Add to collection(s) Add to saved
  1. No category
Uploaded by GravityLegend - 1k Subs Hype

COMP1300 FINAL!

advertisement 
1. Can we predict cyber-crime rather than simply respond to it? Using real
examples to discuss how this can happen.
The evolution of technology is rapidly advancing as it is being
implemented into our everyday lives. It is through this exponential growth
of technology that has made it hard for cyber analysts and the society to
keep up to emerging threats that emit from cyber-crime. Daily,
technology and cyber-crime are continually being changed and updated
which results in ensuring exacting standards are kept up to date. As
cyber-crime and technology accelerate its encapsulates us into being
vulnerable to an attack. There are multiple forms of attacks that can be
done and the incentive behind cyber-crime plays a major factor in the
events leading to it (Maochao Xu, 2018, p. 2861). These attacks are
generally extensive, multidimensional, and acquires various techniques to
complete and instantiate an attack. The motivation behind these cyberattacks has deviated from “thrill-seeking or notoriety to the pursuit of
profit or political gain” (Jang, 2018). Moreover, the economic costs
related to cybercrime have a large substantial amount costing in the
millions for large businesses if a data breach was to occur, on average
costing around $3million in Australia (Brookes, 2019). Various elements
will need to be considered to ensure the tenacity of predicting cyber-crime
is both accurate and reliable. With the altitude of technology, businesses
and individuals can gain possession of various artificial intelligence (AI)
technology, forecast the manifestations of cyber-crime that is being
targeted upon many businesses and individuals. In this essay, it will
provide a deep analysis of predicting cyber-crime than simply respond to
it and will discuss if it is a time to be capable of achieving accurate and
optimal predictions, the ways prediction is currently done and the tools
used for prediction in the future, the difference in predicting and
responding to cyber-crime and lastly the human factors that contribute
within an organisation.
1|Page
1. Can we predict cyber-crime rather than simply respond to it? Using real
examples to discuss how this can happen.
The prediction of cyber-crime is within reach of our capabilities in today’s
age of computing to some extent. Although, it is not fully feasible to
implement predictions of cyber-crime as a primary security defence.
Cyber-attacks have become and progressively more sophisticated as
technology moves on and it has become visible that dealing with cybercrime is no longer effective to analyse and deal with when they are
happening and after they occur. Therefore, the prevention and prediction
of cyber-crime are far more superior than waiting for an attack to occur.
By predicting an attack, it can allow businesses to adjust their defences
rather than implement costly and reactive response plans. This is evident
through an analysis of the data breach that happened in September 2017
with the organisation Equifax, this data breach disclosed and uncovered
over 143 million private and sensitive data and information from their
customers ranging from credit card details to social security numbers
through an unpatched vulnerability within the organisation's software (Ng,
2018). This vulnerability was noticeable to the Equifax company prior to
the data beach therefore, if expedient measures were enforced it could
and may have been prevented. This data breach may have resulted in the
lack of care or through not placing predictable measures within the
organisation. One of the most basic principles in information technology
(IT) security is to ensure updates on system and software are up to date.
Ultimately, this data breach may have been predicted by many of the
technologies/ processes used to predict cyber-crime/ data breaches and
be noticeable by employees and place effective patches to vulnerabilities
and be incorporated with manual and automated monitoring within the
business. In contrast, by thoroughly analysing past data breaches,
businesses are able to apply countermeasures that other businesses have
done to ensure the protection within their systems and business is secure.
Therefore, forecasting an attack before any data breach was to occur will
allow the business to have effective response plans and effective security
measures in place to prepare the business for the many distinctive
2|Page
1. Can we predict cyber-crime rather than simply respond to it? Using real
examples to discuss how this can happen.
attacks that can occur. Overall, the prediction of cyber-crime is achievable
to some distinct level, and with the exponential growth of technology, we
will maybe soon be able to predict almost all cyber-crime and therefore,
ultimately provide optimal security within businesses. Although, the level
of complexity to fully predict cyber-crime is far beyond our reach of
knowledge and technology.
The advancement of technology has not reached the level to develop and
enhance the prediction countermeasures of cyber-crime as currently, the
prediction of cyber-crime is “near impossible” (Stegh, 2018) to fully
predict the behaviours and procedures of people, especially within the
cyber-crime world with the technologies currently used today. Notably,
the tools used to predict cyber-crime today are limited to the
effectiveness and accuracy they can produce due to the recurring changes
to technologies that are challenging to retain up-to-date knowledge. Tools
such as attack graphs are used to show the various ways a hacker can
exploit vulnerabilities into the network and many of the connected
systems within, this can be overlooked by the business to see the
deficiency and instabilities within the systems. Other tools many
businesses may use are called an intrusion detection system (IDS) and
“big-data analytics” (Menon, 2018), it can either be software or hardware
that monitors the traffic flow between networks and scans for suspicious
activities (Pratt, 2018). To enumerate, the three tools just discussed are
examples of prediction tools businesses may use but noticeably have
limiting factors contribute to them, which are they both require the
existence of some type of suspicious procedures. Researchers are now
searching to find sufficient and adequate ways to predict cyber-crime
using a combination of machine learning, criminology theory, and
algorithms that will evaluate data breach attack factors, simulate attacks,
3|Page
1. Can we predict cyber-crime rather than simply respond to it? Using real
examples to discuss how this can happen.
and come to an understanding of absolute and theoretical attacks (Jang,
2018). This has been achieved by researchers at Massachusetts Institute
of technology’s (MIT) Computer Science and Artificial Intelligence
Laboratory as they exhibit their latest AI that has been able to achieve a
high success rate of 85% for detecting attacks and reducing false
positives by a factor of five (Menon, 2018). With the implementation of AI
systems, it can provide numerous substantial benefits by providing extra
security within a business. AI will enable the response towards
cybersecurity risks easier and provide more time to tech employees as AI
are able to function on their own although, this process can be very costly
(Kh, 2017). This is evident through the comparison of the technologies
and costs used to predict weather forecasts. Over the last decade, it has
been hard to make predictions (Recorded Future, n.d., p. 1), especially
about the future. Meteorologists use multiple different tools to predict the
weather which can be very costly, the same applies to cyber-crime as to
fully predict a data breach it will need lots of different tools which can also
be very costly and take a long time. Above all, it is evident that to some
extent we can use the various tools and procedures to predict cyber-crime
and that in the near future the prediction will be enhanced to provide the
ability to place them within our systems as the main security. Similarly,
there is a fine line that draws the difference between predicting cybercrime and simply responding to the effects and occurrence of it as they
both provide diverse security within a business and both acquire
advantages and as well as disadvantages.
There is an array of distinct cases that will vibrantly contrast the
difference between being able to predict cyber-crime before it happens
and directly responding to it as threats arise within an organisation.
Through a deep analysis of both cases we can identify the advantages and
4|Page
1. Can we predict cyber-crime rather than simply respond to it? Using real
examples to discuss how this can happen.
disadvantages that they each illustrate. Advantages of predicting cybercrime are that there are many different tools businesses and individuals
may use to forecast cyber-attacks, some examples are attack graphs,
technique that analyse the capability, opportunity and intent of the hacker
(COI) which is used by the military and intelligence communities for
threat prediction, Dynamic Bayesian Network (DBN) is a type of statistical
model which operates by revealing patterns and estimating probabilities
over time, and many more (Jang, 2018). These attacks are very beneficial
to businesses as they provide a deep overview of cyber-attacks and the
various ways a business can be defenceless. The future of predicting
cyber-attacks like mentioned above are through uses of various AI
technology that will ultimately increase security and success rates in
predicting cyber-attacks than the current tools used today (Jang,
2018).However, with all these types of prediction methods and tools,
there are limiting factors that are associated with them which are due to
errors in an incomplete network information and attack obfuscation and
can sometimes be very costly. Obfuscation techniques are used to avoid
detection by many of these tools by insertion of noise into malware,
construct complex codes so that it will be very hard to be analysed and
read (Jang, 2018). Also, there are multiple outcomes and possibilities
cyber-crime endures resulting in predicting cyber-crime very hard.
Similarly, by acting upon cyber-crime as it is occurring businesses are
able to visually see where the vulnerabilities within the system are and
can use this for future security measures. Nonetheless, there are also
many disadvantages, if a data breach was to occur, it will be very
expensive and place a bad reputation within and out of the businesses. To
sum up, predicting and acting upon cyber-crime are both very diverse
situations with some simular functionalities although, by integrating both
cases into an organisation by using the examples of tools mentioned
above and the many basic fundamentals of IT security, will enable the
business to efficiently provide effective and adequate security measures
5|Page
1. Can we predict cyber-crime rather than simply respond to it? Using real
examples to discuss how this can happen.
within the business. The components of all systems is mainly performed
and fulfilled by the many employees that are associated with the
business, this has shown to be the weakest link in all systems which some
businesses may fail to predict or even respond to the vulnerabilities the
employees within the business portray
In any Information system (IS) the human component is the most crucial
and important segment in the system, as human factors are what makes
and creates a system (Gheyas & Abdallah, 2016). Over the years, Human
factors in data breaches have become one of the “weakest links” (Bisson,
2019) within an organisation which results in making the business
vulnerable to an attack. Hadlington (2018) emphasised that “aspects of
an accidental or unintentional employee is linked to poor planning, lack of
attention, and ignorance” that the employees perform. “A malicious
insider has the potential to cause more damage to the organisation and
has many advantages over an outside attacker” (Colwill, 2009, p. 187).
This is reflected in the data breach that the company Uber obtained in
2016 as hackers were able to gain login credential information that was
stored and accessed on a website called ‘GitHub’ (Desjardins, 2019). This
compromised 57 million accounts that held personal details. By analysing
this case study, we are able to see that Uber was not able to act on the
data breach until it already happened. This shows that there are many
cases where predicting could’ve or not been used as, the prediction of
someone’s actions, in this case the hackers or employees will be near
impossible to predict. Although, by insuring the teaching and informing of
employees on how to keep information safe and contained within the
business is vital to preserving information and data within an organisation
(Marseille, 2020, p. 28). There are many past data breach cases that
have the same occurring problems as “52% of businesses all admit the
employees are the biggest weakness in IT security” (Kaspersky Daily,
6|Page
1. Can we predict cyber-crime rather than simply respond to it? Using real
examples to discuss how this can happen.
n.d.) . As a result, this reveals there are limitation on how much a
business is able to predict as the actions of their employees has a vast
number of different possible outcomes. Meaning that, it is not feasible to
fully predict the actions of all employees but with the combination of
predicting the numerous ways an employee will make a business
vulnerable can lead to plans to being able to maintain response plans. In
summary, the main causes of a data breach are due to the lack of
knowledge an individual has about ensuing security across multiple levels
of their daily basis is optimal. Significantly, this is a major predictable
vulnerability that has arisen in many businesses and is what most
businesses are developing to make dynamic changes within their
organisation.
In conclusion, with the emerging state of technology and the evergrowing population that uses it, it encloses us into being vulnerable to an
attack which leads to higher statistics of cyber-crime. This motivates
businesses to ensure that optimum security is assured. Through analysis
of future technology, we have discovered we are close to being able to
predict cyber-crime and the difference opposed to responding to the
threats that emit from cyber-crime, and the human factors that are
associated with all businesses. As shown above, we as a society are
currently not ready and equipped to optimise prediction of cyber-crime as
our main security measure within businesses as the lack of knowledge,
technology and ultimately have the ability to keep up to date with recent
security problems and updates. Although, we can incorporate both
prediction tools and security measures together within the businesses to
simply respond and prevent cyber-crime atomically.
7|Page
1. Can we predict cyber-crime rather than simply respond to it? Using real
examples to discuss how this can happen.
References
Bisson, D., 2019. Venafi. [Online]
Available at: https://www.venafi.com/blog/7-data-breaches-caused-human-error-did-encryptionplay-role
[Accessed 7 June 2020].
Brookes, J., 2019. Which-50. [Online]
Available at: https://which-50.com/as-costs-rise-australia-is-getting-worse-at-handling-databreaches-ibmstudy/#:~:text=On%20average%2C%20the%20cost%20of,periods%20than%20a%20year%20ago.
[Accessed 3 June 2020].
Colwill, C., 2009. Human factors in information security: The insider. Information security technical
report, 14(1), pp. 186-196.
Desjardins, J., 2019. Visual Capitalist. [Online]
Available at: https://www.visualcapitalist.com/the-15-biggest-data-breaches-in-the-last-15-years/
[Accessed 7 June 2020].
Gheyas, I. A. & Abdallah, A. E., 2016. Detection and prediction of insider threats to cyber security: a
systematic literature review and meta-analysis. Big Data Analytics, 30 August, Volume 6.
Hadlington, L., 2018. The “Human Factor” in Cybersecurity: Exporing the Accidental Insider. pp. 4663.
Jang, S. J., 2018. Research Features. [Online]
Available at:
[Accessed 2 June 2020].
Kaspersky Daily, n.d. The Human Factor in IT Security: How Employees are Making Businesses
Vulnerable from Within. [Online]
Available at: https://www.kaspersky.com/blog/the-human-factor-in-it-security/
[Accessed 8 June 2020].
Kh, R., 2017. InfoSecurity. [Online]
Available at: https://www.infosecurity-magazine.com/next-gen-infosec/ai-future-cybersecurity/
[Accessed 5 June 2020].
Maochao Xu, K. M. S. R. M. B. a. S. X., 2018. Modeling and Predicting Cyber Hacking Breaches. IEEE
TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 13(11), pp. 2856-2871.
Marseille, E., 2020. The Rapid Growth of Data Breaches in Today’s Society, s.l.: ProQuest.
Menon, P., 2018. McAfee. [Online]
Available at: https://www.skyhighnetworks.com/cloud-security-blog/can-cyber-attacks-bepredicted/
[Accessed 5 June 2020].
Ng, A., 2018. CNet. [Online]
Available at: https://www.cnet.com/news/equifaxs-hack-one-year-later-a-look-back-at-how-it-
8|Page
1. Can we predict cyber-crime rather than simply respond to it? Using real
examples to discuss how this can happen.
happened-and-whats-changed/
[Accessed 4 June 2020].
Pratt, M. k., 2018. CSO Australia. [Online]
Available at: https://www.csoonline.com/article/3255632/what-is-an-intrusion-detection-systemhow-an-ids-spots-threats.html
[Accessed 4 June 2020].
Recorded Future, n.d. Anticipating Cyber Attacks: Theres No Abbottabad in Cyber Space, s.l.: s.n.
Stegh, C., 2018. Enabling Technologies. [Online]
Available at: https://blog.enablingtechcorp.com/faq-cybersecurity
[Accessed 7 June 2020].
9|Page
Related documents
Cyber-crime Science = Crime Science + Information Security
Cyber-crime Science = Crime Science + Information Security
draft questionnaire on cyber-crime, related to the recommendations
draft questionnaire on cyber-crime, related to the recommendations
Introduction
Introduction
Cyber-crime Prevention
Cyber-crime Prevention
INTRODUCTION
INTRODUCTION
Listen A Minute.com - ESL Listening - Cyber
Listen A Minute.com - ESL Listening - Cyber
3A Models of Physical Chemical Properties
3A Models of Physical Chemical Properties
Pick Only 2
Pick Only 2
Download
advertisement