Page 309 - Introduction to Electronic Commerce and Social Commerce
P. 309

296                                                     10  E-Commerce Security and Fraud Issues and Protections

              On February 17, 2013, President Obama issued an execu-    Security Risks in Mobile Devices
           tive order for combating cyberwars. This order gave “federal
           agencies greater authority to share ‘cyber threat’ information  The major  mobile devices  security concerns  are loss  of
           with the public sector.”                           devices that include sensitive information (66%); mobile
                                                              devices infected by malware (60%); theft of data from the
             Security Risks for 2014 and 2015                 device (44%); users downloading malicious apps (33%);
                                                              identity theft and other user personal loss (30%).
           The major security risks for the near future are:

                                                                Cyberwars and Cyberespionage Across Borders

              •  Cyberespionage and cyberwars (discussed below)
                are growing threats.                          Using computers as a tool to attack information systems and
              •  Attacks are now also against mobile assets, including   computers is growing rapidly and becoming more and more
                on smartphones, tablets, and other mobile devices.   dangerous.
                Enterprise mobile devices are a particular target.
              •  Attacks on social networks and social software tools.     Cyberwarfare
                User-generated content is a major source of malware.
              •  Attacks on BYOD (“Bring Your Own Device”).   According to the UN Crime and Justice Research Institute
              •  Identity theft is exploding, increasing the criminal   (Unicri), Cyberwarfare or (Cyberwar) refers to any action
                use of the stolen identities.                 by a nation, state, or international organization to pene-
              •  Profit motive—as long as cybercriminals can make   trate another nation’s computer networks for the purpose
                money, security threats and phishing attacks will   of causing damage or disruption. However, broader defini-
                continue to grow.                             tions claim that cyberwarfare also includes acts of “cyber-
              •  Social engineering tools such as phishing via e-mail   hooliganism,” cybervandalism, or cyberterrorism.  The
                are growing rapidly.                          attack usually is done through viruses, DoS, or botnets.
              •  Cybergang consolidation—underground groups are
                multiplying and getting bigger, especially in Internet   •  Cyberwarfare, which is an illegal activity in most coun-
                fraud and cyberwars.                            tries, includes the following major threats: Online acts of
              •  Business-oriented  spam  (including  image-based   espionage and security breaches—which are done to
                spam).                                          obtain national material and information of a sensitive or
              •  Attacks using spyware tools (e.g., using Denial-of-   classified nature through the exploitation of the Internet
                Service method).                                (e.g., exploitation of network flaws through malicious
              •  Attacks on new technologies such as cloud comput-  software).
                ing, IoT, and virtualization.                 •  Sabotage—the use of the Internet to disrupt online com-
              •  Attacks on Web and mobile applications (apps).  munications with the intent to cause damage.
                                                              •  Attacks on SCADA (Supervisory Control and Data Acqui-
                                                                sition) network and NCIs (National Computational Infras-
              We cover all the major topics on the above list in the rest   tructure). For example, in 2015, hackers attacked the
           of this chapter. According  to Lawinski  (2012), the major   German Parliament’s computer network (Troinovski 2015).
           attacks  on  corporations  are  on  executives  (25%),  shared
           mailboxes (23%), and sales (12%). While most of the attacks   For an overview, see Singer and Friedman (2014).
           are against large enterprises (50%), hackers attack medium
           (32%) and small companies (48%) as well.  Additionally,   Cyberespionage
           93% of companies affected are in the health care or IT indus-
                                                              Cyberespionage refers to unauthorized spying using a com-
           tries. We assume the 2015–2016 data are similar.   puter system. Espionage involves obtaining secrets without
              For more information, see sans.org, baselinemag.com/
                                                              the permission of the holder of the information (individual,
           security, enisa.europa.eu/activities/risk-management, and   group, or organization). Cyberespionage is an illegal activity
           the Information Systems Security Certification Consortium
                                                              in  most  countries.  For  cyberspying  on  U.S.  firms  by  the
           (isc2.org).
                                                              Chinese, see Yan (2016).
   304   305   306   307   308   309   310   311   312   313   314