Introduction
According to a research report titled “2013 Cost of Cyber Crime Study: United States” by Ponemon Institute (2013), global organizations spend $ 11.6 million annually due to cybercrime incidents with the higher range even surpassing $ 58 million for a given institution. The report further indicated an increase of 26% in the cost of cybercrime between the years 2012 and 2013. However, one should first ask what cybercrime is? National legislations, which have attempted to define cybercrime, avoid the term “cybercrime” but rather refer to these acts as computer crimes, information technology crimes, and electronic communication crimes. Thus, the Commonwealth of Independent States Agreement terms cybercrime as an “offense relating to computer information” and defined it as a “criminal act of which the target is computer information.” The rise of cybercrime cases is majorly attributed to an increased level of global connectivity. This has been necessitated by the advancement of internet technology globally. Cybercrimes target government institutions, private companies and individuals who are able to access internet services. The advancement in technology and particularly the general shift in emphasis from goods production to information technology globally underlines the importance of safeguarding digital information from cyber attacks. This essay aims at discussing the issues relating to cybercrimes in both developed and developing countries. The essay will be focused on discussing problems associated with cyber, categories of cybercrimes, effects of cybercrimes, prevention of cyber attacks, and finally outline selected recommendations to mitigate the effects of cybercrime.
Cyber Crime
A research report by Ponemon Institute (2013) indicated that cyberattack occurrences have become common incidences in both developing and developed countries. This can be attributed to increased internet access through mobile phones and other internet-enabled devices such as laptops and desktops. The study by Ponemon Institute, which was based on a study of selective organizations in the United States, reported 122 incidences of successful attacks per week and a further two successful attacks company per week. Organizations risk making losses and facing lawsuits due to losses of clients’ confidential information due to rampant cases of cyber attacks. Generally, cyber crimes experienced by organizations are in the form of attacks aimed at denial of services to a company’s clients, malicious codes aimed at corrupting operating systems, and web-based attacks targeting those services embedded to the internet. Statistics indicate that majority of private organizations experience information theft due to cyber attacks. In addition, studies by the Ponemon Institute indicated that cyber attacks are the leading cause of increased external costs, which stood at 43% of the total external costs. This was followed by costs, which were incurred due to unprecedented business disruption and consequently reduction in the level of production. This cost amounted to 36% of the total external costs. Studies by the New Hampshire Department of Information Technology (2012) noted that in the end, affected institutions incur increased expenses that result from the following processes, detection, and recovery from cyber attacks, handling of cyber-attacks through investigations and operations management, and implementation of containment measures to prevent future attacks.
A victimization survey conducted by United Nations Office on Drugs and Crime (2013) further indicated astonishing findings that showed that individual victimization by cyberattacks was higher than the conventional forms of crimes such as burglary and car theft. The study indicated that victimization rates for cyber-attacks including identity theft, cyberbullying, and unauthorized access to online accounts varied between 1-17 % of the online population for 21 states under study whereas the victimization rate due to conventional crimes was below 5% for the same countries.
Categories of Cyber Crimes
Cybercrimes do not constitute a single distinctive act of cyber attack per se; rather cyber-attack categories may be based on the object being victimized or on whether the information system forms a congruent part of the attack. However, the classification of cyber-attacks lacks a definite boundary between existing classes of offenses, and hence there exists an overlap of these acts. Based on the study by United Nations Office on Drugs and Crime (2013), there exist three major categories of cyberattacks, which may be extended to include distinctive crimes. The three classes of cybercrimes are as follows; the first-class being acts against the confidentiality, integrity, and availability of computer data or systems, second-class involves computer related acts for personal or financial gain or harm, and finally computer content related acts. Under the category of acts against the confidentiality integrity and availability of computer data, we have cyber attacks, which include illegal access to computer systems, illegal acquisition of computer data, breach of privacy, and interference with a computer system. Under the category of computer-related acts for personal or monetary gain or harm, we can classify the following crimes; computer forgery, identity offenses, copyright and trademark offenses, sending spam emails, and computer-related solicitation. Finally, the content-related category pertains to a crime involving messages or data being transmitted. This class constitutes the following offenses, hate speech propagation, production, distribution, and possession of child pornography. In addition, the following may be considered as the types of cyber-attacks which are most likely to target and damage private and public institutions, these are viruses, malware, botnets, web-based attacks, malicious codes, and malicious insiders. The nature and definitions of these cybercrimes vary in accordance with the national legislation of each country. It is thus envisioned that willing nations should embark on a global project to standardize this crime in light of the emerging trends of universal prevalence of the internet and information systems cyber warfare.
Effects of Cyber Crimes
Crime Costs
Referring to studies by Ponemon Institute (2013) indicated that cyberattacks drastically increased the external costs of the benchmarked organizations under study. Instances of cyber-attacks lead to disruption of operations in a given organization. Consequently, such attacks resulted in a reduction of the production rate or disruption of the entire production process. However, the same report indicated that the crime cost varied with the size of the organization. It emerged that small and medium-sized organizations incurred higher per capita costs compared to larger organizations. In addition, financial-based organizations, energy, and utility-based organizations were most likely to experience higher crime costs compared to organizations specializing in hospitality and consumer goods. This could be attributed to the expansive information infrastructure characterized in financial and utility-based organizations.
Cyber Terrorism
Cyber terrorism is a direct consequence of cyberattacks. The global coverage of internet services has led to the creation of cyber warfare. United Nations Office on Drugs and Crime (2013) defined cyber terrorism as the use of computer network tools to shut down critical national infrastructures that include transportation and energy systems, or to coerce or intimidate a government or civilian population. Terrorists are currently soliciting funds and propagating Jihad campaigns through illicit websites. Major acts of cyber terrorism are facilitated by cybercrimes such as hacking and breach of privacy. Wiki leaks practices characterize a perfect example of cyber terrorism. Wikileaks is a non-profit organization that publishes illegally obtained information concerning government, organizations, and individuals on public platforms. In April 2013, the organization published more than 1.7 million U.S diplomatic and intelligence documents dating back to the 1970s.
Cyber Bullying
Hunter (2012), defined cyberbullying as the use of information and communication technologies such as email, cell phone, and pager text messages, instant messaging (IM), defamatory personal websites, and defamatory online personal polling web sites, to support deliberate, repeated, and hostile behavior by an individual or group, that is intended to harm others. Closely related to cyberbullying are cyberstalking and cyber harassing. These acts are majorly perpetrated through breach of privacy and hacking of personal email or social network accounts. According to Hunter (2012), cyberbullying constitute the following acts, name-calling through short text messages, cyberstalking, victimization of gays and lesbians, and posting indecent photos of individuals without permission. Cyberbullying cases have been widely witnessed on social media platforms such Facebook and Twitter. Psychologists argue that emotional trauma and distress caused by cyberbullying are more severe than those caused by physical bullying.
Piracy
Advanced cybercrime technology has resulted in a breach of cybersecurity system mechanisms, which are aimed at safeguarding copyrights and trademarks of digital content. Cases of piracy have been on the rise with every step of technological advancement. Piracy necessitates illegal download of digital content without permission or payment of a relevant fee to concerned authority. Forms of data that are mostly downloaded from the internet include movies and music from various unauthorized websites. The release of modern data sharing technologies which enable real-time sharing of documents such a wi-fi and Bluetooth technologies significantly complicate measures that are aimed at safeguarding proprietors’ copyrights and trademarks.
Prevention of Cyber Crimes
Measures aimed at mitigating cyber-attacks should be implemented through the replication of already existing approaches and methods established to curb conventional crimes in society (Tikk, 2011). These measures should be in the form of government policies, enactment of legislative laws, education and awareness, and cooperation between government agencies, private sectors, the public, and relevant international bodies. A special committee of experts and stakeholders should be instituted to oversee the modification of conventional strategies and approaches in order to fine-tune implemented policies to be cybercrime specific.
National Approaches to Cyber Crime Prevention
National approaches to cybercrime prevention may be in the form of strategies agreed upon by the executive domain of a given government. Such policies may include but not limited to the following, national awareness campaign on the risks of cybercrimes, partnership, and cooperation with other nations in order to reinforce regional efforts aimed at cyber attack prevention and establishment of special law enforcement agencies whose jurisdiction encompasses cyber crimes only.
Private Sector Approach to Cyber Crime Prevention
A report by Ponemon Institute (2013) indicated that most private organizations have put in place mechanisms and measures are at reducing the risks associated with cyber-attacks. These measures were predominantly in the form of cybersecurity technology and constant cybercrime risk assessments. However, the report indicated that small-scale to medium-scale organizations were prone to cyber attacks due to the implementation of substandard or outdated cybersecurity technology. The report by Ponemon Institute (2013) argued that small and medium-sized companies lacked the financial capacity to upgrade constantly to high-level cybersecurity systems. At the preliminary level, private organizations address cyber risk awareness through competent employee training on issues pertaining to cybercrimes. These companies also institute policies and guidelines that define employees, access privileges to confidential information as strategies to reduce breach of clients’ privacy. To reduce cybercrime costs, private institutions have also established specialized units whose sole mandate is to handle cybercrime-related issues.
Public Awareness
At the individual level, cyber attacks could be significantly reduced through the creation of awareness among users of internet-enabled devices such as mobile phones, tablets, laptops, and personal computers. Public campaigns aimed at raising awareness should focus on educating the public on how to continue using internet services without being prone to cyber-attacks. These campaigns could be carried out using the internet, social media, mainstream media, and conventional publications. Firewalls and antivirus proprietary software programs should be installed in all internet-enabled devices to safeguard them from cyber-attacks. Surprisingly, internet users are becoming more aware of the threats posed by cyber attacks as was asserted by a survey conducted by United Nations Office on Drugs and Crime (2013) which evaluated 13,000 internet users in 24 countries. The findings indicated that almost 90% of participants indicated that they had deleted suspicious emails from unknown sources.
Recommendation
From the discussion, it is undoubtedly evident that essential information infrastructures are prone to cyber-attacks. These infrastructures are critical to the continual operation of significant industrial components of the economy. Almost every industry today relies on information technology. These industries include the energy sector, transportation system, communication sector, defense, and the health sector. Although studies have indicated that these institutions have implemented necessary, mechanisms to reduce cyber-attacks there still exist system loopholes. Studies recommended that these organizations implement a cybersecurity metric system. The inclusion of the metric system into the traditional cybersecurity system quantifies data in order to enable an informed decision-making process. The metric system will lead to a precise estimation of the risk associated with a given information infrastructure. This quantification will estimate the expected value of loss per unit time that would be incurred by an organization due to a cyber attack. Such a mechanism will enable continuous operation of production and delivery of services due to advance planning and allocation of emergency funds aimed at offsetting crime costs expenses caused by a cyber attack.
Although there exist already public campaign awareness that addresses social, technical, and security issues which pertain to cybercrimes, it is advised that internet users should also actively participate in these campaigns through public debates, songwriting, and acting. Internet users should view recommended practices such as confidentiality of passwords as their moral duty. Individuals should refrain from perpetrating cyberbullying on social media platforms such as Facebook. In addition, those who are identified as cyberbullies should be reported to relevant sharing of digital documents should always observe authors’ copyrights. In order to avoid such offenses, internet shoppers should only obtain digital products and services from authorized websites.
Resolution
The growth of information technology and mobile phone usage indicates that everyone is at the risk of being a victim of cyberattacks. At the basic level, it is prudent that one should safeguard confidential information in the form of digital formats that are readily available on our phones, laptops, and personal computers. It is critical that measures aimed at preventing cyberattacks be regulated in order to avoid cases of misinterpretation of the campaign messages. Misinterpretation of information could hamper the development of other internet-related commerce such as internet shopping. It is also the duty of private institutions and the government at large to formulate and enact policies that will ensure security from sudden cyber attacks. Private institutions should be at the forefront of the war against cyberattacks as it is lucid that they stand to incur enormous crime costs in the event of a cyber attack.
References
Department of Information Technology. (2012). Cyber Crime and How It Affects You. State of New Hampshire. 7. (12). Retrieved from
http://www.nh.gov/doit/cybersecurity/
Hunter, N. (2012). Cyberbullying. Chicago, Ill: Heinemann Library.
Lewis J. (2002). Assessing the Risks of Cyber Terrorism, Cyber War, and Other Cyber Threats. Center for strategic and international studies. Retrieved from
http://csis.org/files/media/csis/pubs/021101_risks_of_cyberterror.pdf
Ponemon Institute. (2013). 2013 Cost of Cyber Crime Study: United States. HP Enterprise Security. Retrieved from
http://media.scmagazine.com/documents/54/2013_us_ccc_report_final_6-1_13455.pdf
Tikk, E. (January 01, 2011). Ten rules for cybersecurity. Survival, 53, 3.
United Nations Office on Drugs and Crime. (2013) Comprehensive Study on Cyber Crime. Retrieved from
http://www.unodc.org/documents/organized- crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf