The Internet has revolutionized the way that many companies do business. However, Internet use is not without its risks. Cyber crime is on the rise and its potential consequences can be disastrous for both the individual and the organizational victim. Internet security is an increasing problem, and there are a number of types of computer crimes to which an organization may be susceptible if sufficient security measures are not in place. However, an enterprise can make cyber crime more difficult and thereby become a less desirable target. In the end, however, it is important to remember that no computer that is connected to the Internet is completely secure. However, for many businesses, not using the Internet is poor corporate strategy. Therefore, Internet security must be taken into account in the enterprise's strategic plan and sufficient resources given to maximizing the system's security.
Keywords Cyber Crime; Encryption; Enterprise; Firewall; Hacker; Risk; Security; Virus
Business Information Systems: Internet Security
The Internet has become an integral part of many lives in the industrialized world of the twenty-first century. One can communicate with friends and family almost instantaneously through e-mail and pass along text messages as well as documents, photographs, and audio/video clips. The Internet also provides an inexpensive way to connect people together at short or long distances for voice conversations and even allows people to see each other while talking. One can shop and compare costs and features of products or can gather information to better understand a medical condition or other topic of interest. One can book hotel rooms as well as airline tickets. Banking, grocery shopping, and purchasing sports and theater tickets can all be done online. The proliferation of information on the Internet makes it possible to research and compare similar products and features as well as obtain the best price available on electronics, furniture, books, and more in minutes rather than in hours or days from the comfort of one's own home.
The Internet has not just made life easier for the individual. These same features make it popular with businesses eager to keep up in the global marketplace and have revolutionized the way that many companies do business. Sometimes organizations use local area networks that link multiple local computers to each other and various peripheral devices, metropolitan area networks that link computers over citywide distances at higher speeds than local area networks, or wide area networks that link multiple computers that are widely dispersed and use high speed, long distance communications networks or satellites to transmit and receive data. However, many companies also use the Internet to do business on a wider scale. The Internet has contributed to the modern trend toward globalization so that businesses no longer operate only locally or nationally, but internationally as well.
Although the Internet has expanded the capabilities of many businesses, its use is not without risk. Without adequate safeguards in place, networked computers are open to attacks not only from within the company, but from external hackers as well. Breaches of security can affect the validity of data and conclusions, the reliability of processes, and harm not only the organization's reputation and ability to do business, but the customer's security and safety as well. Hackers can access sensitive information or alter or corrupt software programs so that they produce invalid results or so that the system becomes unreliable and unusable. The impact of security breaches on the customer can range from false charges on credit cards to unauthorized access to sensitive information or even identity theft of the individuals whose data are contained in the databases. Complete identities comprising birthdates, social security numbers, and credit card and bank account numbers are being increasingly targeted by hackers since they are worth so much more. In 2013, it was reported that individual credit card numbers were worth between $4 and $8 whereas complete identities were worth between $25 and $40 to the cyber criminal. For just under $300, a cyber criminal can purchase the stolen credentials for a bank account ("Report on Commodities Value in the Cyber Criminal Underground Market,” 2013).
Research in the early 2000s found that the time between the announcement of a software vulnerability to the time that attack is made on that vulnerability could be as little as 16.5 hours, and security teams are preparing for a time when new threats emerge with little or no warning. This means that organizations need to quickly address vulnerability issues and correct them in a timely fashion. Although this may seem like an occasional problem, there were a reported 5,225 vulnerabilities in 2012 alone, which was a 26 percent increase from the year before. (Lemos, 2013).
Cyber crime is on the rise and the potential consequences can be disastrous for both the individual and the organizational victim. Attacks on e-commerce sites are on the rise exponentially, with a report of 16 percent in 2004 over four percent the previous year. Between 2010 and 2011, e-commerce sites saw a 153 percent increase in attacks during the winter holiday season (Lee, 2012). The Internet protocol space of 40 percent of Fortune 100 companies is compromised by self-replicating computer programs called worms ("The Internet is a well worn, 2004). These malicious programs replicate themselves over a computer network and perform such actions as using up computer resources or shutting down the entire system. In addition, adware — a software application that displays advertising banners while the program is running — is becoming more problematic. Adware frequently includes additional code called spyware that tracks users' personal information and distributes it to third parties without the individual's knowledge or permission. Adware is also used to deliver malicious codes to other computers.
Organizations' computer systems and networks can also be vulnerable to external attack by computer viruses. These programs or pieces of code are loaded onto the computer without the user's knowledge and against the user's wishes and alter the way that the computer operates or modifies the data or programs that are stored on the computer. Simple viruses can be self-replicating bits of code that use up a computer's memory or otherwise disable a computer; more complex viruses can transmit themselves across networks and bypass security systems to infect other computers or systems, corrupting or erasing programs or data. Computer viruses can not only be loaded into the computer intentionally by hackers, however, but also indirectly through the receipt of infected e-mail or attachments.
Although responses to cyber crime are becoming more sophisticated, so are the cyber criminals. The "Journal of Accountancy" reported an increasing collaboration between cyber criminals resulting in a 29 percent increase in computers affected by malicious bots in the last half of 2006. Indeed, as the use of the Internet and e-commerce increases, so does cyber crime, including risk from industrial spies, foreign governments, competitors, and even legitimate business partners. in a 2012 Ponemon Institute report on cybercrime, more than 90 percent of the organizations in the report had experienced loss of sensitive or confidential documents and data over the preceding twelve month period (Kendler). Despite these statistics, however, it is not practical for most companies to stop using the Internet. Without the Internet, it would become extremely difficult, if not impossible, to be competitive in the global marketplace. Similarly, twenty-first century customers have come to expect that organizations have a presence on the Internet, including a website and e-mail capabilities. Use of the Internet is a risk that most companies have to take. The problem is to minimize the risks associated with doing so.
Types of Computer Crime
There are a number of types of computer crimes to which an enterprise may be susceptible if sufficient security measures are not in place. One general category of computer crime involves the unauthorized entry of a criminal into the company's computer system. For example, in piggybacking, a criminal uses the codes or passwords of an authorized user to gain illegal access to the system. Another type of computer crime in this category is illegal access to the system through entry by a trapdoor. Trapdoors are prohibited, unknown entry points into a program or network that allow criminals to gain access to the system.
A second general category of computer crime includes intentional damage to the system's data. Data leakage is the intentional erasure or removal of files or even entire databases from a system without leaving any trace that they have been removed or even that they existed. This type of cyber crime can result in cost to the enterprise in the recovery of the data as well as from loss of good will from customers due to errors resulting from the data loss. Customers can also be harmed from data leakage if receipts or credits are not correctly posted to their accounts. The enterprise's communications networks can be harmed through zapping, the process of damaging or erasing data and information, causing problems for both the enterprise and the customer. Another type of intentional damage to the system's data is scavenging,...
(The entire section is 4234 words.)