Cyber Security: Understanding the Threat
Dr. Tanvir Orakzai
June 03, 2007
According to the US Census (2007) the volume of business-to-business commerce has increased from US $38 billion in 1997 to US $990 billion in 2006 increasing by 6.3 percent. The total E-commerce revenue in 1999 stood at US$20 billion that increased to $990 billion in 2006. It is predicted that by 2008, online retail sales will account for 10 percent of total U.S. retail sales. There may have been boom in the usage of Internet and online businesses; but one main issue is security of online environment that is affecting businesses and users alike.
Today organisations and businesses all rely on Internet for various needs. The security threats have exploited all kinds of networks ranging from traditional computers to P2P and distributed networks. These security threats have also exploited the vulnerable protocols and operating systems extending attacks to operating system on various kinds of applications, such as database and web servers. These attacks often include deny of service, buffer overflow and worms causing more economic damage and running reputation of the corporations and organization alike.
According to USA report has pointed out that cyber crime robs US Business about 67.2 billions a year. Over the past two years, US consumers have lost US$8 billion to online fraud schemes. The online fraudsters are not only cheating online business, but they are also increasing the perception of fear among consumers. It is calculated that roughly $15 billion or 27 percent of projected E-commerce revenue went unspent in 2000 due to the fear of losing information. The reason for such loss is the lack of trust in online environment, which is enhanced due to fear of hacking and viruses.
One common method of cheating is phishing. Phishing is normally done through email under various loopholes. A recent scam was US income tax related. An email message was sent asking the taxpayers to claim a US$572 tax refund online. A number of users were hooked up, as they submitted their personal information to a website that looked like IRS. Phishers are expert in using official language and logo that easily hook up innocent users. Such kinds of email scams are not only loss for users, but it also creates embracement for the organisation.
Trust is an important issue for any trade and business. In online environment it becomes more important as it is dealing with a faceless person. In virtual environment consumers cannot check the quality of a product, nor do sellers make it possible to verify the claim. Playing on such perceived assumptions it is getting harder for online business to get online customers. The current Electronic Commerce practices enforce customers to disclose their information that makes easy for any e-seller to know the real identity of the buyer. Perceived risk is uncertainty regarding the possible negative consequences of using a product or service. This fear of online hacking or lapse of security has been a major issue among various US corporations. In a survey of US corporations, 75 percent of the executives indicated that they lacked confidence in the Internet as a vehicle for electronic commerce due to the inherent vulnerabilities.
The security and risk perceptions are primary obstacles to the growth of online businesses. The risk perception about the privacy and security of personal and financial information creates uncertainty among online consumers due to which many consumers avoid using Internet or buying online. There can never be the complete elimination of any kind of crime; online crimes are also no exception. However it is vital for companies, businesses to take concrete measure of security issues related to their networks. One way to solve the security issue is to have security policies for the organization without which, it is not possible to protect data, revenue and bad publicity. Most of the companies these days have security policies; however majority of these policies are not updated; while hackers and viruses come up with new plans and new ways of breaking into the networks and systems. Another flaw in many organizations is gap in the policies that do not adequately address the security. In other cases elaborate policies are written but little is followed in the wake of threat or crisis; which fails to protect the organisation in the way they should.
There need for security has been existed since the first time computer was invented. However in recent years the paradigm has shifted from main server to client server system including the distributed Internet based systems, which is making things difficult for many organisations and companies alike. In simpler economies it was easy to secure, but with the change in technology the traditional approach is no longer working. Even though companies are using anti-virus products that claim to protect the system; however effective security involves more than obtaining technology. The real challenge is to assure the effectiveness of these polices and practices; that are part of the package that can help in reducing the security threat. Another issue is to understand the level of threat and focus on main drivers of the threat rather than wasting energy and time on all security related issues. The fundamental approach is to seek effective security with better technology added with secure network architecture. Even though in real world there is no 100 percent safe system, but investing time and money in safe systems can enhance the safety and security issues of modern day business and organisations.
Today organisations and businesses all rely on Internet for various needs. The security threats have exploited all kinds of networks ranging from traditional computers to P2P and distributed networks. These security threats have also exploited the vulnerable protocols and operating systems extending attacks to operating system on various kinds of applications, such as database and web servers. These attacks often include deny of service, buffer overflow and worms causing more economic damage and running reputation of the corporations and organization alike.
According to USA report has pointed out that cyber crime robs US Business about 67.2 billions a year. Over the past two years, US consumers have lost US$8 billion to online fraud schemes. The online fraudsters are not only cheating online business, but they are also increasing the perception of fear among consumers. It is calculated that roughly $15 billion or 27 percent of projected E-commerce revenue went unspent in 2000 due to the fear of losing information. The reason for such loss is the lack of trust in online environment, which is enhanced due to fear of hacking and viruses.
One common method of cheating is phishing. Phishing is normally done through email under various loopholes. A recent scam was US income tax related. An email message was sent asking the taxpayers to claim a US$572 tax refund online. A number of users were hooked up, as they submitted their personal information to a website that looked like IRS. Phishers are expert in using official language and logo that easily hook up innocent users. Such kinds of email scams are not only loss for users, but it also creates embracement for the organisation.
Trust is an important issue for any trade and business. In online environment it becomes more important as it is dealing with a faceless person. In virtual environment consumers cannot check the quality of a product, nor do sellers make it possible to verify the claim. Playing on such perceived assumptions it is getting harder for online business to get online customers. The current Electronic Commerce practices enforce customers to disclose their information that makes easy for any e-seller to know the real identity of the buyer. Perceived risk is uncertainty regarding the possible negative consequences of using a product or service. This fear of online hacking or lapse of security has been a major issue among various US corporations. In a survey of US corporations, 75 percent of the executives indicated that they lacked confidence in the Internet as a vehicle for electronic commerce due to the inherent vulnerabilities.
The security and risk perceptions are primary obstacles to the growth of online businesses. The risk perception about the privacy and security of personal and financial information creates uncertainty among online consumers due to which many consumers avoid using Internet or buying online. There can never be the complete elimination of any kind of crime; online crimes are also no exception. However it is vital for companies, businesses to take concrete measure of security issues related to their networks. One way to solve the security issue is to have security policies for the organization without which, it is not possible to protect data, revenue and bad publicity. Most of the companies these days have security policies; however majority of these policies are not updated; while hackers and viruses come up with new plans and new ways of breaking into the networks and systems. Another flaw in many organizations is gap in the policies that do not adequately address the security. In other cases elaborate policies are written but little is followed in the wake of threat or crisis; which fails to protect the organisation in the way they should.
There need for security has been existed since the first time computer was invented. However in recent years the paradigm has shifted from main server to client server system including the distributed Internet based systems, which is making things difficult for many organisations and companies alike. In simpler economies it was easy to secure, but with the change in technology the traditional approach is no longer working. Even though companies are using anti-virus products that claim to protect the system; however effective security involves more than obtaining technology. The real challenge is to assure the effectiveness of these polices and practices; that are part of the package that can help in reducing the security threat. Another issue is to understand the level of threat and focus on main drivers of the threat rather than wasting energy and time on all security related issues. The fundamental approach is to seek effective security with better technology added with secure network architecture. Even though in real world there is no 100 percent safe system, but investing time and money in safe systems can enhance the safety and security issues of modern day business and organisations.
Print
Email
