The evolving landscape of digital security
The digital environment has become the centre of modern society (Cao 2021; ENISA 2023b; Roumani et al. 2016), and as it expands, the need to strengthen its security has never been more pressing. This in-depth examination of the digital security landscape exposes a complex interplay of emerging technologies, ranging from the duality of quantum computing’s potential weaknesses (Diamanti et al. 2016) to the resilience provided by AI-driven defences (ENISA 2023a; Mishra 2023).
Along with these technological complexities, the regulatory environment is racing to adapt (Bommasani et al. 2023; European Parliament 2023; FACT SHEET: Biden-Harris Administration Announces New Actions to Promote Responsible AI Innovation That Protects Americans’ Rights and Safety | The White House 2023; Mozumder et al. 2022), dealing with the vastness of international cyber threats, assuring the appropriate evolution of emerging technologies, and establishing data protection regulations. Furthermore, exploring sector-specific concerns, ranging from healthcare to manufacturing, emphasises the need for personalised digital security solutions to address industrial challenges.
Compounding these difficulties is the problem of defining and implementing the genuine benefit of digital security, bridging the apparent gap between stakeholders’ objectives and behaviours. Looking ahead, we see a mash-up of predicted threats, transformational technological advances, and mutable regulatory contours. The study results with suggestions for a unified, proactive posture, pushing stakeholders to integrate technology, policy, and ethical behaviour to shape a secure digital future.
Understanding digital security
Digital security, cybersecurity, or information technology security are the strategies and methods to protect information, devices, networks, programmes, and data from cyberattacks, damage, or unauthorised access. Regardless of the definition, the primary objective of digital security is to establish a safe environment for transactions, communications, data processing, and storage.
Contrarily, information security protects data integrity and confidentiality in storage or transit. The scope of digital security is broad and includes many different elements. By preventing unauthorised access, misuse, or alteration of computer networks and network-accessible resources, network security, for instance, aims to preserve the integrity and usability of networks, data, and resources.
Another crucial aspect of digital security is application security, which focuses on keeping devices and software safe from attackers. The data that an application is supposed to protect may be accessible to attackers if it is compromised. Operational security, computer network, and application security are other essential components of the digital security infrastructure.
It includes the policies governing how and where data may be stored or transferred and the processes and choices necessary to administer and protect data assets, such as individual users’ access rights to company networks. Business continuity planning and catastrophe recovery are included in the scope of digital security. This topic focuses on developing plans to guarantee that an organisation can resume regular operations following a security incident. These strategies include restoring the data’s availability, integrity, and privacy.
End-user education is another essential component of digital security. Users may unintentionally introduce viruses into their systems and harm the network without any fault of their own. As a result, a crucial component of any effective digital security strategy is educating consumers about potential dangers and best practices.
The security of Internet of Things (IoT) devices is a digital security concern (Jalali et al. 2019; Tanczer et al. 2018). These devices are frequently a source of network security vulnerability, making them a favourite target for attackers. The field of technology known as “IoT security” (Abie and Balasingham 2012; Ahmad and Alsmadi 2021; Altman Vilandrie & Company, 2017; Ani et al. 2019; Ayad et al. 2019; Brass et al. 2018; Crawford and Sherman 2018; Ghirardello et al. 2018; Jalali et al. 2019; Latvala et al. 2020; Payton 2018; Roopak et al. 2019; Russell and Van Duren 2016) is devoted to protecting the networks and linked devices that comprise the IoT ecosystem.
Finally, the security of cloud-based platforms is crucial as data continue to move there. Cloud security combines rules, controls, procedures, and technology to protect cloud-based systems. Given the growing number of digital dangers, the need for reliable digital security measures is becoming increasingly evident. Digital security becomes crucial for businesses, governments, and individuals as more personal information is kept and shared online.
Digital security by design: Challenges and considerations
Besides traditional information security, digital security by design also connects with crime science and situational crime prevention. For example, the concept of ‘Situational Crime Prevention’ (Clarke 1997) refers to ‘an analysis of the circumstances giving rise to specific kinds of crime’ and recommends a set of criteria ‘to reduce the opportunity for those crimes to occur’. (Clarke 1997), with a focus on crime reduction (Wortley et al. 2018). In this review, we found that some literature connects ‘technology and crime’ (Ekblom 2017), and we wanted to expand upon this area by investigating the new concepts of security by design and security by default.
One of the critical issues with digital security is that we need to have undisturbed operations whilst defending information systems, including devices, networks, and programmes, from cyber threats, including malware, hacking, and phishing. The operational perspective is applicable in a wide range of areas, including network, information, and application security, as well as in developing industries like the Internet of Things (IoT) and cloud computing.
Another significant design conflict identified in the study is the juxtaposition of convenience versus security within the IoT and cloud computing. As the digital landscape gravitates towards increased interconnectivity and user-centric designs, a critical tension emerges between ensuring user convenience and maintaining robust security protocols.
On the one hand, IoT devices and cloud platforms are designed for ease of use, accessibility, and seamless integration into daily activities, which often necessitates a certain level of openness and data sharing. On the other hand, this very openness poses substantial security risks, making these systems vulnerable to cyberattacks and data breaches.
This contradiction becomes even more pronounced with the advent of technologies like 5G and AI, which further enhance connectivity but also expand the potential attack surface. Thus, the challenge for designers lies in striking an optimal balance: developing user-friendly, efficient systems fortified with advanced security measures to counteract emerging cyber threats. This design conflict embodies the quintessential struggle in digital security by design—the need to harmonise user experience with stringent security requirements (Bhingarkar et al. 2022; Botta et al. 2016; Cavalcante et al. 2016; Cook and Van Horn 2011; de Bruin and Floridi 2017; Díaz et al. 2016; ENISA 2009; Sehgal et al. 2020; Sparks et al. 2015; Sunyaev 2020; Wan et al. 2014; Xu et al. 2019b).
The importance of digital security
Digital security protects personal information from cybercrimes such as identity theft, financial fraud, and privacy violations. When digital security is coordinated with organisations’ operational strategies, it maintains the firm’s operational integrity and economic stability, lowering the danger of data breaches that could result in significant financial and reputational harm.
Looking at the bigger picture, digital security also protects critical infrastructures from cyberattacks that could threaten national security on a large scale. Many cyberattacks on critical infrastructure are designed to use vulnerabilities in personal devices or company digital infrastructures.
In the IoT, big data and artificial intelligence age, digital security governs the safe and ethical application of new technologies, preventing unauthorised use and misuse of devices and data.
The evolving digital security landscape
In 2024, digital security has evolved to become more complicated and sophisticated, reflecting the rapid advancement of technology. Advanced defensive techniques are emerging due to the exponential growth of emerging technologies like 5G, AI, and IoT, which have significantly increased the possible attack surface for malevolent groups.
We can see a shift from the conventional perimeter-based security design towards a zero-trust security architecture at the network level. Zero-trust networks enforce tight identity verification for every person and device trying to access network resources, regardless of where they are located, presuming that possible threats could originate inside and outside the network.
Security solutions are now more fully integrating artificial intelligence and machine learning (Mishra 2023; Porambage et al. 2019). By evaluating trends, anticipating potential attacks, and automating responses, these technologies improve the ability to recognise and respond to threats. They also present new difficulties since threat actors use these technologies to plan more complex attacks.
The sharp rise in linked devices presents particular security difficulties on the IoT front (Tanczer et al. 2018). Although IoT devices provide efficiency and convenience, their scale, heterogeneity, and typically laxer security requirements create several exploitable vulnerabilities.
Hybrid and multi-cloud techniques are becoming more widely used and pose new security challenges as the cloud domain develops. Whilst cloud providers provide some security features, it is up to enterprises to protect their data on the cloud, which calls for cloud-native security solutions (Akinrolabu et al. 2019; Sehgal et al. 2020).
Cybersecurity talent is still a concern. As the complexity and number of threats rise, there is an urgent demand for competent cybersecurity personnel to handle these attacks. More complex training is being developed, and efforts are being made to entice more people to work in the field.
What will define digital security in 2024 is a difficult balance between adopting transformational technologies and managing unique cyber threats. This dynamic environment highlights the need for constant review and improvement in digital security practices, technologies, and policies.
Aims and objectives of the research study
The emergence of the digital domain as a central pillar of contemporary society has underscored the significance of comprehensive digital security. With our ever-growing dependency on digital infrastructures, a deep understanding of the countless parts of digital security is crucial. For this reason, the study aims and objectives are designed to undertake a broad-ranging review of the field in this study.
As digital domains enter every area of our lives, keeping up with digital security improvements and difficulties is critical. This review study aims to provide stakeholders with an up-to-date and compact reference, allowing informed judgments and pre-emptive steps in the face of an ever-changing digital security scenario.
This urgency is compounded by the evolving nature of threats (as seen in Fig. 1), rapid technological advancements, changing regulatory environments, and sector-specific challenges.
The primary objective of this rapid study is to provide a concise yet thorough overview of the present digital security landscape. The review structure is explained and can be described as specifically designed to:
- Explore the Technological Landscape: Examine the most recent advancements and difficulties in digital security technologies, ranging from encryption approaches to the significance of new domains like artificial intelligence, quantum computing, and blockchain in changing security paradigms.
- Examine the Regulatory Framework: The current legal and policy framework connected to digital security focuses on the interplay between national and international legislation and its overarching impact on industries and individual behaviours.
- Examine Sectoral Implications: Investigate the distinct digital security concerns and considerations that exist in several industries, with a focus on healthcare, banking, retail, manufacturing, and the public sector. Recognising the unique nature of challenges and solutions for each industry is critical for comprehensive knowledge.
- Assess the Perception–Action Gap: Investigate the reoccurring theme of the disparity between digital security objectives and real-world actions to understand the causes of this gap and potential solutions.
- Anticipate Future Trajectories: Forecast what changes are probable in the digital security ecosystem, such as growing risks and problems, technology advancements, and altering regulatory paradigms.
The recommendations expected from the review consist of actionable suggestions for diverse stakeholders, ranging from individual users to global politicians, based on the synthesised findings whilst ensuring that the guidance is pragmatic, forward-thinking, and adaptive.
Methodology
Before building the methodology, we conducted a bibliometric analysis of data records on the Web of Science Core Collection. We chose the Web of Science Core Collection because it includes a variety of indexes, such as Science Citation Index Expanded (SCIE) (Coverage:1965-present) Social Sciences Citation Index (SSCI) (Coverage:1965-present) Arts & Humanities Citation Index (AHCI) (Coverage:1975-present) Book Citation Index (BKCI) (Coverage: 2005-present) Conference Proceedings Citation Index (CPCI) (Coverage:1990-present) Emerging Sources Citation Index (ESCI) (Coverage: 2017-present)
Another reason we chose the Web of Science Core Collection is because it represents more than 21,000 peer-reviewed, high-quality scholarly journals published worldwide in over 250 sciences, social sciences, and arts & humanities disciplines, as well as conference proceedings and book data.
The first search was conducted on ‘Digital Security by Design’, producing 8157 results. We wanted to determine the research areas for these records. We used a statistical analysis approach based on the 8157 results and the VOSviewer (Jan van Eck and Waltman 2009), the R Studio (Aria and Cuccurullo 2017), and the Web of Science Analyse Results tool. Then, in this review, we tested the validity of the data with a combination of workshops and face-value thematic analysis. The records are categorised by the number of publications in a specific category to determine the areas. From this, we can visualise the emerging categories in Fig. 2.
The visualisation in Fig. 2 shows that most of the research conducted in ‘Digital Security by Design’ is in computer science and engineering science. To narrow the focus, given the recent advancements in Generative AI, we decided to analyse data records specific to Computer Science Artificial Intelligence. In this category, we found a total of 671 records. We categorised these records again in Fig. 3.
Although the categorisations in Fig. 3 are somewhat interesting, we could not determine the specific research areas related to these categories. The study used R statistical programming to investigate these data further with the bibliometrics bibliophily plugin (Aria and Cuccurullo 2017). Biblioshiny presented a different view of the primary information. In Fig. 4, we can see the timespan of the data records from 1997 to 2023. We can also see that most records result from collaborative work, and only 41 single-authored data records are in the data file.
Figure 4 is included to increase the visibility of how the data were selected for this study and ensure other researchers can reproduce the study. Although the categories in Fig. 4 can seem very abstract and unrelated to content issues, the information is included to enable other researchers to reproduce the study in the future. This information can be seen as the ‘Bill of Materials’ of the data sources used in this study’s analysis, including the data collection period. The contribution of Fig. 4 is not to show the findings in themselves but to show transparency of the intermediate stage in the analysis process.
The following visualisation we produced was a Three-Field Plot, and we wanted to determine the most productive authors and then categorise authors by countries and affiliations. The results are a lot more interesting than we expected. The data showed a strong dominance of Chinese authors and affiliations. We will make this file publicly available for other researchers to test and reproduce the results. But even without the data file, we have detailed the process for obtaining this data file, and anyone can produce the same file by following the same search parameters on the Web of Science Core Collection.
What interested us mainly was why Chinese authors and affiliations predominate this area of research when most of the new commercial contributions in artificial intelligence, such as ChatGPT, Bart, etc., are all in the US.
In the subsequent visualisation, using the same dataset as in Fig. 5, we wanted to determine what keywords are used in these records. In other words, we tried identifying the aims and objectives that predominated this dataset.
To explain what the N-grams and Unigrams mean in the context of the biblioshiny plugin of the bibliometrix package in R, which is used to produce. N-grams and Unigrams are integral to text analysis and data mining, and in Fig. 6, these concepts refer to:
Unigrams: A unigram is a single word or term. In text analysis, a unigram approach means that each word is treated as a separate entity. In the context of bibliophily, when analysing bibliometric data (like titles, abstracts, and keywords of academic papers), unigrams refer to the individual words extracted from these texts. Unigram analysis is often used to identify the most frequently occurring words in a dataset, which can indicate the main topics or themes in a collection of academic literature.
N-Grams
