Custom Securing Against Cyber Crime in the Workplace essay paper sample
Buy custom Securing Against Cyber Crime in the Workplace essay paper cheap
The modern world is greatly intertwined into one big global village. This is hugely due to the invention of computers and the internet which as connected the world into one complex dynamo. This connectivity has effectively improved communication and sharing of documents and picture through long distances and in a split of seconds. Indeed, businesses, ranging from executive sales to forex exchange, have been conducted through the cyber. This has brought immense benefits to operators in terms of the cost of operation and the client base. However, it is these very businesses that have been lucrative enough to lure fraudsters into cybercrimes. The growing rate of dependency on wireless devises worldwide saw statistics put the number of operational, connected devises at five per person in 2010 (Khan). This figure is projected to shoot to 140 devices per person by the 2013. With this increase, the security threat that has become the menace of the cyber devises will also increase. This makes it essential for managers and business owners to protect their online business networks against cyber crimes.
Cybercrimes are defined as criminal activities that are conducted online with a specific goal of damaging or incapacitating a business network. The offenders are, contrary to earlier days when they just did this for notoriety, currently driven by profit. Khan states, as a matter of fact, that these cyber criminals have incorporated technical innovations and collaborated with other like-minded criminals to establish new strategies of attacking. Network collaborations between businesses force these businesses to post corporate data into the networks, forming a wider base for attack. Cyber offenders go after confidential and lucrative information concerning companies that would damage their reputations and make them loss their competitive edge. The leak of confidential data also causes the company to lose customer confidence (Khan).
Perhaps the most widespread method of committing cyber crime is by way of spam production. The rapid increase in the amount of spam produced all over the world is alarming. This spam growth has widely been linked to the spread of broadband network in, especially, developed countries (Schryen). Indeed, the Cisco research (2010) showed that the volume of spam produced in the United Kingdom rose by almost 99% between the years 2009 and 2010. Cyber criminals have also developed sophisticated malwares that allow them to stealth into company networks without being detected. Schryen observes that the stealth technique allows cyber criminals to act with no fear of being detected in time before they cause damage, and are not even worried of being captured and successfully prosecuted.
Cybercrimes have immense economic loses which cannot effectively be quantified, due to their tendencies to jeopardize the reputation of companies and ruin their businesses. The crime has thrived based on the profits that the offenders reap, translating to billions of losses to corporate companies all over the world. Surveys conducted by the FBI and Javelin, to establish the direct economic effect that cybercrimes have clearly show that billions of dollars are lost annually to cybercriminals (Burstein). The survey also show a projection of these figures rising in the future if something is not done. Most cyber criminals have evolved very fast that anti-cybercrime experts are left unable to handle them. They have acquired malwares that allow them to stealth in to company networks without being detected and persistently stay there for a long time, keeping a low profile. This causes many organizations a lot of losses since they channel their limited resources towards trying to take care of lesser crimes like hackers and pornography while the major crimes remain undetected. Some of the direct losses organizations experience due to cybercrimes therefore range between financial losses, breach of data, the damage of brand, to the loss of clientele due to loss of public confidence. Burstein, in his survey, lists the indirect losses of cyber crimes as: loss of cyber security protocols that had taken a lot of time and dedicated resources to come up with, the continual spending or allocation of resources towards building new protocols to deal with newer threats, and the multiple vector characteristics of most recent malwares making them difficult to wipe out completely. The truth about just how much loss is being caused by these by cybercrimes in organizations may not be effectively established since most of these cybercrimes are ca not be detected and reported.
David Wall blames the rampant use of social networks all over the world as being responsible for giving cyber criminals an edge, making it easy for them to target unsuspecting end users, the clients. In deed, social networks are huge threats to companies since even employees are engraved in them during working hours, giving a potential cyber criminal easy access to introduce malwares through the social network (Wall). Majority of cyber crime security systems focus on preventing unauthorized usage of their networks. As such, employees who need to access company networks are accorded passwords. These employees could be incorporated by cyber criminals into their syndicates as accomplices (Rustad & Koenig). The criminals therefore are able to gain legitimate access to the company networks and change data, remove it from the system, and conduct transactions within the system without fear of detection (Rustad & Koenig).
Meanwhile, the cyber criminal continue to target end users and exploit them in the pretext of being executives or members of certain companies. The challenge is how to block their exploits all the times. They seem to be developing new strategies all the time and it is hard for most organizations’ cyber security systems to keep up with. In deed, even the most established antivirus vendors are finding it hard to cope with the ever evolving cyber threats. Companies, especially new ones, depend almost entirely on the cyber networks to win clientele and establish their brand. It is therefore inevitable that they will be exposed to these threats. To ensure that their networks and corporate information are continually protected, these companies need to change their mindsets towards cyber security.
Governments have also recognized the importance of developing standard techniques for cyber security solutions, and have passed legislations to ensure this happens without undermining their authorities as Governments, and without seeming to be monotonous to the private industries (United States Government Accountability Office). As the Governments dwell on improving cyber security, the private industries are keen to make sure that the legislations passed are not stifling to innovation.
It is without doubt that companies should come up with strategies to promote a ‘culture of security’ within its staff to make sure that cyber security is instilled and practiced in the companies. In deed, it is feared that the greatest threat to an organization cyber security comes from within (Rustad & Koenig). Companies with the urge to develop this culture of security should take steps to get their employees to sign Security policies, making them party to the protection of customer and company data. Some steps have been developed to follow in trying to create a firewall in businesses (James). They include;
Assessment of the risks and identification of the weak links/points (James).
It is essential to establish which departments faced greater risks of cyber crimes. For instance, check if your customer data, accounting information among other sensitive data are linked to the internet. If they are, to make safe accesses, ensure that all your employees have their anti-viruses and anti-spywares regularly updated, and that the employees have passwords, that are also regularly updated, to ensure safe access.
Backing up of information considered critical (James).
Establishing a schedule for regular system upgrades and data backups goes a long way to ensure that vital data is not lost, in the event that there is a natural disaster or a cyber attack. All the backups should be stored in remote locations away from the office, and encrypted if necessary, so as not to leak sensitive company or customer information.
There should be an existing pre-planned contingency plan (James).
This plan should spell out what steps to follow if the business fall victim to cyber attacks. The plan to continue business in an alternate location if this happens should also be incorporated in the contingency plan. This plan should be tested, like in drills, on an annual basis.
Educating of the employees to be active participants in the process (James).
Education of employees concerning the subject of cyber crimes helps to show that the employers consider them serious problems, and also help to equip the employees with the knowledge and techniques to create a security culture in the company. The training should encompass proper internet practices, technology solutions, and customer relations to help the customers take care of themselves against cyber fraudsters. It is essential to develop a cyber security rollout plan within the annual business plan so as cement this training. To offer incentives to its facilitation, the plan should include steps for measuring levels of success.
Implementation of the security agreement (James).
In signing security agreements, employees accept to be active participants in the process of ensuring a safe cyber environment. They should therefore report suspicious internet activities to relevant authorities to help curb the crime.
There is a need to change the approach of handling cyber crimes from building firewalls to avoid them, to identifying the specific threats and dealing with them. This is termed a risk-based approach. It assumes that an unauthorized person can gain access into the system and then designs security responses based on the value of the data that are in focus. This requires that the organizations prioritize data based on its values and activities. This approach takes a lot of efforts and expenses to train and develops systems of categorization but in the end it pays off more in its efficiency and effectiveness to deliver a cyber security system.
Federal governments have also been on the forefront to fight cyber crimes. In deed, in the U.S., there is a computer fraud and abuse Act that specifies internet malpractices that are considered cyber crimes (United States Government Accountability Office). They range from unauthorized access to computers to damaging the computers by worms or viruses. The Federal Bureau of Investigation and local law enforcement agencies have laid down platforms to ensure that suspected criminal intents are promptly reported and that the relevant authorities take care of them (United States Government Accountability Office).
All researchers and surveys agree that effective curbing of cyber crimes revolves around the establishment of an actionable intelligence into cyber threat (Pipe). There should be a commitment into this endeavor starting from the senior executive and board members, to common employees. Combating cyber crimes is in deed within the confines of risk management (McAdams). As such, it should be mentioned in all IT, risk management, and security budgets. It is therefore vital that these executives should feel a conviction to make this their priority. The commitment established by their active involvement will lay the platform for the formulation of specific steps to improve cyber security and, in so doing, protect the business against other potential threats. These steps mainly focus on gathering of intelligence, then analyzing them before doing assessment. It is however more practical to apply these steps to specific areas of treat rather than the general practices of the business (McAdams). The process of identifying these areas of risk takes time and resources, but they can be based on the general risk management strategies, and then arranged in order of their priorities. However, if a general risk assessment has already been performed, it would have identified critical process that could be used, activities that should be incorporated, data that will be compromised, and delivery channels that will be used to facilitate the security plan among other resources.
The process of intelligence gathering should ideally be a continuous activity. It involves identifying platforms from which to scan the external environment while at the same time monitoring the internal environment (James). Therefore, these channels should involve resources that constitute both internal and external intelligence feeds. Some of the external sources of cyber threat intelligence include: hash databases, publications, security vendors, law enforcement sources among other sources. Internal sources, on the other hand, may involve Fraud investigations, Human intelligence, Vulnerability data, and security event data among other activities (James).
General assessment however has the limitation of being costly and runs the risk of sacrificing the depth of risks because of their breadth (Rustad & Koenig). It is therefore essential to pick your feed based on your company’s activities, needs and capabilities. It is therefore more effective to perform a proactive surveillance to eliminate the large lists of feeds that is characteristic of enterprise-wide intelligence gathering. In proactive surveillance, possible feeds are narrowed to the company’s activities and needs. They may include: Malware forensics, watch list monitoring, brand monitoring, and peer to peer monitoring. In the same line of intelligence gathering, it is advisable to focus surveillance on specific technologies. These include: mobile computing; internet applications; banking devices; telephony; personal computers; intranets; and identity management and authentication.
The process of intelligence gathering should ultimately be followed by the analysis of the findings, a process termed “intelligence analysis” (Schryen). The process of intelligence analysis involves statistical techniques that help to normalize, parse and correlate the findings of intelligence gathering, as well as the human review of the findings (Brink). The process should seek to establish:
How the enterprise can improve their visibility into the environment of operation
What new technologies the enterprise need to watch out for and monitor
Whether the enterprise has vulnerable data and technologies
Which industries and enterprises the cybercriminals are targeting
How the enterprise can identify actionable information, and
To what extent will the control systems the enterprise has in operation will protect them in case of a cyber attack (Schryen).
The process of intelligence analysis should be conducted within a risk management strategy, with well outlined risk identification, detection, mitigation, and prevention plan to ensure effectiveness and efficiency. Proper analysis, for instance effects of failure analysis, will provide helpful feedbacks that constantly improve the efficiency of the analytics being performed (James).
Hanna portrays the risk-based approach of Cyber threat risk management described above as having various advantages over the security-based approach. The two approaches however almost augment each other in the process of walling off the IT environment. Risk-based approach is seen to have the ability to (Hanna):
Define risk-related categories of data and arrange them in order of priority so that they could be dealt with accordingly.
Identify devices within an organization that are being used by cyber criminals and mitigate them.
Identify partners who have compromised devices within their networks
Track compromised data that are suspected to be leaving the organization
Monitor transactions so as to isolate those being carried out through the compromised devices, and
Address the continued susceptibility of the organization to access by cyber criminals.
However, it is worth noting that, given the level of sophistication of cyber crime technologies, no organization can plan and undertake the necessary responses into cybercrime on their own (Rustad & Koenig). It is vital that cyber security professionals like CIOs and CROs share information and technologies to help in the fight against cyber crimes (Kshetri). This however should be done, and can be done, without bringing out the sensitive corporate information of the organizations. This is to say that effective cyber security efforts require the involvement of expertise beyond the confines of the organization.
In conclusion, there is no amount of expenditure that could be big enough to surpass the value of data. While money once spent is gone, data can be used on numerous occasions to make more money. It is therefore essential that any serious enterprises go to all lengths to protect their data. The rate at which data is used to activate credit cards, authorize online banking applications, and access organization networks have made data the primary target of most cyber criminals. This is because data gives them repeated opportunities to make and access money. For this reason, cyber crimes pose the most challenging security threat to all online based activities, assets, and transactions. Ironically, surveys have shown that most organizations under-rate the threats cyber crimes pose to their businesses and are therefore barely prepared to detect and protect themselves against them (Brink). A rapidly growing underground economy that involves thieves, organized criminals among others support the activities of cyber criminals (Foltz). This makes cyber crimes almost impossible to eradicate. In leaves stakeholders who are company executives and managers with the task of working with the best strategies available to guarantee their own organizations’ safety.