Cyber Crime, Security and Digital Intelligence
eBook - ePub

Cyber Crime, Security and Digital Intelligence

  1. 304 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cyber Crime, Security and Digital Intelligence

About this book

Today's digital economy is uniquely dependent on the Internet, yet few users or decision makers have more than a rudimentary understanding of the myriad of online risks that threaten us. Cyber crime is one of the main threats to the integrity and availability of data and systems. From insiders to complex external attacks and industrial worms, modern business faces unprecedented challenges; and while cyber security and digital intelligence are the necessary responses to this challenge, they are understood by only a tiny minority. In his second book on high-tech risks, Mark Johnson goes far beyond enumerating past cases and summarising legal or regulatory requirements. He describes in plain, non-technical language how cyber crime has evolved and the nature of the very latest threats. He confronts issues that are not addressed by codified rules and practice guidelines, supporting this with over 30 valuable illustrations and tables. Written for the non-technical layman and the high tech risk manager alike, the book also explores countermeasures, penetration testing, best practice principles, cyber conflict and future challenges. A discussion of Web 2.0 risks delves into the very real questions facing policy makers, along with the pros and cons of open source data. In a chapter on Digital Intelligence readers are provided with an exhaustive guide to practical, effective and ethical online investigations. Cyber Crime, Security and Digital Intelligence is an important work of great relevance in today's interconnected world and one that nobody with an interest in either risk or technology should be without.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cyber Crime, Security and Digital Intelligence by Mark Johnson in PDF and/or ePUB format, as well as other popular books in Law & Business General. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Routledge
Year
2016
Print ISBN
9780367605469
eBook ISBN
9781317155348
Topic
Law
Subtopic
Business General
Index
Law

PART I
The Cybercrime Challenge

Introduction

We should all be talking about how we can achieve a holistic globalised approach to cyber security technologies, techniques and awareness. We should be actively debating ways in which cyber security can be adapted to match the threats we face in our interconnected world. We should be thinking deeply on how we can ensure that security controls reflect the asymmetrical character of cyber conflict, the potential for attacks by non-state actors and the fact that an army of one might be able to cause very significant harm to the many. Unfortunately, most people in positions of authority are not talking or thinking about any of these topics in an informed and structured way.
Here are three core issues they might wish to consider:
1. dependency without control equals risk;
2. speed as a barrier to decision making;
3. awareness as a scarce resource.

Dependency Without Control

To compound an already complex security problem, we find ourselves today at a point in history where we have dispensed with most of our printed data backups and manual processes. In the event of a major cyber systems failure, whether as a result of an attack, human error, technical failures or energy security crises, our costly digital backup systems may well prove to be a computerised Maginot Line. After all, what good does it do to process data if you cannot communicate or provide access to the results? Our paper-based systems and records are mostly gone and the great majority of people have little or no training in any alternative manual processes; simply switch off payment card handling and ATM systems for a few hours on a weekday in any major western city and chaos ensues. Disable the cyber technologies and we are a society possessing little more than medieval solutions to twenty-first century problems.
The degree to which we are interdependent when it comes to cyber security is underscored by statistics on Internet usage. In 2013, some 45 per cent of the worldā€™s Internet users live in Asia, according to the online analytics firm Smartling. Only 13 per cent live in North America, while 23 per cent are European. The Internet today, while invented in the US, is essentially a Eurasian infrastructure ā€“ almost three quarters of the worldā€™s users are Eurasian. A corresponding shift can be seen in terms of the languages present on the World Wide Web, with Chinese now overtaking English as the main Web language, while the fastest growing online language is Arabic.
Lesson 1: The West has put all of its physical eggs in one virtual basket and its dependence on cyber technology is now absolute, while its control over that technology, as well as its influence over online debate, is rapidly evaporating.

Speed

After dependency, the next factor to consider is speed:
ā€¢ the speed of data growth;
ā€¢ the speed of data processing;
ā€¢ the speed of human decision making.

SPEED OF DATA GROWTH

As of July 2012 there were an estimated 6.9 billion indexed web pages online, according to collated statistics from Internet search providers such as Google and Yahoo. Yet even this vast compilation of human thought accounted for less than 10 per cent of all data actually held online. The estimated total in terms of just publicly accessible data in the so-called Deep Web is another 80 billion pages or more.
Just consider Facebook alone. In the same year, Facebook reported that its data storage was growing by half a Petabyte every two days. Now, one Petabyte equates to 13.3 years of high-definition (HD) video, while two Petabytes equals all of the data currently held in US academic research libraries nationwide. The global data mountain, already unimaginably vast, is growing at light speed and there seems to be no stopping it, while the economic and social value of much of the data stored is highly dubious.

SPEED OF DATA PROCESSING

A jumbo jet only travels 50 times faster than a horse and buggy but the fastest modern supercomputer computer processes data millions of times faster than its own forebears. In fact, quadrillions of times faster in at least one case, but if you are reading this book a few years from now then even the fastest of these speeds will probably seem slow to you:
ā€¢ the 1975 Altair 8800 PC was capable of two million processes per second;
ā€¢ the 2012 Apple iPad handles upwards of one billion processes per second;
ā€¢ with 1.5 million processing cores, Livermoreā€™s Sequoia supercomputer performs 16.3 quadrillion calculations per second, making it the fastest computing device built to-date.

SPEED OF HUMAN DECISION MAKING

Meanwhile, the human brain, having taken millions of years to evolve to its current state, has changed little (if at all in my case) since the era of wooden hunting sticks. Our brains actually process about 400 billion Bits of information per second, but we are only aware of 2,000 Bits, with most of the processing being related to various metabolic functions. But even 2,000 processes sounds like a lot. Actual conscious decision making involves even smaller amounts of processing per second, perhaps as low as 60 Bits per second in certain circumstances.
It is little wonder that we collectively struggle to comprehend, much less cope with, the speed of modern data processing and computing applications. In fact, computer system output must be slowed to a crawl, or frozen temporarily on a screen, in order for us to process and absorb it. On the other hand, no computer yet built can come close to us in terms of our ability to make intelligent extrapolations and choices most of the time, based on the limited amounts of data we can hold in active memory.
When viewed in the context of cyber security decision making, this mismatch between computing speeds and human capabilities takes on a special significance. Cyber attacks may be conducted in fractions of a second. While automated prevention and detection tools can operate at computer speeds, investigative, incident response and decision processes generally run at human speed, and slow human speed at that, because rational decisions are required that factor in many parameters not easily captured in a data table. The discrepancy is compounded by the fact that in the corporate world our business processes and tools may focus more on the breach of security than they do on the resulting exploitation of that breach, leading to many instances when the attacker is allowed to remain active within the system while the security responses take place, the Advanced Persistent Threat (APT), of which we will hear more later, being one such example.
Lesson 2: In the cyber era, we may lack the capacity to react to crises quickly enough to influence their immediate outcomes and disaster recovery plus business continuity planning therefore take on added significance.

Awareness

The issue of speed provides part of an explanation for why so many leading blue chip firms handle post-cyber security incident responses and communications so badly, but it is further compounded by a profound lack of awareness; the people in charge donā€™t fully comprehend the risks, while very few users understand either the technology they are using or the threats they face.
There is a serious question to be asked about the very capacity of parts of the global user base to take on board even the most basic cyber security lessons. Letā€™s look at a few more statistics, this time showing the percentage of people in the USA, with varying levels of education, who are active online:
ā€¢ less than high school ā€“ 24 per cent;
ā€¢ high school graduates ā€“ 54 per cent;
ā€¢ some college courses ā€“ 78 per cent;
ā€¢ college graduate ā€“ 85 per cent.
Now, 24 per cent is not a small number but that is the percentage of those with less than a high school level of education who are regularly active online in the USA. Although the US has a relatively high standard of education, when compared to large parts of the planet, over 12 per cent of the countryā€™s population has not graduated from high school. This amounts to more than 30 million people, of whom 7.5 million are online. A rough extrapolation suggests that at least 175 million Internet users worldwide lack a high school education. This is not to say that they are by any means stupid, but it does speak to their inclination and capacity to be taught about security. And letā€™s not forget that we now have that multi-lingual, multi-cultural InterWeb.
In simple terms, just as things are getting more complex, the Web is getting faster and the decisions are getting tougher, yet our dependence on users is getting greater, while the average user is getting harder to reach and harder to teach. Since these users share the Internet with the rest of us, their awareness is a very big part of any truly effective solution that doesnā€™t involve creating a separate, secure Internet 2.0 for the educated and informed, with restrictions on access, leaving an insecure old Internet for the rest of humankind.
Lesson 3: A lack of awareness at all levels undermines our collective ability to manage cyber risks.
This relationship between increasing levels of risk and falling levels of awareness (or of the capacity to be made aware) can be described by three simple laws:
1. The number of device owners is inversely proportional to the cost of device ownership; as devices and Internet access get cheaper, more people will buy them.
2. The overall level of cyber security risk is a function of the number of devices in use and the number of discrete vulnerabilities that exist; more devices equals more risks of infection.
3. The mean level of awareness and security competence of the user base declines as the user population increases; as less well educated users come online the overall capacity of the user base to be made aware falls.
And just as the mean educational level of the user base starts to decline, in large part as a result of social media take-up, the complexity of the cyber security ecosystem is rapidly increasing. John Naughton opines that this increasing complexity is a function of the density of interconnections and the speed of change and development, both of which are overwhelming even for the informed observer. To expect the growing base of new users to grasp cyber security concepts is to expect a miracle. Consequently, we must move forward assuming that a large and growing segment of the user base will never be made security aware and we must tailor the online environment accordingly.

1 Threats to Key Sectors

Introduction

There are several factors determining the future shape of the cyber security landscape:
ā€¢ the rise of the machine readable Web, also known as ā€˜Web 3.0ā€™;
ā€¢ increasingly vast data storage;
ā€¢ computer processing at light speed;
ā€¢ increasingly advanced and persistent threats;
ā€¢ slow human decision-making speeds and a general lack of awareness;
ā€¢ a growing chasm between cyber security decision needs and cyber security decision capabilities.
The only obvious solution to this conundrum is the complete automation of cyber security decision making, but the technology to support that is far from ready.
In the meantime, we need to learn to live with the challenge and find ways to better protect our information assets from attack, theft, exposure, loss or damage. Cyber security and cyber risks are ubiquitous, which is to say that they are everywhere and of importance to any person or organisation using one or more Internet-enabled devices. The importance of security and the potential impact of the risks described in later chapters are primarily determined by the level of dependency that the person or group has on the technology.

Key Sectors

The one word we need to keep in our thoughts is ā€˜resilienceā€™. How resilient are we as a sector, community or nation in the event of a major cyber security event? Some sectors are more sensitive than others and there are also strong interdependencies between key sectors (listed below) which suggests the potential for what is called a ā€˜cascading failureā€™:
ā€¢ financial services
ā€¢ energy
ā€¢ transportation
ā€¢ supply chain
ā€¢ defence and security
ā€¢ government
ā€¢ communications.
Loss or degradation of service in any one of the above areas is likely to have deleterious effects on the others. This makes these sectors...

Table of contents

  1. Cover Page
  2. Half Title page
  3. Dedication
  4. Title Page
  5. Copyright Page
  6. Contents
  7. List of Figures
  8. List of Table
  9. About the Author
  10. Preface
  11. Acknowledgements
  12. List of Abbreviations
  13. Part I The Cybercrime Challenge
  14. Part II The Cyber Security Response
  15. Appendix Sample Response Plan
  16. Recommended Reading and Online Resources
  17. Index