Page 312 - Introduction to Electronic Commerce and Social Commerce
P. 312

10.2  Basic E-Commerce Security Issues and Landscape                                            299

           was sentenced to more than 20 years in jail. However, shortly  the average annualized cost of cybercrime per company sur-
           thereafter, Silk Road was “resurrected” as Silk Road 2.0.  veyed was $7.2 million per year, which is an increase of 30%
              Transactions on Silk Road are paid only by  bitcoins  from the previous year’s global cyber cost study. Data breaches
           (Chapter 11). In February 2014, hackers stole over 4400 bit-  can be very costly to organizations. For how organizations can
           coins that were held in escrow (between buyers and sellers);  be devastated by cyberattacks, see Kavilanz (2013). For an
           over $2.7 million value of bitcoins are gone forever (see  infographic regarding the cost of cyberattacks, see  Alto
           Pagliery 2014a). The owner of the Silk Road site declared  (2016).
           bankruptcy. However, by May 2014 the site was back in
           business.
                                                                SECTION 10.1  REVIEW QUESTIONS
             Keystroke Logging in the Underground Economy
                                                                1.  Define computer security.
           Keystroke logging (keylogging) is the process of using a     2.  List the major findings of the CSI most recent survey.
           device or software program that tracks and records the activity     3.  Describe the vulnerable design of the Internet.
           of a user in real time (without the user’s knowledge or con-    4.  Describe some profit-induced computer crimes.
           sent) by the keyboard keys they press. Since personal informa-    5.  Describe the Internet underground economy and the dark-
           tion such as passwords and user names are entered on a   net.
           keyboard, the keylogger can use the keystrokes to obtain them.    6.  Describe the dynamic nature of EC systems.

             The Explosion of Social Networking
                                                              10.2   BASIC E-COMMERCE SECURITY
                                                                     ISSUES AND LANDSCAPE
           The huge growth of social networking and the proliferation
           of platforms and tools make it difficult to protect against
           hackers. Social networks are easy targets for phishing and   In order to understand security problems better, we need to
                                                              understand some basic concepts in EC and IT security. We
           other social engineering attacks.
                                                              begin with some basic terminology frequently related to
                                                              security issues.
             The Dynamic Nature of EC Systems
           and the Acts of Insiders
                                                                Basic Security Terminology
           EC systems are changing all the time due to a stream of inno-
           vations.  Security  problems  often  accompany  change.  In   In Section 10.1, we introduced some key concepts and secu-
           recent years, we have experienced many security problems
                                                              rity terms. We begin this section by introducing alphabetically
           in the new areas of social networks and wireless systems   the major terms needed to understand EC security issues:
           (some will be explored later in this book). Note that insiders
           (people who work for the attacked organizations) are respon-  Business continuity plan: A plan that keeps the business
           sible for almost half of the security problems. New employ-  running after a disaster occurs. Each function in the business
           ees  are being added  frequently  to organizations, and  they  should have a valid recovery capability plan.
           may bring security threats with them.              Cybercrime: Intentional crimes carried out on the Internet.

             The Sophistication of the Attacks                Cybercriminal: A person who intentionally carries out crimes
                                                              over the Internet.
           Cybercriminals are sharpening their weapons continuously,   Exposure: The estimated cost, loss, or damage that can result
           using technological innovations. In addition, criminals are   if a threat exploits a vulnerability.
           getting organized in very powerful groups, such as LulzSec
                                                              Fraud: Any business activity that uses deceitful practices or
           and Anonymous. Cybercriminals change their tactics because
           of improved security (i.e., they are adapting quickly to a   devices to deprive another of property or other rights.
           changing environment).                             Malware (malicious software): A generic term for mali-
                                                              cious software.
             The Cost of Cybercrime
                                                              Phishing: A fraudulent process of attempting to acquire sen-
                                                              sitive information by masquerading as a trustworthy entity.
           It is not clear how much cybercrime costs. Many companies
           do not disclose their losses. However, HP Enterprise Security’s  Risk: The probability that a vulnerability will be known and
           “2013 Cost of Cyber Crime Study: Global Report” found that  used.
   307   308   309   310   311   312   313   314   315   316   317