Online Security – An Assessment of the New Menace<br />Global E-Business Marketing (200232)<br /> Online Seminar Mini Report<br />Monroe Myers 95774855<br /> <br />Sunny Joshi 17093024<br /> <br />
Table of Content<br />Introduction - Online Security – An Assessment of the New Menace<br />Literature Review & Findings<br />Specific Topic Related Examples<br />Discussion & Recommendations<br />Futuristic Scenario & Class Activity<br />
Introduction<br />The following online seminar addresses aspects of a worrying trend in the digital world, online security, or lack thereof.<br />And for a better understanding of the topic lets go through some key definitions related to the seminar.<br />Before that, lets watch a short compilation of Personal security online videos. http://www.youtube.com/watch?v=zXzN3uJTGbI<br />
Online Security – An Assessment of the New Menace<br />Online security: “a threat that creates a circumstance, condition, or event with the potential to cause economic hardship to data or network resources in the form of destruction, disclosures, modification of data, denial of service, and/or fraud, waste and abuse” (Kalakota and Whinston, 1997).<br />Information security: “the technical guarantees that ensure that the legal requirements and good practices with regard to privacy will be effectively met” (Flavian and Guinaliu, 2006).<br />
Online Security – An Assessment of the New Menace<br /> <br /> Information warfare: “the actions intended to protect, exploit, corrupt, deny, or destroy information or information resources in order to achieve a significant advantage, objective, or victory over an adversary” (Alger, 1996).<br /> <br /> Internet Security Risk (ISR): “the degree of uncertainty and mistrust aroused from thoughts about providing personal and financial information over the internet” (Lynn et al., 2011).<br />
Online Security – An Assessment of the New Menace<br />Trust: “the willingness to rely on another based on expectations of ability, benevolence, and integrity (Lee and Turban, 2001; Bhattacherjee, 2002). Also defined as: “ the willingness of a trustor to be vulnerable to actions of a trustee due to an expectation the trustor will behave responsibly” (Mayer et al., 1995).<br />Privacy: “to the degree to which the online shopping web site is safe and protects the customers’ information” (Chiu et al., 2009).<br />
Literature Review & Findings<br />Increasing dependence on Internet for various routine activities such as — finance and banking, energy, information and telecommunications, public health, transportation, emergency services, water, medical, defense, food and agriculture, shipping and postal services (Kenneth, Knapp and Boulton, 2006).<br />Criminal activity is rapidly expanding into an underground economy specialising in identity theft, phishing and spam (Verton, 2004) as technical barriers to gaining access to valuable resources fall (Kenneth, Knapp and Boulton, 2006). <br />
Literature Review and Findings<br />Identity theft is another type of 'cyber-terrorism against individuals' (Sterling, 2004) encountered through online communications.<br />As a result of the growing risk, demand for certifiably skilled cyber-security specialists growing at a fast pace.<br />
Literature Review & Findings<br />Following the development of hacking tools for attacking systems sporting the ubiquitous Windows operating system, cyber-criminals are turning their attention to Mac users as the Mac OS platform expands its market share (AVG, 2011)<br />The rise of rogue smart-phone apps such as those relating to Google's Android Market and others is another worrying trend in the battle for greater online security measures (PC World, 2011). <br />
Literature Review & Findings<br />Curiously, most of the victims of cyber-attacks chose not to inform the outside world about such breaches. In 2005, only 20% of intrusions were reported to law enforcement agencies in the US, primarily because of concerns with negative publicity (Gordon et al., 2005)<br />As a result of the recent wave of cyber-attacks and flowing from the perceived effects of potential liability, including leaks of corporate communications, negotiation contracts and other sensitive information influencing a firm's competitive-advantage in its industry and markets, demand for cyber-insurance is growing fast (Kolodzinski, 2002; Keating, 2003).<br />
Literature Review & Findings<br />Computer Economics estimated the damages resulting from The Love Bug, Melissa, Code Red to have exceeded US$54 billion in downtime, removal expenses, and repairs (Geralds, 2003).<br />Ernst and Young alerted that online security-related occurrences can cost a firm US$20 million on average per incident (Garg, Curtis and Halper, 2003).<br />A Fortune 1000 companies survey found a 64% annual growth rate in cyber-attacks carried out using the Internet (Bagchi and Udo, 2003). For example, cyber-technology is increasingly used in corporate espionage (Hansell, 2004).<br />
Literature Review & Findings<br />According to AVG (2011), 53,834 pieces of signed malware were detected in the first 5 months of 2011, a 300% increase on the previous year. Trusted malware involves passing and installing malicious code on a PC with the help of stolen digital certificates.<br />Recently, stolen digital certificates made headlines with the Stuxnet 'worm' and the RSA hack of Lockheed Martin network breach (AVG, 2011). – It’s just like stealing the keys of the house as opposed to using physical force to gain access to a property.<br />Around 7,000 spyware programs reportedly existed five years ago and are responsible for 50% of all PC crashes (Sipior, Ward and Roselli, 2005).<br />Richmond (2004) argued that 91 percent of home computers host spyware code!<br /> <br />
Specific Online Security Related Examples<br />According to the source, MacAfee, a data security firm controlled by Intel Corp., through its five-year long “Operation Shady RAT”, identified 72 government and corporate parties that have been silently compromised, in some instances over years without being detected. List is as follows- <br />1 -Asian and Western national Olympic Committees <br />2 -The International Olympic Committee (IOC) <br />3 -The United Nations <br />4 -The Association of Southeast Asian Nations (ASEAN) Secretariat<br />5 - South Korean steel and construction companies<br />6 -A South Korean Government agency <br />7- A Department of Energy Research Laboratory<br />8 -A US real estate firm<br />9 -Four US defense contractors <br />10 - A Vietnam’s government-owned technology company<br />11 - A US federal government agency<br />12 - Several US state and county governments, and one computer network security company (Alperovitch, 2011).<br />
Specific Online Security Related Examples<br />2011 Set to Be Worst Year Ever for Security Breaches (Liebowitz 2011) <br /> Companies as follows have faced severe breaches -<br />Sony, the data-security firm RSA, Lockheed Martin, the email wholesaler Epsilon, the Fox broadcast network, NASA, PBS, the European Space Agency, the FBI, the British and French treasuries and the banking and insurance giant Citigroup. <br />What do all these organizations have in common?<br />Along with dozens of other companies and government agencies, they were victims of massive network security breaches in the first six months of this year. <br />"In the last 10 years, I don't think we've seen breaches that have affected consumers at this scale," said OndrejKrehel, information security officer for Scottsdale<br />
Discussion & Recommendations<br />Given current and projected growth of information technology, its use in e-commerce and the magnitude, spread and affordability of launching cyber-threats in their many forms, contemporary levels of complacency afforded by business organizations, individuals and governments are largely and alarmingly inadequate.<br />As superior cyber-attack technologies trickle down from state-sponsored labs to the increasingly sophisticated, financially-motivated cyber-criminals of late, businesses of all sizes are faced with the challenging task of managing the risks involvedspecially for small businesses.<br />Therefore, it is strongly recommended for all stakeholders to adopt appropriate cyber-strategies for effective information security management.<br />
Discussion & Recommendations<br />A multi-layered approach to protecting online communications from prying eyes is needed in order to boost confidence in online services by a growing base of interested parties of all denominations<br />governments, business organizations and individuals alike will need to collaborate in creating and maintaining an array of defense barriers in order to minimize chances for exposure to the rapidly sophisticated intrusions of the online world.<br />For an effective strategy against the invisible threat, elements of technology, law and societal awareness are advised to be incorporated in management's strategy , it is significant to help small and medium enterprise become better acquainted with their increasingly important role in securing B2B and B2C networks and data streams in an effort to foster a safer online environments.<br />
Discussion & Recommendations<br />Bush (2003), for instance, divided the complex cyber-challenge into five levels as part of the National Strategy to Secure Cyberspace.<br />Those levels are -<br />1 - Home users and small businesses<br />2 - Large enterprises<br />3 - Critical infrastructure sectors<br />4 - National vulnerabilities <br />5 - The global information grid of networked systems.<br />
Discussion & Recommendations<br /><ul><li>International and national bodies should come together to exchange ideas, discuss possible frameworks of potential and pledge the necessary resources for combating the threat within certain time frames.
. Corporations are also recommended to collaborate with governments in designing and adopting appropriate mechanisms for dealing with the various facets of the problem and reaching binding agreements with regard to their rights and obligations in the process
Individuals carry the ultimate responsibility for using the expanding medium within reason while raising their own awareness of the dangers of venturing unprepared, in terms of hardware and software, into the 'World Wild Web'.</li></li></ul><li>Discussion & Recommendations<br />Moreover, the rising trends of cloud computing and social networking, although promising in terms of attracting a larger audience and enhancing the efficiency of communications, are likely to increase the risks associated with cyber-attacks since the pool of data stored is massively increasing.<br /> A proactive approach to guarding sensitive information resources such as data encryption, backup and access authentication procedures are among the practices to enlist in the virtual war unfolding.<br /> Therefore, from a strategic point of view, top management is advised to reconsider the risk/benefit scenarios of their online endeavors and adjust future plans accordingly<br />
Futuristic Scenario<br />It’s the 22nd of August 2025….. <br />…. A Nation has declared a war against an another Nation.<br />Minimum or no use of Arms.. <br />Keyboards replace Bullets..<br />Traditional reasons for war such as land and resources are replaced by Cyberspace invasions and capturing of the online infrastructure and the data virtually. <br />Lets discuss..<br />
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.