
impacts on organizations that rely on the timeliness of data access for services such as
banking transactions, emergency healthcare, aviation control, and crime forensics.
5.0 CONCLUSION
20
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
Work from home (WFH) provides an opportunity to sustain corporate productivity when
physical gathering is risky or prohibited such as the COVID-19 pandemic. WFH would be
impossible without the fantastic telecommuting technologies available today as an enabler of
mobility, allowing colleagues to communicate and collaborate in real-time from different
geographic locations. At the same time, the gains of working from home tend to be
contending with the risks of exposure to cyber threats and malicious hackers who capitalize
on unsafe networks and insecure systems to circumvent the remote communication
experience. This paper has examined the cyber security, ethical and technological loopholes
in remote working. It also identified their impacts on the employer’s data as well as the
employee’s online safety.
The second paper, and concluding part of this two-part series titled “Solving the Cyber
security Challenges of Telecommuting and Videoconferencing Applications in the COVID-19
Pandemic”, proposes cyber security mitigation actions that can be applied both now and in
the post COVID-19 era to make WFH, virtual meetings, webinars, and teleconferences safer
alternatives to direct communications in times of mobility restrictions.
Caveat
The conclusions and views expressed in this paper are the authors’ personal opinions, and do
not necessarily represent the opinions of any organization(s) to which they are affiliated.
Names of specific vendors, manufacturers, products, services, or institutions wherever
mentioned or implied in this paper are for illustrative, educational, and informational
purposes only. Implicit or expressed mention of such names of specific vendors,
manufacturers, products, services, or institutions does not suggest authors’ preference,
endorsement or recommendation of the vendors, manufacturers, products, services, or
institutions so mentioned. Similarly, non-mention of specific vendors, manufacturers,
products, services, or institutions does not suggest authors’ disapproval or apathy against
such vendors, manufacturers, products, services, or institutions.
ABOUT THE AUTHORS
Kenneth Okereafor is a United Nations trained Cyber security expert, and Deputy General
Manager at the National Health Insurance Scheme (NHIS) Nigeria, where he oversees
Database Security and Health Informatics. With a PhD in Cyber security & Biometrics from
Azteca University Mexico, he has accumulated over two decades of professional ICT
experience, and has acquired special skills in applying Cyber Threat Intelligence &
Mitigation Technologies to detect, prevent and respond to Cyberattacks in industry,
21
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
government, and academia. Kenneth is a member of the International Organization for
Standardization’s Technical Committee on Health Informatics (ISO-TC-215), and he
currently chairs ISO’s Security and Privacy Working Group-4 in Nigeria, developing and
adopting Cybersecurity standards for Nigeria’s digital health ecosystem. He has research
interests in, and publications on, Global Cybersecurity Operations, Incident Response, Multi-
biometrics, Electronic Health Security, Computer Forensics, and Digital Identities; and may
be reached at nitelken@yahoo.com.
Phil Manny is the Founder & Director of Agora Nexus (www.agoranexus.com), and
Regional Director, West Africa of Alliance Media Group (www.alliances.global). He is an
Economics graduate of Cardiff University UK, Business School, and has spent the last 12
years running B2B C-level events and programmes across the globe with a focus on Sub-
Saharan Africa. With experience across multiple sectors including O&G, IT, Power, and
Shipping, Phil prides himself on understanding and learning of cultural and regional diversity
in business.
REFERENCES
[1] K. Okereafor and R. Djehaiche, “A Review of Application Challenges of Digital
Forensics,” International Journal of Simulation Systems Science and Technology, vol.
21, no. 2, pp. 35.1 - 35.7, 2020.
[2] Ishaq Azhar Mohammed. (2019). A SYSTEMATIC LITERATURE MAPPING ON
SECURE IDENTITY MANAGEMENT USING BLOCKCHAIN TECHNOLOGY.
International Journal of Innovations in Engineering Research and Technology, 6(5), 86
91. Retrieved from https://repo.ijiert.org/index.php/ijiert/article/view/2798
[3] Sally Adam, “Coronavirus and remote working: what you need to know,” Sophos, 12
March 2020. [Online]. Available: https://news.sophos.com/en-
us/2020/03/12/coronavirus-and-remote-working-what-you-need-to-
know/?id=0013000001JH0eX. [Accessed 31 May 2020].
[3] M. Ahmed and M. A. Hossain, “CLOUD COMPUTING AND SECURITY ISSUES IN
THE CLOUD,” International Journal of Network Security & Its Applications (IJNSA),
vol. 6, no. 1, pp. 25-36, 2014.
[4] Hibatullah Alzahrani, “A Brief Survey of Cloud Computing,” Global Journal of
Computer Science and Technology: B Cloud and Distributed, vol. 16, no. 3, pp. 10-16,
2016.
22
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
International Journal in IT & Engineering (IJITE)
Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493
Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com
Double-Blind Peer Reviewed Refereed Open Access International Journal
[5] Ishaq Azhar Mohammed, "RISK-BASED ACCESS CONTROL MODEL: A
SYSTEMATIC LITERATURE REVIEW", International Journal of Creative Research
Thoughts (IJCRT), ISSN:2320-2882, Volume.7, Issue 2, pp.794-797, May 2019,
Available at :http://www.ijcrt.org/papers/IJCRT1134133.pdf
[6] Y. Fayyaz, D. M. KHAN and F. FAYYAZ, “The Evaluation of Voice-over Internet
Protocol (VoIP) by means of Trixbox,” International Journal of Natural and
Engineering Sciences, vol. 10, no. 3, pp. 33-41, 2016.
[7] K. Okereafor and O. Adebola, “Tackling the Cybersecurity Impacts of the Coronavirus
Outbreak as a Challenge to Internet Safety,” International Journal in IT and Engineering
(IJITE), vol. 8, no. 2, pp. 1-14, 2020.
[8] M. Choudhary, A. Kumar and N. Kumar, “Social Engineering in Social Networking
Sites: A Survey,” International Journal of Engineering Research & Management
Technology (IJERMT), vol. 3, no. 1, pp. 123 - 129, 2016.
[9] Ishaq Azhar Mohammed, "Artificial Intelligence for Caregivers of Persons with
Alzheimer’s Disease and Related Dementias: Systematic Literature Review",
International Journal of Emerging Technologies and Innovative Research (www.jetir.org
| UGC and issn Approved), ISSN:2349-5162, Vol.6, Issue 1, page no. pp741-744,
January-2019, Available at : http://www.jetir.org/papers/JETIR1901E97.pdf
[10] B. Atkins and W. Huang, “A study of social engineering in online frauds,” Open Journal
of Social Sciences, vol. 1, no. 3, p. 23, 2013.
[11] B. Celiktas and M. S. TOK, “MAN IN THE MIDDLE (MITM) ATTACK DETECTION
TOOL DESIGN,” INTERNATIONAL JOURNAL OF ENGINEERING SCIENCES &
RESEARCH TECHNOLOGY, vol. 7, no. 8, pp. 90-99, 2018.
[12] G. Hao and G. Tao, “Principle of and Protection of Man-in-the-middle Attack Based on
ARP Spoofing,” Journal of Information Processing Systems, vol. 5, no. 3, pp. 131-134,
2009.
[13] John Emmitt, “Top 10 Cybersecurity Threats in 2020,” Kaseya Company, 15 April 2020.
[Online]. Available: https://www.kaseya.com/blog/2020/04/15/top-10-cybersecurity-
threats-in-2020/. [Accessed 21 May 2020].
[14] Ishaq Azhar Mohammed. (2019). CLOUD IDENTITY AND ACCESS MANAGEMENT
A MODEL PROPOSAL. International Journal of Innovations in Engineering Research
and Technology, 6(10), 18. Retrieved from
https://repo.ijiert.org/index.php/ijiert/article/view/2781
[15] Eoin Carroll, “Transitioning to a Mass Remote Workforce We Must Verify Before
Trusting,” McAfee, 7 April 2020. [Online]. Available:
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/transitioning-to-a-mass-remote-
workforce-we-must-verify-before-trusting/. [Accessed 17 May 2020].
23
International Journal in IT and Engineering
http://ijmr.net.in, Email: irjmss@gmail.com
... The COVID-19 pandemic has rapidly changed the landscape of certain professions and motivated many industries to adopt the concept of remote work [1,2]; even after the COVID-19 restrictions were removed, the usage of virtual meeting technologies such as Voice over Internet Protocol (VoIP) has become the new norm for several organizations after understanding its efficiency in day-to-day work as an alternative to physical meetings. This change in the work environment applies to the private and the government sectors and exposes critical information or infrastructure to a greater surface of attack [3][4][5]. This increased surface results from connecting the internal organization assets to a public domain, such as the Internet, or creating new connections between different organizations required for remote work. ...
... The audio and video services rely on "rich" communication protocols such as UDP and TCP [1,2], which allows for a substantial attack surface from the ability to traverse between NAT and Firewalls using punch holes, stenographic methods, or creating covert communication channels. Manifesting cyber-attacks on VoIP and VC systems allows the attacker to spread malware inside the attacked domain or leak sensitive data, which is a key challenge in connecting different organizations to the same communication medium [4]. One of the reasons for the increased vulnerability of organizations to cyber-attacks on VoIP and VC systems is that the communication service used for voice or video channels is established by their client systems inside the organizational defense parameter in a way that is regarded as safe since a user authentication method was used to verify its creation. ...
Detecting Parallel Covert Data Transmission Channels in Video Conferencing Using Machine Learning
Article
Full-text available
  • Feb 2023
Covert communication channels are a concept in which a policy-breaking method is used in order to covertly transmit data from inside an organization to an external or accessible point. VoIP and Video systems are exposed to such attacks on different layers, such as the underlying real-time transport protocol (RTP) which uses Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) packet streams to punch a hole through Network address translation (NAT). This paper presents different innovative attack methods utilizing covert communication and RTP channels to spread malware or to create a data leak channel between different organizations. The demonstrated attacks are based on a UDP punch hole created using Skype peer-to-peer video conferencing communication. The different attack methods were successfully able to transmit a small text file in an undetectable manner by observing the communication channel, and without causing interruption to the audio/video channels or creating a noticeable disturbance to the quality. While these attacks are hard to detect by the eye, we show that applying classical Machine Learning algorithms to detect these covert channels on statistical features sampled from the communication channel is effective for one type of attack.
View
... Other barriers for effective telehealth and technology usage involve security measures to protect patient's confidential data and internet access connections, especially when almost all sectors of life, such as education and businesses, will continue to rely on the same technology even more now (Okereafor and Manny, 2020). Nonetheless, some locations in the rural areas have no adequate access to the resources that enable telehealth technology to be carried out. ...
The Impact of COVID-19 on Palliative Care Services in a Tertiary Hospital in Brunei Darussalam
Article
Full-text available
  • Dec 2021
The wake of the novel coronavirus (COVID-19) pandemic had caused substantial disruptions to the usual delivery of healthcare services. This is because of restrictive orders that were put in place to curb the spread of the infection. Palliative care services in Brunei also face challenges to deliver effective services during this period. However, the impact of advanced illnesses on patients' health and end-of-life care are issues that cannot be planned, postponed or cancelled. Hence, the palliative care team needs to continue to deliver effective palliative care services. As Brunei faced its second pandemic wave in August 2021, crucial adaptations were made to ensure palliative care service was not disrupted. This reflective case study aims to discuss the adaptations made in providing palliative care during this era of disruptions.
View
... feasible [9,11,22,23]. However, the use of ICTs also present diverse threats and challenges [13], such as the use of private data [24] or cybersecurity issues [25]. Specifically, when referring to education, as shown in diverse research works, certain aspects of learning may become an issue, such as, wellbeing [26,27], motivation and interaction levels [19,28,29], readiness for digital learning [30], connectivity issues and hardware and software problems [22,[31][32][33], or privacy and security issues [34]. ...
Digital transformation in higher education: A qualitative evaluative study of a hybrid virtual format using a smart classroom system
Article
Full-text available
  • May 2023
This study presents the salient perceptions of students and instructors in a master's program taught in a hybrid virtual format using the pocket Bipolar Laddering tool, a written open-ended electronic data collection system. Perceptions about the hybrid virtual format were tested on the participants of a master's program taught in the 2021–2022 academic year through a hybrid virtual format based on a Smart Classroom system developed as part of the digital innovations implemented to overcome the COVID-19 pandemic restrictions. This work aims to shed light on the users' salient perceptions of the format, detect the positive elements mentioned by the surveyed participants and identify the negative items in a bid to minimize, or even revert, their effects for future editions of the master. As expected, the findings suggest that one of the main advantages of this format is that it allows students who have difficulty attending classes on campus to enroll on courses. However, the participants detected diverse elements that could be improved such as interaction, the degree of socialization, or the technical problems that arose during teaching sessions. It is hoped that these findings will be of use when adjusting new editions of the program and will help to determine the design and implementation of other hybrid virtual programs in the Institution.
View
... Prior work has documented many advantages of VC use in the workplace and elsewhere, including protecting employees' health from disease [42], reducing travel expenses and time [29], drawing international participants together from different locations [61], and allowing virtual teams to bond socially [21]. ...
"All of the White People Went First": How Video Conferencing Consolidates Control and Exacerbates Workplace Bias
Preprint
Full-text available
  • Dec 2022
Workplace bias creates negative psychological outcomes for employees, permeating the larger organization. Workplace meetings are frequent, making them a key context where bias may occur. Video conferencing (VC) is an increasingly common medium for workplace meetings; we therefore investigated how VC tools contribute to increasing or reducing bias in meetings. Through a semi-structured interview study with 22 professionals, we found that VC features push meeting leaders to exercise control over various meeting parameters, giving leaders an outsized role in affecting bias. We demonstrate this with respect to four core VC features -- user tiles, raise hand, text-based chat, and meeting recording -- and recommend employing at least one of two mechanisms for mitigating bias in VC meetings -- 1) transferring control from meeting leaders to technical systems or other attendees and 2) helping meeting leaders better exercise the control they do wield.
View
... Serangan siber yang dilakukan di antaranya: (i) social engineering yang menggunakan trik psikologi untuk melakukan penipuan; (ii) ISSN: 2620-777X Copyright ⓒ 2021 serangan man-in-the-middle (MiM) di mana penyusup memasuki layanan komunikasi virtual dan menguping pembicaraan yang berlangsung; (iii) serta serangan distributed-denial-of-service (DDoS) di mana penyerang mengganggu seluruh sesi telekonferensi dengan memberi traffic yang tidak perlu secara berlebihan. Serangan siber dapat mempengaruhi kualitas kinerja serta dapat menyebabkan permasalahan seperti pencurian identitas, isu privasi, dan isu aksesibilitas (Okereafor & Manny, 2020). ...
View
View
View
Pre, During, and Post Events, 3 Issues in Organizing Events : Safety, Security, and Hygiene Perspectives
Chapter
Full-text available
  • Nov 2022
Organizing an event includes various activities. Each of them should be preplanned with minute details. Within the limited parameters one should not forget the issues related to Safety, Security and Hygiene. Before event starts, planning must be done for adequate safety of the attendees, service providers and also of the organizing body. Norms related to fire, noise, ventilation, pollution, emergency exit system etc. should be followed without any compromise. Similarly, proper arrangement of Security is also equally important. Depending on the type of event, this should be planned with extra responsibilities. Incase VIPs are invited, this activity becomes extra sensitive. Hygiene is of utmost importance at all levels. There must be enough washroom facilities for all present in the event. When refreshments are served, food handlers should be extra cautious about hygiene, both at personal & community level. Responsibilities & activities related to Safety, Security and Hygiene continues even after the attendees leave the area and completes only when the organizers and service providers depart. All these activities should be pre-planned, executed till the end of the event. Sometimes post event activities are also required to address the social responsibilities.
View
A Systematic Literature Review: Limitation of Video Conference
Article
Full-text available
  • Sep 2022
The Covid-19 pandemic that has hit the world has resulted in limited human activities. Video conferencing is one solution for carrying out activities. Video conferencing helps people reduce the spread of Covid-19 and connects people. With video conferencing, people can meet without being limited by space and time. However, video conferencing still has various drawbacks, such as the inability to interact. Because we only see the video, the lack of technology due to video conferencing requires us to use technology such as computers or cell phones that a stable and fast internet network must support to ensure smooth video conferencing. In this paper, the researcher conducted a literature study to determine the limitations of video conferencing. The results show the various reasons for video conferencing restrictions. Some of these reasons are experienced by lecturers, students, or the lack of infrastructure. Students are challenged to improve their level of study due to the lack of technological support that supports only using video conferencing.
View
An Exploratory Study of Cybersecurity in Working from Home: Problem or Enabler?
Article
Full-text available
  • May 2022
This article explores the implications of a shift to working from home (WFH) in the context of the COVID-19 pandemic. The literature and news coverage of this topic focuses on rising concerns over cybersecurity. Based on in-depth exploratory interviews with cybersecurity experts, it is apparent that cybersecurity problems do arise, but the advances in cybersecurity have enabled this shift and the scaling up of WFH. This qualitative research suggests the need for survey research and selected case studies to gain a more empirically anchored perspective on the degree that cybersecurity has raised problems but also enabled WFH.
View
Artificial Intelligence for Caregivers of Persons with Alzheimer’s Disease and Related Dementias: Systematic Literature Review
Article
Full-text available
  • Jan 2019
Artificial Intelligence (AI) has a tremendous great potential to enhance the healthcare and quality of life of people with Alzheimer's disease and its associated dementias (ADRD). So far, there has been a dearth of comprehensive literature assessments of the impact of AI on ADRD care [1]. This paper is designed to explore and evaluate AI impacts and that offer knowledge to help ADRD caregivers manage ADRDs. Improving our perspective of Alzheimer's disease outside health care may be seen as being akin to physical and intellectual impairments, which affect every aspect of a human being's life. Using this perspective as a starting point, policies are required to ensure that individuals with dementia and their caregivers have access to equipment, services, and other resources that will help them live as independently as possible. This facilitates the establishment of direct technology, funding streams, the provision of maintenance and monitoring support, the provision of new digital technologies programs for people with the disease, scientific resources, the utilization of data analytics to predict patterns of need, and the proactive identification of people who are at risk [1]. A range of ethical concerns, such as privacy, identity management, access and use, liabilities, rights, obligations, and interactions (including data sharing), between private companies and legal authorities, also need to be resolved to support technology-friendly prevention and care measures.
View
TACKLING THE CYBERSECURITY IMPACTS OF THE CORONAVIRUS OUTBREAK AS A CHALLENGE TO INTERNET SAFETY
Article
Full-text available
  • Feb 2020
The world is currently ravaged by the novel coronavirus which has so far affected 82,410 persons in 50 countries with a death toll of 2,808 as at 27th February 2020, and code-named COVID-19 by the World Health Organization (WHO) on 11th February 2020. Research findings indicate that due to the contagious nature of the virus, there is so much anxiety over its spread and mode of infection. As the world awaits a possible cure or a remedy to curb the spread of COVID-19, every online information that makes direct or indirect reference to the word "coronavirus" tends to attract fast attention of internet users. As a result, cybercriminals are exploiting the fear and uncertainty surrounding the coronavirus outbreak to distribute malicious software with the motive of stealing confidential data, disrupting digital operations and making illicit ransom money from an outbreak that has been declared a global health emergency by the WHO. Does the coronavirus outbreak have any significant impact on user privacy and computer security? This paper reviews the cyber security effects of the coronavirus panic on digital systems and the cyberspace. The paper makes recommendations for safer internet usage and privacy protection in the face of rising coronavirus-related online scams.
View
The Evaluation of Voice-over Internet Protocol (VoIP) by means of Trixbox
Article
Full-text available
  • Dec 2016
In this research paper, we evaluate Voice-over Internet Protocol (VoIP) technology, implement and integrate VoIP with IP Private Branch Exchange (IP PBX), track the behavior of data and voice quality using different voice codec and provide the appropriate solutions to improve the quality and reduce the cost of the customer’s calls. The main issue is to identify the problematic areas when network is under attack. We introduce VoIP BOX which optimize the bandwidth, improve the reliability, scalability and security of customer’s calls. We also examine the attacks on VoIP PBX network and provide the appropriate solutions how to stop or minimize the internal and external attacks launched by Attacker. The introduced VoIP BOX which is integrated with VoIP PBX, achieves quality of service on low bandwidth, almost zero jitter and high security.
View
A Study of Social Engineering in Online Frauds
Article
Full-text available
  • Jan 2013
Social engineering is a psychological exploitation which scammers use to skillfully manipulate human weaknesses and carry out emotional attacks on innocent people. This study examined the contents of 100 phishing e-mails and 100 advance-fee-scam e-mails, and evaluated the persuasion techniques exploited by social engineers for their illegal gains. The analyses showed that alert and account verification were the two primary triggers used to raise the attention of phishing e-mail recipients. These phishing e-mails were typically followed by a threatening tone via urgency. In advance-fee e-mails, timing is a lesser concern; potential monetary gain is the main trigger. Business proposals and large unclaimed funds were the two most common incentives used to lure victims. The study revealed that social engineers use statements in positive and negative manners in combination with authoritative and urgent persuasions to influence innocent people on their decisions to respond. Since it is highly unlikely that online fraud will ever be completely eliminated, the most important strategy that can be directed to combat social engineering attacks is to educate the public on potential threats from perpetrators.
View
Cloud Computing and Security Issues in the Cloud
Article
Full-text available
  • Jan 2014
Cloud computing has formed the conceptual and infrastructural basis for tomorrow’s computing. The global computing infrastructure is rapidly moving towards cloud based architecture. While it is important to take advantages of could based computing by means of deploying it in diversified sectors, the security aspects in a cloud based computing environment remains at the core of interest. Cloud based services and service providers are being evolved which has resulted in a new business trend based on cloud technology. With the introduction of numerous cloud based services and geographically dispersed cloud service providers, sensitive information of different entities are normally stored in remote servers and locations with the possibilities of being exposed to unwanted parties in situations where the cloud servers storing those information are compromised. If security is not robust and consistent, the flexibility and advantages that cloud computing has to offer will have little credibility. This paper presents a review on the cloud computing concepts as well as security issues inherent within the context of cloud computing and cloud infrastructure.
View
A Review of Application Challenges of Digital Forensics
Article
  • May 2020
The growing preference of automation and digital transformation over semi manual operations in the corporate world has led to an exponential rise in the applications of computer technology, internet and web assets for everyday living, resulting in significant behavioural adjustments, particularly how humans communicate with each other and interact with the environment. Unfortunately, digital growth has also given rise to different forms of cyber criminalities in industry, government and academia. With many cyberattacks becoming more and more sophisticated, it is equally becoming increasingly difficult to trace cybersecurity breaches without first establishing an accurate mechanism for data collection and analysis offered by digital forensics. In the absence of reliable data analysis, the scope of digital forensic operations required to respond to modern cybersecurity breaches could become significantly challenging, costly and open-ended. This paper reviews the major challenges faced by organizations in performing effective digital forensic operations.
View
Principle of and Protection of Man-in-the-middle Attack Based on ARP Spoofing
Article
  • Sep 2009
Man-in-the-middle attack is used wildly as a method of attacking the network. To discover how this type of attack works, this paper describes a method of man-in-the-middle attack based on ARP spoofing, and proposes a method of preventing such attacks.
View
A SYSTEMATIC LITERATURE MAPPING ON SECURE IDENTITY MANAGEMENT USING BLOCKCHAIN TECHNOLOGY
  • Jan 2019
  • 86-91
Ishaq Azhar Mohammed. (2019). A SYSTEMATIC LITERATURE MAPPING ON SECURE IDENTITY MANAGEMENT USING BLOCKCHAIN TECHNOLOGY. International Journal of Innovations in Engineering Research and Technology, 6(5), 86-91. Retrieved from https://repo.ijiert.org/index.php/ijiert/article/view/2798
Coronavirus and remote working: what you need to know
  • Mar 2020
  • 31
  • Sally Adam
Sally Adam, "Coronavirus and remote working: what you need to know," Sophos, 12 March 2020. [Online]. Available: https://news.sophos.com/enus/2020/03/12/coronavirus-and-remote-working-what-you-need-toknow/?id=0013000001JH0eX. [Accessed 31 May 2020].
A Brief Survey of Cloud Computing
  • Jun 2016
  • 2321-1776
  • Hibatullah Alzahrani
Hibatullah Alzahrani, "A Brief Survey of Cloud Computing," Global Journal of Computer Science and Technology: B Cloud and Distributed, vol. 16, no. 3, pp. 10-16, 2016. 22 International Journal in IT and Engineering http://ijmr.net.in, Email: irjmss@gmail.com International Journal in IT & Engineering (IJITE) Volume 8 Issue 6, June 2020 ISSN: 2321-1776 Impact Factor: 6.493 Journal Homepage: http://ijmr.net.in, Email: irjmss@gmail.com Double-Blind Peer Reviewed Refereed Open Access International Journal