The following paper deals with all current, foreseeable and emerging threats related to use of networks, provision of services and data security. In this context, cyber-terrorism is considered as greatest threat for the business and economy. In regard to this, the paper first of all provide introduction to the cyber-crime which later converted into cyber-terrorism. The paper describes how cyber-crime converted into cyber-terrorism and adversely affected the business and economy. Cyber-crime is a broader term and includes more issues than just hacking. On the other hand, cyber-terrorism is related with malicious codes and cyber-attack. It elaborates that cyber-crime is theft of intellectual property along with violation of copy-right law, trade secrets and patents whereas cyber-terrorism is committed with political intentions to harm human life and economy.
Furthermore, the paper includes section of impact of cyber-terrorism on business and economy which discusses that most of the organisations consider cyber-terrorism as a greater threat than any other organisational problem. Along with this, it also discusses that IT security of many organisations is in vulnerable situation. Moreover, the paper describes the losses which a business organisation can face due to cyber-terrorism. These losses include loss of revenue, waste of time, damaged reputations, impact on employee productivity. Methods of cyber-terrorism through which business organisations are affected are also described Viruses, Malicious Code, and Electromagnetic energy.
Moving forward the paper describes Methods used to overcome from cyber-crime, and Impact of cyber-crime on economy. Impact of cyber-crime on economy is very crucial section which elaborates what consequences an economy faces due to cyber-terrorism. In the end, the paper provides information about counter-measures and international and Australian law in relation to cyber-terrorism.
The cyber-crime has a huge impact on the international business and economy. Cyber-crime is a serious threat to the financial integrity of an organization or a business. Cybercrime can be defined as an act in which an illegal act is committed by using unauthorized computer access. The culprit gets access to the computer system authorized for someone else and does damage to the system and the data stored in it. It can be said that in this type of crime, computer users steal the credit card numbers, steal the data from company's websites, withdraw money from bank accounts, and also make illegal electronic fund transfers. All the above mentioned activities come under the cyber-crime (Grady and Parisi 2006).
In the current scenario, the number of cyber-crime or breaches in information security in international business and the economy is increasing continuously. Both the public and private sectors are suffering from the cybercrime. The problem of cybercrime not only exists in a nation or two but the almost all nations in the world are suffering from it. Cyber criminal are operating in international business with the help of information technologies and internet. Cybercrime is an emerging crime in international business and economy. Cybercrime has affected the business like telecommunications, banking and finance, transportation, electrical energy, water supply, emergency services, and government services. All these organizations heavily depend on computers to perform their daily operations and to secure confidential data.
In business organizations help of computers is taken to control the business operations, management and to interact among them. Thus, all the pertinent information of the organization flows through Internet. It can be said that the internet has become a significant tool for the cyber criminals (United States. Congress. Senate, 2010).
Brief History of Cyber Terrorism
During the past decade, there exists the cyber security threat in the whole of the world. The evident targets of cyber terrorism were those systems that were totally dependent on it and were related to the mass people. Such as infrastructures which include oil and gas distribution, transportation, tele-communication, electric power grids, financial institutions, air traffic and so on. In the year 2000 in February month, popular internet sites such as Yahoo, Datek, Amazon, CNN and many such sites became the target of the cyber terrorism as they faced the attck of Distributed Denial of Service (DdoS). Due to this there were million people who were not able to access the important and necessary services which were provided by these websites and companies. This resulted in heavy monetary loss. There was one more loss to these companies which was declination of the security that was offered and promised by their companies (Bigel and Stuart 2003). The initiation of the cyber attacks can be seen started from the collision of the Chinese fighter aircraft and American surveilance plane. This collission gave rise to the cyber attacks and website defacements between America and China (Keegan & Christopher, 2002). One more example is there where the students of Korean University defaced the Japanese websites because they want to protest the contents of the textbooks published in Japan (Bronk & Chris, 2008).
Impact of Cyber crime on Business and Economy
The online cybercrime is increasing continuously, which resulted in to loss of consumer trust. In early days, cybercrime is restricted to creating viruses to hack the systems. In the current scenario, cyber criminals hack the systems to harm the business so that they can earn profit. A number of organizations have recognized cyber attacks as a threat to their business. It has been observed that 70 % of the total business firms have ranked cyber crime as
a threat ahead of other employee frauds or physical damages to the organization (Doyle, 2011).
In keeping view the increasing threat of cyber attacks, it is important for the business organizations to tighten their IT security. In case IT security is not strong enough then the sensitive information can be leaked or financial data of the company can be stolen which can cause huge damage to the economy of the organization.
Major Losses for Business Organizations
The cybercrime impacts the business in different ways. The major losses which are suffered by the business organizations are mentioned below.
Loss of Revenue
The main impact of the cybercrime on an organization is the financial losses for the organization. The loss can be caused by cyber criminals by stealing financial information of the organization. The financial information can be used to make illegal profits from the organization. It also happens when an organization works on e-commerce model, in this model the income of the consumers is lost when they are not able to access the site hijacked by cyber criminals (Kshetri, 2010). According to a recent survey conducted internationally, the business firms across the globe suffering from financial losses due to cyber crime. The Hi-tech crime has cost international economy huge losses in recent years. The tools used by cyber criminals are sophisticated and businesses and governments are at risks.
Cyber crime is also a factor for the negative impact on the economy by causing huge financial losses to organizations. It happens quite often that even after becoming a victim of cyber crime, organizations do not disclose the issue due to fear of social reputation. The cyber crime has served as a hinder in the growth of e-business as people are scared of possible chances of financial losses in the business. It is revealed by the Australian Internet Industry Association that cyber criminals do 5 million attacks a day or 2 billion attacks a year (Security Week News, 2011). It can be concluded that on an average basis cyber criminals or hackers do 35 attacks on the same organization everyday.
Waste of Time
Another impact of the cyber crime on business and economy is the waste of precious time. The IT professional in an organization has to devote great portion of their time in resolving cyber crime related issues. Instead of working on some productive and innovative work, the IT department in an organization has to work on handling security breaches and other issues related with the cybercrime.
Cybercrime can be done at any time and at any location. Authorities charged with investigating it need to spend more time and effort as compared to traditional crimes. It consumes more time to locate and to detect the cyber criminals. For example, the police and other security personnel need to spend time on to find out electronic evidences and also need to deal with cross border issues in tracing suspected cyber criminals. The risk of cyber crime has become a global issue and is now affecting economies of almost all countries. In a survey conducted in Australia, 67% of the respondents said that they have been the victim of the cyber crime in recent time (Coleman, 2003).
The cyber crime also results into harm to the public reputation of the company. In case hackers get access to the confidential data of consumers associated with an organization, the company loses their trusts for the future association. In this situation, consumers start looking for other available alternates, hence the company losses the businesses. It is both legal and ethical liability of any organization to protect the financial and other details of consumers (Lister, 2011).
Impact on Employee Productivity
Organizations most often take certain implements some procedures to prevent the incidents of cybercrime. Employees are expected to follow procedures that are essential to prevent cybercrime. In this process the precious time of employees is consumed in following these procedures. The amount of time consumed in following these steps would have been used by employees in performing some productive work.
Methods Used by Cyber Criminals to Target Business Organizations
The Cyber criminals use a number of tools to breach the security system of organizations. It is extremely important to understand the various methods used for cyber-crime in business organizations. A few of the methods used in cyber crime are discussed below.
A computer virus can be described as any computer program which is capable of damaging a computer that is replicable. The most of organizations in the world are facing the problem of computer viruses. It has been revealed that in current scenario cyber criminals most frequently use Trojan horses to detect and spy. Trojans are the harmful programs that look like legal software. In fact, it is used for hijack and harms the computer functions in an business organization. Trojans not only harm computers but they also used for some other harmful purposes by cyber criminals. Most of Trojans are equipped with spy ware which is used by cyber criminals to log key strokes, to steal sensitive information of organizations or to get the remote access of the victim's computer (Wilson, 2008).
Usually Trojans do not get dispersed into computer systems without external control. This quality of Trojans encourages cyber criminals to target business organizations via email. These e-mails are sent to the employees systems in organizations. These spam e-mails contain infected attachment or a website link. As soon as employees click on these attachments, it downloads malicious code into employees’ computer system.
The spam mails also have some other threats to users’ computer. Another example of bogus e-mail is phishing. Phishing is bogus e-mails that ask users to share their confidential data. It has been observed that one-fifth of computer users receive around 5 phishing e-mails on daily basis. Phishing e-mails are most often sending to the consumers of an organization. In case consumers share their confidential information in the -email, then there are more chance of them to be victim of cyber crime. Phishing e-mails also damage the public image of an organization.
In case of phishing, users’ willingness is required to get the users details. Cyber criminals can also hijack computers gains the wish of users. This tactic turns computers into Zombie machine which has the ability to send millions of mails rapidly. In a recent case in Australia, a person creates a Zombie network of 50, 000 computers that resulted into damage of $ 135,000 in a hospital. Computers in the hospital were damaged and including those which were located in the intensive care unit of the hospital. As a result of this, the medical care for patients suffered badly. Distributed Denial of Service (DDoS) is one more form computer hijacking. A number of well known websites like Ebay, Yahoo, Microsoft, and CNN have become victims of cyber crimes (Coleman, 2003).
Malicious code is the new Internet threat that cannot be easily controlled by any antivirus. Malicious code is the auto-executable programs which cause damage to the computer system. They take the form of java applets, ActiveX controls, scripting languages, browser plug-ins, and pushed content. If once the malicious code enters the workstation or the network drivers, they can cause damage to it by causing network and mail server overloaded with the email, messages, passwords, document files, steal the data or it can also reformat the files (Lister, 2011). Cyber-criminals create the malicious code to create the cyber-attack or the computer network attack.
These codes can also generate the malicious packets that could disturb the data and the logic by exploiting into the computer software. It can also weaken the security practices of the organization. This cyber-attack disrupt the reliability of the equipments used in companies and can create the threat on the integrity of the data and confidentiality to the communication network.
Electromagnetic energy is the severe threat to the national security it can be created by two ways; either overheating nuclear burst or the other is microwave emission. It interfaces with the radio frequency and damage the voltage or current in the electronic devices. If the electronic devices are connected with the metal, that could be antenna, its effectiveness increases.
As infrastructure computer system is interconnected, there is a possibility that it could disrupt the power grid, communication, equipments in hospitals or military communication system. Electro magnetic energy is in the form of electromagnetic pulses, which is the severe threat to the cyber attack, which directly affects the computer equipment or data transmissions by overheating the circuit, jam the communications, create a mark on the reliability of the equipment and integrity of the data.
Impact of cyber-crime on economy
Cyber crime is growing at the rapid scale in the international economy and affecting many business organization and economies every day. One attack on the corporation could have many implications on that company; it can lead to financial loss, stock loss, money loss of customers and stockholders. Cyber-crime has affected the global economy, costing billions of dollars. In 2003, USA was affected by cyber-crime at 35.4% and South Korea at 12.8%. Several consulting firms have faced financial loss between $13 and $226 billion, due to viruses, worm attacks and other attacks (Wilson, 2005).
In the context of the impact of the cyber-terrorism, economies of the countries are greatly influenced. To speed up communication process, many international terrorist groups are using computer networks and internet. Along with this, these groups are developing their technical skills for harming the computer networks of the enemy countries. With the intention of harming the economy of any country, these groups target the computer networks of government agencies and civilian critical infrastructure. All the secret information and records are kept in the computer based system which is targeted to disrupt the entire economy. Recently, Pentagon which secret military centre of the US is attacked by the cyber criminals and entire system was damaged as well as secret information was leaked. In addition to this, when such precious information related to government, military or economic activities leaks in international market then it can deteriorate the image of the country (Wilson, 2008).
Till date, no economy in the world faced coordinated cyber-attack on its computer network therefore most of the experts argue that cyber-terrorism is not as big threat as biological, chemical and nuclear. Along with this, it is difficult for terrorists to give physical threat to the civilians but as a whole national security of any country can be at stake. When national security is at stake then economic growth of the country is also adversely affected. Economy is based on well-being as well as hard-core efforts of the citizens of any country and if they are not able to put in their best efforts then surely economy will be hurt (Coleman, 2003).
Results of cyber-terrorism are disruptive and destructive as it damages the computerised critical infrastructure by destroying the electric power grid, telecommunications and internet. Today every sector of economy whether it is manufacturing, service or agriculture is completely based on computer technology and internet and if this system is harmed these sectors of the economy are also directly harmed which, in turn, adversely affect the economy (Security Week News, 2011). Output of these sectors will constantly go down if support of computerised technology is not available for them and the economy slip down in the international market. Computers are used as target or weapons by the politically motivated international or sub-national terrorist groups for spreading fear among the general public to influence the government for changing their policies.
Survey Data on Cyber-crime
As per the survey conducted by the computer security institute and Federal Bureau of
Investigation (FBI) in 2003 on computer crime, 530 U.S firms share their experience of facing computer crime. There is no standard methodology to measure the cost of cyber-attacks or crime. Investigations of stock prices show that target firms suffer losses of 1%-5% in few days after the attack. The shareholder lost between $50 million and $200 million because of drop in the prices at New York Stock Exchange. Computer security consulting firms suffer a substantial loss due to the virus and worm attacks and digital attacks. In 2003, the firms lost from $13 million (worms and viruses only) to $226 (for all forms of overt attacks) (Cashell, Jackson, Jickling and Webel, 2004).
The insurance industry has also become active to cover the losses from cyber crimes. Earlier, companies did not include cyber attacks from standard business insurance coverage. Several insurers started to sell specialised cyber-risk policies after the initial exclusion.
The sizes of the firm decide the vulnerability towards the attacks. Conventional firms Refereed to as Brick and Mortar are least affected by the Cyber attacks as they are least dependent on the Internet (Kshetri, 2010). The firms characterized by “: click and mortar” are most affected by the attacks as they conduct business offline and over the Internet.
IT security spending
With the increase in the cases of hacking and cyber-crime, greatest economies of the world along with international business organisations are increasing their spending on IT security. It is very difficult to measure the level of risk associated with attacks on the cyber space of any economy hence they simply raise their security spending for ensuring full-proof security. The high budget of IT security is unnecessary burden on the economy of any country which can be spent on any other infrastructure related activity (Doyle, 2011). Along with this, worth of this budget cannot be measured by any of the financial technique like cost-benefit analysis and return on investment (ROI). Therefore, corporate investment policies are also adversely affected by cyber-terrorism. There are various products available which ensure the security of the computerised system which is very expensive for any economy.
Macroeconomic Consequences of the Cyber-terrorism
Computers make major contribution in economic activities by increasing the productivity statistics. During the period of 1980s and 1990s, computer industry took a step towards growth but its contribution in economy is negligible. When in the decade of 1990, international economy was accelerated in the productivity growth then contribution of computer industry cannot be ignored. Level of innovation in the memory and speed of the computer also increased which, in turn, increases the acceptance of the computers in the various sectors of the economy (United States. Congress. Senate, 2010).
Along with this, prices of the computers also went down hence small business organisations also implemented computerised systems in their organisations. Though, computerised system was contributing in cost reduction and speeding up the production activities yet it also increased system's vulnerability. Now the entire system of the economy can easily fall prey to the hackers. These hackers somehow linked with terrorist groups and target the computer based system to fulfil their political motives. Thus, it can be said that benefits of the computers increased the acceptance of the computers in the economy yet came along with various threats like unwanted access to private and confidential information (Grady and Parisi 2006).
Methods used to overcome from cyber-crime
To protect the computer system and the network are the greatest challenge of the nations and the corporate, business organization. There are few methods of overcoming from the cyber-crime, such as, reducing the surface area, adequate protection, firewalls, content filtering, intrusion prevention system, patch management system and penetration testing and security audit (Wilson, 2008).
Reducing the surface area
The organization could adopt the simple security rather than complex security, as complex security cost more to the organization and they could be easily understood. It is true that simple security do not easily become prey to the cyber-attacks.
The organization should adopt the modern equipments which could provide security solutions to prevent from the Internet attacks. These solutions also cope up with the worms and hackers.
Firewall is the best security solution, which covers the vulnerable services, which are not exposed to the aggressive networks, such as, internet. Firewall can protect the system from the opportunistic attacks and could limit the attackers. Firewall minimizes the exposure and allows the administrator to focus on the security of various parts of the network.
Content filters protect the computer from the viruses by providing the content filter solutions for email, which scans the attachments through anti-virus. It also helps the administrators to detect and block the attacks. Content filters solutions list them executable programs according to their functionality and match them with their signature to identify the attributes of the malicious code and block that code. Filters add the extra layer of protection against virus.
Intrusion prevention systems
Administrators detect and block the attacks, with the help of intrusion prevention system. This system does not prevent the attacks rather they stop the attacks by exploring the vulnerabilities. Different types of intrusion prevention systems are present in the market, like, Snort Inline, which is network and host based, another is Microsoft’s DEP introduced with Windows 2003 and XP SP2 (Shalhoub and Qasimi, 2010).
Patch management systems
Patch management systems are extremely useful in a corporate environment and at homes, by installing the patch into the system can stop the intrusions which occur due to software bugs.
Penetration testing and security audit
To test the security of the computer system, it is essential to conduct the penetration testing. This test is usually performed by the professional or white-hat hackers, which gives the proof that the computer system could be hacked or not. A professional could attack the client system; therefore, it is crucial that the security of the system should be check from time to time, by conducting the penetration test. Penetration tester must identify about the targets in the system on which the attack could be done, by this way, the tester could apply the check system. A report should be generated by the organization about the test performed and security issues should also be highlighted.
Counter Measures for Cyber terrorism
At the present time there are no foolproof ways to counter measure cyber terrorism and to protect the systems or businesses and economy. The people who are doing businesses have adopted the system of keeping all their data bases on the computers. There several branches are interconnected with the intranet and in such a case if the system gets attacked by the cyber terrorists, then their business will suffer a lot not only in the present time but in the future also. People who avail their services will have the feeling that this particular organisation does not pay attention on the customer services and then they will switch to some other service provider competitor of the company. Therefore companies adopt a measure of encryption which is very common measure. But the government of some countries banned the use of encryption for the purpose of exportation especially and that is why the communication at the international and intercontinental level was very insecure. The Clinton government and FBI opposed the exportation of encryption technique so that the government can get the key to the encrypted system after the approval of the court order. FBI stated that the internet is a real threat for the security of the people and that it is the duty of the internet police to protect people's privacy and their right to safety from this threat (Om & Parmar, 2010).
Some people also promoted the use of firewalls so that all the communication to a system can be screened in which the e-mail messages are also included because e-mails can carry logic bombs also. The system of firewall is a term that is used for the filtering the access to the other networks. Firewalls can be in the form of router or computer or other communication devices which may be in the form of a network configuration. The use of firewalls helps in defining the services and access which are permitted or allowed to every individual user (Om & Parmar, 2010).
One more method to check the security threats is to screen the requests of the users so that it can be checked that whether the request has come from the previously defined domain or any IP address. Some more methods are there which should be remembered to get protection from cyber terrorism. These methods are as follows-
there must be a password secured access to all the accounts. It should also be kept in mind that the password should be unusual and that it is not easy to guess the password.
If the defects in the network configuration are known then the network should be changed.
There should be some check logs and edit systems so that the intruder can be easily traced or detected.
It is recommended to the users that if they are not sure about the safety of the site or they receive any kind of mail which seems suspicious to them and which is from an unknown address they should not access the website because it can be troublesome for them to use such unauthenticated website (Om & Parmar, 2010).
Cyber terrorism and Australian Law
There are several anti terrorism acts passed in Australia. Under the Australian law, the companies and individuals are obliged to ensure that the information that they make available on the internet must not be like that can be used further for the mass destruction program. The above obligation comes under the Weapons of Mass Destruvtion (WMD) which is also known as Prevention of Proliferation Act 1995. it is mentioned under this act that if any goods or services are supplied in or outside Australia, or any goods or technology is exported outside Australia, which do not fall in any other category of the legislation or the services provision of Australia or the services provisions outside Australia, where it comes to a suspicious that these goods or services or technology may assist a WMD program (Ellsmore, 2002).
However, this kind of situation is not very likely to be seen in the day to day business activities. Australian department of defence has given some examples explaining their point-if a delegation of the foreign company has come to visit Australia for the sole purpose of buying some complicated computer equipments and the equipments that they purchased were of very high technical capabilities which are very helpful in the advance simulation and modelling technique in the computers and if these techniques are also likely to be used in the nuclear or biological or chemical research then it would be harmful for the nation and it will also go against the law (Ellsmore, 2002).
From the analysis of the above study about the cyber terrorism and its impact on the business and economy, it can be said that it is one of the worst threats to business and ecnomy in today's time as it cannot be seen directly that who is attacking and in what form the terrorist is attacking. In such a case it is important that some laws should be made like made by the Australian government that if a person or organisation is transferring any data on the internet it should be taken care that cannot be used in the mass destruction. Apart from this, some measures should be adopted such as firewall, security passwords, encryption of data etc to avoid cyber security threat. With the help of these measures the business organizations and economies would be helped to survive in a secured environment.