Cybercrime Security Strategies

CybercrimeSecurity Strategies

Abstract

Cybercrimeis currently a global challengethat affectsindividuals,corporations,andgovernmentagencies.Perpetrators of cybercrimeare motivatedby differentfactorsto factors(includingtheneedto stealcriticalinformation,destroycorporations,andstealmoney)to conductcybercrime. Theestimatedannualcostof cybercrimeis $ 100 billion, with projectsthat thecostwill growto $ 120 billion by 2017. Thegovernmentagenciesandcorporationsemployprofessionalswhocan enhancetheir capacityto dealwith emergingchallenges.Developingtheearlywarningsystemsis a commonstrategyusedby governmentsto protectthelocalcorporations,individuals,andtheir agencies.Otherstrategiesusedby corporationsandthegovernmentagenciesincludeenhancingthetechnological capacityof thelawenforcers, regulatoryoversight,andencryption. Despite theuseof differentstrategiesto addresstheissueof cybercrime,globalization of thismenacecoupledwith rapidtechnological changesmakesitdifficultforthestakeholders to preventtheprevalenceof cybercrime.

Keywords:cybercrime, technological advances,cybercrime, encryption, regulatoryoversight,lawenforcement.

CybercrimeSecurity Strategies

Therapidadvancesthat havebeenachievedin thefieldof technology haveimpactedallaspectsof humanlife.However,thebenefitsthat arederivedfrom theseadvancesdonot gowithout a cost.Technological advancesandcybercrimeare inseparablefactorssince cybercriminalshavethetechnological capacityto takeadvantageof everypositiveadvancethat is madeto accomplishtheir criminalplans(Wainwright, 2015). Thegovernmentagenciesandprivatecorporationshavetheprimaryresponsibilityfordevelopingeffectivestrategiesto protectthemselves from cybercrimes.In addition,thegovernmentagenciesandcorporationsshould be awareof thefactthattheyare a targetformanycybercriminals whousedifferentstrategiesto accomplishtheir varyingintentions.Thediversityof crimeobjectivesandmethodsofaccomplishingthoseobjectivespresentscorporationandlawenforcers with a challenging situationsince theyhaveto usedifferentstrategiesto addressthecybercrime menace.Thispaperwill addressvariousstrategiesthat thegovernmentagenciesandcorporationsuseto shield themselves from cybercrimes,thefactorsthat motivateperpetrators of cybercrime,themagnitudeof cybercrime, andchallengesthat hinderthefightagainst cybercrime.

Motivationforcyber-attacks

Thetopreasonforcybercrimeis financialgainsince mostof thehackers believethatcyber-attack is theeasiestwayto makelargesumsof money.Someattackersfindtheir waydirectlyinto bankswhileothers impersonatedifferentbankswith theobjectiveof trackingcorporationsandindividuals.Mostof thesehackers arehiredby individualswhohavenotechnicalcapacityto accessthebanksorcorporation’sdatabases. Distributeddenial-of-service is one of themostcommontypesof cyber stackthatreportedby thefinancialinstitutions(Westervelt, 2013). Thisis becauseDDoS isdifficultto isolatefrom legitimateonline traffic.Thisgivescyber attackersan easywayto getlargesumsof moneyfrom clientsbefore theyaredetected.

Someattackersmay alsobe motivatedbytheneedto damagethereputationof a givencompany.Thistypeof cyber-attackismainlydonebyhacker activists whosemainintentionis to spreadsomepoliticalmessageandmakea significantstatementto thepublic.Forexample,theSyrian Electronic Army (SEA) managedto hijackseveralTwitter handlesthat wereconnectedto differentnewsorganizations(suchas theAssociation Press) in 2013 (Westervelt, 2013). SEA accessedthelogin detailsof theNew York Times fromthe domainsellerandmanagedto disruptNew Time`s website.

Apartfrom cybercrimeprofessionalswhoearnby beinghired,there are is anothergroupof attackerswhoaccessthefinancialinstitutionsandstealmoneyforthemselves. Thistypeof crimeis conductedusingthebankingTrojans that are programmedto allowthehacker gaina directaccessthevictims’accountsanddraintheavailablefunds(Westervelt, 2013). Someof thecommonbankTrojans includesSpyEye, Zeus, andNeverquest.Users of theseTrojans injectsomecodein thebrowser of Firefox andInternet Explorer users, which allowscredentials of bankaccountsto besentbackto thehacker. Thesecredentials are thenusedto drainthebankaccountsof victims.

Wipingout corporation’sdatais an emerging motivationforcybercrime, whereperpetrators conducttheattackwith theobjectiveof destroyinga givenbusiness.There are somemalware programsthat are designedto blockemployeesof specifiedorganizationsfrom accessingdata orwipingout theentiresystemwith theintentionof cripplingthetargetorganization(Westervelt, 2013). Someattackersmay usecryptolockersto encrypt thevictims’systemandrequirethem to paythe ransomforthem to getthesystemback.Althoughthismay beviewedas a wayof stealingmoney,themainobjectiveis to cripplethevictimfinancially.

Magnitudeof cybercrime

Cybercrimeis a global challengethat is affectedboth thegovernmentandthebusinessagenciesworldwide.Itisestimatedthatcybercrimeis currently costingtheworlda totalof $ 100 billion,andthisfigureis estimatedto riseto $ 120 billion by theyear2017 (Go-Gulf, 2015). About556 million individualsandcorporationsare affectedby cybercrimeeachyear,which meansthatabout 1.5 million entitiesare affectedper day.Thismeansthatat least18 entities(companiesandindividuals)fallvictimsof cybercrimeeachsecond(Go-Gulf, 2015). Trendsindicatethatthesocialmedia is becominga majortargetof cybercrime, whereabout51 % of victimsof hacking, abuse,oridentifytheftare users of socialmediasites,which costs$ 670 million annually(Jones, 2014).Atleast1out of 10users ofsocialsiteshaveexperiencewith cybercrime.

About50 % of thevictimsreportedthecasesof theuseof programs(includingMalware, worms,viruses,andTrojans) designedto facilitatecrime,33 % of them reportedcasesof criminalinsider, 28 % theftof data-bearing devices,and28 % SQL injection(Go-Gulf, 2015).Thisimpliesthatmostof thehackers preferusingcomputerprogramsthat can helpthem stealdata ormoneyfrom anonymouslocations.Statisticson corporate cybercrime showsthatabout 38.9 % of hackers target themedicalhealthrecords,35.1 % targetbusinesses,10.7 % targeteducationalinstitutions,9.9 % targetthegovernmentmilitary,and5.3 % targetfinancialinstitutions(Go-Gulf, 2015).Thelargesumsof moneythat is stolenfrom thefinancialinstitutionshas broughtthecybercrime that targets theseinstitutionsto thepubliclimelightcomparedto othertargeted institutionsins spiteof thesmallnumberof cases(5.3 % only)reported.

Strategiesdevelopedbythegovernmentandcorporate to counter cybercrime

Attractingnewtalentsto counter cybercrime

Currently,the talentgapin internet securityis consideredas a global crisissince itisdifficultto findandexpensiveto hireindividualswith thetechnicalcapacityto addresstheissueof cybercrime.Lately,thegovernmentagenciesandlargecorporationshavecomeup with mechanismsto buildthenecessarycapacitythat will helpthem counter theescalating casesof cybercrime.Oneof themosteffectivestrategiesthat corporationsandthegovernmentagencies(suchas theFBI) useis to payis to giveexpertsbettercompensationpackages,which increasesthecostof cyber security(Palmer, 2014).Inspiteofthehighcompensationofferedto experts,their numberis toolimitedto dealwith thelargenumberof cybercrime threats.Institutionsof higherlearninghavepartnered with technology firms (suchas thepartnershipbetween Cisco Incorporation andtheUniversity of Phoenix) to addresstheglobal staffing challenge(Ritchey, 2014). Therefore,recruitinghighlyqualifiedcyber securityexpertsis thefirstlineof defenseagainst cybercrime.

Developingearlywarningsystems

Earlywarningsystemsreferto programsandplansputin placeby thegovernmentorcorporationsto helpthem in detectingandaddressingcasesof cybercrimein earlystages.In mostcases,thegovernmenttakestheinitiativeto setup theearlywarningsystemin orderto addressissuesof cybercrime within its jurisdiction.Forexample,theU.S. governmentestablishedtheNational Cyber-Forensic andTraining Alliance through theFIB,which is a governmentagency(FBI, 2015). NCFTAservesasthe centerforbringingtogethertheprivateindustry,lawenforcement,andacademia with theobjectiveof sharingon emergingcybercrime threatsanddevelopingstrategiesto mitigatetheexistingthreats.Institutionsandcorporationssendinformationabout newthreats(suchas malware) to NCFTAmembersas soonas theydetectthem (FBI, 2015). NCFTAmemberstheninvestigatethethreatanddevelopmitigationstrategiesbefore thehackers causeseveredamageto thetargeted institutions.OthergovernmentshaveadoptedtheU.S. modelof earlywarningsystem,which haveprovento be effectivein reducingtheseverityof cyber attacks.

Lawenforcement

Cybercrimehas beena hardnutforthelawenforcementagenciesto crackforquitea longtime.However,recenttrendsindicatethatthelawenforcementagencieshaveimprovedtheir gameandenhancedtheir capacityto arrestandprosecutetheperpetrators of cybercrime.Malenkovich (2013) reportedten seriouscasesof cybercrimethat havebeenconcludedwithin a periodof three years,indicatingthatthesecurityagencieshavedevelopedthenecessarycapacityto addressthesecrimes.In one of thesecases,Hamza Bendelladj, an Algerian hacker,wasarrestedin Bangkok afterstealingabout $ 20 million in a seriesof cybercrime activitiesthat involvesabout 217 banks(Malenkovich, 2013). In addition,thefactthatthelawenforcementagenciesin thedeveloping worldhavebeensuccessfulin recentin prosecutingperpetrators of cybercrime giveshopethattheentireworldis wellpreparedto addressthemenace.Forexample,policeofficersarrested12 perpetrators of cybercrime in 2014 in Pretoria, South AfricaIndependent (Media, 2014). However,limitedinternationalcooperationmay hindertheeffortsof thelawenforcementagenciessince cybercrimehas noboundaries.

Networkregulatoryoversight

Oversightis one of thekeymeasuresthat thegovernmentcan useto monitorcyber activitiesanddetectillegaltrafficin time.Forexample,theAustralian governmentestablisheda voluntaryprogramknownas Internet Security Initiative that usesdifferentintelligencesourcesto makea listof IP addressesthat are compromisedby malware (Barrett, Steinguebl &amp Smith, 2011).Once theprogramdetectsmalware threats,theorganizationsthat havesignedup fortheprogramsare notifiedimmediatelyby sendinga notificationthatthere is a problemwith one of thePCs. Currently, theprogramprotectsmorethan 90 % of theAustralian customers,includingcorporationsandindividualcitizens(Barrett, Steinguebl &amp Smith, 2011). Thegovernmentof theU.S. has developeda parallelprogramknownas Electronic Crime Special Agency Program. ESCAPis runbya groupofcomputerspecialistswhodetectcrimesthat are conductedusingelectronicmedia.ESCAP programhas developeda cultureof partnershipamong thestakeholder from a spectrumof majorinfrastructure.

Encryption

Encryptionis one of themostcommonmitigationstrategiesusedby corporationsandthegovernmentagenciesto protectthemselves from cyber attacks.Encryption involvestheuseof longkeysthat aregeneratedrandomly andmust be mappedon documentsthat are generateddigitally (Voltage Security Incorporation, 2014). Documentsthat are digitally-generated areknownas digital certificates.However,recentadvancesin the field of technology&nbsphavefacilitatedthedevelopmentofidentity-based encryption that helpscorporationsto protecttheir data without theneedfordigital certificates.Thisis achievedusingthekeyserver that hasthecapacitytocontrolthegenerationof privatedecryption keyscorrespondingto publicidentities.Thisfacilitatestheprocessof separatingauthorizationandauthentication from keygenerationvia keyserver, which in turnfacilitatesthecontrolof permissionrequiredto generatekeyson a granular policybasis(Voltage Security Incorporation, 2014).Encryptionis widelyusedby corporationsandgovernmentagenciescomparedto othersecuritymeasures.

Challengesthat makeitdifficultto dealwith cybercrime

Globalizationof cybercrime

Currently,cybercrime is a global challengewheretheperpetrators of thiscrimecan carryitout fromvariouspartof theworldprovidedthat theirtargetregionhas internet connectivity. Due to its global nature,cybercrimecan onlybe addressedthrough concertedeffortsof theinternationalcommunity,which is lackingat themoment(Wainwright, 2015). Thismeansthatthesecurityagenciesof differentcountriesneedto cooperatewith eachotherin investigatingandprosecutingperpetrators of cybercrimewhocarryout their crimesacross theborders.However,suchmeasuresrequiretheformulation of effectiveinternationallawsagainst cybercrime.

Rapidtechnological advances

Itis clearthattherateorpace atwhichtechnology has beenadvancingexceedstherateof legalreformsas wellas theadjustmentoflawenforcers’ capacityto handlecybercrimes.Theseare majorchallengesthat explaintheglobal prevalenceof cybercrime in spiteof thefactthateachof thecountrieswherecorporationsandgovernmentagencieslosedata andmoneyhasthelawsas wellas thelawenforcementagencies.Thelackof adequatecapacityto counter cybercrimehaveprovidedtheperpetrators of cybercrimewith an environmentto thriveby developinga widerangeof criminalactivities,which includemalware, pharming, andphishing among others (Wainwright, 2015).Thismeansthatthestakeholders in thesecuritysectorshould enhancetheir technological know-howin orderto be at parorhavemoreknowledgethan thecybercriminals.

Conclusion

Cybercrimeis currently a global crimethat isconductedwithout regardingtheexistenceof nationalorregionalborders.Itis one of thenegativeeffectsorthecoststhat theworldhas to payin exchangeforthebenefitsthat itderivesfrom therapidtechnological advances.Differencesin themannerin which cybercrime occurscan beexplainedby thefactthatcybercriminals aremotivatedbyvariousfactorsto engageinthistypeof crime.Forexample,criminalswhointendto stealmoneyfrom financialinstitutionsuseTrojan programs,suchas Zeus. Althoughorganizationshavetriedto addressthemenaceof cybercrimeby attractingnewtalents,earlywarningsystems,regulatoryoversights,encryption, andenhancingthecapacityof lawenforcers, cybercrimeis stilla significantchallengethat requiresmoreeffectivemeasures.

References

Barrett,M., Steinguebl, A. and Smith, B. (2011). Combatingcybercrime: Principle, policies, and programs.San Jose: PayPal.

FBI(2015). TheNCFTA: Combining forces to fight cybercrime.Washington, DC: FBI.

Go-Gulf(2015). Cybercrime statistics and trends. Go-Gulf.Retrieved March 23, 2015, fromhttp://www.go-gulf.com/blog/cyber-crime/

IndependentMedia (2014). Twelve arrested in Pretoria for cybercrime. IndependentMedia.Retrieved March 23, 2015, fromhttp://www.iol.co.za/news/crime-courts/12-arrested-in-pretoria-for-cyber-crime-1.1691931#.VRAPCo5QLIV

Jones,R. (2014, October 21). Cybercrime now becoming a serious problem formany Britons. Theguardian.Retrieved March 23, 2015, fromhttp://www.theguardian.com/money/2014/oct/21/cybercrime-identity-theft-hacking-abuse-social-media-britons

Malenkovich,S. (2013, March 13). Ten arrest that shook the cybercrime underworld.Kaspersky.Retrieved March 23, 2015, fromhttp://blog.kaspersky.com/10-arrests-that-shook-the-cybercrime-underworld/

Palmer,D. (2014). Attractingcyber security talent a challenge for police cybercrime unit’s AndyArchibald.London: Incisive Business Media.

Ritchey,D. (2014). Why the security talent gap is the next big crisis. Troy,MI: BNP Media.

VoltageSecurity Incorporation (2014). Informationencryption for email, files, documents, and databases.Cupertino, CA: Voltage Security Incorporation.

Wainwright,R. (2015). Proposalfor dealing with cybercrime: Challenges and solutions.Kielinie: Global Economic Symposium.

Westervelt,R. (2013). Top five cybercriminal motives in 2013 attacks. TheChannel Company.Retrieved March 23, 2015, fromhttp://www.crn.com/slide-shows/security/240164580/top-5-cybercriminal-motives-in-2013-attacks.htm/pgno/0/1