In line with all of the research conducted for this paper, the loss r misuse of information is the most significant outcome of cyber-crime. As a result of this research, organizations must be more wary in defending their most sensitive and confidential information. The cost to defend against cyber-crime can be significant as shown by the following research. Key takeaways from this research include: Cyber-crimes continue to be costly. We found that the average annulled cost of cyber-crime for 56 organizations in our study is $8. 9 million per year, with a range of $1. 4 million to $46 million.
In 2011, the average annulled cost was $8. 4 million. This represents an increase in cost of 6 percent or $500,000 from the results of our cyber cost study published last year. Cyber attacks have become common occurrences. The companies in our study experienced 102 successful attacks per week and 1. 8 successful attacks per company per week. This represents an increase of 42 percent from last years successful attack experience. Last year’s study reported 72 successful attacks on average per week. The most costly cyber-crimes are those caused by denial of service, malicious insiders and web-based attacks.
Mitigation of such attacks requires nabbing technologies such as SEEM, intrusion prevention systems, application security testing and enterprise governance, risk management and compliance (GAR) solutions. (Phenomenon, 2012) The intention of this paper is to measure the cost of cyber-crime and examine those trends for the past few years. The belief is that a better understanding about the cost of cyber-crime will aid organizations in determining what the appropriate amount to invest and correct amount of resources needed to thwart or minimize the demoralizing consequences of an attack.
The goal is to be able to calculate with as much recession as possible the costs taken on by organizations when they have discovered that they have been the subject of cyber-crime. As experience and research has shown, a traditional survey approach is not necessarily the best way to capture the essential details needed to accurately calculate the cost of cyber-crime. For that reason, field-based research that has involved interviewing senior-level employees and collecting information about actual cyber-crime incidents will be the main focus of the research.
The result of that research has covered a few years and an effort to recruit companies, build an activity- eased cost model, collect source information and analyze results. This paper will conclude with the research of case studies involving numerous organizations. For consistency purposes, the research focus consists of mainly larger-sized organizations (i. E. , more than 1,000 enterprise seats). The focus of the research was the direct, indirect and opportunity costs that ends in the loss or theft of information, disruption to business operations, revenue loss and destruction of property, plant and equipment.
Along with calculating the outside cost of cyber-crime, this paper will attempt to capture the total cost spent on detection, investigation, incident response, containment, recovery and after-the-fact response. Introduction With the Rapid evolution of Information Technology, criminals find inventive was to commit crimes. This paper will shed some light on how much companies are spending on preventing Cyber-crime. The time factor in this modern era progresses far too fast to improve the performance factor.
The use of the Internet is what makes it possible. One way of defining the term Internet is the collection of millions of computers that provide a network of electronic connections between the computers. There are literally millions of these amputees linked to the internet. With the Internet rapid evolution it has allowed everyone to appreciate its use but on the other side of that coin is the cyber-crime that has also evolved just as rapidly, if not faster. E-commerce has become an essential part of all marketing activity.
With the rapid evolution of the Internet the majority of e-commerce has transferred to take place on the websites of publicly traded companies. With all of this rapid evolution there has been the need to define all aspects that occur on the Internet and one of them is the term ‘cyberspace’ which refers to the electronic medium of computer outworks, primarily the Web, where the bulk of online communication takes place. E-business or cyber-business are facing the challenge of being highly vulnerable to e-crime, also known as cyber-crime.
Cyber-crime can thoroughly disrupt a company s marketing activities and in turn ends up costing publicly traded companies billions of dollars yearly in stolen goods, lost business, and damaged reputations just to name a few. Cyber-crime costs the US economy over $100 billion per year (Smith, J. ; Smith, K. & Smith, L. , 2011). Literally with a key stroke, currency can be stolen before anyone would be aware. If a company Bessie crashes or experiences numerous shutdowns then customers will seek those services elsewhere.
This has been expressed in most of the research. In addition to the direct losses associated with cyber-crime, a company that falls prey to cyber criminals may lose the confidence of customers who worry about the security of their business transactions. As a result, a company can lose future business if it is perceived to be vulnerable to cyber-crime. Such vulnerability may even lead to a decrease in the market value of the company, due to legitimate concerns of financial analysts, investors, and creditors. (Smith et al. 011) As entries scramble to invest in information security, governments want to know how large that investment should be, and what the money should be spent on. This creates a demand among rational policy-makers for accurate statistics of online/electronic crime and abuse. However, many of the existing surveys are carried out by organizations (such as antivirus software vendors or police agencies) with a particular view of the world and often a special agenda. (Weiss, 2012) This concern is not limited to just one area and all countries must take an active part in the efforts to mitigate cyber-crime.
One country unfortunately will to be enough to even put a dent in the efforts to prevent cyber-crime but with the consolidated efforts of many countries it can be mitigated to a minimal effect. Cyber-crime will never be eliminated, sorry to break that to you but with every new defense that is created a new vulnerability is exploited by cybernetics’s. This is one of the main reasons why the cost of cyber-crime goes into the billions of dollars each year and it appears that there is no end in sight.
Body of the Research To have a better understanding of what cyber-crime is and the terms associated with it some definitions are provided throughout this paper as a exult of the research conducted. All the definitions provided are not the only definition for each term but are what are considered the most appropriate for research conducted. Since the Internet and cyber-crime are still fairly new the definitions evolve just as fast as they do. The term cyber-crime can be defined as an act committed or omitted in violation of a law forbidding or commanding it and for which punishment is imposed upon conviction.
Other words represents the cyber-crime as ?Criminal activity directly related to the use of computers, specifically illegal trespass into he computer system or database of another, manipulation or theft of stored or on-line data, or sabotage of equipment and data. The Internet space or cyber space is growing very fast and as the cyber-crimes. Some of the kinds of Cyber- criminals are mentioned as below. (Panda, T. ; Raw, Y. & Saint, H. , 2012) Crackers: These individuals are intent on causing loss to satisfy some antisocial motives or just for fun.
Many computer virus creators and distributors fall into this category. Hackers: These individuals explore others’ computer systems for education, out of curiosity, or to compete with their peers. They may be attempting to gain the use of a more powerful computer, gain respect from fellow hackers, build a reputation, or gain acceptance as an expert without formal education. Pranksters: These individuals perpetrate tricks on others. They generally do not intend any particular or long-lasting harm.
Career criminals: These individuals earn part or all of their income from crime, although they Malcontents, addicts, and irrational and incompetent people: “These individuals extend from the mentally ill do not necessarily engage in crime as a full-time occupation. Some have a job, earn a little and steal a little, then move n to another job to repeat the process. In some cases they conspire with others or work within organized gangs such as the Mafia. The greatest organized crime threat comes from groups in Russia, Italy, and Asia. “The FBI reported in 1995 that there were more than 30 Russian gangs operating in the United States.
According to the FBI, many of these unsaved alliances use advanced information technology and encrypted communications to elude capture” Cyber terrorists: There are many forms of cyber terrorism. Sometimes it’s a rather smart hacker breaking into a government website, other times it’s just a group f like-minded Internet users who crash a website by flooding it with traffic. No matter how harmless it may seem, it is still illegal to those addicted to drugs, alcohol, competition, or attention from others, to the criminally negligent. Cyber bulls: Cyber bullying is any harassment that occurs via the Internet.
Vicious forum posts, name calling in chat rooms, posting fake profiles on web sites, and mean or cruel email messages are all ways of cyber bullying. Salami attackers: Those attacks are used for the commission of financial crimes. The key here is to make the alteration so insignificant that in a single case it would go completely noticed e. G. A bank employee inserts a program into bank’s servers, which deducts a small amount from the account of every customer. (Panda et al. 201 2) f anyone has had a computer or laptop affected by a virus then you have been the victim of Crackers.
The only intent is to cause loss for their own pleasure, there is no real monetary gain based on the definition, not to say that some Crackers could be hired to do what they do but for the most part they do it for the sheer pleasure of making others suffer. One example that comes to mind is the “l Love You” virus from a couple of years past. Then there are Hackers ho attempt to gain access to ones computer for the purpose of gathering information/educational, curiosity, or to compete with other Hackers to gain recognition or popularity.
Hackers have been known to hack into such computer networks as those of the U. S. Government which is of major concern to the U. S. Government because of all the classified and sensitive information contained within that network. The other concern would be the access to all the money of the employees as well as the government accounts. Gaining access to all this type of data could completely cripple any country. One of the less harmful ones s the Pranksters who are generally set to carry out practical jokes. They generally do not intend for these pranks or jokes to have any long lasting effects or harm.
All the same they still can cost money in some way, whether sending people home, shutting down a system for a time and so on. Career Criminals are not just criminals in the cyber-crime arena, they are from all areas and this is one that is listed here because Career Criminals are using the cyber arena more and more to assist them in the commission of their crimes. The cyber arena allows them much easier access and they can often commit crimes in a ore efficient manner and with a higher possibility of evading detection.
Cyber Terrorist, as we have learned, has many forms from a highly intelligent hacker to a group of like-minded Internet users with the same goal. These goals can be to crash a website, hacking into a government website or threatening large financial institutions but the end result is still the same. A Cyber bull is another one that the name doesn’t seem to fit the definition and maybe cyber bullying would be more fitting. Cyber bullying is the act of using the internet to pester or bully someone and this can get very serious and has been in the national sews in recent months with one girl ending her life as a result of cyber bullying.
Finally, Salami attackers are in the realm of financial gain because they are committed for the sole purpose of financial gain or causing financial loss. Salami attackers attempt to make the financial loss so slight that it would go unnoticed. Another example comes from the movie “Superman Ill” when actor Richard Prior inserted a code or program into his company’s computer system to send all the decimal points that were not rounded off of every employee’s paychecks to him.
Now this amount was very insignificant from each employee but when added al together the results can be enormous as was seen when Richard Priory’s character received the first check and his reaction. That was just some of the cyber criminals but what about cyber-crimes? To those who are not as versed in the cyber arena they seem to be in the same category but one deals with the individuals who commit the offense (cyber criminals) and the other is that actual offence itself (cyber-crimes).
Categorizing cyber-crimes can be an endless task based on the rapid evolution of the internet but one study categorized them into four general crimes with sub-categories in each as follows: 1. Data Crime . Data Interception An attacker monitors data streams to or from a target in order to gather information. This attack may be undertaken to gather information to support a later attack or the data collected may be the end goal of the attack. This attack usually involves sniffing network traffic, but may include observing other types of data streams, such as radio.
In most varieties of this attack, the attacker is passive and simply observes regular communication, however in some variants the attacker may attempt to initiate the establishment of a data stream or influence the nature of the data transmitted. However, in all variants of this attack, and distinguishing this attack from other data collection methods, the attacker is not the intended recipient of the data stream. Unlike some other data leakage attacks, the attacker is observing explicit data channels (e. . Network traffic) and reading the content. This differs from attacks that collect more qualitative information, such as communication volume, not explicitly communicated via a data stream. B. Data Modification Privacy of communications is essential to ensure that data cannot be modified or viewed in transit. Distributed environments bring with them the possibility that malicious third party can perpetrate a computer crime by tampering with data as it moves between sites.
In a data modification attack, an unauthorized party on the network intercepts data in transit and changes parts of that data before retransmitting it. An example of this is changing the dollar amount of a banking transaction from $100 to $10,000. In a replay attack, an entire set of valid data is repeatedly interjected onto the network. An example would be to repeat, one thousand times, a valid $100 bank account transfer transaction. C. Data Theft Term used to describe when information is illegally copied or taken from a equines or other individual.
Commonly, this information is user information such as passwords, social security numbers, credit card information, other personal information, or other confidential corporate information. Because this information is illegally obtained, when the individual who stole this information is apprehended, it is likely he or she will be prosecuted to the fullest extent of the law. 2. Network Crime a. Network Interferences Network Interfering with the functioning of a computer Network by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing Network data. . Network Sabotage Network Sabotage’ or incompetent managers trying to do the jobs of the people they normally are in charge of? It could be the above alone, or a combination of things. But if Verizon is using the help of the children, hindering first responders line then they might be using network problems as an excuse to get the federal government to intervene in the interest of public safety. Of course if the federal government forces these people back to work what is the purpose of unions and strikes anyway. 3. Access Crime a.
Unauthorized Access “Unauthorized Access” is an insider’s view of the computer cracker underground. The filming took place all across the United States, Holland and Germany. “Unauthorized Access” looks at the personalities behind the computers screens and aims to separate the media hype of the ‘outlaw hacker’ from the reality. B. Virus Dissemination Malicious software that attaches itself to other software (virus, worms, Trojan Horse, Time bomb, Logic Bomb, Rabbit and Bacterium are examples of malicious software that destroys the system of the victim). . Related Crimes a. Aiding and Abetting Cyber-crimes There are three elements to most aiding and abetting charges against an individual. The first is that another person committed the crime. Second, the individual being charged had knowledge of the crime or the principals’ intent. Third, the individual provided some form of assistance to the principal. An accessory in legal terms is typically defined as a person who assists in the commission of a crime committed by another or others.
In most cases, a person charged with aiding and abetting or accessory has knowledge of the crime either before or after its occurrence. A person who is aware of a crime before it occurs, and who gives some form of aid to those committing the crime, is known in legal arms as an “accessory before the fact. “He or she may assist through advice, actions, or monetary support. A person who is unaware of the crime before it takes place, but who helps in the aftermath of the crime, is referred to as an “accessory after the fact. ” b.
Computer-Related Forgery and Fraud: Computer forgery and computer-related fraud constitute computer-related offenses. C. Content-Related Crimes: Cyber sex, unsolicited commercial communications, cyber defamation and cyber threats are included under content-related offenses. The total cost to pay by victims against these attacks is in millions of millions Dollar per year which is a significant amount to change the state of UN-developed or under-developed countries to developed countries. (Panda et al. 2012) Furthermore this is the U. S.
Governments take on any definition of cyber-crime. The U. S. Government does not appear to have an official definition of cyber- crime that distinguishes it from crimes committed in what is considered the real world. Similarly, there is not a definition of cyber-crime that distinguishes it from other forms of cyber threats, and the term is often used interchangeably with other Internet- or technology-linked malicious acts. Federal law enforcement agencies often define cyber-crime based on their jurisdiction and the crimes they are charged with investigating.
And, just as there is no overarching definition for cyber-crime, there is no single agency that has been designated as the lead investigative agency for combating cyber-crime. (Finale, K. & Theory, C. , 2013) Cost Basis Analogy To really get an understanding of the cost of cyber-crimes it is necessary to use some analogies where costs have already been calculated to provide an idea of the extent of the problem, permitting the setting of rough estimates?a top and a OTTOMH?for the cost of malicious cyber activity, by comparing it to other types of crime and loss. Automobile accident: One way to consider the costs of malicious cyber-crime is that people accept the cost of automobile accidents in exchange for the convenience of automobiles; likewise they may accept the cost of cyber-crime and espionage in exchange for the pluses to doing business with information technology. The Center for Disease Control estimated the cost of car crashes in the US at $99 billion in 2010. The American Automobile Association estimated the 2010 cost of at $168 billion.
Center for Strategic and International Studies, July, 2013) Piracy: A feebly ruled area where criminals have control could illustrate some oceanic regions as well as the internet. The International Maritime Bureau estimated the annual cost of piracy as somewhere between $1 billion and $16 billion in 2005 (cyber is not the only field where estimation is difficult). To put these figures in context, the annual value of maritime trade in 2005 was $7. 8 trillion, which means piracy costs equaled at most 0. 02 percent of the total. Center for Strategic and International Studies, July, 2013) Pilferage: Companies accept rates of “pilferage” or “inventory shrinkage” as part of the cost of doing business. For retail companies in the US, this falls between 1. 5% and 2. 0% of annual sales?one 2008 estimate put pilferage losses at 1. 7%. Using a “pilferage” approach that assumed the same rate of loss for malicious cyber activity would put the upper limit somewhere between 0. 5% and 2% of national income. For the US, this would be $70 billion to $280 billion.
A central problem for the “pilferage theory,” however, is that many companies do not know the extent of their losses, leading them to make decisions about what is an acceptable loss based on inadequate information. (Center for Strategic and International Studies, July, 2013) Crime and Drugs: One frequently heard comparison is that malicious cyber activity is more lucrative than the drug trade. This begs the question of whether we know the drug trade’s value. In 2012 the LINE Office on Drugs and Crime estimated the cost of all transnational organized crime as $870 billion, or 1. % of global GAP. It estimated $600 billion of this figure came from illegal drug trafficking. If cyber losses also cost the same share of global GAP, the cost could be more than $600 billion. Center for Strategic and International Studies, July, 2013) The trend here is one that it is difficult to estimate what the losses are because no one knows what the extent of the losses could be. This also leads to someone setting what they think is an acceptable loss that is using data that is not 100% correct.
This will lead to those that are setting these parameters to be tempted to set them in a way that will benefit them, whether that is for job security or possibly in a monetary manner. This could also be grouped into the cyber-crime realm because they would be utilizing he cyber-crime excuse for their benefit. Does it really cause Harm? Assuming that “tolerated costs” from malicious cyber-crime falls into the same range as automobile accidents, pilferage, and drugs, creates a “ceiling’ for estimated loss.
It is suggested that at most, cyber-crime and cyber espionage could costs less than 1% of GAP. For example, losses may reach $100 billion every year in the US as an estimate. To put this in perspective, annual expenditures on research and development in the US are $400 billion a year and $100 million in stolen IP does not translate into $100 million in gain for he acquirer (Center for Strategic and International Studies, July, 2013). One challenge lies in calculating the price to national security and the damage it could cause.
Theft of military technology could affect nations that are less secure by fortifying likely threats or damaging export markets in aerospace, advanced materials, or other high-tech products. There is a relationship connecting cyber- crime intended for commercial targets and cyber-crime intended for military technology. It is often the same players chasing an arena that encompasses both military as well as commercial sources. You can increase cyber attack capabilities by being involved in cyber-crime.
The monetary value cannot be accurately assessed by the loss in military technology but it can be said that cyber-crime alters the conditions to favor foreign competitors. The cause of cruel cyber-crimes on jobs needs additional investigation. The Commerce Department estimated in 2011 that $1 billion in exports equaled 5,080 jobs. Meaning that an elevated guess of $100 billion in losses from cyber-crime would be converted to 508,000 in lost jobs. While this can be converted into a third of a percent rope in jobs, it is not the “net” loss because many of those workers will find jobs elsewhere.
What to really think about is if the lost jobs are in other high paying or manufacturing sectors. If workers that are uprooted by cyber-crime are unable to find jobs that pay just as good or better, the effected country would be worse off. The effect of cyber-crime could be to relocate workers from high paying manual labor jobs into lower paying jobs or unemployment. Estimation Steps Assigning a number to the cost of cyber-crime and cyber espionage is the goal, but the fact is the effect on trade, technology, and competitiveness.
Responding to these queries will help by putting the problem into context. Despite the fact that the cost of cyber-crime and cyber espionage to the world market is possibly in the billions of dollars annually, the dollar total, large as it may be, probably does not reflect the true damage to the world economy. Cyber espionage and crime possibly slows the pace of modernism, warp trade, and produce social costs from job loss. This greater outcome may be more essential than any tangible figure. What is cyber-crime?
A very good question and in all the research there are many different answers hat can be used and all of them are effective in their own ways. Cyber-crime is most commonly understood as involving an attack on the confidentiality, integrity and accessibility of an entity online/computer presence or networks. The CISCO Research Department tentatively defines ‘Cyber-Crime’ as: a harmful activity, executed by one group (including both grassroots groups or nationally coordinated groups) through computers, IT systems and/or the internet and targeting the computers, IT infrastructure and internet presence of another entity.
An instance of cyber-crime can be referred to as a cyber-attack. There is some contention and ambiguity around exactly what activities fall under the classification of cyber-crime, however generally cyber-crime can be categorized as follows: Traditional crimes e. G. Fraud, forgery, which are now committed via electronic networks and information systems; Publication of harmful, illegal or false information via electronic media; New crimes that have emerged due to the unique opportunities presented by the internet e. G. Menial of service, hacking; And ‘platform crimes’ which use computer and information systems as a platform for performing other crimes e. G. SE of bootees. (Attendant, 2013) Cyber-crime Review Prior to exploring diverse criminological theories that have been useful in all the cyber-crime studies that were used to assist with this paper but a better understanding of cyber-crime would be helpful. It is practical to list the types of laws that have been passed to help clarify what cyber-crime is and the jurisdiction it falls under.
This in turn helps us gain a more informed perception of cyber-crime and what forms of crimes should be listed with the label of cyber- crime. Together with the brief knowledge of cyber-crime legislation, it is also important to look at what enforces and battles this problem. Gaining a brief understanding cyber law enforcement allows for insight into how the crime is being addressed which leads to an improved incite of the problem.