DCU152 Cyber Security Awareness - Free Samples to Students

• Formal participation as well as security awareness program review by all the full time and part time faculty and staff
• Report on security issues to respective departments in a timely manner with proper documentation
• Newly hired faculty and staff will also be provided with the training, and that will be completed within 10 days
• Newly hired faculty and staff will not be entertained to resign from the organization once training is availed. If so the training cost has to be paid by the individual
• The training is available in both online and offline mode
• No training material including the audio, video, the document is allowed to download and distribute with the permission of the organization
• Employees need to provide feedback after the training to assess the program better and identify opportunities to improve the quality of the program

The policy if implemented will bring the following improvement:

• Increased awareness among the employees
• Proper and effective reporting and documentation of security threats
• Reduction in security issues due to lack of knowledge among the employees

The training program will not require huge investment, and the policy has been developed with reference to that. However, it will help the company to save millions which the company might need to be addressed if security breaches occur due to lack of employee knowledge about the cybersecurity issues.

The training will help the employee of modern InfoTech to identify security issues and techniques to avoid that which will help them to work efficiently and increase the production.

Understanding the threats:

There are several motivations for the cybercriminal to perform cybercrime such as (Hayden):

• Money
• Popularity
• Entertainment
• Status

Although the money is the major motivation for the cybercriminals, it is not the only one. The other factors also serve as motivations for the cybercriminals as well.

Money

The money associated with the cybercrimes is worth millions, however depending on the size and strength of the organizations (Anderson et al.). This might be higher or lower but what is important here is that whenever organizational data is breached, the organization in most of the cases is asked to pay a huge amount to get back the data which brings additional cost well. The smaller companies can even go bankrupt due to one data breach (Weber). Hence appropriate knowledge about the issue is not only important but essential as well.

Industrial espionage/trade secrets

It is identified as the theft of business trade secret by the competitive companies for the competitive advantage (Carlos Roca, Juan José García and Juan José de la Vega). According to the Economic Espionage Act, this is not only illegal, it is not ethically permissible and considered a criminal offense as well.

Hacktivism 

The Hacktivism is considered important and popular internet activism (Ratnasingam). The hackers with the rebellious attitude deploy the computer and computer network aims to promote some social change or some financed political agenda

Cyberwar 

When a nation through cybercrimes tries to bring damage to another nation, it is termed as cyberwar (Jordan and Paul Taylor). In this age of technology, cyberwar is becoming more popular than the traditional war. It might also be regarded as the virtual war between two nations.

Bragging rights 

When hackers have a more notorious purpose to hack officials or government agencies, the motivation for the crime is much higher than just the financial gain. Sometimes hackers also demand full control over the entire organization or the government through the exploitation of the cybersecurity framework (Armstrong, Helen L. and Patrick J. Forde). It is termed as the “bragging rights” in the cybercrime context.

5. Costs of cleaning up after a breach 

According to the Ponemon Institute data breach report in 2018, the average cost of the data breach has increased in the past few years. However, according to the report, the Costs of cleaning up after a breach will still depend on the nature of the crime (“Ponemon.org”). The report has been prepared with the responses of the responses of 2,182 interviews from 254 companies in seven countries—Australia, France, Germany, Italy, Japan, United Kingdom and the United States.

Organized crime

According to the report, in the case of the organized crime, the average cost ranges from $65 million to $100 million. However, this cost will still depend on the organization infrastructure and existing strategy for addressing the cybercrime.

Nation-states

The report specifies that as an entire nation is involved in the cybercrime and the target is also a nation, this type of cybercrimes will require the highest cost than the other crimes. The Nation-States cybercrime involves various organizations, government as well as industries both small and large ones and the individuals of the nation too. The average cost according to the report is approx. $57 billion to $109 billion.

Hacking gangs 

This type of crimes according to the report will also require major investment for cleaning up after a breach as more than one hacking gang will be involved. The average cost is likely to be $210 million to $425 million.

Hacktivist 

The major motivation of the Hacktivist is to bring social change or promote some political agenda (Klein). The cost might not be a major factor here. However, it will still require investment from the organizations if the cybercrime occurs. The cost according to the report will depend on the nature of the organization though. The report specifies that the recent cybercrime has caused NASA $500,000. Another cybercrime by the Hacktivist has caused PayPal £3.5m.

Cyberwar 

The cyber war is another form of cybercrime that also involves two nations, organizations or as per the choice of the cyber criminals who are involved in the virtual war (Clarke and Robert). If one nation is successful in the cyber war against other nation, it will cost a huge amount of money to the other nation. The average cost of a cyberwar, according to the report is $600 billion for large companies, for small organizations it is around $200 million.

References:

Anderson, Ross, et al. "Measuring the cost of cybercrime." The economics of information security and privacy. Springer, Berlin, Heidelberg, 2013. 265-300.

Armstrong, Helen L., and Patrick J. Forde. "Internet anonymity practices in computer crime." Information management & computer security 11.5 (2015): 209-215.

Carlos Roca, Juan, Juan José García, and Juan José de la Vega. "The importance of perceived trust, security and privacy in online trading systems." Information Management & Computer Security 17.2 (2017): 96-113.

Clarke, Richard Alan, and Robert K. Knake. Cyber war. Tantor Media, Incorporated, 2014.

Hayden, Lance. IT security metrics: A practical framework for measuring security & protecting data. McGraw-Hill Education Group, 2017.

Jordan, Tim, and Paul Taylor. Hacktivism and cyberwars: Rebels with a cause?. Routledge, 2017.

Klein, Adam G. "Vigilante media: unveiling Anonymous and the hacktivist persona in the global press." Communication Monographs 82.3 (2015): 379-401.

McCrohan, Kevin F., Kathryn Engel, and James W. Harvey. "Influence of awareness and training on cyber security." Journal of internet Commerce 9.1 (2014): 23-41.

Ponemon Study Shows The Cost Of A Data Breach Continues To Increase - News And Press Releases. Ponemon.Org, 2018, https://www.ponemon.org/news-2/23. Accessed 13 Oct 2018.

Ratnasingam, Pauline. "The importance of technology trust in web services security." Information Management & Computer Security 10.5 (2015): 255-260.

Shaw, Ruey Shiang, et al. "The impact of information richness on information security awareness training effectiveness." Computers & Education 52.1 (2015): 92-100.

Weber, Rolf H. "Internet of Things–New security and privacy challenges." Computer law & security review 26.1 (2016): 23-30.