2.1

Literature of cookies

2.1.1

Cookies are not malware however it does brought risks

Cookies are not inherently dangerous. They are merely text files that facilitate the coordination between the remote web server and the browser for the entire functionality of the website. These features range from verification and automatic login to shopping cart functionality, preference settings, and third-party add-on services [1]. To enable users to browse the restricted pages while not having to repeatedly verify their identity, cookies are utilised to save authentication data such as passwords and usernames. Accordingly, it is essential to ensure the authenticity and confidentiality of cookies that contain information. Alternatively, any individual with access to the cookies might impersonate the user. Despite the fact that credential information stored in cookies is frequently presented during a server-specific form, where the contents are hidden from the viewer, an attacker may still be able to simply replay the intercepted cookie and impersonate the user. Implementation flaws, particularly within web browsers, could present a safety risk to users as well. For instance, a vulnerability in Internet Explorer versions five and four for Windows 98, 95, 2000, and NT permits any website to view the contents of cookies from other sites. This is due to the fact that web browsers obfuscate sites with lengthy URLs ending in the server’s domain name with that other server. Therefore, it is conceivable that a malicious site could potentially offer itself a lengthy URL that ended with the same sequential characters as another site’s URL, the web browsing demonstrated through Figure 1.

Figure 1.

Web browsing demonstration

The malicious site would then be capable of accessing cookies stored by the other website. The ramifications of this scenario could be severe if the cookie content contains personal information such as confidential data with account information. Although the web browser vulnerabilities have been fixed, there might be additional undiscovered vulnerabilities that would pose a safety threat to the users[2].

2.1.3

Fundamental Types of Cookies

There are three specific types of cookies, namely, persistent cookies, third-party cookies, and session cookies as illustrated within Figure 2.

Figure 2.

Three types of cookies

Each type of cookie has a different mission and function. The first type of cookie is session cookies. Which are basic cookies that remember a person’s online activity. Each activity performed on the site is treated as a new business for a new user. Some applications of session cookies could be well illustrated by using online shopping, and the item is going to be found due to the presence of cookies. The second cookie type is persistent cookies. These cookies are known as first-party cookies as well. Their function is usually to track all online activity and preferences, as well as to give advice. For example, for the first visit to a website, these cookies are essentially within their default state. As a person personalises a website, these cookies have the ability to remember those settings and put them in place each time that person logs in. Computers function similarly to these cookies, and each login causes the machine to set all of its preferences, concluding language preferences and bookmarks. These cookies are typically stored without the hard drive and are generally kept for a long period of time. The third cookie type is third-party cookies. These are known as tracking cookies as well. They gather data regarding a person’s online activity. Each time an individual visits a website, a variety of information regarding the user’s activities is gathered and sent to the website that generated these cookies. The data gathered is thus being sold to advertisers. The tracking of a person’s interests, preferences, and trends is done in this manner. Hence, marketers could send personalised ads to a person due to the information obtained through these cookies. Nevertheless, this is in numerous ways considered a trust in the user’s online privacy [3].

2.2

Literature of cybersecurity:

2.2.2

Data management for cybersecurity

Data governance is at the center of privacy. Data is a nebulous concept that could encompass a broad array of information, so it is valuable to break down the various collections before examining the way each area is relevant to people’s privacy and security. All of this data, whether lost in various data breaches or stolen piecemeal through phishing activities, could provide attackers with sufficient information to engage in identity theft, utilize the name to obtain loans, and possibly harm online accounts that depend on properly responding to security questions. The information could as well prove to be a gold mine for advertisers lacking ethical boundaries as it falls into the wrong hands. Browsing habits and websites accessed via internet activity are monitored by internet service providers and could be hijacked. While consumers are powerless against attacks at the internet service provider level, the websites people visit might be tracked by cookies as well, which are small segments of text downloaded and stored by the browser. Browser plug-ins might track the activity on multiple websites as well [5].

2.2.2.1

Cybersecurity in data Management of finance sector concern

In a purposeful attack, fraudsters are employing societal engineering techniques to impersonate consumers in calls to phone service vendors. They accomplish this in order to transfer a number from the phone, even if merely temporarily, and then possess the number within the time required to capture the two-factor authorization issued to the phone number and gain access to the intended account, a bank, cryptocurrency wallet, or email. As the phone bug ends up being out of control, which implies the two factor authorisation code could be stolen, any online accounts connected to this number are risking being hijacked [6].

2.2.2.2

Cybersecurity in data management of medical sector concern

Another entrant, hospitals, is currently transitioning to electrical records, with family DNA services records storing, DNA services, storing genetic information pertaining to their users, to be submitted in the event of a sought, after health-related query or to track family history. The disappearance of medical information is extremely personal and could be distressing and catastrophic for each individual. However, when it comes to DNA, the decision to release this information is personal, except for those in law enforcement, as well as often those in ancestral services, who release this data first. The privacy concerns associated with DNA searches were cited in the decline in sales of several popular family ancestry kits.s [7].

2.2.2.3

Cybersecurity concerns of cookies

It is impossible to talk about web security without mentioning cookies. These could be defined as small text files discovered on a computer. They identify the web activity shared among web pages. They mainly assist with logging in to websites and purchasing items on online platforms. Through cookies, a server could identify a person’s computer and remember what the individual has done on her or his laptop. Advertisers and online businesses utilise cookies extensively to market their businesses. The usage of cookies has been an intense topic of discussion. They generate vulnerability in one’s system via sharing information regarding a user’s online activities. While numerous people believe that cookies pose a security risk, others believe that cookies only threaten the privacy of IT users and do not pose a threat to cyber security. Many researches have been done on this point, and the answer differs from one study effort to another. This history of cookies goes back to 1994. During this year, Lou Montulli created one of the first web browsers in the computer world. He gained experience and his innovative thinking enabled him to come up with cookies, client push, server push, and HTTP proxies. According to Moutulli, the name cookie is generated from the computer science word magic cookie, described as something delivered by an application’s routine which permits the recipient to perform an action. At Netscape browse, Moutilli had an idea to utilise cookie-like programs to connect within corporations. Cookie will becomes the prior application of the corporation’s brewers in terms of knowing if a consumer has visited the corporation’s website. These cookies enable the site to remember a user’s preferences while browsing and to save the times’ history, essentially shopping carts [3]. Cybersecurity concerns cookies during every web browsing as shown in

Figure 3.

Web browsing and cybersecurity

3.1

Secondary data collection

Secondary data served as a starting point for basic researchers to try to move beyond. Applied researchers, on the other hand, are more concerned with utilising knowledge that exists already, in several forms at least, to solve specific issues. Secondary data is a prerequisite condition for successful practice. Secondary research assists in setting the agenda for subsequent primary studies by indicating issues within the previous studies. Secondary information identifies the instruments for conducting primary research in terms of the issues that ought to be addressed as well as the measurement instruments and relevant interviewees. Secondary information is a significant resource for all social scientists [8]. Secondary research utilises exclusively existing secondary data or information collected with respect to other purposes or programs. It’s primary purpose is to examine whether the research on a subject already exists. This assists in formulating the research question more accurately and identifying viable methods for visualisation, synthesis, and data collection. Desk research ought to always be considered the entry point of the research procedure in order to avoid repeating the same mistakes and standing on the shoulders of giants [9]. The prospects for secondary data analysis are manifold. It could enable researchers to generate data that they could not reproduce in the first place. The technological expertise associated with developing well-conducted surveys and robust datasets could lead to data of the utmost quality. It could also permit data to be analysed and copied from a variety of standpoints. Secondary data analytics is the ideal complement to hybrid methods and, crucially, a methodology that actually permits social scientists to stand on the shoulders of giants [10]. Data collection indicated through Figure 4.

Figure 4

Data collection

3.2

Qualitative data collection

Qualitative surveys present a fairly accessible and straightforward instrument for qualitative researchers, but things could go wrong and there are pitfalls to avoid. Two of the biggest potential issues are random completion and roll-out. For instance, while as many as nearly six hundred finished BHRA surveys were collected, approximately a thousand people initiated the survey. The majority of those who did not finish answered the demographic questions. However, no additional questions were given. The online form implies the uncertainty that the reason occurred. Nevertheless, this high roll over ratio is unlike what might happen within quantitative survey recruitment. Qualitative surveys demand effort, expertise, and time from participants, and this truth requires recognition. For both the hard copy format and the dead email format, whereby participants provide their details, email reminders could foster completion and return. However, online survey instruments provide automatic email reminders as well. For qualitative surveys, people rely on individuals’ self-selection to demonstrate their interest in being a project participant, particularly as they conduct the survey online with no researcher contact [11].

3.3

Quantitative data collection

A major research tradition regards social reality as exterior to the people involved; it is the context within which their activities take place and it has the power to regulate their actions. Knowledge regarding reality could be acquired by constructing a bridge to that reality through the utilisation of concepts as well as their measurement. The concept determines facets of reality, and the instruments are devised to gather data associated with the concepts. With this approach, the data is supposed to signify certain dimensions of reality or ongoing happenings. This tradition is related to positivism and critical reasoning, and its data collection processes are primarily quantitative [12]. Quantitative approaches are utilised to gather data or are about to be converted into figures for analytics. Within quantitative studies, dimensions of societal reality are converted into figures in various ways. Measurement is performed by assigning objects, events, or people into discrete classifications, or by featuring them according to arbitrary rules on a numerical scale [12].

4.1

Advantages of cookies for cybersecurity

Cookies are not inherently dangerous. They are merely text files that facilitate the coordination between the remote web server and browser for the entire functionality of the website. These features range from verification and automatic login to shopping cart functionality. preference settings and third party add services verification and automatic login to shopping cart functionality, preference settings and third party add services. To enable users to browse restricted pages while not have to repeatedly verify their identity, the cookies are utilised to save authentication data, as passwords and username [1]. Cookie becomes the prior application of the corporation’s brewers during terms of knowing if a consumer had visited the corporation’s website. These cookies permit the site to memorise one person’s preference browser and to remain the times’ history, virtually shopping carts. There are numerous perils associated with the utilisation of cookies. However, within reference to cookies, the issue of cybersecurity is editable. On average, a website stores twenty cookies. Although cookies have a date of expiration, this data might be a long time within the future, as months, years or weeks, google ads allows cookies to last five hundred and forty days. Consequently, at the most basic level, consumers ought to know exactly what cookies are, what information they consist of, how the information is utilised, and how to prevent such use [1]. Besides deleting cookies and altering privacy settings, consumers might utilize technological measures to protect data privacy all well. For instance, consumers might utilise browser extensions as a privacy badger and generate a digital rights community the electronic frontier foundation, in order to block data tracking devices. Additional examples involve the usage of tracker blockers as ghostly, disconnect and ublock origin to block banner or pop-up ads and to depersonalise surfing sessions. Other utilities, as consent-o-matic could store consumer behaviour and automatic application of consent denial to visited novel sites. Ultimately, HTTPS everywhere is an extension that automates the rewriting request, establishes an SSL/TLS connection, and then directs the consumer to a secure variant of the site. The latter measurement is helpful within enabling encryption coverage for sensitive data desired for performing ecommerce or other online transactions [1].

4.2

Disadvantages of cookies for cybersecurity

Consumer feedback to the survey driven to several significant insights about data privacy and management. First, confidence levels among consumers are low overall, however differ by industry. Two industries, financial and healthcare services garnered the highest confidence scores as forty four percent. Notably, client interactions within these sectors involve the usage of individual and highly sensitive data. Other sectors had significantly lower levels of confidence. Solely approximately ten percent of consumer respondents indicated that they believe within consumer packaged goods corporations or media and entertainment corporations. Approximately two thirds of U.S. internet consumers indicated that it is critical that people merely they authorise view the contents of their email and that the names and identities of their email contacts remain confidential. Approximately half of consumer respondents that it is more likely to believe corporations that require solely information relevant to their products or to limit the amount of personal information requested. These markets are obviously singling to consumers that corporations are adopting a thoughtful approach to data governance [13].

Internet activity is monitored by internet service providers and might be hijacked as a consequence of surfing habits and site visits. Whilst consumers are vulnerable to attacks at the IPS stage, the websites visit might be traced by cookies as well, which are small sections of text stored and downloaded by the browser. Browser plugins might track the activity on multiple websites as well [7]. Cybercriminals prior contact YouTube creators through commercial emails posted upon their channels, asking for video advertising partnerships for a diverse of products. From VPN to online game. Within one instance, they pretended a news provider giving covid 19 news software. As the target agreed to the advertisement deal, the attacker sent them a malware landing site, normally posing as a legitimate site, as steam or luminary’s game that consists an URL pretending as a software download. These were sent via email or a PDF on google docs or google drive. As the target operates the fake software. The cookies stealing malware is performed. This malware steals browser cookie from the victim’s machine and uploads them to the attackers control server and command [14].

4.3

Advantages and disadvantages about cookies and cybersecurity

Corporations have been employing cookies, small text files placed on browsers, for years to track website monitor and visits consumer actions online. Cookies could deliver a rich data set that enables brands to better understand who their consumers are and enables them to address those consumers with more pertinent offerings. However, this personalisation comes at a cost. Consumers are increasingly interested in what corporations are doing with the data, who is collecting the data, how much their actions are tracked and who they might be selling the information to. As a matter of fact, a recent report discovered that seventy nine percent of Americans are worried about the way corporations utilise their data. Forty one percent of U.S. customers routinely delete cookies, and thirty percent have deployed ad blockers. This increasing mistrust has been increasingly echoed within government regulation. Among the most prominent pieces of legislation addressing cookies is the 2018 general data protection regulation, a significant broadening of data privacy mandates. Recently, regulators began demanding a comprehensive ban on ad targeting, both Virginia and California adopted sweeping privacy bills, and google chrome unveiled plans to cease support for third-party cookies completely by 2022. The era of the cookie is ending. That does not imply that companies ought to abandon personalisation, simply that now is a time for a new and better approach. What this has to do with the fact that cookies are being utilised to personalise the web experience, which might consist of tailor made advertisements. However, this tracing might possibly go too far and reveal itself as the distinctive identifiers appended to the cookie are utilised for various services and various marketing platforms. This practice is usually intrusive [7].

As Figure 5 illustrated that consumer concerns data collection and cybersecurity, however, few take adequate protective precautions. The data sample was collected from 792 participants [4].

Figure 5.

Survey of cookies action [4]