Cybercrimes
The easy explains why the cybercrimes are most problematic for the security managers. It further argues that these crimes pose the greatest threat because of the numerous difficulties the security managers go through in handling them, due to the existing law, lack of specific training on the past of the security managers, the geographic breadth of these crimes, the anonymity cloak, deception and fakery of these crimes, the techniques used in gathering evidence, the challenge of establishing an developing responsibility structures as recovery plans for information technology, the challenge security managers have to keep pace of cybercrime inventions. We will also see how security managers have to inform all their clients to succeed and how the easy nature of these crimes makes it possible to be committed at any given time. This essay will consider each of these factors in turn.The problematic nature of cybercrimes
The term computer crime or computer crime covers all types of crimes that are committed on the computer themselves, the materials they contain (such as data and software) as well as its application as a tool of processing information. According to (Kanellis, 2006), the most common types of crimes committed through the use of computers include service attacks denial, hacking, use of services that are unauthorized and cyber vandalism. On its part, cybercrime describes all the criminal activities that are committed via the application of media electronic communication. Identity theft and cyber fraud are usually committed through various methods such as pharming, spoofing, phishing, as well as through online surveillance technology abuse. There are also several other types of criminal conducts that are usually perpetrated via the application of IT, they include, pornography, defamation, harassment, industrial espionage, cyber terrorism, and regulatory offences. In most cases these types of crimes are committed by cyber criminals who might not necessarily be located within the premises of the victim, but have the necessary information to enable them penetrate various sites that might enable them perpetrate their motives. This makes it a big challenge for the security managers to deal effectively with each and every crime that is committed via the internet as well as preventing several others from occurring.
The current laws in several jurisdictions do not effectively cover all aspects of cyber related crimes or the crimes that are perpetrated electronically. The cybercrimes are quite new since they have arisen from the digital age which is quite young having been in existence for only a few decades. Most of the cyber criminals responsible for perpetrating various internet crimes are aware of this inadequacy in the existing laws and they therefore go on with their activities with full knowledge that they face less risk. The security managers have their hands tied as far as most of these crimes are concerned since they have to deal with crimes that are not comprehensively catered for in the existing laws. Therefore, despite the fact that the security managers might employ a lot of resources and time in order to control the cyber crimes, due to the fact that the current legal framework does not cater in a comprehensive manner the cybercrimes that are committed on a daily basis allover the world makes it very difficult for justice to be achieved (Taylor Quayle, 2003).
In the enactment of laws and various legislations, a lot of time is usually required as well as views from various stakeholders. On the other hand, technology takes much less time to develop and so is the new type of crimes. The time difference between when cyber criminals invent and start applying a certain crime and the time when the corresponding laws are enacted creates a window through which the cyber criminals can use without fear of any serious legal implications. The security managers therefore face a lot of problems while dealing with these types of crimes since they are compelled by circumstances to deal with crimes that do not have the corresponding legal framework to deal with. This substantially reduces the capacity and ability of security managers in dealing with these types of crimes, thereby making cybercrimes one of the most problematic types of crimes for the security managers to address effectively (Johnson, 2005).
Most of the current security managers were trained to deal with other types of crimes other than cybercrimes. There are however several differences between cybercrimes and the other normal types of crimes. This implies that, even if a security manager might be in a position of dealing with various types of crimes including the cyber ones, he or she may not have the necessary expertise of dealing effectively with the cybercrimes and hence the security manager will be limited in dealing with cybercrimes. One of the major differences between cybercrimes and other types of crimes is the lack of any physical barriers in the case of cybercrimes which are present in other types of crimes. The absence of any particular physical barriers like customs to exit or enter the WWW permit the net users to freely roam within the internet web and thus visit any web page regardless of its origin. This basically implies that the potential victims and their actions are not limited at all geographically. Thus, for instance, the volume and randomness of electronic mails that are sent by various cyber criminals in an attempt to commit certain crimes are not limited at all and hence millions of online scams can be sent to any person regardless of where he or she is located across the globe. Despite the fact that the cybercrime perpetrators are not limited, the security managers are themselves limited in their ability of managing the cybercrimes. This constitutes a very serious challenge for the security managers in dealing and addressing the cybercrimes, because of the absence of a physical barrier which is present in other types of crimes (Dhillon, 2001).
The second difference between the cybercrimes and other forms of crime that make it is quite difficult for the security managers to deal with the cybercrimes is the fact that this type of crime easily affords the anonymity cloak, deception and fakery as compared to the other types of crimes. Again, a transaction that is entirely criminal can be carried out electronically without any need for the victim and the perpetrator meeting physically. A good example is when electronic communications eventually leads money transfers being carried out online for the purchase and sale of various digital services and products that are capable of being delivered to the recipient electronically without any need for physical movement or contact between the buyer and the seller. Therefore, when the victim eventually realizes that the whole deal was a sham, he will already have suffered a financial loss. To make matters worse, it is very hard for the victim to prove that he suffered any financial loss as a result of the transaction due to lack of evidence. Moreover, even if the victim manages to prove the financial loss, it is quite difficult for them to know the exact person who committed the crime against him or her since they have never met and may be the perpetrator even lied about his location. As a result, the security managers experience a lot of difficulties in attempting to deal with these types of crimes (Wall, 2001).
Another major difference between cybercrimes and the other forms of crimes arises from the techniques that are usually employed in gathering evidence. Whereas there are well established procedures and methods of gathering evidence in the case of the normal types of crimes, there are no effective techniques and procedures that have been established for cybercrimes. This is because the cyber criminals are able to execute virtually all their schemes without physically visiting the crime scene they can also commit several crimes through the use of automatic agents as suggested by (Kitching, 2001). These crimes thus pose challenges that are very unique to the criminal and law enforcement investigations as well as the forensics. The security managers face several difficulties in dealing with the cybercrimes because of the several challenges that are present in investigating these crimes. The lack of well established techniques and procedures of carrying out proper investigations for cybercrimes, make the security managers to carryout or order for such investigations to be carried out in an unplanned manner thus creating a lot of confusion and making the whole exercise futile at the end of the day. This implies that while the security managers will have employed a lot of resources and the victims will have suffered great losses, the perpetrators will have fewer chances of being caught and charged for their offences. These crimes thus make the efforts of the security managers to be less effective and thus the cybercrimes continues posing several challenges to the internet users allover the world (Reyes OShea, 2007).
The security managers experience several difficulties in dealing with the cybercrimes, one of the most serious problems they go through is the challenge of developing management practices that are of a high quality within an environment that is geographically dispersed, (Marcella Menendez, 2007).Without this ability, it is very difficult for the security managers to effectively address this vice as its main players are greatly dispersed. Although attempts have been made in trying to establish up to standard methods, in the field of IT in order to minimize incidents of cyber crimes, there are still several loopholes the cyber criminals make use of in carrying out their activities. According to (Dhillon, 2001), loopholes are weaknesses or shortcomings in the computer networks that cyber criminals capitalize on to perpetrate crimes. They are able to open fake websites and use them to perpetrate various computer crimes. This particular problem is further complicated by the fact that the organizations that usually suffer from these problems are just like the cyber criminals dispersed in several nations around the world. It is therefore very difficult for such organizations to institute formal controls that are necessary in reducing their vulnerability to these types of crimes as well as providing relevant and sufficient information to the security managers so that they can receive the necessary assistance (Johnson, 2005).
The security managers are unable to fully address the menace of cybercrimes in organizations due to the challenges that are usually encountered by several organizations of establishing and developing the right responsibility structures, bearing in mind the complex nature of organizations especially in the aspect of processing information. The security managers thus take more time before knowing that certain cybercrimes are being perpetrated. Since it is not very easy for the organizations to be simple in nature given their nature of operations and several procedures that should be followed so that various process can be checked in order to reduce instances of fraud, it therefore implies that organizations will continue being vulnerable to the menace of cybercrimes as long as they are complicated in nature (Savona, 2004).
The security managers also face the challenge of developing and implementing the most suitable disaster recovery plans of information technology. Therefore, when a cybercrime is perpetrated by a cyber criminal, it takes the organization a lot of time before they can establish the source of the crime and thus report it to the security managers for the appropriate action to be taken. The lack of recovery measures also implies that at times it is not possible at all for the organization to establish the actual perpetrators of the crime and thus deal with the problem properly. For the security managers to be in a position of dealing comprehensively with various cybercrimes that are perpetrated every now and then to an organization, there should be in place appropriate measures for recovery which can serve as evidence whenever a cybercrime takes place. Since there are very few organizations with such measures, (Tipton Krause, 2006), it follows that it is very difficult for the security managers to be in a position of fully addressing the problem of cybercrime.
It is quite problematic for the security managers to effectively deal with the menace of cybercrime due to the highly dynamic nature. As more technological advancements are made in information technology, more developments are achieved in the field of cybercrimes. The cyber criminals make use of the major advancements that are achieved every now and then in information technology to perpetrate new types of crimes as well as make more advancements on the existing ones. It is quite difficult for the security managers to keep pace with the rate of cyber crime inventions and thus cybercrimes continue to be a big challenge for them. In fact, organizations and individuals can only be cautious when transacting any business online, for they can never tell with absolute certainty the next scheme the cyber criminals will use (Wall, 2001), next in making more people and organizations fall prey to their numerous schemes. The high rate at which cybercrimes develop makes it very problematic for the security managers to effectively deal with this particular problem.
In most cases, the cyber criminals use tactics and techniques that make it very difficult for them to be traced. If they become aware that a particular website which they have been using has been discovered and that there is a likelihood of it being investigated, they normally close it before opening another one. Therefore, most investigations aimed at establishing the real origins of various cybercrimes are usually hampered by the fact that the most important source of evidence is destroyed. As a result, it is not possible for the security managers to carryout thorough investigations that can lead to any meaningful achievements. Furthermore, most of the cyber criminals do not use their real names while transacting illegal or fraudulent transactions. In fact, they usually use misleading names such as using names that are common in a certain region while they are operating in a totally different location. Such tactics have made several security managers to launch investigations in areas they ought not to have investigated in the first place thereby obtaining the wrong information.
The perpetrators of cybercrimes are usually aware of the level of risk they usually expose them selves to. The level of risk that is usually associated with cybercrimes is very low, it is not easy for the perpetrator to be arrested and charged in a court of law since it is quite difficult for any substantial evidence to be found which can be used to charge such criminals. Again, it is quite difficult for the individuals and organizations that have become victims of various schemes normally set by the cyber criminals to recognize such people since all the transactions were carried online and the two parties hardly meet to discuss anything related to the intended business transaction. The only evidence the victims have are the messages they received from the perpetrators. However, since the cyber criminals do not use their actual personal information while opening e-mails and websites where they transact fraudulent transactions, and they usually close them shortly after the business deal is complete, it is almost impossible for the perpetrators to be traced. Security managers allover the world thus continue facing challenges in overcoming cybercrime menace since there are several means through which the perpetrators can escape without being caught and apprehended.
For most of the cybercrimes that are usually perpetrated to an organization, the cyber criminals make use of information that is obtained from employees of the organization. The cyber criminals ensure that they manage to get all the relevant information that can assist them in their schemes. Such information can be used to commit cybercrimes against the organization itself or other parties related to the organization such as clients and suppliers. The cyber criminals then develop a website that is similar in all aspects to the legitimate one that is usually used by the organization. They then initiate some communication with the intended victim requiring them to provide some confidential information. Since the victims are not aware that they have been diverted to a fake website, they provide their personal confidential information thinking that they are actually providing it to the legitimate organization. The cyber criminals very swiftly make use of such information to access the bank accounts of the victims or make certain bills using the debit card information. Money is then withdrawn from the victims account and by the time the victim realizes, it is usually too late as the cyber criminals will have already closed the website. Therefore, for the security managers to succeed in the fight against cybercrime, they have to inform all their suppliers and clients about the possibility of such schemes so that they can be cautious. However, it is not practically possible for an organization to inform all its suppliers and its clients who may be some millions in number about such schemes. Even if an organization managed to do so, it would still be difficult to ensure that each and every client or supplier takes the necessary precautions and thus avoid being caught up in such schemes. It is therefore problematic for the security managers to prevent each and every individual from suffering from this type of crime that has increased dramatically in the recent past.
Most of the cybercrimes are usually very easy for the cyber criminals to perpetrate they only need to have the right computer skills and information about their targeted victims. These crimes are therefore very easy and cheap to commit considering the great returns that are usually realized when they succeed. This is a great motivating factor for virtually all the cyber criminals and they therefore devise new ways and means of defrauding unsuspecting victims off their hard earned cash. The easy nature of these crimes makes it possible for numerous of them to be committed at any given time. The overwhelming number of cybercrimes results in several victims and thus there are several incidents at any given time. The security managers have to handle the numerous cases that are not very easy to deal with. This basically means that in most cases, incomplete investigations will be conducted thus making this type of crime very problematic while dealing with it.
There are millions of victims who are defrauded each year however, not all of them report their losses to the relevant authorities. Most of the victims who fail to report such crimes are those who suffer small financial losses and those who do not deem it important to report such crimes to the relevant authorities. This denies the security managers a chance of establishing the existence and origins of such crimes. It therefore becomes very difficult for these managers to develop strategies of dealing with these crimes so that their rate of occurrence can be greatly reduced.
Conclusion
Cybercrimes have greatly increased over the past few decades, as more and more advancements are made in information technology. Despite the great threat posed by this type of crime, there are several problems that are encountered by the security managers in their fight against them. Most of these problems originate from the complex nature of these types of crimes especially as it is possible for them to be committed by the cyber criminals without any physical presence in the victims premises. The current laws cannot be able to deal effectively with cybercrimes since they were enacted to address other types of crimes, which are totally different from the cybercrimes. The cybercrimes are also problematic for the security managers since they are hard to investigate on and prove that a victim has suffered any actual damage and if indeed he or she has suffered, it is not easy to apprehend the perpetrator. The cyber criminals are well informed people who are fully aware of all the existing loopholes in the information technology. They therefore make use of such loopholes to commit various crimes with a very little probability of being caught.
Categories:
0 comments:
Post a Comment