Cybercrime and Business: Strategies for Global Corporate Security
()
About this ebook
Cybercrime and Business: Strategies for Global Corporate Security examines the three most prevalent cybercrimes afflicting today’s corporate security professionals: piracy, espionage, and computer hacking. By demonstrating how each of these threats evolved separately and then converged to form an ultra-dangerous composite threat, the book discusses the impact the threats pose and how the very technologies that created the problem can help solve it.
Cybercrime and Business then offers viable strategies for how different types of businesses—from large multinationals to small start-ups—can respond to these threats to both minimize their losses and gain a competitive advantage. The book concludes by identifying future technological threats and how the models presented in the book can be applied to handling them.
- Demonstrates how to effectively handle corporate cyber security issues using case studies from a wide range of companies around the globe
- Highlights the regulatory, economic, cultural, and demographic trends businesses encounter when facing security issues
- Profiles corporate security issues in major industrialized, developing, and emerging countries throughout North America, Europe, Asia, Latin America, Africa, and the Middle East
Sanford Moskowitz
Sanford Moskowitz is Chair of the Global Business Leadership Department at St. John’s University/College of St. Benedict. He is the author of The Advanced Materials Revolution: Technology and Economic Growth in the Age of Globalization (Wiley, 2009), and The Digital Revolution: An Encyclopedia of the People, Organizations, Places, and Issues Behind the Great Technological Innovations of the Information Age (ABC-CLIO/Greenwood, 2014). He serves as an Expert Witness in corporate digital security cases involving Intellectual property theft and copyright piracy.
Related to Cybercrime and Business
Related ebooks
Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization Rating: 1 out of 5 stars1/5IT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsApplication of Big Data for National Security: A Practitioner’s Guide to Emerging Technologies Rating: 0 out of 5 stars0 ratingsIndustry of Anonymity: Inside the Business of Cybercrime Rating: 2 out of 5 stars2/5Cybersecurity in Our Digital Lives Rating: 5 out of 5 stars5/5Managing Information Security Breaches: Studies from real life Rating: 0 out of 5 stars0 ratingsManaging Online Risk: Apps, Mobile, and Social Media Security Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5Privileged Access Management A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsSecurity Operations in Practice Rating: 0 out of 5 stars0 ratingsClient-Side Attacks and Defense Rating: 0 out of 5 stars0 ratingsHack Proofing Your E-commerce Web Site: The Only Way to Stop a Hacker is to Think Like One Rating: 0 out of 5 stars0 ratingsCybersecurity ISMS Policies And Procedures A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIdentity Theft and Fraud: Evaluating and Managing Risk Rating: 0 out of 5 stars0 ratingsCyber security standards Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsThe Insider Threat: Combatting the Enemy Within Rating: 0 out of 5 stars0 ratingsPCI Compliance A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsInformation Privacy Complete Self-Assessment Guide Rating: 5 out of 5 stars5/5SSCP Systems Security Certified Practitioner Study Guide and DVD Training System Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsIT Service Root Cause Analysis Tools The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsData Privacy Risk A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsIT chargeback The Ultimate Step-By-Step Guide Rating: 0 out of 5 stars0 ratingsDigital Cop: A Digital Cop's Guide to Cyber Security Rating: 0 out of 5 stars0 ratingsCybersecurity A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsPhishing Detection A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsPenetration Testing: A guide for business and IT managers Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide - 3rd edition Rating: 0 out of 5 stars0 ratingsEU General Data Protection Regulation Standard Requirements Rating: 0 out of 5 stars0 ratingsDisk encryption A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratings
Business For You
Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5Lying Rating: 4 out of 5 stars4/5Grant Writing For Dummies Rating: 5 out of 5 stars5/5The Book of Beautiful Questions: The Powerful Questions That Will Help You Decide, Create, Connect, and Lead Rating: 4 out of 5 stars4/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5Financial Words You Should Know: Over 1,000 Essential Investment, Accounting, Real Estate, and Tax Words Rating: 4 out of 5 stars4/5Good to Great: Why Some Companies Make the Leap...And Others Don't Rating: 4 out of 5 stars4/5How to Get Ideas Rating: 5 out of 5 stars5/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5High Conflict: Why We Get Trapped and How We Get Out Rating: 4 out of 5 stars4/5Ask for More: 10 Questions to Negotiate Anything Rating: 4 out of 5 stars4/5Robert's Rules of Order: The Original Manual for Assembly Rules, Business Etiquette, and Conduct Rating: 4 out of 5 stars4/5Summary of J.L. Collins's The Simple Path to Wealth Rating: 5 out of 5 stars5/5Summary of Eve Rodsky's Fair Play Rating: 2 out of 5 stars2/5Capitalism and Freedom Rating: 4 out of 5 stars4/5The Catalyst: How to Change Anyone's Mind Rating: 4 out of 5 stars4/5
Reviews for Cybercrime and Business
0 ratings0 reviews
Book preview
Cybercrime and Business - Sanford Moskowitz
manner.
Part 1
The Global Cybercrime Landscape
Chapter 1
The Global Cybercrime Industry
Abstract
Attackers, defenders, innovators, and regulators form the cybercrime network and together make up what is often referred to as the cybercrime industry. While cybercrime can originate anywhere in the world that has the infrastructure necessary to operate over the Internet, there are certain areas that are most amenable to the rise of cybercriminals. Cybercrime has a large and rapidly growing impact on businesses of all types. Even initially small-scale cyberattacks on companies can easily spin out of control to become mega-disasters. Cybercriminals do not have to attack a company directly in order to do it damage. They can cripple a business by going after the infrastructure that supports it, particularly the electric power grid, air traffic control and transportation systems, as well as commercial databases and information systems for financial institutions. The major players in the global cybercrime industry include the cybercriminals and their victims, but there are other actors as well and particularly government (and their regulations) and what we refer to as systems
that allow (or prevent) cybercrime to take place.
Keywords
Cyberattacks; Threats; Regional variations; Impact on business; Infrastructure; Victims; Regulators; Open systems; Closed systems; The Cloud
Contents
1.1 Cybercrime and Cybersecurity
1.1.1 Types of Cyberattacks
1.1.2 Threats from China and Russia
1.2 The Internet and Cybercrime as an Asymmetric Threat
1.3 Cybercrime as an Industry
1.4 Location and Regional Variations of Cybercrime
1.5 The Intensity and Spread of Cybercrime
1.6 Impact on Business
1.7 Cybercrime and the Infrastructure
1.8 Relevant Actors
1.8.1 The Cybercriminals
1.8.2 The Victims
1.8.3 The Regulators
1.8.4 The Systems
References
Before we delve into the cyber risk patterns of different types of companies and their strategic options, it is useful to consider the nature of cybercrime and cybersecurity within the USA and as a global phenomena, to understand why cyber war is so different from other, more traditional types of warfare, to appreciate the nature of cybercrime as a distinct industry, to map out regional differences in the level and types of cybercriminal activity currently taking place, to consider the fundamental issues that dog businesses in today’s world of cybercrime, and, finally, to come to grips with the major actors who rose up during, and now inhabit and work within, the technical, social, and economic structures created by this digital century.
1.1 Cybercrime and Cybersecurity
Cybercrime is one of the most pressing issues facing the digital world in the 21st century. The costs incurred with the failure of computers, smartphones, tablets, and other electronic devices to prevent cybercriminals from their aggressive and increasingly sophisticated attacks are truly enormous, and growing rapidly. Cybercrime not only steals valuables—some in the form of intellectual property or trade secrets—but in doing so, it negatively impacts employment. In developed countries, cybercrime has the effect of shifting personnel away from the most high-value jobs. IntelSecurity estimates that in the USA, cybercrime has resulted in the loss of 200,000 jobs, or a 1% decrease in employment annually. A country’s economic growth then suffers. Even when the unemployed workers displaced by cybercrime find other jobs, they are not as high paying. With consumers having less money in their pockets, they spend less overall, which tends to slow down a nation’s economy.a
Despite this ever growing and highly publicized threat to businesses and to their home countries, it is not at all clear that the business community appreciates—or even cares to coldly face—the risk that confronts it [2].
Geographically, the impact of cybercrime is most prevalent in developed countries, especially the USA, the European Union—the UK has the second largest cybercrime industry after the USA—and Japan. Developing countries—China, India, Brazil, Russia, and a number of Eastern European countries—are themselves nurturing the rise of cybercriminal groups and a large and sophisticated cybercrime industry that targets the wealthier companies and organizations in North America and Europe.b
1.1.1 Types of Cyberattacks
The various types of cyberattacks are well known and will not be taken up here in any great detail.c For our purposes, it is sufficient to point out that cybercrime takes many forms, three of the most common being hacking (seeking and exploiting weaknesses in a computer system or network for profit, protest, or the challenge), phishing (stealing from computer networks of personal and other sensitive information), and spamming (posting unsolicited communication on the computer systems and networks of others). The introduction of computer viruses and other malicious software (malware) is a common way for hackers to enter into, disrupt, and steal from other computer systems. It may be a sad comfort to know that some things never change and that, fundamentally, these types of malicious digital activity result in the perpetrating of such traditional crimes as fraud, theft (of information and funds), piracy (of intellectual property), terrorism, extortion, human trafficking, pornography, and similar types of offences that have existed for centuries.
1.1.2 Threats from China and Russia
Prior to the coming of the digital age, theft of trade secrets was carried out by corporate moles or angry employees and involved the theft of physical objects, such as paper files and other types of documentation. With the coming of the digital workplace, it has become much easier to steal corporate secrets electronically and from a distance. In the 21st century, a number of recent developments have made it far easier than in the past for hackers to appropriate corporate secrets. These include the rise of the Internet and the proliferation of smartphones, iPads, and other electronic devices within the workplace. The ability of these devices to directly connect into the company’s network is of particular concern. Because these devices are not usually protected from outside attack, they are easy prey for would be hackers. The perpetrators can enter into the company network and access all its data and information by simply breaking into employees’ portable devices and use these beachheads as the jumping off point into companies’ networks allowing them to access and take strategically sensitive information without leaving evidence of their theft. Such cybercrime is becoming an increasingly common occurrence in the workplace. A growing number of company employees bring their own electronic devices to work rather than use corporate-approved devices. Close to half of US companies that allow personally owned devices to connect to the corporate network have experienced a data breach.
The fact that the theft of proprietary corporate information can take place at a distance exposes domestic companies to theft by foreign countries. In fact, US security experts and government officials say they are increasingly concerned about the theft of information by foreign companies and government agencies. Studies conducted by the US government identify China and Russia as the leading offenders of cyber espionage in the second decade of the 21st century. Hackers within these countries have become very sophisticated in their methods of operation. For example, The U.S. Chamber of Commerce, the nation’s largest business-lobbying group reported that in 2010 its employees were targeted by China-based cybercriminals who could hack into the computers of the Chamber’s member organizations. A recent trend has been the ability of the Chinese business and military to penetrate computers and mobile devices of foreign businessmen and government officials who visit China. This cybertheft of critical information has forced foreign visitors to China to adopt strategies to deflect these attempts, including leaving their computers, smartphones, and other mobile devices at home, and bring with them blank loaner
devices; keeping their phones, computers and tablets close at hand and when, not using them, making sure they not only turn off the device but remove the battery to prevent them from being turned on remotely; connecting to the Internet only through an encrypted, password-protected channel; and never typing in a password directly onto a device, since Chinese hackers can surreptitiously install software devices that steals this information, without being detected.
Cybersecurity issues also have geopolitical implications. The activity of Chinese cybercriminals against US companies and government has strained relations between the two countries. In another instance, in 2013 the North Korean government launched a serious cyberattack against the South Korean banking system, thus increasing tensions between the two countries. However, issues of corporate security do not have to involve one country stealing information from another. Within the USA, UK and other countries, there are concerns that domestic government agencies, such as the National Security Administration (NSA) in the USA, are using advanced computer and communication technology to obtain personal information on their own citizens.
The growing prevalence of cloud computing, while offering greater range and efficiency to business operations, also provides cyber criminals a new tool through which they can breach company information and data networks. Rather than having to go to the considerable trouble of learning the internal workings of the computer systems of different companies, cybercriminals will be able to launch one attack on the servers storing the data of many clients in the cloud network. From here, they can access, steal, and infect the data systems of a large number of companies. Thus hackers can leverage the power of the cloud to more efficiently carry out their criminal activities. One such example involved cybercriminals using the cloud to draw off money from banks in Europe, the U.S. and South America through automated cash transfers.
While technological advances offer increased opportunities for cybercriminals to carry out their campaigns, they also create new weapons for law enforcement personnel, corporations and governments to use to prevent security breaches. These include innovative encryption and cryptographic techniques and software as well as more advanced biosensors identification systems, fraud detection software and other types of detection and prevention technology. But it is clear that as society finds new ways to heighten cybersecurity in government, industry, and the home, cybercriminals will find new ways to identify and breach weaknesses in these systems.
1.2 The Internet and Cybercrime as an Asymmetric Threat
What makes the Internet so exposed today to cyberattack is the very thing that makes it such a powerful tool in society: it is the point at which the three major modes of communication—wired, wireless, and optical—flow together. This multi-modal dynamism makes the Internet a highly alluring target to hackers and, at the same time, provides a number of ways in which they can enter and cause havoc to both public and private networks and disrupt the flow of information through them. Today …the cyber network stretches from the enterprise network and its infrastructure to wireless devices being used at the tactical end by the military, law enforcement shopper or drivers using GPS-disabled devices
[2, p. 5].
Within this more complicated technological world is the additional problem that cybercrime can be seen as essentially an asymmetric threat. In contrast to traditional warfare, where attackers and defenders were on equal ground when confronting one another (attacks were met with greater defenses, leading to new ways to attack followed by even stronger protective barriers and so forth), in cybercrime, such equality between victim and perpetrator does not exist; the cybercriminal has the palpable advantage in the attack-defense game. While the Internet is more complex than ever before, hackers do not necessarily have to be deeply trained to break in. It doesn’t take a lot of capital to become a successful hacker. Anyone with a computer can be a cybercriminal, whether he or she is working for government or out of a garage. Cybercrime can be carried out from virtually anywhere in the world and it is fairly easy for cybercriminals to cover their tracks. Attacks travel through multiple waypoints
that cleverly hide the origins and even trajectory of the invaders’ itinerary. Once the attacker gets into a target network, then the infiltrator can …move quickly, slowly or lie dormant, depending on the nature of the victim’s network and intruder’s intent.
As the speed of information through networks increases, the perpetrator gains the initiative. The hacker can take full advantage of the speed of hardware, software and communications technology upgrades to expedite attack vectors. The defender is continuously in a game of catchup. Then too, the growing use of open source technology eases the way for cybercriminals to become familiar with system architectures—which are essentially codified and easily learned and manipulated—of potential targets and to effectively plan and carry out their attacks [2, p. 8].
1.3 Cybercrime as an Industry
Attackers, defenders, innovators, and regulators form the cybercrime network and together make up what is often referred to as the cybercrime industry. The study of cybercrime as a global industry is still in its infancy. The topic of cybercrime itself has only recently come into view as a developing, coherent economic entity. Much like any other recognized industrial sector, the global cybercrime industry has its sellers (those who create hardware and software that are the tools for carrying out cybercriminal acti?vities), buyers (individuals and countries that purchase such hardware and software for the purpose of actually carrying out cybercriminal activities), and distribution systems (which in this case works under the regulatory radar). There is also an intense competitive dynamic at work in the cybercrime industry—a type of creative destruction—which acts not only between suppliers of the tools of cybercrime, but also involves those who purchase these tools to gain advantage over their competitors, otherwise known as victims. If companies cannot keep up with the technological and strategic advances of the cybercriminals, they suffer economically. If, for example, Company A in some industry can steal intellectual property from its competitor Company B through the use of a new type of microchip either internally developed or purchased (or otherwise obtained) from a third party, then Company A gains a competitive advantage over Company B because of technological