The increasing global prominence of the internet is a major source of concern for law enforcers because of the increasing sophistication of fraudsters. Law enforcement agencies in many parts of the world now have cybercrime divisions that tackle the increasing challenge of high tech fraud. This paper reviews an article published by Shaik and Shaik (2014) in the International Journal of Advanced Research in Computer and Communication Engineering titled, “Cybercrime is a Global Problem: Increasingly Social and Mobile.”
Article Summary
The article discusses the general threats posed by the increasing incidents of cybercrime across the world. The purpose of the authors is to give internet and mobile phone users the knowledge needed to reduce the risk of becoming cybercrime victims.
The first point that the authors make is that cybercrime affects individuals, organizations, and governments alike. However, the reports made to law enforcement agencies tend to come from victims who have suffered minimal losses. Victims who suffer great losses tend to shy away from reporting their losses because of reputational risks.
The authors then examine different types of strategies used in high tech fraud. The main issues raised in this section include hacking, phishing, child pornography, software piracy, denial of service attacks, among others (Shaik & Shaik, 2014). The authors explain how each of these modes of cybercrime work and the vulnerabilities that make them possible.
In the next section of the article, the authors examine cybercrime and fraud related to the use of mobile phones and social networks. In this regard, the authors examine different approaches used by criminals. An interesting point to note in this discussion is that the methods used by criminals to gain access to mobile phone SIM cards have legitimate uses. These methods include spoofing, SMS-spoofing, and email spoofing (Shaik & Shaik, 2014). The authors also pointed out that cybercriminals can gain remote access to webcams and use them for spying (Shaik & Shaik, 2014).
In the final section of the article, the authors give detailed recommendations to technology users on how to ward off the risk of becoming high tech fraud victims. These recommendations include not sharing their financial information via email. The authors also advocate for care when visiting new websites, and they urge internet users to be wary of online acquaintances that appear too friendly.
Similarities of the Article to Class Readings
The article reviewed has several similarities to class readings. The five main similarities are as follows. First, the class reading and the article both treat high tech fraud as a growing threat to online commerce. Both sets of authors agree that the cost of high tech fraud is monumental (Knetzger & Muraski, 2008). Secondly, they both provide a set of suggestions that individuals can use to protect themselves from high tech fraud. The third area of similarity between the two materials is that they both view cell phone fraud as a growing problem.
Each of the two sources handles cell phone fraud differently, but that is both based on the premise that a fraudster can gain control of a victim’s cell phone. The fourth area of agreement is that high tech crimes usually involve some form of identity theft. This can be through fraudulent acquisition of personal information or fraudulent access to electronic devices. In this sense, a thief can target personal information or electronic devices for use in fraudulent activities.
Strengths of the Article
The main strengths of the article reviewed are as follows. First, the article took a comprehensive view of high tech fraud. This strength comes from the fact that high tech fraud is dynamic. Fraudsters use multiple platforms to execute crimes. The second strength of the article is that it does not use too much jargon. The decision to use simple language gives the article a wider readership.
This is an ideal disposition since it aids the global fight against fraud. The third strength of the article is that it gives a set of clear recommendations to the audience on how to reduce the chances of becoming high tech fraud victims. The readers have clear issues to address as soon as they finish reading the article. This is a very high level of achievement for an article based on a technical aspect such as fraud.
Weaknesses of the Article
The two main weaknesses of the article are as follows. First, the article has a poor structure. The authors tried too hard to categorize issues into a few clear areas. The result is that some sections of the article do not fit well in their current categories. For instance, the section talking about “buffer overflows” also discusses zombie computers and skimming (Shaik & Shaik, 2014, p. 4998).
The relationship between these concepts is not obvious. The second weakness of the article is that its recommendations are too prescriptive. They do not allow the reader to use the information provided in any other way. In this sense, the applications possible from this paper are limited to the ones identified by the authors.
References
Knetzger, M., & Muraski, J. (2008). Investigating High Tech Crime. Carlifornia: Pearson.
Shaik, A., & Shaik, S. B. (2014). Cybercrime is a Global Problem: Increasingly Social and Mobile. International Journal of Advanced Research in Computer and Communication Engineering, 3(1), 4993-5001.
The convenience, speed, and anonymity provided by the internet have provided a new platform for criminals to extend their activities through cybercrime. The emergence of new advanced technologies has seen cybercrime taking new trends that are more secretive and dangerous to businesses and people. In fact, cybercrime leads to losses running into billions of dollars annually. Cybercrime takes many forms, including financial crimes like online fraud, abuse, computer attacks, and tolerance or encouragement of illegal activities such as gambling, child pornography, and copyright infringement. Unlike in the past, where a few individuals with criminal minds committed cybercrimes, the field is now run majorly by organized gangs with global networks. Some of them work under the very nose of law enforcement officers disguised as legal businesses or organizations.
The site I have chosen for this assignment is involved in the illegal sharing of files. Most files shared on the website are copyrighted and patented.
I believe the above site falls in the second category of websites that encourage young people to engage in dangerous or illegal behavior. It is a known fact that sharing of copyrighted files is both immoral and illegal. First, we realize that the website provides a platform for sharing copyrighted music files, software, and movie piracy. Its community page has seven broad download categories, including TV shows, games, applications, movies, music, books, anime, and others (Figure 1.)
Most books being shared on the website are not available for free. In fact, by opening the book’s download link, I found “Oxford Word Skills – Basic, Intermediate, Advanced – Learn and Practise English Vocabulary + Supplementary Skills Reading” to be available for free, yet the book is on sale on Amazon.com for $55. The book was uploaded one day before my visit to the website and is already downloaded 1029 times (figure 2). I also believe the website is promoting piracy because even the latest Hollywood movies produced in 2014 that their producers have not earned enough money to settle the expenses incurred during production such as Horns, Fury, and Interstellar are available on the site for free download.
Things get worst when it comes to software. The website has almost all software files known to humans. A quick search of Microsoft Office 2013 returned 138 responses. One of the files had been downloaded 1576 times and seeded the same number of times. Microsoft Office 2013 has a market price of $400. Given that the first three links had been downloaded approximately 3,000 times, Microsoft Corporation had lost over $1.2 million on the illegal downloads. Many more companies suffer from such illegal downloads making losses running into billions of dollars annually. Even though the companies lose only money, the youth who are involved in downloading such illegal files lose much more in terms of character and responsibility.
The international and national laws are clear on copyright and the penalties it may attract. Original authorship works such as music, drama, literary artworks, and intellectual property are often protected from unauthorized distribution for a given amount of time. During such periods, the only person who has the authority to distribute the work is its owner and his or her agents. Anyone who does not have the authority to redistribute the work but goes ahead to do so may be subjected to a civil or criminal case in a court of law. The internet and digital media have made the enforcement of copyright laws extremely difficult for law enforcement officers. File-sharing networks are difficult to monitor, thereby hindering the effectiveness of efforts put in place to curb such offenses. Just like the case in curbing other crimes, people should help law enforcement officers in curbing illegal sharing of files by refusing to participate in the crime and alerting the law enforcers of such activities immediately. People who take part in downloading illegal works cannot be absolved of any wrongdoing. In these criminals get a good chance of avoiding the cost of acquiring movies.
Digital Music and Software
The music industry is now fighting a huge battle against the illegal downloading of music via the internet. Kickass. So provides its users with a framework through which they can request and receive music files from other users in the network despite the files being copyrighted. When a user searches for a music file by title or a musician’s name, the user’s request is sent out to all computers in the network, and a response list is generated to the user in order of relevance. It takes only a few seconds for the file to be downloaded to the user’s computer or device. The same happens with software. Pirated software is requested from network members and downloaded in no time. The site provides serial numbers and program keys for all software downloaded from it to enable its users to enjoy software functionalities reserved only for those who have paid for the full versions of the software. Other software is cracked to allow users to gain functionalities limited by the software’s developers. These limitations are created to prevent people from benefiting from the software when they have not paid for them. Therefore, cracking the software and providing the crack to others is not only immoral but also illegal. It is even worse for people who shamelessly download the files for personal use, knowing very well that they have not paid for them.
Risks of File Sharing
When you try downloading a file from the site, you are advised to first download and install ύTorrent, software used for direct torrents download (Figure 3). After installation, the software segments a reasonable size of the installer’s hard drive. The segmented section is then used to store downloaded and uploaded files. In fact, according to some analysts, the software has the ability to scan your computer for any information searched by other network users and then upload them to the user. For instance, if a user is looking for Microsoft Office 2013 and you happen to have the software on your hard drive, it could upload the file for the user to download. In such a case, private data and sensitive information become threatened by unauthorized access. Furthermore, the software could expose a user to attacks from malware and Trojan horses hidden in files.
The website gives assurance to their user that using its updated software for hiding IP addresses of computers makes their activities completely secured and untraceable (Figure 4). However, such IP hiding software has failed in the past and exposed users’ activities. If caught, a person involved in the illegal transfer of unauthorized files can face a jail term of up to five years and a fine of $250,000. Young or minor offenders are no exception. Their parents may face criminal charges for their involvement in the crime.
Responsibility defines a person. As consumers, we must be responsible for what we consume. Stealing from the people who make our lives easier by inventing new programs and creating new music and movies is a sure way of killing the very movies and music that entertain us and programs that make life easier. It is unacceptable to download unauthorized files, and the sites that promote such activities should be shut down and their members punished.
The role of the Internet in lives of people continues to grow every day. Many people store their information online and use services that require some personal information to be shared. Moreover, Internet-based programs and services are used by companies, communities, governments, and international organizations, which increases the amount and the significance of information present online. Such a way of storing and transferring information opens new opportunities for illegal activity.
Thus, cybercrime – the use of computers and the Internet for unlawful acts – is a growing phenomenon that becomes more elaborate and more dangerous every minute (Aggarwal et al. 48). Cybercrime has many types because the Internet offers a variety of services to its users. Hackers can steal personal information of other users, use malicious software to corrupt data and stop services from functioning properly, illegally download information and share it with others breaching copyright laws, and distort the overall safety of users and their lives
One of the branches of cybercrime is personal data theft that can include financial information, legal documents, medical records, and other data (Hutchings and Holt 11). While this type of crime may seem to be less damaging in a global sense, it is widespread, making personal data theft one of the most popular forms of cybercrime (Wheatley et al. 8). Currently, there are no clear solutions to protect personal information and maintain a safe space for people’s private data.
A significant issue that slows the development of better protective systems down is the lack of cybercrime assessment frameworks. This literature review examines the recent scholarship investigating cybercrimes and the erosion of privacy with the focus on finding new solutions to protect information and evaluate the damages that hackers bring to the world every day.
Research Problem
The analyzed literature reveals a problem in the sphere of cybercrime research – the lack of statistical information and analysis of interventions in the field of personal data theft.
Literature Review and Analysis
To understand the severity of the problem, one should investigate the main aspects of cybercrime, its history, and legal considerations. For this purpose, a review by Aggarwal et al. should be considered as it contains all necessary information on the topics of cybercrime and cybersecurity. According to the authors, there is a wide variety of cybercrime types, briefly mentioned above. The review also considers some effects that cybercrimes can have on people.
For example, while some illegal practices may be directed at individual people, others may target entire businesses or government agencies, increasing the severity of the crime and the damages brought as a result.
The authors also present some information about cyber security and laws that can help victims to defend their rights. However, the review notes that current legal practices are insufficient to protect people’s data and persecute criminals for their crimes (Aggarwal et al. 50). Thus, such needs as better coordination of law enforcement agencies and increased attention to cybersecurity research are outlined in the study. Furthermore, it is highlighted that users should also rely on themselves and exercise caution when using computers and the Internet. This study offers a solid foundation for further research and presents some basic information that is required to find issues in current research on cybercrime.
A conceptual study by Wall has a similar purpose as it helps define cybercrimes in the cloud – a more nuanced sphere of Internet safety. Wall offers an understanding of crimes in cloud services and their effect on victims, also paying attention to possible law enforcement strategies (Wall 529). Similarly to the previous work, Wall finds that cybercrimes are difficult to persecute due to the lack of research in the sphere and the small impact of each crime (Wall 536). The insufficient amount of available information is also noted by Armin et al., who investigate cybercrime reports and find that there are many gaps in existing research (150).
This problem is also outlined by Wheatley et al. who state that while the amounts of personal data being stolen grow continuously, the individualistic approach of defense mechanisms remains ineffective (8). This study uses a quantitative approach to show the statistics of personal information breaches, highlighting its growing impact on the finances of companies and government agencies. Wheatley et al. find that massive breaches of personal information occur frequently (more than 70 attacks per year since 2007) and deteriorate the state of privacy with each successful attack (8).
The authors also point out the need to research cybercrimes focused on government agencies and businesses and the shift from total risk evaluation to a more personalized approach. This study shows that the process of stealing private information is becoming more dangerous as hackers get access to large amounts of data simultaneously instead of targeting individuals.
In fact, cybercrimes in businesses often result in data of many people being stolen, which leads to massive financial damages for the company and its stakeholders (Balan et al. 64). The study by Balan et al. utilizes R programming to analyze cybersecurity problems and statistics of different businesses to find the main weaknesses in companies’ strategies and suggest new practices (65). The authors find that personal data theft is a significant problem in all industries, causing more than 90% of all businesses to lose money as a result (Balan et al. 66). Again, the need for further research is stressed as evidence against criminals in the cybersphere is hard to gather making cybercrime difficult to control.
Hutchings and Holt examine the market for stolen information and find that there is no research of practical implementations of interventions available, which makes the problem even more challenging (27). The authors also note the financial losses of people and companies and point out that possible interventions may include the collaboration of different services and government bodies and use such practices as censorship and law enforcement control (Hutchings and Holt 23). This study offers some strategies to control personal data theft and ways to protect information from being acquired illegally. Nevertheless, the authors highlight the need to apply these practices and analyze results to present substantial evidence.
Works Cited
Aggarwal, Pooja, et al. “Review on Cyber Crime and Security.” International Journal of Research in Engineering and Applied Sciences, vol. 2, no. 1, 2014, pp. 48-51.
Armin, Jart, et al. “2020 Cybercrime Economic Costs: No Measure No Solution.” Combatting Cybercrime and Cyberterrorism: Challenges, Trends and Priorities, edited by Babak Akhgar and Ben Brewster, Springer, 2016, pp. 135-155.
Balan, Shilpa, et al. “Data Analysis of Cybercrimes in Businesses.” Information Technology and Management Science, vol. 20, no. 1, 2017, pp. 64-68.
Hutchings, Alice, and Thomas J. Holt. “The Online Stolen Data Market: Disruption and Intervention Approaches.” Global Crime, vol. 18, no. 1, 2017, pp. 11-30.
Wall, David S. “Towards a Conceptualisation of Cloud (Cyber) Crime.” International Conference on Human Aspects of Information Security, Privacy, and Trust, edited by Theo Tryfonas, Springer International, 2017, pp. 529-538.
Wheatley, Spencer, et al. “The Extreme Risk of Personal Data Breaches and the Erosion of Privacy.” The European Physical Journal B, vol. 89, no. 1, 2016, pp. 1-17. Web.
Jiow, a research scholar at the National University of Singapore, penned the article “Cyber Crime in Singapore: An Analysis of Regulation based on Lessig’s four Modalities of Constraint”. It was published in the International Journal of Cyber Criminology in 2013. The author has a Doctor of Philosophy Candidate, Communications and New Media. Besides, he started the cyber wellness initiative in Singapore, and he has written many journals on cybercrime.
His article deals with cybercrime in Singapore and the various modalities of fighting the issue. The author has put together valuable findings and arguments on cybercrime that targets members of the public who utilize the cyberspace. He gives the internet penetration rate in Singapore and points out that the country ranks among the highest places in terms of cybercrime. The author intends to discuss the methods used to deter cybercrime and access their effectiveness.
The significant cybercrime perpetrators in Singapore are the youths who are techno-savvy, and about 80% of the whole population has been the victim of cybercrime. The crime rates threaten the country’s social fabric, and therefore, it is essential to deal with the rising cybercrime incidents. The journal looks at the four modalities used to deter cybercrime.
The government uses law in fighting cybercrime such as legislation on territorial jurisdiction and collaborating with other countries in the fight. The other method is architecture or the affordability of technology. People can afford the internet, and accessibility is effortless.
Moreover, technological advancement makes it is straightforward to access materials on the cyberspace such as files. The market in the cyberspace has changed dynamics because people can buy movies or music cheaply compared to purchase physical copies. The other one is social norms that help to regulate people’s behavior in the cyberspace. The journal offers a significant approach to the reason why everyone needs to change how to utilize cyberspace and communication.
On the other hand, the information in the article relates to the book in various ways. They both break down the challenges of internet use about cybercrime. Jiow’s journal outlines how people commit cybercrime, just as the book does with high tech cyber crimes (Knetzger & Muraski, 2008).). The great use of the internet in Singapore makes most users vulnerable to cyber crimes such as hacking and seeks to educate people to understand cybercrime and the various ways for its prevention.
Similarly, the book addresses cybercrime and its increment among internet users and advises on how to avoid becoming victims. Jiow’s main interest is to eradicate cybercrime by highlighting the causes of cybercrime and the means to educate the users. Above all, both articles highlight various challenges in the attempt to regulate users’ behaviors in cyberspace.
The information in the journal relates to the text because it talks about the multiple ways that can be used to contain cybercrime and shows the challenges of each approach. Moreover, the article and the text relate because they seek to educate potential victims about cyberspace wellness.
The strengths of the article are evident because the author has authority in the subject of cybercrime as depicted by his extensive knowledge and skills significant for embracing the intricacies of the ever-changing cyberspace. He also takes time to illustrate the complexities of cybercrime through a systematic process. It is evident in the crucial subtopics and chapters that he breaks down impeccably.
In his assessment on Singapore’s Cyber Crime Scene, he breaks down the intricacies of hacking in the most prevalent nation, Singapore. He delves into theories and practices of cybercrime in a way that helps the reader improve their understanding of hacking by evaluating modern transformations in lifestyles, demographic factors, traditions and practices in Singapore (Jiow, 2013).
The article passes the message to its audience well as it starts from basics to complex issues in cybercrime. Furthermore, the author defines words making it easy for a reader to understand and follow the article.
On the contrary, the article fails to address crucial aspects of cybercrime. For instance, the author fails to highlight the financial intricacies of managing cybercrime in developed and developing nations. The author does not elaborate in detail about the function of the police in managing cybercrime. The police function is to enforce the law, and since the cybercrime falls under illegal activities, the role of the police needs to be given a priority when assessing cybercrime.
It is also evident that the author attempts to make use of secondary sources in identifying the causes and effects of cybercrime in Singapore. This is a limiting factor, considering that the author indicates that it is challenging to obtain valid data of cybercrime on the web. This shows that valuable data lacks in the research and somehow decreases the objectivity of the study. However, it gives crucial information on the deterrent of cybercrime.
References
Jiow, H. (2013). Cyber Crime in Singapore: An Analysis of Regulation based on Lessig’s four Modalities of Constraint. International Journal of Cyber Criminology, 35 (7), 7-14.
Knetzger, M. & Muraski, J. (2008). Investigating High Tech Crime. California: Pearson
It is generally accepted that the cyber environment provides people with both positive opportunities such as self-realization or creativity and negative ones involving specific problems. Unfortunately, the digital space can also become an atmosphere of involving children and adolescents in criminal acts, thus bringing to psychological issues by means of mobbing, cyber-fraud, embezzlement of money from an electronic parental purse, pornography, pedophiles’ acquaintance with children, free access to extremist websites, sale of drugs through the Internet, etc. Due to age characteristics, the insufficient educational activity of parents, the provision of unlimited opportunities in the online environment, and also due to the low media literacy of the population, people can become victims of cybercrime and sometimes even turn into criminals. In this connection, it is of great importance to identify potential problems that are encountered by law enforcement when computer crime organizations cannot ensure the safety and security of users.
Nowadays, people live in the era of the information society when computers and telecommunication systems cover all the spheres of human and state life. Focusing on telecommunications and global computer networks, it was impossible to foresee the opportunities for abuse these technologies could create. Today, among victims of criminals who operate in virtual space, there are not only adults but also children. Even though computer crime laboratories continuously update their products to ensure the safety and security of users, forensic computing faces plenty of problems. Online games are one of the most popular activities on the Internet, along with searching web pages and socializing (Britz, 2013). The main threats faced by users involve the following points:
Phishing. The criminal web-environment generates many fake gaming sites. Some of them use URLs that are very similar to the addresses of real websites. An unsuspecting player is threatened not only by malicious programs but also by traps that can steal personal data and cause real financial problems (Hu, Chen, & Bose, 2013).
Social networks. There are a lot of scammers with fake accounts that pretend to be producers of games, requiring to open personal information.
Infected games and fraudulent programs. The user can easily infect his or her computer through hacked or fake computer games. Their creators abuse the hobbies of users, offering such games for downloading on the Internet. It is necessary to be especially careful when using email attachments and removable media, such as USB flash drives.
Malicious programs. One of the most common malicious programs to date is Win32 / PSW.OnLineGames. This is a family of Trojans used in phishing attacks aimed specifically at users of computer games: malicious programs of this type are able to spy on typing text from the keyboard and sometimes include rootkits that can collect information related to online games and user credentials (Pfleeger, Pfleeger, & Margulies, 2015). It is characteristic that the information is transferred to the computer of the remote attacker. The members of the massively multiplayer online role-playing games (MMORPG), such as Lineage, World of Warcraft, or Second Life, should be aware of these numerous threats.
As an example, one may note the case when about 18 thousand people lost hundreds of millions because of the bankruptcy of the virtual bank Ginko in Second Life. According to Scarle et al. (2012), prior to the bankruptcy, the bank had savings of more than 700 thousand dollars (or 190 million Linden dollars, the rate of which is relative to dollar as 270 to one). The official cause of bankruptcy was the massive withdrawal of money from accounts in Ginko as a result of the ban on gambling in Second Life. For a week, the virtual bank went bankrupt, and those who did not manage to withdraw their investments lost their savings. Some experts suspect that this was a planned action.
Another problem is pedophiles who increasingly go to the World Wide Web to satisfy their unhealthy lust through the psychological deception of children. According to Tikhonov and Bogoslovskii (2012), they actively use various computer programs so that no one can identify them by calculating their IP address, creating the identikit by video link, or determining the place of residence. Knowing the basics of child psychology, they get acquainted with minors in social networks, acquire confidence, and then, under the pretext of fun games, make them undress and commit disgusting things (Hu et al., 2013). Due to the anonymity of the media environment, this type of crime has become easier to implement. The pedophiles build trustful relationships with adolescents in chat rooms, forums, and social networks. They get acquainted with children, positioning themselves as a future good friend, a senior companion, and a sincere assistant. After establishing contact with minors, criminals can offer personal meetings, pictures of erotic nature, and intimate communication through a webcam (Reddy & Minnaar, 2015). Despite the ban and the abundance of regulations aimed at combating such crimes, it is rather difficult to control the correspondence of the online environment to the established norms and values as cybercrime strategies are ever-changing and quite resourceful.
References
Britz, M. (2013). Computer forensics and cyber crime: An introduction (3rd ed.). Boston, MA: Pearson.
Hu, Y., Chen, X., & Bose, I. (2013). Cybercrime enforcement around the globe. Journal of Information Privacy and Security, 9(3), 34-52.
Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2015). Security in computing (5th ed.). Upper Saddle River, NJ: Prentice Hall.
Reddy, E., & Minnaar, A. (2015). Safeguarding children from becoming victims of online sexual abuse facilitated by virtual worlds. Child Abuse Research in South Africa, 16(1), 23-39.
Scarle, S., Arnab, S., Dunwell, I., Petridis, P., Protopsaltis, A., & de Freitas, S. (2012). E-commerce transactions in a virtual environment: virtual transactions. Electronic Commerce Research, 12(3), 379-407.
Tikhonov, M. N., & Bogoslovskii, M. M. (2012). Pitfalls of new information and communication technologies. Scientific and Technical Information Processing, 39(2), 67-73.
In the year 2003 the then president of the United States legalized a national strategy to secure the country’s cyberspace. The primary objectives for this strategy were to prevent any attacks against the United State’s infrastructures, to reduce the country’s propensity to attacks over the internet and to reduce to the lowest levels possible the damage that occurred from cyber attacks. The government at the time put in place criminal laws to allow for the investigation and prosecution of individuals suspected of partaking in cybercrime. Various institutions were set up to help with investigation of crimes that involve computers or computer networks with the United States working very closely with other nations in dealing with cybercrimes by setting up round-the-clock emergency contact networks. Other efforts aimed at a sustaining the collaborative effort between the United States and other nations included the signing of multilateral treaties such as the convention on Cybercrime. Such treaties have been heralded by the United States as very important tools in dealing with transnational cybercrime.
A study of various cyber security challenges that touch on aspects of society, from economic to societal reveals that there is a need to raise the profile of cyber security as a component that demands national priority. The challenges have a serious implication on the country’s security and as such demand that a concerted national effort in dealing with cybercrime be encouraged.
The economic sector has been most affected because of the modern-day reliance on technology for virtually all aspects of production. Information systems are vital in ensuring efficiency within the various organizations in respective through proper storage and access of data. Countries where this happens effectively gain in terms of state reputation and financial benefits. However, with rapid changes taking place in the telecommunication sector, there are bound to be even more changes in the way criminal activities happen. It is therefore mandatory that governments develop adequate legislation to help protect their citizens from cybercrime in the case of the widening cyberspace.
This report seeks to analyze the various effects of cybercrime. To this end, the report will try to adopt an interpretive paradigm to illustrate the impacts of these challenges to the control of cybercrime. In addition to the explaining the challenges, the report will also provide a brief detailing of the steps involved in the enhancement of cybersecurity.
Israel and US fingered for Stuxnet attack on Iran’s Nuclear Program
Unnamed sources at Israel’s Dimona nuclear complex said the malware was developed there over the last two years as part of a joint US-Israeli operation designed to sabotage Iran’s nuclear program. The foundations of this work were reportedly laid by American Intelligence Agencies, who identified the type of controllers Iran intended to use and their vulnerabilities back in 2008. Testing of the Siemens controllers took place at the Idaho National Laboratory as part of a larger exercise in cyber-security testing, according to the sources.
After months of confusing and occasionally conflicting statements, Iranian president Mahmoud Ahmadinejad recently confirmed that the worm had sabotaged uranium-enrichment centrifuges at Natanz. Production at the facility reportedly dropped by 30 per cent, as a result of which setting Iran’s nuclear program was set back by months. as a result.
Sophisticated attacks targeted major Oil and Gas organizations globally
Bloomberg News has identified six of the energy companies targeted in a recent series of “coordinated covert and targeted cyber attacks” and says the victims could face legal liability for choosing not to disclose them to shareholders. The roster includes ExxonMobil, Royal Dutch Shell, BP, Marathon Oil, ConocoPhillips, and Baker Hughes, according to an article the news service published on February 2011. The attackers “targeted computerized topographical maps worth ‘millions of dollars’ that show locations of potential oil reserves,” Bloomberg said, citing Ed Skoudis, founder and senior security consultant for InGuardians. The hacks were first disclosed in a report issued by McAfee, which said they resulted in the in the loss of “project-financing information with regard to oil and gas field bids and operations.”
Security giant RSA breach leaks data for SecurID two-factor authentication tokens
Attackers breached the servers of RSA and stole information that could be used to compromise the security of two-factor authentication tokens used by 40 million employees to access sensitive corporate and government networks around the world.
Attacks Attackers were able to access the seeds for specific companies, resulting in providing them with the ability to generate the pseudo-random numbers of one of its tokens, allowing them to clear a crucial hurdle in breaching the company’s security. Attackers were also able to get access to RSA’s SecurID source code that gives them the blueprint of vulnerabilities to exploit, or the theft of private cryptographic keys that might allow them to imitate RSA servers or register new employee tokens.
Iranian attackers suspected in forging Google’s Gmail credentials
Extremely sophisticated hackers, possibly from the Iranian government or another state-sponsored actor, broke into the servers of a web authentication authority and counterfeited certificates for Google mail and six other sensitive addresses, the CEO of Comodo said.
The March 15 intrusion came from IP addresses belonging to an Iranian internet service provider, and one of the purloined certificates was tested from the same country, said Melih Abdulhayoglu, whose company is the certificate authority used to validate the bogus web credentials. Other web addresses that were targeted included google.com, login.yahoo.com, login.skype.com, addons.mozilla.com, and Microsoft’s login.live.com. As a result, the attackers would be able to intercept secure communication and login information to the targeted domain names.
Israel propose a creation of elite counter-cyber terrorist unit
Israel is proposing the creation of a counter-cyber terrorism unit designed to safeguard both government agencies and core private sector firms against hacking attacks. The proposed unit would supplement the efforts of Mossad and other agencies in fighting cyber espionage and denial of service attacks. Israel is, of course, a prime target for hackers from the Muslim world.
The country’s hi-tech industries also make it an interesting target for cyber espionage from government-sponsored hackers from China and elsewhere. Spear-phishing attacks featuring targeted emails, custom malware and subsequent hacking action have been in the news over recent weeks, in the wake of cyber attacks against EU agencies and oil-prospecting multinationals, to quote just two recent threats.
US-CERT warns of critical industrial control system bug
A group collaborating with the US Computer Emergency Readiness Team is warning oil refineries, power plants, and other industrial facilities of a bug in a popular piece of software that could allow attackers to take control of their computer systems. The vulnerability in the Genesis32 and BizViz products made by Massachusetts-based Iconics could allow attackers to remotely execute malicious code on machines that run these SCADA, or supervisory control and data acquisition, programs. The programs are used to control equipment used in factories, water, wastewater and electric utilities, and oil and gas refineries.
US-CERT recommends that users of SCADA software take basic precautions to protect themselves from security breaches. The measures include isolating critical devices from the Internet and locating networks and remote devices behind firewalls.
Lockheed Martin suspends remote access after network intrusion
Lockheed Martin has reportedly suspended remote access to email and corporate apps following the discovery of a network intrusion that may be linked to the high-profile breach against RSA earlier this year. The manufacturer of F-22 and F-35 fighter planes has reset passwords in response to a “major internal computer network problem”, according to two anonymous sources and an unnamed defense official, Reuters reports. Technology blogger Robert Cringely reports that Lockheed detected the suspected breach on Sunday. He adds that an estimated 100,000 personnel will be issued with new tokens before remote access is restored, a process likely to take at least a week.
China announces the need to get into cyber warfare
Senior Chinese officers think that the People’s Liberation Army (PLA) needs to make more of an effort on cyber warfare. Reuters reports on an essay written by PLA colonels Ye Zheng and Zhao Baoxian in the Party-run China Youth Daily. The two officers, who are strategists at the PLA’s Academy of Military Sciences, argue that China “must make mastering cyber-warfare a military priority”.
The essay goes on to say:
Just as nuclear warfare was the strategic war of the industrial era, cyber-warfare has become the strategic war of the information era, and this has become a form of battle that is massively destructive and concerns the life and death of nations.
US forced to redesign secret weapon after cyber breach
The United States may be forced to redesign an unnamed new weapon system now under development – because tech specs and plans were stolen from a defense contractor’s databases.
Reuters and Aviation Week report on the revelation by US Deputy Defense Secretary William Lynn, made in the course of announcing beefed-up cyber defenses intended to put a stop to such intrusions. Lynn said that a “foreign intelligence service” was behind the theft of the secret weapon’s blueprints in March – apparently amounting to 24,000 files – but declined to specify which nation had carried out the attack.
“It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies,” Lynn said. “In a single intrusion this March, 24,000 files were taken.”
Global Threat Landscape
Key Highlights
105,536 unique web malware were encountered in March 2011, a 46% increase from January 2011.
Malicious webmail represented 7% of all web-delivered malware in March 2011, a 391% increase from January 2011.
45% of all malicious webmail resulted from Yahoo! Mail, 25% from Microsoft Live/Hotmail, and only 2% from Google’s Gmail.
Search-engine-related traffic resulted in an average of 9% of all web malware encountered in 1Q11.
33% of search engine encounters were via Google search engine results pages (SERPs), with 4% each from Yahoo! and Bing SERPs.
SERPs and webmail encounters are impacted by the popularity of a particular service and are likely not indicative of any heightened risk specific to that service.
Likejacking increased significantly during the first quarter of 2011, from 0.54% of all web malware encounters in January 2011 to 6% in March 2011.
At 13%, Miley Cyrus–themed likejacking scams beat out all other celebrities and events in March 2011. Likejacking themes for Indian actress Nayantara were at 7%, while Charlie Sheen was at 3%, Justin Bieber at 2%, and Lady Gaga at 1%.
At 4% of all web malware encounters in 1Q11, website compromises that attempted to download the Hiloti Trojan were the most frequently encountered, followed by malicious GIF injections (3%). Website compromises related to the Lizamoon series of SQL injection attacks represented just 0.15% of web malware encounters for the quarter.
Though far less successful than in years past, SQL injection attempts continued to be the most prevalent event firing (55%) observed by security researcher and analysts around the world in 1Q11.
Malware activity related to the MyDoom worm was the 10th most frequently observed IPS event in 1Q11, demonstrating that legacy malware can still pose a threat to unprotected systems.
As expected, Rustock activity declined significantly over 1Q11, but, interestingly, the sharp decline commenced weeks prior to the botnet takedown.
Following 4Q10 declines, global spam volume increased and then subsequently decreased during 1Q11, but levels remained above that of December 2010.
With an increase of 248%, Indonesia overtook the United States as the top spam-sending country in 1Q11.
Web Threats Trends and Analysis
Enterprise users experienced an average of 274 web malware encounters per month in 1Q11, a 103% increase compared to 2010. Unique web malware encountered also increased (46%) in 1Q11, from 72,294 unique web malware in January 2011 to 105,536 in March (Figures 1-3).
Though web malware continues to increase, far fewer large-scale compromises are occurring compared to previous years. Instead, compromises are more focused on the “long tail” of the web, with fewer compromises per attack but a far larger number of separate attacks. As Figure 4 demonstrates, the largest outbreak occurred in March 2011 with a series of GIF injection attacks targeted at popular Pakistani news sites.
The second largest attack in 1Q11 involved website compromises designed to deliver the Hiloti Trojan. This particular wave of attacks, breaking in January 2011 before resuming in February, is part of an ongoing series. Though the Lizamoon series of SQL injection attacks were highly publicized in March 2011, both the actual numbers of compromised websites and the live encounter rates were far fewer than had been reported. In reality, only a few thousand websites were actually compromised and live encounters represented only 0.15% of all Web malware encountered for the quarter.
Web searches resulted in 9% of web malware encounters in 1Q11, with an average of 33% resulting from Google search engine results pages (SERPs) and 4% each from Yahoo! and Microsoft Bing SERPs. The majority of web search encounters (58%) occurred via smaller search engines and/or searches performed on non-search-engine websites (Figure 5).
It is important to note that search-related malware encounters are not reflective of any underlying risk with a particular search engine; rather, these encounters are due to the popularity and thus increased usage of a particular search service.
Email Threats and Analysis
The 2011 takedown of segments of Rustock, combined with multiple spam botnet takedowns in 2010, had a positive impact on overall spam volume. However, spam volume in 1Q11 remained above the lowest point recorded in December 2010. Figure below reflects the global spam volume as reported through Cisco SensorBase Network participants.
Interestingly, while the takedown efforts had the most positive impact on spam originating from the United States and Russia, spam originating from other countries is rapidly increasing.
Although they represent a relatively small percentage of overall spam, phishing attacks pose a serious risk to security, both from a financial and sensitive information disclosure perspective. In 1Q11, attackers increasingly turned their attention toward phishing Twitter accounts (Figure below). This interest in Twitter credentials is likely due in part to Twitter users’ acceptance of shortened URLs. By compromising Twitter accounts, attackers can take advantage of shortened URLs to entice followers to visit malicious links the users might ordinarily view as suspicious. Such attacks are further fueled by the trust engendered through social networking in general.
In summary, while global spam volumes have increased, the malware encounter rate via webmail has substantially increased. Further, social networking scams involving both Facebook and Twitter also increased throughout the first quarter. Web-delivered malware is also at an all-time high and the rate of encounters with unique new malware continues to increase
Showcase: The Digital Nuclear Attack against Islamic Republic of Iran
The earliest cybercriminals specialized in casting a wide net to find targets for their schemes. Poorly written spam messages, sent out by the millions, were aimed at any and all possible email addresses. Spam filters now catch most of these messages, but a small fraction of recipients will still click through to download malware unwittingly or decide to order non-existent pharmaceuticals.
While broadly aimed spam still appears to be an effective tool, cybercriminals are seeing value in fine-tuning their efforts so that their malware reaches a single high-profile target or performs a specific function. The newest twist in “hyper targeting” is malware that is meant to disrupt industrial systems—such as the Stuxnet network worm, which exploits zero-day vulnerabilities in Microsoft Windows to infect and attempt to tamper with very specific industrial systems, such as supervisory control and data acquisition (SCADA) systems.
While components of Stuxnet date back to 2009, the worm in its complete form was initially detected in June 2010. The first known copy of the worm was discovered in a plant in Germany. A subsequent variant led to a widespread global outbreak.
The appearance of Stuxnet is sobering for several reasons, not the least of which is the worm’s potential to severely disrupt critical infrastructure. Stuxnet seems to have been designed to deflect remediation and response actions from security professionals. Operators believed that a default Siemens password (which had been made public on the web some years earlier) could not be corrected by vendors without causing significant difficulty for customers. The SCADA system operators may have been laboring under a false sense of security that since their systems were not connected to the Internet, they would not be prone to infection.
Stuxnet’s built-in features exploit both technical and operational trusted relationships—for instance, the malware used stolen security certificates, fooling other systems into believing it was a legitimate piece of programming. Stuxnet has already been studied extensively, and much has been revealed about its inner workings—providing a blueprint of sorts for future such campaigns, and educating criminals on how exactly to create these exploits themselves.
“Stuxnet showcases the determination, resources, and dangerous intent of today’s cybercriminals,” reports Mary Landesman, senior security researcher at Cisco. “Stuxnet raises the already alarmingly high bar of data and intellectual property theft to an entirely new level— sabotage of our critical infrastructure.”
Showcase: Operation “AntiSec”, a perfect example for Cyber Hacktivism
Cyber-activism, cyber-war, cyber-crime… These words are on everyone’s lips these days. Normally it is quite easy to classify attacks and security incidents according to their goal: It is quite clear that to sabotage a nuclear facility in Iran is an act of cyber-war, or to steal personal data from a company is a cyber-crime. Also, cyber-activism as such is not something bad, despite the bad name given to it by the illegal or unethical activities committed in its name. However, this quarter we have seen how the dividing line between hacktivism and criminality is getting more and more blurry, with the consequences this might have. It seems that the only way the Anonymous group has to protest is by committing illegal acts. However, if the members of the group were smart enough, they would realize that their constant breaking of the law undermines the legitimacy of their protests. Over the last few months they have launched attacks on Sony and the websites of the U.S. Chamber of Commerce, Spain’s national police force, several governmental institutions, etc. Moreover, they claim that their activities are ’peaceful protests’, despite their actions are purposefully enacted to cause economic loss and completely illegal. They say they represent everyone’s ‘best interest’ but are not brave enough to appear publicly, hiding instead behind their pseudonyms. Well, if you hadn’t already had enough of Anonymous, a new hacker collective called LulzSec has emerged, whose claimed main motivation is simply ‘to have fun by causing mayhem. In my opinion, if you took the most irresponsible and brainless members of Anonymous and put them all together, they would be considered the most refined gentlemen compared to LulzSec. LulzSec specializes in stealing and posting information from companies with poor security (PBS, Fox, etc.) as well as carrying out denial of service attacks (against the CIA website, for example). And if all this was not enough, they have also released a full list of user data they had previously stolen such as email addresses, passwords, etc. which has led to account hijacking and other forms of identity theft. At the end of June, LulzSec teamed up with Anonymous for “Operation: Anti-Security”, encouraging supporters to hack into, steal and publish classified government information from any source.
However, Lulzsec’s lack of coherence is exemplified by the following story: Back in June, hackers stole the personal data of some 1.29 million customers of the Japanese game maker Sega. LulzSec was initially linked to the attack, but soon afterwards they released a statement claiming they had nothing to do with it and offering to help Sega find the actual culprit. It seems pretty clear that LulzSec thinks it is perfectly OK to commit a crime as long as they are the perpetrators, otherwise it is clearly wrong and the “competitor” must be destroyed.
LulzSec continued its hacking escapades, which reached their climax with “Operation Chinga la Migra” in which they stole and released a torrent of information belonging to Arizona law enforcement. The information included hundreds of classified documents and all kinds of personal data about hundreds of Arizona border patrol officials. Meanwhile, a growing assemblage of rival hackers had been working to unmask LulzSec members. It is believed that the information gathered by these groups helped in the arrest of Ryan Cleary, 19, in Britain. Cleary ran one of the IRC servers used by LulzSec. On June 26, LulzSec released a statement on Twitter announcing the end of their activities. Nevertheless, they urged hackers to carry on with operation Anti-Security (#Antisec) and join the Anonymous IRC channel.
Conclusion
The aim of any country is to attract attention to the services/goods it produces and to ensure sustainability by maintenance of efficient working systems. Information and communication technology (ICT) is a crucial component of any country’s growth. It plays a key role in the management of state and private venture operations by ensuring that all members involved are within contact distance from each other as well as assist in proper organization of company records. The world is indeed becoming a global village with business exchange and educational activities being carried out through the internet and via satellite systems. In this way, information systems help provide the link between business and technology because the more efficient an organization’s operations are, the more its economic benefits. However, and has been illustrated in this report, cyber security has been an issue of concern primarily because everyday there are individuals whose main aim is to infringe on the integrity of networks and databases. It is recommended that more concerted effort be effected in developing a coordinated and collaborative approach for cyber security research. All government agencies need to develop innovative approaches for handling cyber security. In addition, legislative and policy frameworks need to be assessed and analyzed with the consideration of reviewing them to include measures against new forms of cybercrime. Finally, more training needs to be conducted in order to increase capacity for handling cyber-security related criminal activities.
Various countries depending on their sizes adopt suitable information systems that help make sensible managerial frameworks. These information systems are vital in ensuring efficiency within the various organizations in respective through proper storage and access of data. As a result, gains are made both in terms of country reputation as well as financial benefits. However, with rapid changes taking place in the telecommunication sector, there are bound to be even more changes in the way criminal activities happen. It is therefore mandatory that governments develop adequate legislation to help protect their citizens from cybercrime in the case of the widening cyberspace. The research was based on secondary data collection. Data was еxtractеd from various online publications. The criteria for literature selection were the rеlеvancе to the research topic and the currency guided by the year of publication. Both public and private libraries as well as online libraries were visited to access the data.
Empirical data was collected from recent studies and numbers and figures used to show the impact of cybercrime legislation in the particular regions of study and how they could effectively be used to help make internet networks secure. Like with any other professional field of study, Information Technology research has to be conducted in such a way that the offer credibility to the practitioner. In such a scientific field, the strength of any report lies in the figures provided to support theoretical data and particularly the numbers obtained from real life scenarios to support collected evidence.
References List
Chan Jay et. al. Cisco 1Q11Global Threat Report Featuring Data from Cisco Security Intelligence Operations. (1005R) C02-640572-00 1/11.
Cybercrime is becoming more common every year, posing a threat to public safety. The article Target to Pay $18.5M for 2013 Data Breach that Affected 41 Million Consumers is about the biggest customers’ data captured by intruders in the US (McCoy, 2017). A cybercrime that occurred in 2013 involved a hacker attack on the computer gateway of a retail giant, which led to the leakage of customer data (McCoy, 2017). The incident showed how important it is to maintain cybersecurity.
Impact on Business and Individuals
Target has lost huge budget funds and customer confidence; cybercrime can significantly undermine the reputation of any organization. The global cost of cybercrime is estimated at 6 million US dollars, while in 2015, the amount was half as much (Khiralla, 2020). Cybercrime poses a significant threat to entrepreneurs in a rapidly evolving technological society. Cybercrime deprives people of a sense of security and increases anxiety (Furnell, 2020). However, users have become more attentive due to the increased incidence of cyber-attacks. Many people use two-factor identification on their accounts and do not disclose personal information on the Internet. However, online scammers use new methods of crime, so people experience the negative effect of not being able to protect themselves fully.
Personal Experience
Unfortunately, my friend had to deal with cybercrime; it was hacking a page on a social network. Hackers took possession of personal information: photographs and history of correspondence and blackmailed, demanding money for non-dissemination of this data. My friend did not agree to their terms and went to the police. Internet blackmail is a terrible phenomenon of our time, greatly spoiling the lives of victims. The only correct course of action would be to contact law enforcement and refuse to cooperate with the blackmailers. Because of the cybercrimes described, I changed my behavior: now I am careful on the Internet, do not enter my data on suspicious sites and put additional protection on my accounts.
Conclusion
Cybercrime is one of the significant dangers in today’s society. The fraudsters’ actions negatively affect businesses and people, forcing them to bear losses and depriving them of a sense of security. To fight cybercrime, people must consider their safety and take measures to protect themselves. Two-factor account protection, avoiding clicking on suspicious links, and a reasonable amount of secrecy on the Internet can protect against scammers.
References
Furnell, S. (2020). Technology Use, Abuse, and Public Perceptions of Cybercrime. In The Palgrave Handbook of International Cybercrime and Cyberdeviance (pp. 45-66). Palgrave Macmillan, Cham.
Digital banking has enabled unrestricted and secure access to accounts anytime, anywhere for customers on their computers, tablets, and smartphones. Customers can now make simple and secure transactions, including checking account balances or getting statements online from the convenience of their gadgets. However, the rise of online banking has brought unintended consequences such as identity theft, credit card fraud, spamming, phishing, and other related cybercrimes. The paper evaluates a con article on ‘The impact of cybercrime on e-banking’ [1]. It analyzes and discusses cyber threats’ impact on online banking and the need to improve security measures.
Review
The study by [1] seeks to propose a research model that evaluates cybercrime in e-banking to inform future imperial research on the context. It mainly focuses on business-to-consumer (B2C) e-commerce, with particular attention to electronic banking. Electronic banking or e-backing is the use of the internet as a remote delivery channel for banking services via the internet. E-banking is the main mode of transactions for most online business transactions, such as online flight booking, e-commerce purchases, and banking. Nevertheless, users do not fully trust online banking for fear of losing personal information or becoming victims of cybercriminals. According to the study, people aged 60 years and above suffer the most losses, with 55,043 reported cases, losing a total of $339,474,918 [1]. Generally, people have little confidence in the technology despite the security improvements of digital banking and trust services. Other research has also evaluated the awareness and habits of digital banking users and established they lack knowledge of the possible attacks on these digital platforms [2]. Therefore, losses attributed to cybercrime in e-banking are expected to rise as more people gain access to computers and the internet.
Based on [1] literature review, common cybercrime risks and threats include work-at-home frauds, web cloning or online lottery, loan scams, hacking, identity theft, phishing, and retail-based fraud schemes. However, the study focuses on phishing, identity theft, and hacking because they mainly affect financial institutions like insurance companies, banks, and credit unions. Therefore, the author modeled his research technology acceptance model to combat identity theft, hacking, and phishing. The resulting research model comprises three independent variables (identity theft, hacking, and phishing) and one dependent variable (e-banking), as shown in figure 1.
The study aims to conduct quantitative research requiring a survey to test three hypotheses. The hypothesis includes:
H1: Phishing will have a negative impact on the adoption of electronic banking.
H2: Identity theft will have a negative impact on the adoption of electronic banking.
H3: Hacking will have a negative impact on the adoption of electronic banking.
The study is yet to validate the hypotheses. In the end, the author shall publish the findings on which cybercrime has the greatest impact on e-banking.
Critique of the Paper
Based on the topic and analysis of the content, one would expect the author to develop a model that would be used to test the hypothesis. It is possible to conclude the author is trying to draw attention to elements of modern threats to e-banking rather than proposing a model. Furthermore, the author needed to provide an abstract description of the research model, including how it will use the variables to produce outcomes. For instance, it would help if the author provided details on how the model in figure 1 works.
Reflection
The paper gives a big picture of e-banking security threats and presents a complete view of the security landscape. More broadly, it draws readers’ attention to the fact that e-banking should be an end-to-end solution. By investigating cybercrime in e-banking from a user perspective through a survey, the author’s effort has resulted in the need to address issues associated with contemporary digital and mobile banking. For instance, the elderly are at risk of cybercrime involving identity theft, hacking, or phishing due to limited knowledge [2]. Besides, there is a need to define a new set of evaluation criteria for the complete assessment of e-banking security. Banks, e-commerce, and other businesses that accept online transactions also need to embark on extensive campaigns to sensitize their customers and raise general awareness on security issues on e-banking platforms.
Conclusion
E-banking has become an essential part of the banking system and a popular mode of transaction for most people. However, customers must keep vigilant to protect their accounts from cybercriminals. The study users three independent variables (identity theft, hacking, and phishing) and one independent variable (e-banking) to develop a research model for future researchers. However, the study had shortcomings, such as insufficient details on the model and the unclear goal of the research. Nonetheless, the study raises critical concerns about the need to reevaluate the security of e-banking from the users’ perspective. The statistics suggesting the elderly have become the main victims of cyber criminals on e-banking platforms indicate the need to raise awareness for the users. Besides, the paper provides a basis for future research on the issues with contemporary digital and mobile banking.
References
D. Chevers, “The impact of cybercrime on e-banking: A proposed,” in International Conference on Information Resources Management (CONF-IRM), 2019.
W. Wodo, D. Stygar and P. Błaskiewicz, “Security Issues of Electronic and Mobile Banking,” in Proceedings of the 18th International Conference on Security and Cryptography (SECRYPT 2021), 2021. 10.5220/0010466606310638.
Footnotes
D. Chevers, “The impact of cybercrime on e-banking: A proposed,” in International Conference on Information Resources Management (CONF-IRM), 2019.
W. Wodo, D. Stygar and P. Błaskiewicz, “Security Issues of Electronic and Mobile Banking,” in Proceedings of the 18th International Conference on Security and Cryptography (SECRYPT 2021), 2021. 10.5220/0010466606310638.
With the advancing technology and increased internet connectivity, many people around the world are using online sites for various activities. Organizations as well as individuals have found it safe to store their most valued information on the internet. This has increased accessibility of information while enhancing the flow of information.
Unfortunately, the same technological advancements have been used by people with ulterior motives to take advantage of private information, or even disrupt normal operations of an organization. Consequently, there is need to enforce policies that will help in protecting organizational information and systems from criminals.
The Cyber Intelligence Sharing and Protection Act (CISPA)
This is one of the policies that has been proposed to curb cyber crimes and is being debated in the congress. The Act proposes the sharing of information between the U.S. government and other security agencies including technology and manufacturing companies.
The main aim is to establish communication channels between private firms and government intelligence bodies to enhance sharing of potential and emerging cyber security threats (Rachael, 2013).This is meant to enable the government to investigate cyber threats thus enhance systems security.
Advantages
CISPA is expected to increase detection of cyber security threats and thus help in reduction of cyber crimes. On the same note, CISPA includes in its definition intellectual property which is the most risky material. Moreover, the systems of United States which are vital for every day live needs protection from hackers and this Act serves just that purpose (Foss, 2012). The Act also seeks to enhance confidence of people and organizations on the internet and various systems in general.
Disadvantages
Nevertheless, the Act has been opposed by majority of people both from the government and from the private sector. Firstly, some people are very concerned with the inclusion of intellectual property as one of the reasons for sharing information. It has been argued that the
Act is so vague on this matter which might lead to infringement of the right to privacy. On top, security agencies can use this leeway to screen people’s communication in the pretext of searching for potential cyber threats. Similarly, critics have argued that the Act gives security personnel excuses to interfere and even messing up with people’s information because no legal action can be taken against them (Foss, 2012).
Other related Acts
It is not only the CISPA Act that has been proposed to counter cyber threats. There was the Stop Online Piracy Act which was defeated because it included intellectual property theft. On the same note, U.S. representative Dan Lungren proposed the Precise Act which after dropping grave provisions will be debated together with the CISPA.
Additionally, there is the Federal Information Security Amendment Act of 2012. Contrary to the CISPA, many of these other Acts have not included intellectual property in any of their clauses. However, they are all aiming at the same goal of eliminating chances of cyber crime taking place (Rachael, 2013).
Conclusion
Cyber security is a necessity given the increasing number of cyber crimes that are being recorded. In this regard, any step that will help in identifying possible security threats should be highly encouraged. However, care should be taken so as not to interfere with people’s right to privacy. Furthermore, drafting of the Bills should avoid vague language that will leave loopholes for people to misapply the law.
The introduction of the information and communication technologies nowadays offers a great range of advantages for the society, especially for the financial sector. Unlimited access to the information and communication technologies (ICT) supports freedom of speech as well as it promotes online banking and the usage of various mobile data services that ease the lives of many. However, such a growth of information technologies does not exist without any possible risks. Due to the fact that the majority of essential services like water supply and electricity depend on a smooth functioning of the ICT, there has been many attempts on hindering their performance and therefore cause harm to the society.
It is a commonly known fact that the attacks against the Internet infrastructure and services take place on a regular basis. Hacking and online fraud are the primary examples of attacks on the ICT. Furthermore, the financial damage caused by such attacks is reported to be quite substantial. The estimated annual cost of the global attacks is approximately one hundred billion dollars (Go-Gulf par. 1).
What is Cybercrime?
Cybercrime can be defined as a range of crimes committed through the use of the Internet and computers as tools or victims. Cybercrime can range from spamming to fraud and include criminal trespass to the global security systems or theft of corporate and governmental secrets. Anything from downloading illegal music and video files to stealing money from online bank accounts is classified as cybercrime. However, cybercrime is not limited to monetary offenses, creating viruses and posting confidential information online is also considered cybercrime.
The majority of cybercrimes cannot be differentiated into one specific category of crime, which contributes to the limited capacity of cybercrime records. The Internet Crime Complaint Center is a primary body responsible for compiling and releasing the statistical reports on cybercrime. By using statistics, the analysts are able to prepare information on the trends and rates of cybercrime (National Crime Prevention Council 1).
The issues of cybercrime and cybersecurity cannot be separated from the general concerns of the global community. This is supported by the fact that the United Nations General Assembly resolution related to cybersecurity points at cybercrime as one of the major challenges for the global security systems that exist within the international dimension. For example, before reaching a recipient, an e-mail containing illegal information can pass through a series of countries. Therefore, when investigating such instances of cybercrime, international cooperation between countries is of the highest importance. In addition, many cybercrimes occur due to the fact that modern technologies are the same everywhere. Therefore, standardization allows for the same protocols being used across the world (ITU 2).
What is the Impact of Cybercrime?
Background
As shown by the recent events, cybercrime in the financial sphere is a pervasive issue; and one from which the assets of the GCC countries are not protected to a complete extent. It has been estimated that the cost of the global cybercrime is greater than the GDP of eighty percent of countries throughout the world. In addition, the number and nature of criminals conducting cyber offenses is constantly increasing to include not only individuals but criminal syndicates, the organization of terrorists, and even countries. The inexpensive tools for conducting cybercrime are nowadays widely available; therefore, the threat actors rarely have to resort to any unknown methods to conduct cybercrime. Keeping the issue of cybercrime under control is becoming more difficult as the technological advances develop. Nowadays criminals are able to use many sophisticated methods for committing fraud or stealing funds or personal information. In addition, some criminals prefer to collaborate and work in cooperation in order to commit fraud on a larger scale. Given all these facts, the efforts towards preventing cyber crime a predominantly technological, which means that their effect only lasts until a solution to deal with the technological prevention methods is developed. Therefore, the advances in the technological sphere are challenged by the rapid pace with which cyber criminals are able to develop their new methods of fraud.
Emerging Threat in the GCC Region
The most important findings gathered from the PWC survey suggest that cybercrime is now ranked second in the list of all reported economic crimes in the Middle East. While the global statistics indicate that 24% of companies that went through economic crime reported cybercrime, the GCC region reports 37% (PWC 15). The most common types of cybercrime affected the spheres of computer networking, applications, and systems. However, data stored by third parties as well as mobile devices can also become targets to cybercrime.
The recently occurred cases suggest that any company can be affected by cybercrime. Two of the largest gas and oil companies in the Middle Eastern region reported an attack on their networking system, causing thousands of separate computers disruption in their operation. Between 2012 and 2013 the financial sector across the region also reported instances of cybercrime in Oman and United Arab Emirates (PWC 15).
The motivation for cyber-attacks in the region can include financial, political, personal, and ideological. For example, in 2014 the oil companies in UAE, Saudi Arabia, and Qatar received anonymous threats of cyber-attacks from the politically motivated group of hackers (Nagraj par. 1). The threat was made due to the hackers being unsatisfied with the US being used as the currency for selling and buying oil in the region. Therefore, companies are not the only targets that could have been affected by the attacks, governments were at high risk, too. However, such threats are rarely substantiated by the actual attacks.
One of the primary characteristics of cybercrime as an evolving threat is the pace with which a crime can be performed, causing the crime victims a substantial loss of financial assets or data before they find out that an attack has been performed. Therefore, the effectiveness of many responses to cyber-attacks is completely diminished. In many cases the system a company relies on when working can often become the main tool use against it by a cybercriminal who can then change or hid his or her identity.
Therefore, the fundamental challenge for the Gulf region and its businesses is understanding the risks of cyber-attacks and keeping up with their pace. Very often computer networks used by the companies are not complicated enough to account for the risks associated with the disruptions caused by much more sophisticated tools cybercriminals use. It is important to mention that some local governments have already taken some action to manage and prevent cybercrime, with the 2012 UAE’s Cyber Crimes Law and the 2012 Saudi Arabia’s Arab Cybercrime Agreement leading the action.
What are the Cybercrime Costs?
Due to a variety of factors, measuring the actual cost of cybercrime is difficult. These factors include the cybercrime effect on the safety systems the damage caused to the reputation of a company, interference with the business operations, and loss of opportunities. According to the recent survey conducted by PWC, when asked to estimate the costs of cybercrime effects on the business in the past two years, 35% of respondents could not give a specific answer while 40% believed that their business did not suffer from cybercrime (16).
The received results indicate the significant scale of the issue. In the majority of instances, the companies that never reported their financial loss due to cybercrime are usually unaware that they have been victims of such fraud or have probably incorrectly quantified the cost of the cyber-attacks. Such statistics are not unusual since the mentioned findings on the cybercrime in the GCC region coincide with the global reports that also mentioned forty percent of companies not reporting any financial loss caused by cybercrime (PWC 17).
The Middle Eastern survey also included respondents who did report their financial loss from cybercrime; however, the numbers are quite low. Six percent of respondents claimed that their loss had been approximately 1 million dollars while two percent reported the loss between 5 and 100 million dollars. On the basis of the report, it can be concluded that the financial damage caused by cybercrime in the GCC region could be far more substantial that the majority of the companies report.
What Are the Examples of Cybercrime in the GCC?
UAE Example
The statistics of Dubai have indicated a significant increase of 88% in the overall number of cybercrimes in 2013 compared to 2012. In 2013 the Dubai Police investigated under one thousand five hundred cases of cybercrime, which is three times more than the number of crimes reported in 2011 (Hasbini par. 4).
Due to the significant increases in the Internet use (UAE penetration of 92%), the transfer of personal or corporate information has become the easiest it has ever been. In the country, the most used online services are e-shopping, e-banking, e-bills, and e-government transactions. All of the mentioned services have proven to be very convenient for the users; however, there is a significant threat of cybercrime.
According to Altaher’s article in Gulf News, the United Arab Emirates is nowadays the target of approximately 5% of the worldwide attacks (par. 1). Moreover, the rate of such attacks has increased by five hundred percent since 2011. The expert opinion expressed by Rabih Dabbousi, the senior vice-president of Dark Matter, a cyber security company, suggested that “Cybercrime follows the money. The money of financial transactions in the UAE, the establishments of financial free zones and the overall appeal of investing in the country are only some reasons why banks and other financial institutions are constantly being attacked” (qtd. in Altaher par. 3). Furthermore, Dabbousi also explained that the oil and gas industry of the region is the second target for the cyber attacks.
One of the primary points that put the United Arab Emirates on the radar of the cyber criminals is the technological advances targeted at increasing the quality of the population’s life. The differentiation and innovation strategies contribute to the steady increases in the cyber attacks. Therefore, the country is becoming more and more visible from the economic and social competitive perspective, which attracts cyber criminals (Altaher par. 9).
Saudi Aramco Attacks
The 2012 cyber attacks on Saudi Aramco, the official Saudi Arabian Oil Company, had a tremendous impact on the way global companies now approach the issue of cybercrime. The computer network of the company was infected by the Shamoon virus that affected thirty thousand Windows-operating computers. The response from the company was not effective despite the vast resources available. It took Saudi Aramco under two weeks in order to restore the network and recover from the damage caused the company.
The main purpose of the Shamoon virus was the complete deletion of all data containing in the hard drivers of corporate computers. Despite the fact that the virus attack did not cause any oil spills or explosions, the attack did affect the operations of the company as well as the loss of some production data. The US Secretary of Defense Leon Panetta described the virus being very sophisticated since there is a very small number of countries or organizations capable of performing such an attack (Bronk and Tikk-Ringas par. 3). Because the virus rendered all computer useless as well as greatly undermined the operational capabilities of Saudi Aramco the financial impact of the attack is incomparable to that of the U.S. Government hacks of the fingerprint database. The Cutting Sword of Justice took responsibility for the attacks and referred to the “crimes and atrocities” Saudi Aramco committed as the main motivation. However, there were suspicions that the cyber attack was sponsored by the Iranian regime which had also been subjected to the same virus attacks prior to Saudi Aramco.
According to the response from the international community, the Saudi Aramco attacks were the “wake-up call” for the global businesses that do not treat the threats of cyber attacks seriously. If a similar attack were to be performed with other critical global infrastructures, the effect on the communication networks, financial markets, as well as health and safety services would have been tremendous (Info Security par. 6).
What are the GCC’s Cyber Security Laws?
The governments of the GCC region have recently adopted new laws that were drafted collectively. Despite the fact that the majority of the member states already have their own cybercrime laws, the Gulf is becoming much more integrated economically, politically, and culturally, therefore requiring a unified set of laws that can be applied throughout the region.
The newly adopted law is very similar to the one in Oman and to a large extent covers all technology-associated acts that fall under the category of cybercrimes. These acts include e-documents forging, stealing credit card information, creation and distribution of viruses, cyber terrorism, communications interception, hacking, accessing the e-system without authorization, as well as other acts that put the integrity of private and corporate information at risk (Aziz par. 5).
The cybercrime law was adopted in order to reach the following five objectives:
Provision of high-quality control and management of the data protection services;
Raising awareness of the cyber security importance;
Implementation of various methods of ensuring the cyber security in the region;
Creating a nationwide plan for facing the risks associated with cybercrime;
Making sure that the member states are committed to the task of eliminating the instances of cybercrime.
The United Arab Emirates is the GCC state that has the most comprehensive laws regarding cybercrime – the UAE-Law No. 5 of 1012 concerning Combating Information Technology Crimes, which replaced the previous Cyber Crimes Law adopted by the government in 2006. The 2012 UAE Cyber Crime Law has added a range of new crimes and included the offenses related to country’s obligations in the context of international treaties (Jairwdeh par. 8). In addition, the 2012 laws included a much higher penalty for the offenses compared to those outlined in the previous 2006 law.
The 2012 law was the first legislative document that included and codified a full range of offenses that can be implemented with the use of the Internet; furthermore, the sentences for individuals that were found guilty of cybercrime are also included. The new additions to the punishable under the law crimes include the promotion or distribution of pornographic material, indecent acts, and gambling on the Internet. Therefore, this law encompasses a range of possible violations that can be easily performed with the use of the Internet.
Qatar has also been working towards establishing cyber crime laws beneficial for outlining primary principles related to managing this type of crime. Issued in 2014, the Qatar’s Anti-Cybercrime Law aggressively targeted a large range of technology-related crimes by means of imposing significant penalties for those proven guilty. The types of cyber crimes included in the law range from the criminal acts committed in relation to software and data specifically to the usage of various methods and systems that facilitate the actions targeted to blackmail and defame other individuals.
One of the most significant aspects of Qatar’s Cybercrime law is its addressing the cross-border cybercrime. In order to prevent cybercrimes occurring across the border but may be linked to Qatar, the law provides specific rules related to extradition of suspected criminals that committed the unlawful acts classified as cybercrime.
The law distinguishes five separate types of cybercrime, which include the infringement of intellectual property rights, the electronic transaction with cards (forging cards, unlicensed production, unauthorized usage), fraud and forgery of electronic documents, content crimes (terrorism, false news, child pornography and social principles infringement), and hacking (Salt and Doha par. 3)
The expert opinion on the issue of cyber security is provided by Megha Kumar, the head of the software research and advisory practice at IDC in the Middle East, Turkey, and Africa. As the manager in research, Kumar has been the primary person responsible for delivering and controlling project across a variety of technological levels (storage, IT security, analytics, databases, etc.) at the same time with actively participating in the collaboration with vendors that wished to improve their competitive strategies on the market.
Challenge 1
Megha Kumar, the senior analyst at IDC MEA, stated that GCC countries require much more effective collaboration when it comes to the issue of cybercrime. As a specialist in the sphere of cyber security, Kumar underlined that with the growth of international companies in the region that collaborate with customers and partners around the globe, the need for high quality cyber security systems has skyrocketed significantly. Due to the quick pace of technological advances development, many companies have become targets of cybercriminals that want to achieve either a financial gain or disrupt the operation of the companies to damage their reputation. In addition, the increased concern about the issue of cybercrime is evidenced by the growth in spending on security software across all sectors.
The expert underlines that many of the advanced threats posed to the security systems of the region can remain unnoticed for a long period of time and thus cause major damage. This fact contributes to the overall complexity of the challenge. Furthermore, the developing countries are currently characterized by the second and third technology platforms merging to become one entity, which also poses a great threat to the security of the cyber space.
Cybercrime is largely influenced by the financial motivation; however, there is also an issue when hackers try to deface an information network by promoting an unfavorable political agenda which does not go along with the commonly practiced views and ideas. Therefore, the implications for cybercriminal activity are not purely financially-driven, any platform can become a subject of an attack targeted at damaging the reputation.
Challenge 2
Currently, the information technology security concerns are not limited to the GCC companies looking for various ways to secure their networks and operational data. According to Kumar, governments also show concerns when it comes to protecting valuable information. With the improvements of the cross-country levels of cooperation and networking, companies and governments become the main victims of cybercrimes, which have also been growing and expanding in terms of sophistication and the damage they can cause to the current economic environment. The cybercriminal activity such as identity thefts and virus distribution is increasingly becoming more motivated financially, as evidenced by the significant spread of online financial scamming and illegal transactions that take place online. Furthermore, the methods of cybercrime have expanded into a broad variety – criminals take advantage of the vulnerabilities that exist within the social networking and hosting sites in order to get confidential information about the users and then manipulate such information to gain the financial outcome.
Kumar underlined the fact that GCC countries had experienced cyber-attacks of this kind. Bank ATM’s hackings, the Ghostnet attacks on the Kuwait and Bahrain in 2009, the defacement of publication websites, attacks on the oil companies’ networks are just some of the examples.
In order to protect clients from identity theft and credit card forging, the GCC banking services are significantly investing into security and authentication solutions. The providers of telecommunication services are also investing in establishing new security solutions for protecting their customers from fraudulent acts. Nevertheless, the organizations within the operating industries should not be the only actors responsible for establishing cyber security governments are the primary bodies that should lead the process of securing the cyberspace from criminal activities.
The cyberspace in the GCC region is under the monitor and filter from any content that does not match the social or political ideas adherent to the region. In a similar way, governments should look into securing the Internet space against cybercriminal activity. It is highly important since attacks that occur on a larger scale can damage the communication networks in the region and sometimes even lead to physical and financial losses to private users or corporate bodies. While the UAE, Qatar, and Saudi Arabia have been proactive with their approach towards cybercrime, other GCC countries are still challenged with adequately addressing the issue on the legislative basis. The establishment of such agencies as CERT (computer emergency response teams), unique task forces that specifically deal with cybercrime, and campaigns for raising the awareness of the cyber security importance are some of the examples of how GCC countries can start addressing the problem of cybercrime, eliminating it in the future. Therefore, the GCC governments are advised to further collaborate to tackle the threat and damage cybercrime can cause since such damage should not be viewed as something limited by borders.
Challenge 3
Megha Kumar also discussed another major challenge for the GCC information technology sector – the issue of software piracy. According to the 2011 “BSA Global Software Piracy Map”, the rate of software privacy in the GCC is:
51% in Saudi Arabia with the commercial value of $449 million;
61% in Oman with the commercial value of $36 million;
37% in the United Arab Emirates with the commercial value of $208 million;
50% in Qatar with the commercial value of $62 million.
Therefore, the region is highly exposed to software piracy which has its own specific impact on the cyber security. Despite to the fact that pirated software is much more vulnerable to viruses, companies, and private individuals often use it due to the fact that it is much cheaper. Nevertheless, the software that has been manipulated by a third party can offer an unauthorized entry for various bots, viruses, and hackers, which can easily disrupt the performance of the system. Furthermore, pirated software is not limited to operating systems, games, and other applications it can also include the security software intended to fight against cyber-attacks. Because many users do not wish to pay for security system upgrades and full versions of the software and opt for a cheaper pirate alternative, they make their computers vulnerable to many kinds of dangerous attacks that undermine the integrity of private or corporate data.
GCC governments are currently trying to address the issue of pirated software due to the significant pressure that comes from software developers that work in the region. While some primary steps have been taken by the GCC governments, there is very much to be done in the future in order to take the issue of software pirating under control (Kumar par. 5).
Challenge 4
The fourth challenge in establishing cyber security in the region relates to a gap that exists between businesses and the information technologies the businesses employ. According to Megha Kumar, the opinions of the decisions makers in the IT departments so not coincide with the IT’s understanding of how information security should be managed. In the majority of cases, Chief Information Officers see the lack of skills as the main disadvantage of the IT department while the information technology managers feel that there is very little support from the higher authorities in terms of implementing new solutions for information security. Therefore, there is a major lack of cohesive strategies for cyber security that are acceptable for everyone. In order to implement a much more extensive range of information security strategies, the existing gap should be eliminated (Gulf News Technology par. 3).
The GCC organizations are currently working towards employing much more sophisticated solutions for information technology security in order to manage the issues of hacking, traffic network, as well as little user awareness. Apart from that, many organizations are trying to add information security training into their corporate agenda thus raising awareness of cyber security initiatives that address the challenge of security attacks.
The survey that included Chief Information Officers has shown that fifty-seven percent of the participants admitted that sustaining cyber security at the same time with coming up with innovative solutions was the biggest priority they had to deal with in the year of 2014 (Gulf News Technology par. 6). Furthermore, half of the respondents stated that ensuring smooth information security in their department was the second major challenge to be addressed. Thus, it is evident that many organizations in the GCC region are majorly concerned about how performance can be sustained alongside with their business availability. Additionally, many admitted that the rate of IT solutions investments evolves at a much lower speed in comparison with the speed of the security landscape.
Chief Information Officers also mentioned additional challenges that exist within their area of expertise. Namely, the improvements in IT assets utilization, connectivity management, and systems availability are just some of the additional aspects of concern. Contrary to the opinions expressed by the Chief Information Officers, IT managers mentioned that the sophistication of the cyber-attacks has increased exponentially while the support from the executive management decreased. Another enterprise security challenge related to no cohesive security strategies, which has been agreed upon collectively by the executives and the IT managers.
The results of the survey indicated that the GCC companies are majorly investing into various initiatives for information security since the challenges they face are exponential. In relation to this, in 2014 companies predominantly invested into firewall systems, detection of intrusion, as well as attack and data loss prevention systems. Kumar also mentioned that there is an increased focus on deploying firewalls of the next generation, which are able to offer a much detailed look at how the enterprise information can be better protected (Gulf News Technology par. 10).
Challenge 5
The last challenge related to establishing cyber security in the GCC region is associated with the economic crisis. There is an unfortunate trend, which suggests that software piracy and cybercrime will be greatly deprioritized when the governments deal with the impact of the economic crisis, especially the financial and political challenges. Nevertheless, it is highly important that the governments address the problem with a higher intensity at such times since the sphere of information technology will be much more susceptible to possible fraudulent acts. The implementation of greater efforts for enterprises and consumer education on the importance of cyber security policies will not only benefit in creating a much more effective environment for business but also ensure that individuals and corporations are protected against cyber-attacks at the time when the government is dealing with other challenges.
In particular, countries like Qatar, the United Arab Emirates, and Saudi Arabia has always positioned themselves as the safest and attractive platforms to do business. Therefore, for them to increase their attractiveness for any type of business (local or international), it is crucial for them to improve the regulation of cyber security policies and implementation of laws targeted at protecting the private and corporate assets from the instances of the cyber-criminal activity.
On the other hand, the current situation in Qatar regarding the issue of information technology security is extremely volatile. The volatility is experienced not only in terms of malware but also in the aspect of hacking instances, cyber warfare, and persistent threats that has become much more complex and advanced than it used to be. Furthermore, the advances in big data, cloud computing, and mobile media also greatly contribute to the volatility of cyber-security when it comes to its management, implementation, and development. According to Kumar, Qatar’s businesses should perform an evaluation of the investments that go towards the information technology security sector at the same time with rationalizing the costs, protecting the existing assets as well as coming up with innovative security solutions. Thus, the businesses should address the sustainability of their security systems while making sure that such systems are the main enablers and supporters of their operation.
For countries like Oman, the main challenge in managing the issue of cybercrime relates to the budget constraints. Due to the fact that many companies are trying to get as many resources as they can through downsizing their headcount, the issue of enterprise software security is becoming an even larger challenge that it has already been. In the course of downsizing the employee count in a company, there is a potential risk of some dissatisfied workers taking important information with them to use against the company in the future. Thus, the challenge of cyber security remains under-addressed and overlooked at many levels of business life.
Megha Kumar concluded with the statement that “as the GCC region recovers, the governments will need to ensure not just political and economic stability but also digital stability to sustain growth levels” (par. 7).
Summary and Analysis
According to the findings from the conducted research, the GCC region is currently highly vulnerable to a variety of cybercrime that is being imposed upon different business spheres. The evolving coverage of the Internet, the widespread availability of technology, and the lack of commitment to the problem of cybercrime are the main issues that challenge the business and the governmental areas of GCC.
The cyberattack performed against the corporate software of Saudi Aramco can be classified as the ‘wake-up call’ for the GCC to start taking the issue of cybercrime seriously. In order to keep control over cyber security as well as manage the financial or reputational damage a company has experienced, the GCC countries are working cooperatively to establish a set legislative framework that includes the types of crimes classified as cybercrime and the punishment the perpetrators will receive if proven guilty. In addition, such a framework implies mutual cooperation between member states in terms of extradition of cyber criminals.
It has been concluded that the calculation of costs that appear as a result of cybercrime is a complicated process. The factors like the cybercrime’s effect on the safety systems, the damage caused to the reputation of a company, interference with the business operations, and loss of opportunities are very hard to estimate. Additionally, many businesses do not know the financial impact cybercrime caused to their companies. According to the survey conducted by PWC, when asked to estimate the costs of cybercrime effects on the business in the past two years, 35% of respondents could not give a specific answer while 40% believed that their business did not suffer from cybercrime.
Therefore, the lack of awareness about the issue of cybercrime contributes to the challenges the GCC region faces. In addition to the fact that not many businesses are able to estimate the costs of cyber-attacks on them, the research reported that there is a lack of cooperation between the IT managers in companies and the Chief Information Officers due to the different views on how the issue of cybersecurity should be addressed.
Due to the fact that currently cybercrime is ranked second in the list of the most concerning threats, the future direction of the government as well as corporations should move towards mutual cooperation in terms of establishing cyber security and eliminating possible damages it causes to the overall financial industry. To deal with the issue effectively, there should be a comprehensive evaluation of the previously-implemented methods of cybersecurity, as well as employment of skilled professional in the sphere of IT who can bring innovative solutions to the table.
Similar to the way GCC countries should work cooperatively towards establishing cybersecurity on each level, there is a positive prospect for working with other international organizations and governments that have much more experience in protecting businesses and customers from the possible cyber attacks.
Because the economic and financial sphere of the GCC region is evolving to meet the expectations of the global and local communities, the changes in the area of cyber-security should go hand-in-hand with the changing environment. The financial sector at large suffers from the cybercrime because of the incompatibility of the available crime tools and the systems they attack. Therefore, the massive emphasis should be put on creating innovative cyber-security measures that will not be as vulnerable to many types of cybercrime.