Management rp

Topic: cyber laws and cyber security challenges

Abstract

Introduction

Every year, more people are using digital technology. Many organisations are keen to discover
methods to incorporate new innovations such as big data, cloud computing, and artificial intelligence
into their business procedures (European Central Bank 2018). Despite the security risks that these
technological developments may pose, this occurs.

As a result, coordinating the integration of new digital technologies into various contexts has
become a critical component of efficient international security management. Meta-level techniques,
on the other hand, struggle to reach effective levels of change. While organization-wide
deployments of new rules and security features may drive change, they are frequently greeted with
strong opposition, and workers who are subjected to these new processes frequently devise
workarounds that undercut desired practises. It is necessary to concentrate on a higher level of
integration, one that analyses everyday job tasks in their context and has a thorough knowledge of
how new technology necessitates new abilities and alters workflow understandings.

The goal of this research is to rethink our approach to integrating digital technology into (cyber)
security activities. We propose that efficient integration of new digital technologies necessitates
more localised understandings, which may lead to a better understanding of how to undertake
security change management, by transitioning to a practise theory approach.

To understand it in better manner, we look at how trainers might operate as mediators in the
healthcare sector, assisting in the acceptance and adaptation of new cybersecure practises. We
believe that shifting to a practice-based approach is a more successful way forward to solve security
management concerns, based on interviews with trainers who are actively involved in delivering this
sort of change management.
Cyber security laws

Research objective

The goal of this review was to identify key cybersecurity challenges, solutions adopted by the health sector, and
areas in need of improvement to combat recent increases in cyberattacks (e.g., phishing campaigns and
ransomware attacks), which have been used by attackers to exploit vulnerabilities in technology and people
introduced through changes in working practises in response to COVID-19.

Research question

Is Indian health care sectors are secured from cyber-attacks?

Is the cyber security management done in health care sector enough?

Is there need to adopt new strategies?

Research rationality

At the start of the worldwide COVID-19 pandemic (early 2020), there were many cyberattacks in the
health sector. We chose well-documented cyberattacks for which complete information, including
fundamental causes and repercussions, was accessible. The most important findings are listed
below.

Methodology

To meet out the objective of the study, secondary data is utilized. The method which has been
used here includes several stages namely; Identification, Investigation, Interpretation, and
Integration. Identification involves sorting the sources for research and we sorted all the
authenticated and reliable sources for extracting data i.e. the research identified and extracted
our data from several speeches and interviews of some statements of renounced researchers.
Then research has investigated this data and tried to analyze what all, research should have to
include. The next step was interpretation, and this was the most important step in bridging the
blurry connecting lines between our thoughts and the raw data available. With Endeavour, the
research tried to infer some historical incidences of operations and connected them with
managerial skills, with this effort research interpreted their incidents dreing covid-19 as the
important teachings for shaping our management and leadership skills and the last step
involved the integration of all the analysis and inferences sothat it could be compiled it into a
single format which will facilitate readers.

Analysis

Cybersecurity in Healthcare

We focus on cybersecurity in the healthcare domain to see how a practise theory approach to
digital technology adoption might help us understand change management in security
situations. Water services, electrical production, security services, and public health are
among the vital infrastructures that are becoming increasingly vulnerable. are exposed to
rising digitization of their services, which they actively work towards (Caragliu et al. 2011).
Ever more technologies with internet connections and  wireless communication are being
introduced (Ayala 2016).
While these technologies open up new possibilities for efficient and effective usage, they do
so at the expense of security. The healthcare industry has become an appealing target for
people with malevolent intent as a result of rising digitalization and interconnection of
healthcare devices (Coventry and Branley 2018).
The spread of medical data via medical devices is at the heart of this issue. Coventry and
Branley 2018, pointed out that medical data is more valuable than credit card information.
While credit card (information) theft is typically recognised and reported fast, allowing banks
to act fast and stop the affected credit cards, patient data theft is not always recognised as
soon.
This allows fraudsters to sell or exploit the information to get healthcare services or drugs, as
well as create fictitious insurance claims. With the rise of healthcare technology and gadgets
tied to digital infrastructures riddled with flaws, cybersecurity is becoming more crucial than
ever.
and is increasingly seen as a source of patient distrust and safety (Coventry and Branley 2018).
Cybersecurity, on the other hand, is a nebulous term. There is currently no commonly acknowledged
theoretical definition of cybersecurity, nor is there a consensus on how to best use cybersecurity in
reality (Von Solms and Van Niekerk 2013). While this may come as no surprise, This debate is
evident in other areas of security and security in general (Baldwin 1997), and it becomes evident that
the lack of a coordinated strategy to strengthening cybersecurity leaves many potential vulnerabilities
exposed. This is especially important now as the type of deliberate cyber-attacks has evolved in recent
years. Cyberattacks began as minor annoyances, such as website defacement or patient data theft.
Despite the fact that these assaults already have severe repercussions, there is a tendency toward more
malevolent or ubiquitous assaults (Ayala 2016), as the WannaCry ransomware assault in May 2017
demonstrated. The NHS in the UK was attacked. Due to a lack of access to critical systems and
patient information, numerous NHS facilities were forced to suspend services and cancel procedures.
Although this assault was reportedly not directed at the NHS and no patient data was stolen, it raises
serious questions about what will happen if cybercriminals initiate coordinated operations on
healthcare organisations.
Following are some of the cybersecurity trainers' experiences, expertise, and work as they define their
work with healthcare professionals in accordance with the components of practise theory. These
trainers confront considerable challenges in building a "culture of security" within a setting primarily
focused on delivering care, given security and safety issues within the sphere of healthcare.
We look at how new organisational routines and thinking are established and presented in order to
avoid cybersecurity threats. Their challenges, including both their accomplishments and failures,
provide for a more comprehensive empirical knowledge of (cyber)security in practise, and it is this
concept that we emphasise in our study.
Medical advancements have resulted in the introduction of a large number of novel materials
(technology), which have raised new security problems. This necessitates workers learning new skills,
working with new materials, and protecting patient information. On the surface, it may appear that the
meaning of healthcare practises (patient care) has remained same.
However, as we've seen, the materials and competency factors elicit new emotions, redefine context-
specific objectives, and shift patient treatment goals. As a result, a holistic strategy that incorporates
"meaning" fosters a more secure approach to working in the healthcare industry.

Trainers as Practice Mediators

Cybersecurity instructors are on the front edge of integrating new digital technologies with security in mind.
They actively engage with healthcare organisations to alter organisational behaviour and routines to more
cybersecure practises, working as intermediaries between technology, people, and healthcare environments to
establish and enhance interactions within a security-focused framework.

For trainers, the introduction of new digital technology in the workplace necessitates a shift in trainees'
knowledge, abilities, and actions, at least to some amount, in order to provide a cybersecure working
environment. In this scenario, their job requires making sense of things that don't make sense. Cybersecurity
training is a broad phrase that encompasses a wide range of healthcare facilities with varying focus, needs, and
technologies.

While the job descriptions and affiliations of these trainers to the healthcare organisation may vary, one of the
most consistent characteristics among these many sorts of profiles is that training is frequently only a tiny
portion of their tasks. Typically, most trainers focused on a single topic (i.e. security awareness, security
technology, privacy issues).

Trainers perform what they do because they aim to facilitate and create change inside a company toward a more
successful security-oriented culture, according to these conversations. This change mediation function, we
believe, is based on a method in which their own engagements with materials, skills, and meanings are passed
down to their trainees.
We may build more successful tactics for deploying and integrating new digital technologies into security
contexts by studying these actions using this practise theory approach.

4.1 Material Potentials and Challenges

Despite the fact that most cybersecurity concerns are focused on digital activities, trainers stressed the need of
more physical material factors in making meaningful adjustments toward more cybersecure activities. They use
more imaginative strategies to provide knowledge to their learners when it comes to training.

This includes, among other things, online learning programmes, serious games, and escape rooms, which have
grown increasingly popular in training programmes. Each of them creates a more immersive experience of
cybersecurity information transmission, whether in a physical or digital setting.

An unique and creative training approach, on the other hand, was not considered a goal in and of itself. In most
circumstances, trainers prefer to have at least a portion of a training programme in which they are physically
present. Even when new technologies are addressed, they are not generally utilised in the field, rendering those
experiences ineffective.

This materiality difficulty for cybersecurity trainers—specifically, hands-on interactions with new technologies
by healthcare workers—additionally contributes to an insecure and unreliable set of security practises.
Experiences with new technologies or physical forms of security alerts, of course, are meant to raise trainees'
levels of competence. While materialities are an important part of improving security procedures, they also
necessitate knowledge levels that are critical to trainer planning and activities.

Knowledge Transition Strategies

Most trainers working in the field of healthcare cybersecurity specialise on one area and engage their students in
that area only. They do, however, frequently have in-depth knowledge in topics important to their employment.
Most trainers working in the field of healthcare cybersecurity specialise on one area and engage their students in
that area only. They do, however, frequently have in-depth knowledge in topics important to their employment.

A technological security specialist, for example, who is well-versed in privacy laws and legal structures, may
also have knowledge on how to affect human behaviour.

This multifaceted approach provides some synergies with trainees, but most of our respondents also mentioned
that they were conscious of their own limits. Healthcare cybersecurity training programmes aim to raise
awareness and abilities among healthcare personnel who are typically ignorant of the threats or do not recognise
the value of cybersecurity practises in their profession.

However, a significant portion of the healthcare workforce lacks digital literacy and digital abilities in general.
Daphne's competency problem is less about cybersecurity and more about technology in general. As more
digital health equipment and software become available in healthcare settings, more healthcare personnel will be
required to be able to interact with them. Many of these gadgets and apps are connected by default, raising the
chances of external threats as well as internal faults or hazards manifesting themselves in daily operations.
While the necessity for information security and cybersecurity is not new in healthcare, the processes around
them have evolved. It is unsurprising that strengthening trainee abilities is a vital component of a trainer's job,
but merely providing them with this knowledge is never adequate. Trainers must effectively modify how their
learners perceive the meaning of cybersecurity activities for successful cybersecurity practises to begin to
emerge.

Motivational Transmission Processes

While most encounters to security management, including cybersecurity in healthcare, concentrate on providing
sufficient tools or structures (materials) as well as the necessary skills and knowledge (competencies) for new
security practices, there is a lack of an effective focus on changing perceptions about the significance and
motivations (meaning) for new security practices. The cybersecurity trainers we spoke with were all enthusiastic
and even passionate about their employment. They had an innate desire to keep current with innovations in their
area, as well as a strong desire to teach and encourage their current and future trainees. Frank went on to say
that, in his experience, individuals who are more involved and enthusiastic about cybersecurity concerns are
more effective than those who are not.

Some trainers mentioned that they love educating healthcare professionals about a topic that is both relevant and
vital to their industry, but yet not generally discussed or considered by healthcare employees.

Tim, who is a system architect and

trainer in Central Europe, highlighted how he sought to engage his trainees

the active engagement of training participants makes

their work more enjoyable and that they gain a lot from the feedback they get from
training audiences and clients.

The subject of cybersecurity may elicit a wide range of feelings in trainees, some of which are pleasant, but the
majority of which are unfavourable. These feelings might be linked to trainees' disinterest in the subject, their
aversion to working with technology rather than humans, or even their anxieties of making a mistake. the
significance of contextualising security—understanding why certain security procedures are so vital.

Putting cybersecurity and data security in the context of the patients' concerns were a crucial motivator for
healthcare workers to adopt these safe practises. While not the major focus, trainers emphasise the need of
cybersecurity and information security in providing effective care.
1.

2.

Conclusion

We have attempted to convey some idea of how the trainers strive to implement change towards more
cybersecure behaviours within various organisational contexts by very briefly discussing their experiences in
accordance with a practise theory approach.

An examination of security management based on practise theory focuses on how everyday routines and
activities develop, with a particular focus on materials, competences, and meaning. This is a more
comprehensive approach to security management that goes beyond most existing assessments, especially those
that rely on a dichotomous separation of technology and humans.

We wish to emphasise three crucial concerns, even if this conceptualization of security management has to be
further examined in different settings outside our superficial account of cybersecurity trainer practises. First and
foremost, security experts—in our instance, cybersecurity trainers—play an essential role in mediation. When
linking all three aspects to adapt or establish new security-focused behaviours, this mediating function is most
successful. As latest digital technologies are introduced and new capabilities are taught, the function of meaning
in particular requires attention. Without this, there will be a lot of resistance and workarounds that go against the
original security aims. Second, and related to this, this analysis only touched on the emotional side of security
worries, particularly when it comes to new technology. New practises will always elicit an emotional response,
sometimes as a result of the subject matter, sometimes as a result of a lack of digital abilities, and sometimes as
a result of prior unpleasant experiences. Before any meaningful change in security practise can take place,
security management must consider these dimensions of "meaning." Finally, a comprehensive approach to
practise can aid in the creation of a healthy ‘security culture.' This method both contradicts and supports
cybersecurity research that suggest that a high majority of problems in organisations may be traced back to the
actions and behaviour of employees (Thomson et al. 2006). According to a practise theory perspective, these
situations include more than just the human aspect.

https://www.researchgate.net/publication/343531072_A_Practice-
Based_Approach_to_Security_Management_Materials_Meaning_and_Competence_for_Trainers_of
_Healthcare_Cybersecurity

Recommendation

Limitations of The Research

• Due to confidentiality, the required information was unavailable.
• The time for research was limited. So, it limits the analysis of more data related to the
topic.
• The resources of the research were limited.
• The information was provided, was inconsistent.
• Lake of experience in research.
• Only secondary data is used in the research, which limits its rationality.
• In the covid-19 situation, it was hard to take the required guidance for research.

Health Care Cybersecurity Challenges and Solutions

Under the
Climate of COVID-19: Scoping Review
Ying He1, PhD; Aliyu Aliyu2, MSc; Mark Evans2, PhD; Cunjin Luo3,4, PhD