Volume 4 • Issue 2 • April 2018
ISSN 2206-4451
www.ajbssit.net.au
The Increasing Need for Cyber Security
Francisco Coronel1, Marjani Peterson2, Jamie Marshall3
1Department of Business Administration, School of Business, Hampton University, Hampton, Virginia, USA,
2Computer Science Program, Hampton University, Hampton, Virginia, USA, 3 Five Year MBA Program, Hampton
University, Hampton, Virginia, USA
1. Introduction
This paper is an effort to use writing across the curriculum within an undergraduate environment. We use an interdisciplinary approach between the Computer Science Department and the Business Administration students. The funding for this effort stems from the Chair of the Computer Science Department under a “Grant Funding for Faculty and Student Conference.” Initially, the chairs of the respective departments selected relevant faculty and students in both the departments. Both selected students worked in brainstorming state of the art issues in their field of studies. Faculty and students held several working sessions to ascertain common areas of interest. Both students had the chance of leading discussions and wrote original research, while the other had a secondary but important consulting role. This paper represents the leading effort by Miss Marjani Peterson, while Miss Jamie Marshall served as a consultant. The importance of cybersecurity is paramount. We are all familiar with the risks of not being fully protected against digital viruses at home or at the office, not a week goes by without finding a new twist created by scammers. Various forms of cybersecurity issues were studied. Hackers and their scams will be unveiled, and guidance against the lack of attention will be provided. Recent advances in the scale of hacking to scams and ransomware make the topic of this paper very upe-to-date.
2. Literature Research
Individuals all around the world need to be familiar with and practise cyber hygiene also known as cybersecurity, the science of keeping computer systems clean and protected from the infiltrating grime
Abstract
Over the past 3 years’, cybercrime has increased dramatically due to the advancements in technology and the increased use of electronic devices. We live in a world where most tasks are done electronically such as using a cell phone as a credit/debit card, digital signatures, instead of writing letters, we type e-mails, autopilot cars, internet of things, and so much more. Users of electronic devices are continuously making themselves vulnerable from the amount of information they make available to the public. Some examples of this are the use of social media, connecting to insecure wireless networks, and not keeping up with updates. Keeping up with updates is the easiest way to have protection from cybercrime, but many users want to avoid not having access to their phone for a few minutes and just ignore the notification to update the device. The advancements in technology are increasing faster than the software that should be used to provide protection for these devices. Cybercriminals are everywhere and target anyone, so practising proper cybersecurity is very important because we never know who will be the next target.
that can be transmitted through internet connections. Everyone also should know how to back up their works. “It is not enough to teach marketing, management, and finance when everything marketers, managers, and advisors do can disappear in an instant (Limayem).” The education on cyber hygiene should be mandatory for all college students because turning college graduates into cyber soldiers may be the only way to decrease the growing threat of global hacking.
Jones and Mujtaba’s paper provides the results of a qualitative study conducted with senior information technology officers and organizational leaders from seven international firms about cybercrime and information terrorism. The study attempts to answer if a company’s competitive advantage is at risk due to cyberterrorism and computer crime. Based on the views of these information technology leaders, the study also attempts to determine if the implementation of an IT security strategy can protect against cyberterrorism crime threats.
Romanosky’s research seeks to examine the composition and costs of cyber events and attempts to address whether or not there exist incentives for firms to improve their security practices and reduce the risk of attack. Specifically, it examines a sample of over 12,000 cyber events that include data breaches, security incidents, privacy violations, and phishing crimes. First, it analyzes the characteristics of these breaches such as causes and types of information compromised. The findings suggest that public concerns regarding the increasing rates of breaches and legal actions may be excessive compared to the relatively modest financial impact to firms that suffer these events.
3. Research Methods
This research utilized observation of cybersecurity practices in the United States. It also explored the use of secondary data related to the prevention strategies utilized by companies most affected by recent cyber-attacks. Use of descriptive statistics through relevant charts augmented the validity of the observations.
4. Findings
Before fully understanding cybersecurity, its biggest threat cybercrime must first be understood. Cybercrime is criminal activities carried out by means of computers or the internet. As shown in the graph below, cyber-attacks have been growing in frequency and sophistication over the past few years. The largest increase in cybercrime occurred this past year in 2016. Figure 1 below displays the total financial losses oveer the years due to cubercrime. There is a large demand for individuals with cybersecurity skills to brainstorm solutions that will prevent hackers from accessing and stealing information. Attacks centered on manipulation and fraud of financial markets is one of the top cybersecurity threats. Other cybersecurity threats such as exploitation of social networks and damage created by angry employees are rising dramatically as well.
4.1. The cost of scams (spam, ransomware, and phishing)
The overall annual cost of global cybercrime was $3 trillion in 2015, and this is expected to double to $6 trillion a year by 2021 (Morgan, S). Spam adds up to cost society about $20 billion which is derived from the cost of developing the software required to filter out spam e-mails and the few seconds it takes to delete every spam e-mail that is not successfully blocked. Each year, the spamming industry makes about $200 million off sending unwanted messages. In other words, for every dollar spammers make, they destroy $100 in the overall economy. Now with phishing, the average 10,000-employee company spends $3.7 million a year to deal with phishing attacks. The average employee wastes 4.16 h a year on phishing scams. Figure 2 below displays the cost of phishing.
4.2. Countries most affected by scams
Cybercrime occurs worldwide, but some countries are targeted more than other countries. In 2017, the top five countries targeted most by cybercriminals include: Brazil, Turkey, United States, India, and Philippines. Recently, Google Brazil was hacked through DNS hijacking, where “google.com.br” was unavailable to users. According to reports in Brazil media, the Google Brazil users were getting the defaced message from Kuroi’SH (the hacker) for a whole 30 min before Google took the website offline. It is clear that Brazil is attracting a lot of negative attention from the wrong people for all the wrong reasons.
Another situation is cybercriminals seized control of a bank in Brazil for 5 h on October 22, 2016. They intercepted all of its online banking, mobile, point-of-sale, ATM, and investment transactions. Researchers estimate that many of the bank’s customers across 300 cities worldwide, including in the US, may have been victimized during the hijack window when customers accessing the bank’s online services were hit with malware posing as a trusted banking security plug-in application. The malware harvested login credentials, e-mail contact lists, e-mails, and disabled anti-malware software on the victim’s machine to avoid detection. Figure 4 below displays another view of the data breaches worldwide from an enterprise perspective, yahoo had the distinction of having the highest number of hits.
“The middle east has some of the highest number of malware infections worldwide often due to outdated operating systems” said former NSA analyst Blake Darche. Figure 5 shows the alert given
Figure 1: The graph below displays the total financial losses over the years due to cybercrime (“Internet Crime Complaint Center (IC3)|Annual Reports,” 2017)
to computer systems infected by ramsomware in India. Turkey is a huge target for malware due to its very insecure internet infrastructure. Turkey was also targeted because countries were interested in their handling of the refugee crisis. Next, The U.S ranks as the fourth-favorite country of hackers. In 2016 alone, the U.S saw the breach of voter records and the Wendy’s Company suffering major malware attacks. Many other and most famous online service providers such as LinkedIn, Dropbox, and others
Figure 4: The number of compromised data records in selected data breaches (“Biggest Online Data Breaches Worldwide 2016|Statistic,” 2017)
Figure 5: Displays the image shown on computer systems infected with a ransomware in India (“Serangan-Virus-Wannacry ransomware - Techora,” 2017)
were also targeted. In 2013, four men were responsible for an intrusion into Yahoo’s systems that affected 500 million user accounts. The authorities were so tight about their investigation of the 2013 attack that the details were not released until 2016. The 2013 hack and the 2014 hack of Yahoo’s servers are known as the largest breaches of a private company’s computer system.
India is expected to become a key target of cyber criminals since they plan on using malware to attack point-of-sales devices and mobile wallets in 2017. There have been many cases of bank thefts, which cost the nation millions of dollars. The increasing scale and severity of these attacks are not hard to guess since every hour 15 ransomware attacks are spread in India, with one of every three Indians falling victim to it. Moreover, despite all their tries, banks have still not been able to stop them. Below is an image of the “WannaCry ransomware” attack that occurred in India. As you can see the hacker gives the time frame, the victim has to give the money, and they would like $300 worth of bitcoins for the victim to get their files back
Last year, we saw the Philippines being in the spotlight after one of the largest bank heists in modern history. According to a report by US security company Symantec, the hacker responsible for stealing $81 million from the Bangladesh central bank had now targeted the Philippine bank. The malicious software used in the Philippine incident was similar to the one used in the Sony hack. The Philippine central bank has started to expand its cybersecurity unit, placing banks, and money changers under tighter security and will start to regulate digital currencies to ward off laundering and technology crimes.
4.3. Cybercrime in banking sector
Banks to enhance their customer base introduced many platforms through which transactions could be done without much effort. These technologies enabled the customer to access their bank finances 24/7 with the use of ATMs and online banking. However, with the advancement in technology, banking frauds have also increased. Cybercriminals are using many methods to steal one’s bank information and their money. Many of those who suffer losses are elderly or vulnerable people who falls victim to so-called phishing scams in which they are persuaded to hand over passwords and bank account details. Anyone who uses computers to bank, shop, or even communicate with friends could be a target. Banks, on the other hand, are targeted by cyber criminals based on key factors that include the size of the bank’s market share, the number of clients, the weakness of their authentication systems, safety of their money transfer policy, and the country in which these banks are located. For the past few years, banks have listed cybercrimes in their top five risks.
4.4. Wi-Fi
Public Wi-Fi is available just about everywhere, from the local restaurants to the hotels, and airports you visit while traveling. Wi-Fi has made our lives a little easier, but it also exposes us to security risks to the personal information available on our laptops and smartphones. There are basically two kinds of public Wi-Fi networks such as secured and unsecured. An unsecured network can be connected to
within range and without any type of security feature such as a password or login. When connected to an unsecure network do not access personal bank accounts or sensitive personal data. Even secured networks can be risky. A secured network requires a user to agree to legal terms, register an account, or type in a password before connecting to the network.
Some steps that should be taken to decrease risk to cyber-attacks include turnoff automatic connectivity. Most smartphones, laptops, and tablets have automatic connectivity settings, which allow you to connect from one hotspot to the next. This is a convenient feature, but it can also connect your devices to networks you ordinarily would not use. Second, monitor your Bluetooth connectivity because leaving Bluetooth on allows various devices to communicate with each other, and a hacker can look for open Bluetooth signals to gain access to your devices. Finally, think about using a virtual private network (VPN) solution to ensure your privacy and anonymity are protected when you use public Wi-Fi. VPN services, such as Norton Wi-Fi Privacy, can encrypt all the data that you send and receive while using a public Wi-Fi hotspot, securing your information from other users of the same connection.
4.5. Cybersecurity
Companies purchase and install surveillance cameras, locks, and keys and hire security guards without a second thought. Figure 6 above displays the percentage of increased spending enterprises are putting in certain areas. When physical theft does occur, the damage is usually limited to what a burglar can physically carry. Since physical security deals with tangible objects, it is easy to see what was taken and how. The cyber world, however, is much different. Cybersecurity involves protecting information and systems from major cyber threats, such as cyberterrorism, cyber warfare, and cyber espionage (Lord, N). Technology is evolving at such an uncontrollable rate, making US citizens vulnerable to these threats and increasing security risks. Cybersecurity is important because many organizations collect, process, and store data on computers and other devices (Lord, N). A significant portion of that data can be sensitive information for which unauthorized access or exposure could have negative consequences. Cybersecurity describes the discipline dedicated to protecting that information and the systems used to process or store it. In March 2013, the nation’s top intelligence officials cautioned that cyber-attacks and digital spying are the top threats to national security.
5. Conclusion
People all around the world are more vulnerable to cyber-attacks than ever due to the enhancements in technology such as Wi-Fi, Bluetooth, social media, and the internet. The attacks are accomplished by the use of spam, phishing, botnet, spyware, and ransomware. To prevent these cyber-attacks from occurring, cybersecurity must be used and taken seriously by users and organizations. Most importantly, banks are targeted by cyber criminals very often to steal one’s bank information and steal their money.
5.1. Theoretical and practitioner implications
This research thread has global implications. It is important to justify expenditures in cybersecurity in the same way that it is justifiable to spend money on the security of brick and mortar businesses.
5.2. Limitations
This study covers data for four countries only. Further, the studies should consider the risk of cybersecurity by continents.
References
Higgins, K. (2017), Cybercriminals Seized Control of Brazilian Bank for 5 Hours. Dark Reading. Available from: https://www.darkreading.com/attacks-breaches/cybercriminals-seized-control-of-brazilian-bank-for-5-hours/d/d-id/1328549. [Last accessed on 2017 May 30].
Intelligence, BI. (2016), This One Chart Explains Why Cybersecurity is So Important. Business Insider. Available from: http://www.businessinsider.com/cybersecurity-report-threats-and-opportunities-2016-3. [Last accessed on 2017 May 13].
Internet Crime Complaint Center (IC3). (2017), Annual Reports. Ic3.gov. Available from: https://www.ic3.gov/ search.aspx?q=annual+reports. [Last accessed on 2017 Jun 14].
Korolov, M. (2015), Phishing Is A $3.7-Million Annual Cost for Average Large Company. CSO Online. Available from: http://www.csoonline.com/article/2975807/cyber-attacks-espionage/phishing-is-a-37-million-annual-cost-for-average-large-company.htm. [Last accessed on 2017 May 30].
Limayem, M. (2017), Hackers at the Gate: We can Turn the Tide against the Threat to our Connectivity. Bized Magazine. Available from: http://www.Bizedmagazine.com. [Last accessed on 2017 Jun 14].
Lord, N. (2017), What Is Cyber Security? Digital Guardian. Available from: https://digitalguardian.com/blog/what-cyber-security. [Last accessed on 2017 May 13].
Morgan, S. (2017), Top 5 Cybersecurity Facts, Figures, and Statistics For 2017. CSO Online. Available from: http:// www.csoonline.com/article/3153707/security/top-5-cybersecurity-facts-figures-and-statistics-for-2017.html. [Last accessed on 2017 May 13].
Palmer, Danny. (2016), The Cost Of Ransomware Attacks: $1 Billion This Year. Zdnet. ZDNet. Available from: http:// www.zdnet.com/article/the-cost-of-ransomware-attacks-1-billion-this-year/. [Last accessed on 2017 May 30]. Prabhu, V. (2017), Google Brazil Hacked Through DNS Hijacking, Google.Com.Br Unavailable To Users.
TechWorm. Available from: https://www.techworm.net/2017/01/google-brazil-hacked.html. [Last accessed on 2017 May 30].
Romanosky, S. (2016), Examining the costs and causes of cyber incidents. Journal of Cybersecurity, 2, 121-135. Top 6 Countries Targeted Most By Cyber Attackers. (2017), Bitcoin News Service. Available from: http://www.
