English assignment

TO: Manager

FROM:

DATE:

SUBJECT: Adopting Cybersecurity to Combat Cybercrime

This memo is meant for introducing the feasibility report that aims at providing a solution to the cases and nation problems about the cybercrime and the potential proposed solution to curb up the challenge. These feasibilities we are identified by studying various critical factors such as the social effects, legal issues, technical problems, and the economic impact. Therefore, this memo is very vital for an individual to read and understand various aspects.

Countering Cybercrime

Student’s Name

Institution

Table of Contents Memo 1 List of Figures 4 Executive Summary 4 Countering Cybercrime 4 Cybercrime 4 Meaning of Cybercrime 4 Nature of cybercrime 4 Reasons for Increasing Cases of Cybercrimes 5 Cybersecurity 6 An Understanding of Cybersecurity 7 Importance of Cybersecurity 7 Social Impact of Cybersecurity 7 Economic Impact of Cybersecurity 8 Technical and Legal Impacts 8 Cybersecurity Context 8 Conclusion 9

Figure 1: Evolution of Cybercrime

Figure 2: Framework core structure

Countering Cybercrime

In less than 30 years, the Internet has grown from being a curiosity to an essential part of modern life for people in the world. Just as other aspects of globalization, rapid expansion of Internet has exceeded regulatory capacity. This lack of authority has created a vacuum for many abuses. The issue is gravitated by the fact that this technology was developed in a military system designed to overcome external controls. Even those championing the Internet’s creative anarchy have realized it can only reach its full potential if authorities and stakeholders establish ground rules and vigorously discourage antisocial behavior. The main concern is how to do this. Various approaches including educating Internet users on how to protect themselves against the impact of abuses have been proposed. This paper proposes cybersecurity as a suitable solution to combating cybercrime.

Cybercrime is used to describe a wide range of criminal activities or offenses, such as offenses committed against computer related forgery and fraud, content offenses, copywriting offenses, and computer data plus systems (Clough, 2015). Thus, cybercrime refers to any crime that happens online. Cybercriminals normally commit offenses by targeting computer devices and/or networks. Just as everyone else, they use the Internet for communication and to collect information, which has facilitated a significant of organized criminal activities. According to Kremling and Parker (2017), the number of cybercrime offenses has increased because cyberspace offers criminals anonymity as well as the ability to allow unassociated people from different parts of the world to network in transactional ways.

In recent years, governments and organizations have become reliant on technology to establish identities including documents, biometric indicators, and identification numbers. The Internet has even emphasized the need to associate people with data such as codes, personal identification numbers as well as passwords. Cybercriminals can obtain this information in various ways, and use such information to steal money and conduct other offenses via the Internet (Yar & Steinmetz, 2019). Among the various types of attacks used include viruses, phishing, program exploitations, hacking, password attacks, Trojans, ransomware, social engineering, and cross-site scripting (see figure 1).

Viruses are forms of malware designed with the intention to cause malicious activity on victim devices. Viruses tend to delete files and prevent crucial programs such as antivirus from preventing and activating a user from using his or her computer. Criminals can also run exploiting programs on computers by using specialized hacking programs to capitalize on weak areas in a program’s code. In some cases, hackers can also use man in the middle attack techniques to tap into communications between two computers. By doing so, a hacker can record the type of webpages that a user browses and other unencrypted data (Singer & Friedman, 2014). Identity theft, which is another common type of cyber threat, occurs when an attacker collects a victim’s personal information from social media platforms such as Facebook, Twitter, or Instagram and uses such information to build a picture of an individual. An attacker can also use such information to masquerade as the owner of the account and even access a user’s bank details (Yar & Steinmetz, 2019). 

Password attacks arise when an offender uses a hacking tool or program to enter many passwords into a website in order to crack a target’s account details as well as to gain access. Attackers can also do so on a personal computer logon screen. Spear phishing arises when someone tries to send an email to his or he target and it is one of the most common types of cyber threat. The messages are usually designed to convince prospective targets to provide their personal detail, follow links to malicious websites, or download a harmful file. Cross site scripting arises when a hacker decides to send an internet link to his or her target. The link will take a victim to a vulnerable site with vulnerable code thereby exploiting a computer Singer & Friedman, 2014). Trojans are forms of malwares that disguise themselves as useful programs but cause various types of malicious effects such as downloading of dangerous programs or sending of computer files to a hacker. Ransomware is a malicious program designed to extort money from targets by blocking access to computer files and system until a victim pays the ransom. Attackers use social engineering to trick their targets into revealing sensitive information such as monetary payment or confidential data. Attackers can combine social engineering with the other types of threats (Clough, 2015). 

There are many reasons why the world may continue to witness increasing number of organized cyber crimes in the future. First, many people can easily access cybercrime technology. United Nations Office on Drugs and Crime (2013) indicates that people can easily buy software tools that allow users to overcome password protections online. These tools allow many people to become cybercrime offenders, including those without advanced computing knowledge. For instance, the proprietors of “Mariposa” botnet did not possess advanced hacking skills (Sinha, Boukhtouta, Belarde & Debbabi, 2010). Due to peer to peer exchange as well as mirroring techniques, it is quite challenging to limit the availability of such technologies (UNODC, 2013). While skilled cybercriminals would see no need to work for organizations, these tools allow criminal groups to recruit unskilled skills to work on their behalf.

The second reason is the changing profile of Internet users. United Nations Office on Drugs and Crime (2013), for example, indicates that developing countries had many Internet users than developed countries in 2005. This implies that the number of predators would continue to increase if the new users decide to use the Internet for criminal activities. Since the number of victims would remain the same, there is no doubt that the intensity of attacks will grow. Clough (2015) posits that the Internet has made it easy for predators in developing countries to target high value victims in developed countries.

New offenders can also use automation to increase the number of attacks in the world. Today people can use automation to send out millions of unsolicited spam messages within a short duration. Yar and Steinmetz (2019) posit that it is now easy to automate hacking messages by using software tools to attack numerous computer systems within a short timeframe. The ability to launch numerous attacks is possible because of two reasons. First, it allows cybercriminals to hide behind their keyboards by taking only a small portion of money from many victims, which reduces the chances of detection. Second, it enhances criminal strategies that might have been ineffective because of high rates of failure.

Figure 1: Evolution of Cybercrime

Cybersecurity

Despite the threat of malwares, ransomware, and viruses since the introduction of computing technology, awareness of data security and sanctity did not gain much attention until introduction of the Internet. This is when many computers on the web offered hackers formidable playground to test their hacking skills including committing fraud, attacking websites and stealing data. Combating cybercrime is a multidisciplinary issue that includes not only hardware and software, but also policy and people, all of which are aimed at preventing cybercrime happening or minimizing its effects when it occurs. This is what amounts to cybersecurity. Mulligan and Schneider (2011) define cybersecurity as the practice of safeguarding computer systems, programs, as well as networks from digital attacks.

However, there is no single strategy that is effective in combating cyberthreat because cybersecurity is a continuously evolving and constantly active process. Kremling and Parker (2017) assert that implementing effective cybersecurity approaches or measures is challenging today because of the huge number of devices in use and attackers are growing more innovative.

An effective cybersecurity measure has numerous layers of protection that are spread across devices, programs, data, and networks that a user intends to keep safe. In organizations, people, processes, as well as technologies must complement one another in order to establish a formidable defense from cyber threats and attacks (Singer & Friedman, 2014).  Kremling and Parker (2017) posit that people must not only understand, but also comply with data security principles such as strong passwords, data backing, and being cautious of attachments in emails. Concerning processes, businesses must establish frameworks for dealing with attempted as well as successful cyber attacks. For instance, organizations can use the NIST cybersecurity framework to learn how to identify attacks, protects devices, detect and respond to attacks, as well as recover from successful attacks. Technology provides businesses and people the computer security tools required to safeguard themselves from cyber threats and attacks. Three important entities are worth protecting: networks and the cloud, endpoint devices such as computers, and smart devices. Some of the commonly used technologies used to safeguard these entities include DNS filtering, antivirus software, email security solutions, and DNS filtering as well as next generation firewalls (NIST, 2014).

In today’s closely connected world, everybody enjoys the fruits of advanced cyber-defense programs. Mulligan and Schneider (2011) indicate that at individual level, cybercrime can lead to identity theft, extortion attempts, and loss of crucial information. People depend on critical infrastructure such as power plants, banks, and hospitals. Thus, these organizations and critical infrastructures must be secured to keep the society functioning. People also benefit from activities of cyberthreat professionals and researchers who investigate new as well as emerging cyberthreats plus cyber attack strategies. Such studies reveal new vulnerabilities, enhance open source tools, and educate people on significance of cybersecurity.

Implementing cybersecurity to combat cyber threat and attack will affect people’s day to day activities and lives in a positive manner. For example, making cybersecurity the primary focus in significant places such as schools and organizations will enable many people understand the major cyber threats and how to prevent them from interfering with their day to day lives. It will also reduce financial losses that people incur because of cybercrime as well as lack of security in their daily business operations. Cybersecurity will also enable people understand significant technological changes and dynamics. There is also a possibility that cybersecurity measures to secure themselves from cybercrime issues (Teoh & Mahmood, 2017).

Cybersecurity will cause significant lifestyle changes among people. Nonetheless, there is need to make it main aspect of people’s lives that will secure and safeguard from impacts of cybercrime. In as much as the process of implementing cybersecurity measures will involve significant cost, the results will bring significant economic benefits because it will reduce the amount of money that organizations would incur to deal with negative effects of cybercrime. A cost benefit analysis of implementing cybersecurity measures shows that the proposed solution would result in significant financial savings for businesses (Teoh & Mahmood, 2017).

Just as it is for other solutions, it is important to comply with legal and professional requirements when implementing cybersecurity measures. Some of the legal issues worth taking into consideration include data privacy and confidentiality before implementing this solution to cybercrime. From the technological perspective, it is important to consider various issues such as system failure in securing computer devices, programs, and systems. Technical considerations will also help in identifying technological bugs that may hinder the proposed solution from securing devices, programs, and systems from cyber threat and attack (Tropina & Callanan, 2015). 

Organizations need a cybersecurity framework core structure in order to protect themselves against cyber attacks and threats. National Institute of Standards and Technology (2014) indicates that a framework core does not only describe a set of activities needed to attain specific cybersecurity outcomes, but also references guidance examples necessary to attain the outcomes. The framework core is not a checklist of significant actions worth performing but presents significant security outcomes determined by industry as crucial in managing cyber security risks. It comprises of four elements, namely: function, categories, and subcategories as well as informative references as depicted in figure 1.

Figure 2: Framework core structure

Functions tend to organize cybersecurity functions at their highest level. They include identify, protect, detect, respond, as well as recover. They help an organization in expressing its cybersecurity risk management by organizing information, facilitating risk management decision, addressing risks or threats, and improving by learning from past activities. Functions also align with currently existing incident management and help detect impact of investing in cybersecurity. Categories refer to subdivisions of function into cybersecurity outcome groups tied to programming needs as well as particular activities. Common examples of categories are asset management, detection processes as well as access control. Subcategories divide categories into specific technical and management activity outcomes. They provide set of outcomes that help in achieving each category’s specific outcomes. Informative references relate to sections of standards, practices, as well as guidelines illustrating method to attain each subcategory’s specific outcomes (NIST, 2014).

Around the globe, governments, businesses, and individuals have lost money, documents, and suffered from identity theft due to increasing cybercrime activities. Just as globalization, rapid expansion of Internet has exceeded regulatory capacity to address the impact of cybercrime, thereby creating a vacuum for many abuses. People depend on critical infrastructure and organizations, which must be secured in order to keep the society functioning. The way forward is to implement cybersecurity measures. Entities and individuals who develop cybersecurity framework core structure are in better positions to They identify and detect cyber attacks, to effectively respond to such attacks, and to protect as well as recover their critical data.

References

Clough, J. (2015). Principles of cybercrime (2nd ed.). Cambridge, England: Cambridge University Press.

Kremling, J., & Parker, A. M. S. (2017). Cyberspace, cybersecurity, and cybercrime. Thousand Oaks, CA: SAGE Publications.

Mulligan, D. K., & Schneider, F. B. (2011). Doctrine for cybersecurity. Daedalus, 140(4), 70-92.

National Institute of Standards and Technology. (2014). Framework for improving critical infrastructure cybersecurity (v 1.0). Washington, D.C.: United States Department of Commerce

Singer, P. W., & Friedman, A. (2014). Cybersecurity and cyberwar: What everyone needs to know. New York, NY: Oxford University Press.

Sinha, P., Boukhtouta, A., Belarde, V. H., & Debbabi, M. (2010, October). Insights from the analysis of the Mariposa botnet. In 2010 Fifth International Conference on Risks and Security of Internet and Systems (CRiSIS) (pp. 1-9). IEEE.

Teoh, C. S., & Mahmood, A. K. (2017, July). National cyber security strategies for digital economy. In 2017 International Conference on Research and Innovation in Information Systems (ICRIIS) (pp. 1-6). IEEE.

Tropina, T., & Callanan, C. (2015). Self-and co-regulation in cybercrime, cybersecurity and national security. Heidelberg, Germany: Springer.

United Nations Office on Drugs and Crime. (2013). Comprehensive study on cybercrime. New York, NY: United Nations

Yar, M., & Steinmetz, K. F. (2019). Cybercrime and society (3rd ed.). Thousand Oaks, CA: SAGE Publications Limited.