Editorial: Digital Transformation and Cybersecurity Challenge

Saqib Saeed¹Prof. Dr Noor Zaman Jhanjhi²Muhammad Adnan Khan^3*Dileep Kumar Yadav⁴

• ¹Imam Abdulrahman Bin Faisal University, Dammam, Saudi Arabia
• ²Taylor's University, Subang Jaya, Selangor Darul Ehsan, Malaysia
• ³Gachon University, Seongnam, Republic of Korea
• ⁴Bennett University, Greater Noida, Uttar Pradesh, India

The concept of digital transformation is, without a doubt, the most sought-after way for today's organizations to become and remain relevant, nimble, and in the lead through the innovation of technology and the increasing reliance on digital ecosystems-such is the reality of an era characterized by the ever-growing technological surge (Portion et al., 2023;Wang, 2023). Right from government institutions and multinational corporations to healthcare systems and educational entities, the way we work, the way we communicate, as well as the way we provide services to end-users everything changed dramatically and is being reshaped through digital transformation initiatives (Radenković et al., 2023). However, as the digitization process is getting faster, the complexity and range of cyberattacks grow in parallel (Sanmorino, 2023). The coexistence of two technologies, namely digital transformation, and cybersecurity, can pose several threats and opportunities; hence, it is remarkable that life is made better with the application of these innovative trends and, at the same time, it is the primary cause of generative threats that require urgent readiness to respond, prevent, and protect in this era of digitization (Irmak et al., 2023).The title 'Digital Transformation and Cybersecurity Challenges,' designed specifically for this issue, is an early, good look into the changing landscape of technology advances, and the various security implications that come with all of the emergent issues (Zatnika and Safariah, 2023). The successful implementation of digital transformation goes beyond only technology-it implies a profound change in organizational culture, process reengineering, data strategy, and enduser communication (Davaasuren, 2023). The transformation encompasses many other technologies as well, like cloud computing, IoT, artificial intelligence for decision-making, blockchain, remote work infrastructure, and many others (Autsadee et al., 2023). Nonetheless, as the journey is taken toward digital maturity, organizations increase their attacks' surface and make them vulnerable to more sophisticated cyberattacks (Multazam and Widiarto, 2023).Recent global incidents are pieces of evidence of the severe impact of cyber threats on the business, administrative, and user data leakage; however, they are also a demonstration of the continuous search for identification by the attackers (Kuczewska et al., 2023). Although we do witness technological development at lightning speed, the bad actors in the cyber world are always ahead of the innovations (Oluwaseun Augustine Lottu et al., 2023). No longer are ransomware, phishing, deceitful inducement, advanced persistent threats, and insider attacks all conjectures that you do not have to worry about (Belkhamza, 2023). These risks have become day-to-day events no longer based on a technicality only, but have shown signs of the vulnerability of human beings, the gaps in the organization, and the weak governance frameworks (Ha and Chuah, 2023).As companies are making their way through digital transformation, cybersecurity is not just a matter of the periphery but now become a strategic pillar (Nazari and Musilek, 2023). This matter seeks to give a clear idea of how urgent the necessity of creating a cybersecurity structure that fits in with digital innovation in society (Desta Lesmana et al., 2023). Although security professionals are the most important and valuable people as they make us feel safe, today their role needs to be fulfilled with a multidisciplinary approach that involves psychology, law, moral philosophy, and cultural diversity (Mijwil et al., 2023).This collection of articles reveals one of the most crucial topics in cybersecurity: human influence (Housawi and Lytras, 2023). There are a lot of studies that conclude that the number one weakness in the cyber domain is the human factor, and at the same time, it is the first protected one. The fact that all these threat vectors, such as social engineering attacks, poor password behavior, phishing, insider threats, etc., are derived from the user, perpetuates the necessity to make people more secure first by awareness, training, and the cultivation of user-centric security frameworks. It is necessary to deep-dive into the aspect of people's perceptions and behaviors when they deal with the risks during cyber incidents; the issue is especially important when organizations are trying to raise awareness of security issues as well as building a high level of security-conscious culture (Saeed et al., 2023).Besides, there is an issue of similar importance that needs to be raised-ensuring the privacy of personal information in the new world of data-as-coin (Alenezi and Akour, 2023). As the digital services that users gain access to become more individual-oriented, concerns about privacy, consent, and data misuse are becoming ever more acute. The legislation, for example, GDPR, has had a crack at making the data analytics industry conduct business in a morally responsible manner, but many issues still have been raised, mainly due to differences in the public and system culture and technical gaps (Tavana et al., 2022).Moreover, the content of the journal issue demonstrates that it is forward-looking by matching the courses of some emerging paradigms in the industry with the development of cybersecurity, such as quantum computing and machine learning (Alsaywid et al., 2023). An example of quantum computing is a technology that can potentially overthrow old encryption models, making businesses have to change their security architecture. The inclusion of a zero-trust model in the organization's design, as a precautionary measure, is increasing as a response to security threats and changes in organizations. At the same time, machine learning, and AI present a dual use case where they are not only used for threat detection and mitigation but at the same time, they raise new ethical and security issues such as bias, explainability, and misuse.The special issue of the magazine is an opportunity for the community to discuss the readiness of organizations and the implications of policies. The translation of an organization to be cyber-ready in a digital world is the conversation starter. How do regulations, rules, and governance structures adapt to the constant technological changes in the evolving technological environment? The necessity of cross-sector collaboration, cyber threat intelligence sharing, and the availability of an integrated response mechanism cannot be overestimated. Furthermore, there is always one issue that needs to be studied, which is cybersecurity from a sociocultural perspective. This is to ascertain how the community perceives threats, deals with technology, and gives priority to security.The special issue comprises various scholarly contributions and entails some theories, cases, practices, and different disciplines. This issue has been put into print for the main reason that it is informative and will provide readers with a deep understanding of the subject matter, that is, citizen engagement in cybersecurity, ethical dilemmas in data handling, legal frameworks for digital security, and the role of culture that is instrumental in the formation of cybersecurity awareness are some of the topics included in the magazine.The kind of blog that we were allowed to work on, we hope, can be highly useful to researchers, practitioners, policymakers, and technologists at the same time. At a point in time, when cyber-readiness edges subsume digital convenience, and cyber threats are more of a certainty, a call for strong, inclusive, and flexible cybersecurity measures is really loud. We encourage our readers to share these discoveries, to give a thought to the current problems, and to join in the worldwide effort aimed at keeping the digital future secure.In this special issue, eight articles bring the newest research trends at the intersection of digital transformation and cybersecurity. Diverse in number, starting from quantum threats to blockchain, phishing detection, machine learning in intrusion detection, and the evolving roles in offensive cyber operations, these studies are the drivers of solving the current problems and those that might emerge in the future for the digital future's safety. The summaries of these papers are described below:In the first article (Almuhammadi and Alghamdi, n.d.), the authors discussed in a paper the new peril that can influence a cryptocurrency, which, through the usage of blockchain, has secured its place as one of the most important digital innovations of the 21st century. Since blockchain is so much connected to public-key cryptography, the use of quantum computing to attack the networks can leave blockchains vulnerable. The paper is a threat assessment to the $2.7 trillion cryptocurrency market and a study about which ways for the cryptocurrency industry to switch from being quantum-hackable to quantum-resistant. The paper introduces a novel transition protocol that is less disruptive by conducting a soft fork for the entire migration process, rather than having a hard fork. The success of the protocol is tested through theoretical analysis and it is also statistically compared with other existing solutions, thus confirming the practicality and the best move for blockchain migration after quantum computers.The second paper (Kour et al., 2024) is devoted to ensuring the cybersecurity of Industry 5.0, where human-centricity, resilience, and sustainability are priorities. This paper is grounded on the cyber security issues within Industry 5.0 that have interconnection and intelligence as their main paradigm. The authors consider the issue not only from a theoretical perspective but also from the empirical one where they run the systematic literature review using the PRISMA methodology and consensus algorithms. The study emphasizes that AI, blockchain technology, and IoT appear to be the primary cybersecurity measures, while the lack of observability, measurability, or traceability has been slowing the growth of engineering and technology in this field. These are the technologies that should, according to the authors, have trans-paradigmatic capability and therefore be multi-paradigm in interpreting and controlling the industry of sustainable and resilient systems by assuring security, trustworthiness, and traceability of the industrial system as a whole. In this case the authors from Z. Zheng and W. Chen (2019) article does not agree with the development of cybersecurity paradigms, the technologies of today are somewhat un-matured, further pressing the claim of the authors in Wei T. (2016) article. Still, the tip of the iceberg in securing the systems of Industry 5.0 is the vendor-oriented solutions that can not fit in the collaboratively observing, measuring, and tracking algorithms, thus deteriorating the most important features of an engineering and technology system that is its cell: the synergy and observability of sustainability, its measurability, and the historical facts that it has. A new security technology for cyber-physical systems (CPS) in manufacturing, the Industrial Internet of Things (IIoT'-Fog Assisted LoRa) enabled by a fog-computing platform with long-range IoT radios (LoRa) used in conjunction with fog-assisted IIoT is developed by X. Cheng and C. Sidhu.))The third paper (Tamal et al., 2024) is concerned with the serious problem of phishing attacks, which have grown in complexity and gravity. The authors of the paper present a complete anti-phishing solution that combines an Optimal Feature Vectorization Algorithm (OFVA) and supervised machine learning classifiers. They mine 41 features from a large dataset which contains about 270,000 URLs and compare 15 machine learning algorithms across multiple performance metrics. The model that is based on the random forest technique is the best one as it reaches an accuracy rate of more than 97%. This work solves the problem of a great amount of data that is difficult to mine. However, the model is also easy to implement in real environments, and thus, it offers an excellent direction for further research of practical anti-phishing tools that can be put into operation.The fourth paper (Ali et al., 2024) makes a very thorough survey of Intrusion Detection Systems (IDS) and the increasing contribution of machine learning and deep learning in boosting their efficiency. This paper outlines new Machine Learning/Deep Learning-based IDS approaches that are required to substitute the outdated IDS-augmented techniques due to higher false identification and lower adaptability towards unknown threats. The coverage is particularly focused on crucial aspects related to IDS, for instance, the datasets, the metrics, the indicators of performance, and the new trends. By weighing up the good and the bad of the current IDS research, possibilities for the future are identified and it is shown how cyber defenses of institutions are improved when AI is proffered as the solution to their security risks.The fifth paper (Arik et al., 2024) discusses the involvement of Offensive Cyber Operations (OCO) in national and corporate cybersecurity which still is an area hardly touched upon but of utmost importance. The case study presented in this paper is a qualitative one on the issue of OCO that takes the position of the people planning the OCO training as the central actors. Hybrid plainness is the trait of the learning sequences that have been drawn up in the case study. Besides this, the partner version of the company's cyber range and the delegating of cognitive strategies to it are also some of the main components that are mentioned. The research provides a clear insight into the issue of dual competencies-technical and strategic-arguing that for cyber planners to successfully execute cyber campaigns, they must be correctly trained with standardization in OCO training being the solution The sixth paper (Rana et al., 2024) outlines a novel, real-life, tagged dataset that is made for the detection of phishing only using intra-URL features. A focus of 250000 examples is on the detection of URL anomalies, like in the case of typosquatting, misleading subdomains, and unusual extensions for which only observable features can be exploited. The authors performed OFVA to get 42 features that have a high potential for preventing being used by phishers. Also, by sharing this dataset with the community, the article has made a big step in this area of research and at the same time, this way are being encouraged to establish such security tools that are data-driven, scalable, robust, and efficient.A seventh paper (Rana et al., 2024) covers the use of attack trees for modeling cyber threats that exist on organizational networks, further developing the traditional method by the association of the FAIR (Factor Analysis of Information Risk) framework. The technique presented in this way can describe the risk involved with it, at each level of the attack tree, thus enabling the analysis of the dependency among the assets and also allowing for more detailed risk evaluation. The study conducted a comparison of the various techniques of threat modeling, and it is demonstrated that the FAIR-enhanced attack tree is quite preferable since it provides more details and can be construed with ease; these are the factors that make it possible for the management or higher authorities to take some initiatives. This way of paper can be even more useful for those who are involved in information security risk management and seek systematic collection and processing of data on the attacked cyber risks according to their nature, size, and location.In the Eighth paper (Saran, 2024), the authors conduct a comprehensive review of password hashing algorithms and their ability to defend against time-memory trade-off (TMTO) attacks. Although password hashing is the main step of the authentication and key derivation process, it is also the part that is most targeted by the advanced schemes of cryptanalysis. The paper covers the measures that have been recently developed to be taken for TMTO attacks and how modern hashing schemes are much more resistant to the same. To help developers and the staff members of information systems make decisions on the selection, implementation, and migration of secure hashing algorithms, the work is of real, practical value., With changes in the way the central authentication system works, the insights that have been offered at the end of this review will be important as far as keeping the system simple and also building the structures of the authentication used for the future are concerned.All in all, these eight papers together present a very good and detailed view of cybersecurity difficulties and clever ideas in the environment of data conversion. From basic security technologies to the strategies of organizations and policy implications, the special issue gives us a set of knowledge that is strong and good for scientists, professionals, and policymakers who are seeking to build secure and resilient digital ecosystems.