StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Cyber Threats and the Effects of Insurance vs. other Risk Controls - Research Paper Example

Summary
The author of the paper 'Cyber Threats and the Effects of Insurance vs. other Risk Controls' states that in the modern business environment, the use of electronic data as well as interaction through the internet is significant. Businesses have to heavily rely on electronic data and even carry out transactions through the internet in order to remain relevant in the corporate world…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER96.8% of users find it useful
Cyber Threats and the Effects of Insurance vs. other Risk Controls
Read Text Preview

Extract of sample "Cyber Threats and the Effects of Insurance vs. other Risk Controls"

Cyber Threats and the Effects of Insurance vs. other Risk Controls Affiliation) In the current or rather modern business environment, the use of electronic data as well as interaction through the internet is significant. Businesses have to heavily rely on electronic data and even carry out transactions through the internet in order to remain relevant in the competitive corporate world. Though relying on this can bring both growth opportunities and significant efficiencies to the business, this venture can as well come with a range of particular risks or threats that ought to be understood and mitigated. These risks widely known as cyber threats/risks, that is, the specific risks that typically relate to the use of computers, virtual reality and information technology. Accordingly, awareness of cyber risks needs to be increased to bring this newfound interest in insurance products to a new level of concern. The insurance now cover incidents in which sensitive, confidential or protected data has potentially been stolen, tampered with and viewed by an unauthorised individual. Furthermore, these cyber risks also include all computing risks such as hacking, viruses, Trojan horses, malicious codes, spyware and the most recent one “phishing.” These being the most common threats, this paper thus seek to define each component and break down the way each one can adversely affect the financial sheet at the end of the day (Cordesman, 2002). To begin with, hacking is the most widely known cyber threat. Computer hacking can be defined as the act of modifying computer software or hardware to accomplish a mission outside the inventor’s original purpose. Thus, those individuals who take part in computer hacking activities are often known as hackers. Previously considered common among teenagers as well as young adults, many hackers are now mature adult people who venture in this practise with the aim of acquiring money and information illegally. Hackers usually gain unauthorized access to firms’ computer systems and get electronic data for illegal use. Accordingly, the availability of information online on the techniques and tools and even malware makes it possible for even non-technical individuals to take part in malicious activities. Moreover, hackers break into firms’ networks with the intention of revenging or for the thrill in bring a business activity to a standstill. Consequently, they will brag of having the power to make a firm come to its toes. According to the U.S Central Intelligence Agency, many of these hackers do not have the necessary expertise to threaten the U.S networks (Cilluffo, 2001). However, these individuals pose a relatively high threat in business entities, since the activity has become an opportunity to get personal information belonging to customers thus stealing from their credit cards. A good example is the incidence that around September 14, 2013, where Noble and Barnes bookstores found that hackers had been stealing their customer’s credit card information as well as Personal Identification Numbers (PINs) (Cilluffo, 2001). These hackers managed to achieve their goals through using keypads separate from the registers at sixty-three of its bookstores. Hackers can really after the financial sheet of a firm. For instance, economists Peter Leeson and Christopher Coyne in one of their report said that in 2013 alone, hackers managed to cost firms 56 billion dollars. They further gave an example of the Play Station that cost Sony more than 170 million dollars. Another example they gave was of Google, which lost over 500, 000 dollars in hacking in 2006. According to the editorial director of Computer Security Institute, Richard Power, single instances of hacking may often cost as much as 700, 000 dollars to seven million dollars a day for big online businesses. The second cyber threat is computer viruses. From a technical perspective, a computer virus is defined as self-replicating segment of a computer code, which usually resides in mother or host program. A computer functions through the execution of instructions that consists of machine codes. Thus, a virus is a code that has been written by an individual and placed inside the computer. As such, the virus copies itself to other computer programs in order to perform the task that the inventor has written. However, writers who come up with these viruses always have complete control over them. They would first decide what the virus will do which consists of deciding on how it replicate itself and what damage it can cause. Secondly, they creators of these viruses have control over when the viruses would start performing the task they have been assigned. As such, the writer can decide to make the virus perform the task as soon as soon as it created or wait until a certain date or time. Computer viruses have the capability to create both minor and severe destruction. Since the creator decides on which part of the computer to affect, the virus thus can manipulate screen displays, manipulate sounds, damage disks, erase files, change keyboard input, damage programs, reduce memory space, corrupt the computer by slowing procedures or changing the sequence of operations and last but not least give a user access to vital information illegally (Bojanc, 2008). Over the last decade, the business world has suffered huge losses due these computer viruses. Computer viruses have the capability of tapping into systems and gaining access to important data. Consequently, a firm can be lead into losses if important electronic data would reach the hands of unauthorized individuals. A practical example is the virus called ‘I Love You’ that hit the government as well as business entities. This virus erased large amount of data as well performed the following damage; firstly, it managed to make its way to the user’s address book and later sent itself to all the addresses in the address book. Secondly, it also managed to make its way to the software that usually supports chat rooms in order for everyone engaging in the chat room to receive it. Thirdly, it searched for audio with the intention of replacing itself (Bojanc, 2008). Lastly, the virus slotted-in a password-stealing program in the Internet Explorer. Within few hours, the virus had spread across the globe with damage worth fifteen million dollars. The third common threat is the Trojan horses. A Trojan horse is a programme that hides on victims’ computer, monitors their activities and communicates information back to the attacker. A Trojan or Bot monitors people’s web browsing to steal login details. A Trojan is usually given a list of popular banking sites and login all the web traffic to these sites, sending it back to the command and control server. This includes victims’ bank login and transaction details. Additional ‘injects’ can be bought with the Trojan kit that ask extra bank verification question questions or add additional transactions as the victim is banking. Attackers then use the passwords to transfer money out of the company’s bank account. Typically, these transfers are made to a “mule’s” account: someone that they have recruited to receive money. Again, there are services available on underground forums to help recruit mules. The mules then wire money to the attacker in another country. Once a bank detects fraudulent transactions, it will try to block, reverse or claim back the money, but it can often be too late. For instance, in 2005 a Trojan horse called Slammer caused an internet blackout across the U.S, Australia, New Zealand and South Korea. Consequently, traffic increased by twenty five percent thus making a huge damage in the economy of the affected countries. Moreover, airlines had to cancel flights due to network loss thus ceasing their operations (Stoneburner et al, 2002). Fourthly, are the malicious codes, which damage the computer through codes. The code is not easily controlled by use of antivirus applications. It can either activate itself or rather be like a virus, which usually needs a user to perform an action, such as opening an email attachment or clicking on something. For instance in June 2013 Brook bond Systems lost 200, 000 dollars because of a malicious code that entered in their data system. Fifthly, is spyware, a technology that helps in collecting information about an individual or organization without their knowledge or consent. Known as ‘spybot’ at times, the program is put inside a user’s computer to secretly collect information about him/her in order to rely it to advertisers or business competitors. This threat can make a firm to lose a lot of money due to a revelation of its secrets to a competitor in the market. Finally yet importantly on the threats, is the latest threat called ‘phishing.’ This is the use of emails to trick a user into performing an action. For instance, a phishing email might tell a user to click on a link that takes them to fake banking site where they then enter their username and password. The term phishing is derived from fishing; most criminals are ‘fishing’ for victims that they then reel in. How Companies can Control these Threats For firms to control as well as prevent these threats, they should formulate organizational formal cyber risk policies and procedures. Thus, firms should check on their security, that is, if the physical security is perfect. For instance, the firm should watch out of intruder detection technologies and check of the access restrictions. The firms should also have specific controls over the system security for instance, have segregated networks that are isolated from business critical information and data, identity and access management (Siegel et al, 2002). Furthermore, the firm should have updated ant malware tools that protect the firm’s system from malware threats. Additionally, the firms antivirus and anti spyware should be updated more often. Above all a firm should have legal controls where it works closely with legal adviser to ensure that the firm is in line with robust legal protections. More so, in areas concerned with copyrights, patents and secrecy as well as confidentiality clauses in contracts, this includes employment contracts. To avoid running into huge losses in case of a threat, a firm must mitigate its risks to insurance companies. Businesses should take cyber risk insurance covers to help cover for the loss and breach of data. However, insurance policies should be checked, for instance, Property insurance policies, crime insurance policies and liability insurance policies (Lam, 2014).. Accordingly, a hacking loss may affect more than one insurance policy or rather may overlap the coverage. A policyholder may end up facing a number of lawsuits claiming damaging for violation of federal statutes, which govern the handing of customers, investigation by governmental authorities and employee or health information (Siegel et al, 2002). References Bojanc, R., & Jerman-Blažič, B. (2008). An economic modelling approach to information security risk management. International Journal of Information Management, 28(5), 413 422. Cilluffo, F. J., Cardash, S. L., & Ledgerwood, M. M. (2001). Cyber threats and information security: meeting the 21st century challenge. CSIS Press. Cordesman, A. H., & Cordesman, J. G. (2002). Cyber-threats, information warfare, and critical infrastructure protection: defending the US homeland. Greenwood Publishing Group. Lam, J. (2014). Enterprise risk management: from incentives to controls. John Wiley & Sons. Siegel, C. A., Sagalow, T. R., & Serritella, P. (2002). Cyber-risk management: technical and insurance controls for enterprise-level security. Information Systems Security, 11(4), 33 49. Stoneburner, G., Goguen, A., & Feringa, A. (2002). Risk management guide for information technology systems. Nist special publication, 800(30), 800-30. Wallner, J. Cyber Risk Management. Encyclopedia of Quantitative Risk Analysis and Assessment. Read More

CHECK THESE SAMPLES OF Cyber Threats and the Effects of Insurance vs. other Risk Controls

Threats of the Future

The future threats and the defense against them would be, in the most likelihood, more technological and virtual than physical, and of a nature that few would have thought of or considered a serious threat.... The scope of these threats is also becoming more global, and surprisingly, more virtual or transparent, so that they are now very difficult to spot and equally difficult to defend against (cyber threats of the Future).... Society has always been exposed to various natural and manmade threats, which have put civilization at risk....
9 Pages (2250 words) Essay

Security Risk Analysis for Intrusion Detection and Prevention of Cybercrime

The paper recommends appropriate procedures to control the threats and reduce the vulnerability of the system to lower the level and make them acceptable keeping in mind the military network and the sensitivity of data protection in this case.... Essentially, controls and expenditures are largely commensurate with the risks that an organization posses.... controls – The countermeasures put up by management for vulnerabilities.... They include preventive control, detective controls, deterrent controls, etc....
12 Pages (3000 words) Report

Avoiding Cyber Threats in E-Commerce

The paper "Avoiding cyber threats in E-Commerce" provides a deep insight into measures available to prevent cyber-attacks - intrusion detection prevention systems, firewalls, encryption, anti-virus software, and login passwords, and programs for enhancing consumers' awareness of security.... he cybersecurity departments need to have strategies that balance resiliency with focused, protection, risk-informed prevention, and preparedness activities in order to manage and reduce the most deleterious risks in e-commerce....
6 Pages (1500 words) Essay

An Assessment of Risks in Romania

Some of the identified risks have been categorized into four which includes natural risks, transportation risk, technological and civil risks.... According to the group of national steering on emergency management that is major, risk assessment and hazard analysis were accomplished at the regional and local level.... Hazards identified at the level of the agency and department and also those in the process were assessed in the process of risk assessment....
18 Pages (4500 words) Term Paper

Cybersecurity Issues - the Silent Attack on Organizations and Consumers

cyber threats that hit organizations currently occur despite organizations thinking that they are adequately prepared.... The measures mostly focused on possible threats in areas considered high-risk targets for terrorists.... other than the physical locations, significant attention has of late been accorded to computer as well as telecommunication systems as a result of a possible network security vulnerability (The National Academies, 2015)....
10 Pages (2500 words) Essay

How Serious Are Cyber-Security Threats

There is also industrial espionage and other instances.... Broadhurst et al (2014), as well as Abomhara (2015) and other sources, state there is a broad range of reasons why governments engage in cybersecurity intrusion.... Abomhara (2015) advises that gaining access to the systems of other governments can represent a source of national security.... In China it is the Ministry of State Security (Lu, 2018), the Ministry of Intelligence in Iran is another example (Nader, 2010), and in the UK it is MI5 as well as the Office for Security and Counter-Terrorism along with other agencies (Miller and Sabir, 2012)....
9 Pages (2250 words) Coursework

National Risk Register for China

the effects of the risks as well as the likelihood and impact are the most fundamental issues in risk management.... To exhaustively identify threats and hazards in China, the risks (threats and hazards) were placed into four categories.... Effects: In the comprehensive view of threats and hazards, the impacts of risks were identified on the impact it had on the four categories.... Table 3: Background of risks in China10Table 4: risk matrix for China131....
16 Pages (4000 words) Essay

Cyber Security and Digital Forensics

The wireless network is vulnerable to various security threats and attacks, where malware attacks pose the greatest threat by exploiting the weaknesses of the wireless network (BITS 19).... It is therefore critical that organizations must take the required steps to protect information and to provide proper risk management that could prevent data breaches (Sophia).... The rapid penetration of the internet has raised the potential for security threats for businesses globally....
8 Pages (2000 words) Coursework
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us