Professional Documents
Culture Documents
Lasya Muthyam Synthesis Paper 1
Lasya Muthyam Synthesis Paper 1
Lasya Muthyam
3/1/2022
Intern/Mentor G/T
Technology has shaped modern society into one that is accustomed to efficiency and
constant progress through the storing and sharing of information. The increased spread and
overall dependence on high-tech resources have given society the opportunity to continue to
develop itself in ways that were previously deemed impossible. However, with this facility
comes a dark side. As the number of cyber-attacks continues to exponentially increase, so does
the importance of cybersecurity and the demand for groundbreaking developments in the field.
Past solutions like IoT Devices and Cryptology have proven to only be useful in specific
situations and do not fully satisfy the measures needed to protect classified information.
Although, while moving into the next couple of years, professionals are turning towards a new
development that can be easily adapted and adjusted to fit the needs of different professional
sectors: Zero-Trust Architecture. With the newfound idea of sharing and storing data without
disclosing the properties of the information, will the world see an effective solution to the
alarming cyber-attacks? The goal of the research is to analyze the past and current flaws in the
existing tech infrastructure and evaluate the properties of Zero-Trust Architecture which allow it
to be a sufficient solution to the current cybersecurity crisis. Through the Mixed Methods data
collection consisting of interviews and meta-analysis, the paper will break down and identify the
past and current flaws in the existing tech infrastructure and evaluate the effectiveness of
adapting Zero-Trust Principles. The research will then combine the collected data to show a shift
in society’s direction when addressing cybersecurity and address the new guidelines for sharing
information. As a result, the research will also educate/inform people about the importance of
staying informed on cybersecurity trends, especially when being highly dependent on
technology.
Introduction
click away on a screen. However, with this facility comes a dark side. In today’s society, it is not
unusual to hear daily reports about cyberattacks on private and public sectors. Over the past
decade, we have experienced a startling rise in cyber-attacks, which often expose personal
information, affecting the safety and lives of many to varying degrees. Although considering the
progress we have made, we can not abandon technology and now can only ask one question:
As our community grows and more people gain access to technology, our systems are not
capable enough to ensure the security of every user. Therefore, while many technological
innovations have helped us access and store information efficiently, many remain with hardware
and software flaws. Classified information can oftentimes be secured if the user educates
themselves on trends in cybersecurity and practices safe browsing when using technology. This
may not completely prevent cyberattacks but will protect users against common threats. Learning
about concepts like zero-trust architecture and firewall protections will help users identify
possible threats and will allow them to continue using technology without being vulnerable to
attacks.
In response to the growing cyberattacks, this research paper will explain the different
hardware and software-based attacks that many fall vulnerable to. Following an introduction of
different cyberattacks, the paper will analyze basic trends in cybersecurity after comparing
government agencies to potential future developments that will better manage this problem.
1
Background
Over the past couple of decades, there has been a massive boom in the tech industry as
humans have started to rely more and more on technological innovations to assist in strenuous
tasks. Starting from the invention of computers, this trend started to drastically change how
society functions as more and more people started to have access to technology in their daily
lives. This new phenomenon has since spread to other, and more professional, sectors like the
economy, the government, hospitals, schools, etc, making our entire society run on the assistance
of computers and other devices. The immediate effects of this new resource were very beneficial
to society, the main effect being improved efficiency with difficult procedures due to technology
safely storing large sets of data. As computers and other devices started to develop along with
time, clients and users started to receive greater control over the devices they deal with. As the
Internet and technology become a tool that holds great importance to our society, some
individuals started to try to find ways of gaining illegal access to devices and get ahold of the
information stored. Starting from 1834, there have been relatively few cyberattacks until 2010.
With technology being a relatively new and inaccessible resource for the general public, the
majority of cyberattacks took place between nations or governments that were in a war. Although
since 2010, there has been a startling increase in the number of cyberattacks. With a low number
of only 15 cyberattacks happening from 2000 to 2010, the number of cyberattacks skyrocketed to
almost 1,500,000 attacks in the decade. Moving onto 2021, there was a greater number of
cyberattacks than in the previous decade as there were more than 1,600,000 cyberattacks.
Recently, in a study published by the University of Maryland, a hack happens every 39 seconds,
2
The most important concept to understand with security is that technology has two
components: hardware and software. Hardware consists of the physical components of any
device(CPU, motherboard, circuits, chips, etc), while software contains code and algorithms that
are programmed into a device and tell it how to function (Du et al., 2019). Despite there being a
stereotypical view of cybersecurity mainly dealing with bugs and threats in code, hardware
security plays a large role in keeping devices safe against attacks. The research paper will
explore the different types of attacks and solutions that people can employ to keep both their
Review of Literature
Software and hardware attacks are equally prevalent when discussing the topic of
cybersecurity. While targeting different sources and operations in a device, many users- both
large companies and common netizens- fall vulnerable to different attacks which range from
simple to high-scaled.
From the perspective of companies and enterprises that store large sets of data, it is
harder for cybercriminals to steal classified information through hardware as data is stored using
several large and protected devices. Practically, individual devices can not contain all of the
information, which prevents criminals from being able to use methods like phishing or planting
bugged chips/disks into a device to steal information efficiently. Hence, companies and large
enterprises are hacked through software breaches. While code-based hacks are common, a more
concerning and efficient method hackers have implemented over the past few decades is taking
advantage of the way the data is stored. In computer science, data is addressed, figuratively, as a
3
living entity that goes through various stages from the time it is created to the time it is deleted.
Formally known as the Data Life Management Cycle (DLM), data’s lifecycle allows information
to have different security needs, and carries a level of risk based on the properties the data
contains at a particular stage (Kumar, 2020). Of the six stages: create, store, use, release, archive,
and delete, data is at risk of being breached during every stage of its life except for deletion. This
is because in all of these stages, with the exception of the deletion stage, data is “in motion”, or
in other words, the data is either being replicated, shared, or edited (Ng, 2020). A common way
to visualize data in motion is to envision data literally moving in a passageway filled with other
pieces of information. In a busy passageway, it is hard for any individual or system to pay
tentative attention to any piece of data. This allows hackers to be able to easily manipulate bits of
data without being caught by any security features. As data is taken across various foreign
routes, it becomes even more vulnerable and can be completely stolen by hackers as there is less
protection against these attacks. Slowly, a hacker can be able to view all of the data a company
has stored, resulting in the infamous large-scale attacks we hear about in the news from time to
time.
Moving onto hacks that usually affect common users, it is easier for hackers to target
personal computers and devices through small-scaled hardware attacks like phishing. Phishing is
a cybercrime in which scammers try to lure sensitive information or data from individuals, by
text, email, or even call where the scammers disguise themselves as a large agency like a bank or
a health care company. By disguising themselves and sending out “important information” about
possible changes in the agency, cybercriminals lure oblivious users to give out their personal
4
information like access to credit cards, bank accounts, or other accounts/passwords. It is also
common for many phishing scammers to reach out to a user and demand money. Such attacks,
while simple to spot due to their sketchy display, are commonly used to target younger or
inexperienced technology users. Often being carried out through social media platforms or other
common communication platforms, hackers are able to attack millions of people every year and
steal their information. “In 2015, social media was used in 8.3% of phishing attacks; now they
are used in 84.5% of attacks” (HCP, 2022). Like so, many inexperienced users lose their money
Even though phishing does not involve complex hardware knowledge to play out, many
fall vulnerable to such hacks due to mere ignorance of safety protocols while accessing any
device. Since the first-ever cyber attack in 1988, cyber-attacks have grown exponentially at an
alarming rate. Each decade, professionals have noticed that such attacks have not only increased
in frequency but also the intensity and the way they are executed. From the 1990s to 2000s, most
cyberattacks were smaller scaled and were targeted towards specific individuals. A common
cyberattack during these years would have been phishing calls or guessing passwords for illegal
access to information. Although since the 2010s, attacks have been executed on a grander scale.
Cyberattacks started to target large corporations that carry personal and classified information
and affect millions of people. Cybercriminals have also started to develop hardware and software
methods that can help them virtually attack and access classified information, oftentimes doing
so without being detected by the source of the information (Climer, 2018). Upon closer
observation on this problem, experts have seen a trend between growing attacks and the growth
5
“Many things have led to this arms race between people trying to protect this resource and
people trying to illicitly gain access to this resource. The idea of having additional feature sets,
allowing a certain level of convenience to the end-user, opens up a possibility that individuals
can now take advantage of a system in many different ways that wouldn’t have otherwise
manifested themselves.” For instance, a couple of decades ago, one would have a motor and a
dial-up set up in order to get access to the Internet, but now everything is much more readily
available as far as being able to connect to the Internet. By being able to do so by virtually just
having a router installed at home, one is given the convenience of all of the features that come
along with being on the Internet: banking, shopping, emails, applying for schools, etc. Although
the problem arises when the user does not properly set up the router. Accidentally turning off the
hardware firewall, or not setting up the router with the proper procedures inhibit common users
from safely enjoying the luxury of using the Internet without giving hackers access to personal
information. This raises the concern that while society waits for the development of more
advanced and secure tech infrastructure, netizens must educate themselves on different
cyber-attacks and stay vigilant of signs that can help prevent such vulnerabilities.
As mentioned before, cyber breaches range from small to large scale and can impact
many people. While many may be relatively noticeable, like online phishing and pop-up ads,
some attacks occur at a deeper level, requiring professionals to address the problem. Despite this,
there are precautions that both large enterprises and common users can implement to ensure
Since many attacks which target large companies and enterprises affect millions of people
at once, larger organizations tend to use more advanced methods that ensure the security of
6
several devices. This opens up the relevance of a growing field in computer science and
technology: cryptology. Over the years we have seen a huge increase in the adoption of
encrypted information when trading with different entities. Common examples are crypto coins,
cryptocurrency, and crypto information in which society attempts to protect its important
contents like monetary transactions and deposits by encrypting and hiding that information from
any public vendor. Cryptology consists of two simple concepts: encryption and decryption.
Encryption is the idea of using a key or code to translate and thus hide raw information from
external sources. Decryption is the exact opposite; experts, while using the key that was used to
hide the information, decipher the encrypted text to get the original plain text. When encrypted
using strong keys, companies can prevent many cyberattacks which attempt to hack and steal
information (Markel, 2021). Typically companies use long and complex mathematical formulas
as their key. This increases the complexity of the operation needed to be done in order to
successfully decipher the message as the numbers used in these mathematical encryption systems
are tens- if not hundreds- of digits long. This makes it impossible, to all intents and purposes, to
search through all potential keys in a reasonable amount of time. Additionally, the web and many
other modern communication systems employ a hybrid approach in which companies use both
complex number keys and symmetric keys (keys where the position of certain numbers may be
swapped instead of following common formulas) to increase the security and efficiency of the
encryption. Such methods allow large corporations to effectively hide and control their
information by giving them the privilege of being the only ones who know the key to hiding the
original information (Ward, 2013). When external sources attempt to read the information, they
will not be able to recognize the key and read the contents of the stolen information, unless they
7
are able to decipher the text. This, although, is highly complicated and oftentimes requires more
time for hackers to decipher, putting them in danger of being detected due to long periods of
suspicious activity.
In terms of hardware features that individuals can use to protect themselves from
potential attacks, tools like firewalls act as a monitor to keep data safe. A cybersecurity firewall
is a network security system that can either be hardware or software and protects the trusted
network from unauthorized access from external networks/threats. While firewalls can be used to
protect hardware and software, they tend to be used more frequently to protect hardware like
Internet routers. While there are many different types of firewalls, the basic operation done by
information (Forcepoint, 2021). Every firewall operates based on security guidelines that are
configured into the network. Using filtering algorithms and processes, firewalls are able to
search through data to determine whether a source or data file is authorized or not. Thus,
firewalls are great reliable solutions when preventing external hardware hacks as they can easily
detect malware features when inserted or sent to a device. Designed to be complex and handle
large amounts of data, firewalls are common in households when settings up appliances like TV
or Internet routers, Norton antivirus systems, etc., One drawback to firewalls is that they can not
prevent internal threats, virus attacks, and authentic mechanisms used by hackers (like a
username password). Firewalls are used to monitor and control the transfer of information
between different networks or systems, but they can not monitor if an attack is happening from
within a system- something very common in cybercrime. Despite this flaw, firewalls are very
commonly used across the globe in various settings as they ensure security through much of
8
data’s lifecycle and in areas where detecting suspicious activity becomes blurry. As they are
publicly available, the general public can use them to keep their hardware secure from potential
Like large companies and enterprises, the government employs similar protection tools to
secure their information from possible hacks and threats. Encryption has played a large role in
any government’s history of trying to keep information hidden from all unauthorized personnel.
Often used in war settings to communicate with allies or troops, many governments use
pre-developed software that can detect bugs and also try to encrypt and decrypt messages to put
the nation at an advantage during operations. Additionally, the government develops software
and hardware after being guided by IT professionals on the most effective and ensuring
technologies. Government agencies like Homeland Security hire contractors and full-time
employees that are knowledgeable in advanced coding and hacking skills to ensure the safety of
the agency’s secretive information. Many projects inside such agencies heavily depend on
analyzing large sets of data. To make sure that the data is not vulnerable to potential hacks, the
government stays informed on cybersecurity trends and frequently adapts and develops new
solutions to problems in the cyber world. For example, during the years 2012-2015, IT
professionals were running several studies and experiments to see if they could improve the
flaws in the tech infrastructure by simply modifying and improving upon the existing devices
that were used. In a Boston University study conducted by researcher Bu Lake, Bu and a small
team of his colleagues addressed a new proposal of including security features when designing
chips that will run IoTs. In simple terms, an IoT (Internet of Things) is any device that is
embedded with sensors, software, etc in order to connect and exchange data with other devices.
9
Common examples of IoT devices are laptops, PCs, routers, and mobile phones as they all have
some software and hardware elements that allow them to communicate with other devices and
transfer data. Since IoTs are critical destinations information commonly transitions through, this
study made groundbreaking conclusions when it was published as keeping IoTs secure from
possible threats not only protects a single device but a vast ocean of incoming and outgoing data.
In his study, to secure these devices, Bu experimented with preexisting security features like
firewalls and small data traveling monitors which helped professionals track the data’s contents
and its movements throughout its lifecycle. Using the results of his experiments, Bu ended up
designing an IoT chip that contained all of the previously mentioned security features, which was
repeatedly tested to prove that such edits were able to improve the existing flaws in the device.
Branching off of similar experiments and studies, the U.S. Department of Homeland Security
adopted similar solutions and released guidelines that encouraged tech manufacturers to start
placing security features in the chips of devices to prevent the problem from its root (Dorsch,
2018). Hackers often can get complete information by figuring out the chip’s properties.
Although, if the chip is secured then it will be harder for hackers to gain complete access to any
device. After such statements, many government and private agencies started to design IoT chips
As technology advances, so do the methods cybercriminals use to hack into secure sites
to steal information. In order to keep up with their advancements, professionals constantly are
developing new methods and solutions to keep our networks and information secure.
Developments like firewalls, IoT, and encryption have helped secure information in the past, but
looking into future years, professionals have another solution in mind: zero-trust architecture.
10
Zero-trust architecture (ZTA) is a new evolving trend in cybersecurity architecture that is based
on zero-trust principles. The plan states that every system should authenticate and authorize a
user’s request, regardless of where you are in a system. Essentially, you do not trust anyone or
anything, you validate every single request sent through from a proper and verified source. “Zero
trust assumes there is no implicit trust granted to assets or user accounts based solely on their
physical or network location (i.e., local area networks versus the internet) or based on asset
ownership (enterprise or personally owned)” (Borchert et al., 2021). The idea of maintaining data
security and privacy from external sources by carrying a sense of zero-trust branched from a
mathematical concept called Zero-Knowledge Proofs (ZKP). ZKP, being very similar in idea and
execution to ZTA, allows an entity to keep its information and its details secure, while still
allowing clients to believe that the enterprise has the correct valuable information. For example,
let's say a teacher wanted to convince one of his/her students that in a picture filled with
penguins there was a puffin. The students, without seeing the picture fully, might not want to
trust him. Although, if the teacher wanted to prove to his students that there was in fact a puffin,
but did not want to reveal the exact location of the puffin, he/she might cover the entire picture
and only reveal the part where the puffin is. Here, the teacher is able to prove that the puffin is in
fact in the picture (the valuable information). Although to prove this to others, the teacher did not
give out the specific location of the puffin and besides the fact that a puffin is in the picture, the
students (the clients) do not know anything about the picture (Wired, 2022). Similarly, in ZTA,
any enterprise, organization, or individual can keep their information as secure and private as
possible as they use methods that reveal as little information as possible to others while still
allowing for the transfer of data and information. This architectural plan, therefore, provides the
11
creators with the opportunity to close off all information about data properties and only reveal
that the data or information exists. Like so, hackers or cybercriminals are limited in the
information about the data to be able to trace it and hack a network to retrieve that information.
After its first release to the tech world, the architecture plan has started to be
implemented in various global sectors, especially as remote working becomes more popular.
From business corporations to government agencies, along with private creators, the world is
survey was conducted where respondents from various job titles and company sizes were asked
to report on their organization’s or a personal plan of adopting ZTA. Out of 3,570 global
responses, the survey yielded results that stated that 72% of respondents have plans of adopting
zero trust in the future or have already adopted it (Statista, 2021). In a corporation or commercial
company setting, IT professionals have successfully released detailed plans that persuade
implemented, large corporations can make business transitions more secure for themselves as the
market is investing in products that limit the growing frequency of target-based cyber attacks.
Companies are also making sure to use ZTA in all cloud-based operations so that they do not
necessarily have to change the way they construct their data but still can keep their classified
information secure from external threats. Similarly, the government has been making moves to
implement ZTA in its future tech infrastructure plan. The United States is heavily pushing to
implement such a plan and has released “The FY2022 Federal Cybersecurity R&D Strategic Plan
Implementation Roadmap”. Through this plan, the federal government released a mandate that
requires all of its agencies to meet specific cyber security standards and objectives outlined by
12
ZTA by the end of the fiscal year 2024. The goal of this initiative is to reinforce the
government’s defenses against increasingly sophisticated and persistent threat campaigns which
have been affecting the American public’s safety and privacy which has the negative side effect
of weakening trust in the government. As the government and several corporations follow these
plan roadmaps and adopt ZTA, we can expect to see safer transactions of data and fewer
high-intensity attacks.
Technology’s value in our society will continue to grow as we progress into the future.
This makes it even more important to prevent cyberattacks and keep personal information secure
requires knowledge and expertise of technology, but many users can protect themselves against
malicious threats by educating themselves on the basics of how to use technology safely.
Concepts like firewalls, data encryption, and data life management will help many people learn
about the recommended procedures to stay safe from the dangers of a screen. While the
cybersecurity problem will never be solved once and for all, solutions to the problem, limited in
scope and longevity though they may be, are advanced enough to prevent many common attacks.
Therefore, it is important for regular users to stay informed on trends and developments in the
field.
The following research paper answers the question of to what extent should society rely
on technology to store classified information? Is there a limit or do the pros outweigh the cons?
The research focuses on how people can protect themselves from cyber attacks that threaten
13
society’s progress with technology by observing past, present, and future cybersecurity trends.
The research hypothesis, which is supported by the research conducted, answers the question by
stating that while many technological innovations have helped us access and store information
efficiently, many remain with hardware and software flaws. Although, through understanding
cybersecurity trends and additional security features we can protect data from the dangers of a
screen. The research question and research hypothesis were addressed in this study through the
data collection methods of interviews and meta-analysis. While researching, the interviews were
conducted first to be used as a basis for the rest of the data collection. Through the online calling
platform, Zoom, a total of three separate interviews were conducted with three IT professionals
who have different levels of experience in different fields of technology. Through each interview,
information regarding the weakness of our past and current tech infrastructure and possible
future cybersecurity trends were collected from reliable professionals who have garnered both
academic and practical experience on the topic. The first interviewee was Dr. Parmar, a federal
contractor who works for Homeland Security. Through the interview with Dr. Parmar, questions
regarding software technology and solutions like cryptology and problems like software lag-time
were discussed as he is a senior programmer for many federal projects and also deals with the
software side of the security development at his work. The interview also gathered information
on the challenges and concerns a programmer would deal with at a highly-secured government
billions of classified data sets, need extra protection as they store sensitive information, and thus
the interview shredded light on what procedures professionals take to protect such content-dense
data and respond to cyberattacks. The second interview was with Dr. Karimi, a private hardware
14
security researcher who also is a professor at the University of Maryland Baltimore County.
During the interview with Dr. Karimi, the questions were focused on how professionals who
work with the hardware side of technology (ie computer chips, circuits, etc.) secure technology
and physical systems. As she deals with hardware security, many questions were based on topics
like circuit and chip development and memory storage to shed light on the differences and
similarities between hardware security features and software security features. Additionally, this
interview allowed for insight into some of the difficulties private researchers in technology face
when dealing with data security. Lastly, the third interview was with Mr. Sonpar, a security
architect at a corporate company. During the final interview, the questions were geared to fill in
some of the gaps that were left through Dr. Parmar’s interview and Dr. Karimi’s interview
(regarding past and current software/hardware flaws) as a security architect has strong
knowledge of both hardware and software properties when it comes to security. The interview
consisted of questions that were more specifically centered to collect data on how commercial
and corporate businesses store their data and what types of threats they are more likely to fall
vulnerable to. Thus, through the three interviews, sufficient data was collected to cover a wide
spectrum of vulnerabilities that professionals from different professional sectors face and how
As the research method used in this study was that of Mixed Methods, the interviews
were designed to help gather basic information about the different problems and perspectives in
cybersecurity which would then be furthered by a meta-analysis of several released articles and
documents. In the meta-analysis portion of the data collection, the research went into depth
regarding a particular trend that was observed in all interviews as the future of cybersecurity:
15
Zero-Trust Architecture. The meta-analysis portion consists of three sources: 2 2021 released
documents on future tech infrastructure plans, and 1 survey result. Similar to the interviews, each
source that was evaluated addressed the needs and future plans of professional sectors of
different technical backgrounds. The meta-analysis portion of the data collection, therefore,
consisted of a source that examined the needs and plans of government agencies, corporate
companies, and private researchers and analyzed the ways these different sectors could modify
and customize the architectural schema to satisfy their needs with data.
The first source that was evaluated was titled, “FY2022 Federal Cybersecurity R&D
Strategic Plan Implementation Roadmap” and was the document that addressed the needs and
plans of the U.S. government agencies. The document discusses the Federal Government’s plan
to adapt zero-trust practices to strengthen their tech infrastructure and protect data when moving
on to 2022 and future years. Additionally, the document discusses plans to allow other
government agencies to adopt ZTA (zero-trust architecture) to facilitate the trade of data without
security issues. As the document is written by the government, it includes a detailed outline of
how government organizations and agencies plan to use the new security architecture to protect
their data and how it can be modified in ways to secure large sets of information.
The second source, “NIST Zero Trust Architecture”, is another document that provides
information on how corporate companies like T. Rowe Price, Amazon, Facebook, etc are
planning to implement Zero-Trust Architecture into their tech infrastructure while looking into
2022 and future years. Like the document released by the Federal Government, this document
consisted of a detailed outline of how companies with different needs and data storage plans can
easily adapt zero-trust architecture into their current systems to better secure their data. As
16
zero-trust principles are based on mutual trust between different entities, the document also
outlines how various companies can use this new infrastructure to facilitate the sharing of
valuable data.
The final source that was used to collect data for the meta-analysis section of data
collection is a survey report. The survey was globally conducted in January 2022 and surveyed
3,570 respondents (all of whom are tech professionals from various work settings) about whether
their work setting was planning to adopt zero-trust procedures. The survey report included a pie
chart titled, “Is adopting a zero trust model a priority for your organization?”, summarizing the
results of the global survey. The pie chart reveals that 42% of all respondents claimed that their
work environment has started to implement zero-trust architecture practice, but is in the early
stages, 30% of respondents claimed that their work environment has already transitioned to fully
using zero-trust architecture practices, and the remaining 18% of respondent claimed that their
work environment had no plans on implementing zero-trust architecture into their current tech
Since my data analysis is mapped in a way where the sources from my meta-analysis
delve into further detail about the information I gathered through my interviews, there are no
outliers or discrepancies in my data collection. All of the data I have collected creates a final
picture that supports my hypothesis and furthers my research question. From my interviews
where I focussed mainly on current problems, solutions, and potential future solutions, I was able
to gain a good foundation of how professionals viewed the alarming rise in cyberattacks. After
noticing how all my interviewees had a similar idea in mind for the future of cybersecurity, I
17
was able to gather information on how different work environments like government agencies,
private corporations, etc plan to implement this new plan to fit their needs and protect their
The primary research question this study attempted to answer was, “What should society
and its individuals do to protect its classified information from the growing number of
cyber-attacks? How do the solutions vary across different professional sectors?” Similarly, the
research hypothesis followed the main points of this research question, with the exception that it
was much more detailed and thorough in the central arguments being made, and the specific
points to be addressed. The hypothesis, thus, was, “As the number of cyberattacks alarmingly
grows, society and its individuals must educate themselves on cybersecurity trends and be
cautious when using technology to protect their assets and classified information from hackers.
As technology is a forever developing field, it is important that regular users learn about the
security features of different devices to make sure they are secure from possible threats and are
protected against the vulnerabilities of different technical environments. While looking into
important future trends, various professional sectors are planning to adopt a new infrastructure
plan called Zero-Trust Architecture that will allow a client to share classified information with a
user without actually disclosing the details of the information they have, thus allowing for a
secure transfer of data. By being informed on such a new security feature and adopting it, users
can protect themselves and their data without allowing criminals to gain more power.” The
research question and hypothesis were answered through the data collected from the interviews
18
of three IT professionals, and the meta-analysis conducted from various released documents and
surveys on the applications of the research topic in real life. Specifically, the interviews were
able to answer the reflective part of the research question by describing past and current
vulnerabilities in the tech infrastructure. By also shedding light on the possible future solutions,
the interviews were also able to set a strong basis on what topics users should start paying
attention to in order to stay informed about cybersecurity. The meta-analysis section of the data
collection focussed on expanding on the topics examined in the interviews and focused on the
second part of the research question which questions the difference in needs when comparing
To analyze all of the data that was collected, two comparison charts were created. One of
the charts was used to compare the three interviews where its purpose lay to list the past and
current tech infrastructure limitations, analyze future solutions, and finally differentiate how the
future solutions will be implemented in the different work settings that were investigated in each
interview.
In the first interview, data regarding how government organizations address security
concerns and future plans were collected. Firstly, the interview addressed how one of its main
vulnerabilities is a detected lag time between when a breach occurs and when a breach is
detected. There have been several reports which exposed how current systems are unable to
detect security breaches until long after the hack occurred. As Dr. Paramr stated in the first
interview, “This not only led to a loss of stored certain information but was a threat to the entire
organization which could be at risk of losing more information than what was planned to be
stolen.” In an attempt to fix this problem, many government organizations relied on cryptology
19
and complex ciphers to encode their data so that if hackers breach into their systems, they would
not be able to understand the information they have uncovered. Although with time, these
solutions have also been cracked and the information was stolen.
Additionally, the second chart was used to compare the three sources in the meta-analysis
portion of the data collection. Like the previous chart, the second chart made sure to compare
three different reliable sources that examined different work settings. The chart was broken into
two sections: how do the different professional settings plan to implement the zero-trust
architecture and what protection does the plan provide for each setting. Due to its structure, the
second chart was used to expand upon the contents described in the first chart.
Based on the information presented in the review of literature, and the data gathered and
analyzed in the data analysis, the research hypothesis has been supported. The first point
mentioned in the hypothesis highlights the importance for common users to inform themselves
on cybersecurity trends to protect themselves from being vulnerable to possible hacks as there
are many flaws in the current tech security infrastructure. While this point of the hypothesis is
answered by all of the data collected, it is particularly answered by the interviews that were first
conducted to gather basic data on the past and current cybersecurity situation. Through the three
interviews, information regarding the various causes, flaws, and limitations of different types of
technology was collected and analyzed. The interviews also shed light on the differences
between the ways different professional settings use and store information, thus providing a
complete analysis of the past and current problems and furthering the data by listing what
20
problems must be addressed in the future. As the second part of the hypothesis focuses on the
needed solutions to address the current problems in cybersecurity, the meta-analysis portion of
the data collection focuses on researching Zero-Trust Architecture and what the solution has to
offer to the future of cybersecurity. Through the various sources that were analyzed, the research
was able to display how Zero-Trust Architecture not only grants its users from keeping their own
classified information protected but also proves that the solution is easily adaptable and
modifiable to suit the needs of different organizations that interact with data differently, thus
The limitations of the research lie only in that the data collection was not collected in
favor of the timeline of the recent developments. In other words, Zero-Trust Architecture is a
future trend that has only started to be implemented globally at the beginning of 2022, and thus
the majority of the sources are from the early stages of the plan development. Therefore, the data
that has been collected through the meta-analysis regarding the solution may not include some
complications of Zero-Trust Architecture as flaws are often uncovered through the passage of
time and experience with the technology. Although, this limitation does not greatly affect the
conclusions and results of the research as Zero-Trust Architecture is not the single solution to the
security crisis that society faces. Like every solution that has been created, ZTA will eventually
become outdated and professionals will introduce another potential solution to address the
problem. Looking into the future, it is crucial that researchers continue to not only consider past
and current trends in cybersecurity but also collect information on possible future trends as they
will have a great influence on the way the world fights hacks.
21
In conclusion, with the overall increase in dependence on technology to store classified
information and the increased demand to share that information to develop new features for
society, cybersecurity becomes a more prevalent topic for common users to study and familiarize
themselves with. While there are many solutions that have been developed and implemented,
many have flaws or exposed loopholes which do not sufficiently protect data. The most latest
trend in cybersecurity deals with a new tech infrastructure plan called Zero-Trust Architecture
where entities form mutual trust bonds to share data without revealing any information about the
data they possess, thus protecting their system’s contents from being exposed and vulnerable to
attacks. As Zero-Trust Architecture is shown to be easily adaptable and modifiable to suit the
needs of different work settings, it has gained great attention from various entities and is shaping
the future of data security. Although while looking in the long term, users must continue to
observe cybersecurity trends as developments will be made every day to better secure our
systems. While securing technology properly can be complicated, cybersecurity is a field that
many must continue to pay close attention to as possible future trends that will shape the way we
22
References
Borchert O., Connelly S., Mitchell S., Rose S., (2021) Zero trust architecture. Nist. Retrieved
from https://www.nist.gov/publications/zero-trust-architecture
https://open.bu.edu/handle/2144/36148
Climer S., (2018) History of cyber attacks from the morris worm to exact. Midsight. Retrieved
from https://www.bbc.com/news/technology-24667834
Dorsch J., (2018) Making secure chips for iot devices. Semiconductor Engineering. Retrieved
from https://semiengineering.com/making-chips-for-iot-devices-secure/
https://www.forcepoint.com/cyber-edu/firewall
HCP, (2022) What is phishing and how common is it? HCP Healthcare compliance pros.
Retrieved from
https://www.healthcarecompliancepros.com/blog/what-is-phishing-and-how-common-is-i
Kim P., (2021) What is phishing? How to recognize and avoid phishing scams. NortonLifeLock.
Retrieved from
https://us.norton.com/internetsecurity-online-scams-what-is-phishing.html
Kumar S., (2020) What is data lifecycle management?. Stealthbits. Retrieved from
https://stealthbits.com/blog/what-is-data-lifecycle-management/
23
Markel S., (2021) How is cryptography used in everyday life?. TechMoon. Retrieved from
https://technologymoon.com/how-is-cryptography-used-in-everyday-life/
Midsight, (2021) It priorities for 2022: A cio report. Midsight. Retrieved from
https://gomindsight.com/insights/blog/it-priorities-for-2022-a-cio-report/
National science and technology council, (2022). The fy2022 federal cybersecurity r&d Strategic
https://www.nitrd.gov/pubs/FY2022-Cybersecurity-RD-Roadmap.pdf
Ng C., (2020) A guide on the data lifecycle: Identifying where your data is vulnerable. Varonis.
Retrieved from
https://www.varonis.com/blog/a-guide-on-the-data-lifecycle-identifying-where-your-data
-is-vulnerable/
Ward M., (2013) How the modern world depends on encryption. BBCNews. Retrieved from
https://www.bbc.com/news/technology-24667834
Ward M., (2013) How the modern world depends on encryption. BBCNews. Retrieved from
https://www.bbc.com/news/technology-24667834
Sava JM., (2022) Is adopting a zero trust model a priority for your organization?. Statista.
Appendix A
24
(delete if not using appendices; each item gets its own title and letter - Appendix A,
Appendix B, etc.)
25
Format (5/5 points)
● Student followed formatting guidelines including cover sheet, headings, page numbers,
spacing, etc.
99/100
Excellent work!
26