Cyber-Crime, Cyber-Terrorism, Cyber-Espionage, and Cyber-Warfare Threats, Risks, and Vulnerabilities

In the contemporary business and IT (information technology) environments, increasing number of business organizations are investing in the IT tools to enhance competitive market advantages. Integrating the IT tools in a business model has become a crucial strategy that organizations can employ to achieve a market success. While IT tools deliver several market benefits for businesses, nevertheless, businesses face enormous risks when integrating IT tools in their business model. A business faces a threat that involves a potential violation of security with intent to exploit a vulnerability and cause harm to the business market advantages. A vulnerability is the weak aspect of organizational IT asset, which can be exploited to cause a threat to an organization. On the other hand, an asset is any tangible or intangible materials that can add values to an organizational mission or a business operation.

A risk is a likelihood of being attacked. However, a threat is a source of a particular attack. Thus, an organization needs to carry out a threat assessment to determine an appropriate approach to secure information systems from a threat. A business needs to carry out a threat assessment to determine an appropriate approach to secure information systems. A penetration testing is an effective strategy to assess threat profiles in order to develop countermeasures against given threats.

Moreover, a business faces the risk of attack that involves a deliberate attempt to violate a system security. A risk security management is a strategy that organizations can employ to protect or prevent security threats on organization IT tools and infrastructures. Vacca, (2012) points out that threats are the incidents that can cause harm to organizational IT infrastructure and assets. Moreover, a vulnerability is the weakness of organizational IT infrastructure and assets, which can be exploited by an attacker. Vacca, (2012) points out that risk management involves integrating security measures to protect organizational IT infrastructures. Typically, an effective risk management is very critical to enhancing a successful IT security program.

Despite the benefits associated with the IT risk management policy, however, integrating security measures along integrating the operational framework is high challenging for organizations. The costs of implementing an appropriate security measures are sometimes enormous for some organizations. Sometimes, some organizations may face difficulties in justifying the costs with the benefits associated with the IT investments. Organizations may also face challenges in developing an effective and efficient IT security plan. Vacca, (2012) further argues that organizations require an effective IT security measure to protect the IT assets since IT treats can make organizations lose the values of its IT assets. Since 2008, different organizations have lost both sensitive information and funds worth billions of dollars. For example, Target Retail was a victim of cyber-attack where 40 million credit and debit card information of customers were stolen. Moreover, Home Depot was a victim of a cyber-attack where cyber criminals stole credit card information of 56 million shoppers in 2014.

Vacca, (2012) recommends that application of risk management is very critical to protect IT assets. The risk management involves assessing security controls as well as using appropriate security procedures to prevent and manage the security threats. Essential risk management includes risk assessment, risk evaluation, and risk mitigation. Risk management is the process of balancing operational and economic costs to achieve mission objectives. Moreover, Vacca (2012) points out that risk management involves six processes that include risk treatment, risk assessment, risk acceptance, risk consultation, risk monitoring and risk communication. However, the most important aspect of risk management is risk mitigation.

Topic 2: Zero-day Exploit

A zero-day exploit refers to a situation where an attacker takes an advantage of security vulnerability identified in the same day. In another word, a zero-day exploit is an attack carried out by a cybercriminal on the same day the software flaw is known before software developer has time to fix the vulnerability. Ordinarily, when a company detects that a software program contains a security flaw, the software alerting tool needs to notify a software developer to fix the program. However, sometimes an attacker may detect the loophole on the same day t before a developer is aware of the problem. Depending on the complication of the software security issue, it may still take some time before an attacker exploits the security issue. Thus, it very important for organizations...

Moreover, it is advisable to install IDS (intrusion detection system) to detect unauthorized activities within the software systems. Typically, zero-day exploits come in all shapes. Most often, attackers may poison a Web page to exploit a Web browser of a legitimate organization. (Bilge, & Dumitras, 2012).
Bilge, & Dumitras, (2012) argue that there is almost no effective defense for a zero-day-exploit especially when it is not possible to patch the software and the anti-virus is unable to detect the attack. A recent zero-day attack was carried out by the group ATP 28 where Russian attackers trigger a user to visit an infected Web page. The technique of the zero-day attack is to infect the website browser of PHP, HTML or JS pages in order to launch an infected code in the web browser whereby the flash code will be executed automatically when a user clicks on the web page. Using this strategy, ATP 28 group is able to steal sensitive data of many organization.

A trend in ZDE has made the cyber terrorism, cyber espionage, and cybercrime to be on the increase. For example, some attackers have gone to the extent of developing a legitimate website and infect the website with a logic bomb to collect sensitive information from target users. Moreover, some infected Web pages may contain striking topics to lure users to click on the page. Typically, some Asian and Russian governments have gone to the extent of sponsoring the ZDE to carry the cyber espionage on American or European governments. For example, the Pawn Storm group, sponsored by the Russian government, is currently using the ZDE to run a cyber espionage targeting NATO (North Atlantic Treaty Organization) or White house websites to collect sensitive information.

Topic 3: Cybercrime vs. Traditional Crime

In the United States, the severity and rate of traditional crimes are decreasing while the rates of cybercrimes are increasing. Major reason leading to an increase in the cybercrime is that it is very difficult to capture the cyber criminals making many people get away with their crimes. Moreover, cyber criminals do not face the same punishment faced by the traditional criminals. Since the likelihood of getting away with cybercrimes is high, the rates of cybercrimes are on the increase in the United States. Typically, the cybercrime is a new phenomenon in the United States, and the regulations guiding the cybercrime are still slow. Unlike the traditional crime where it will be easy to collect physical evidence to nail the criminals, however, it is very difficult to collect physical evidence for cybercrimes. For example, robbing a bank physically will involve armed criminals physically rob the bank. In the event of robbing the bank, the police can collect the physical evidence of criminals that include collecting the description of the criminals. In the law court, many witnesses will be called upon to assist the police in the court of law. However, it is challenging to collect physical evidence for cybercrime since the crime is committed online. Moreover, many law enforcement agents do not possess the technical skills to collect cyber crime evidence to be presented in court. Even after collecting the evidence, it may still difficult to prove that the criminal actually perpetuates the crime since there may be no witness.

In 2011, $43 Million were cast away by the traditional bank robbers in the United States, however, 22% of the robbers were get caught. In the same year, hundreds of thousands of cybercrimes were carried out making banks lose $1.1 billion through the internet and almost all the criminals never get caught. Even if they get caught, many cyber criminals get much less jail term. In 2010, FBI was able to prepare 1,420 cyber-criminal cases out of 303,809 complaints. However, only six of the criminals in the case had been convicted. The results show one jailed term out of every 50,635 victims.

Topic 4: Critical Infrastructure

The small dish satellite systems are part of the SCADA that is being vulnerable to cyber-attack. In the United States, the VSAT is increasingly being used to provide the internet access to many users, which is being used to transmit sales credit card information online. While more than 2.9 million VSAT are installed globally, however, two third of these VSAT are in the United States. Thus, over 10,000 of these devices are opened to cyber-attacks. In short, SCADA is exposed to a serious attack, and currently being used for cyber terrorism. Thus, the governments, private organizations and non-government organization should collaborate to protect the SCADA infrastructures. However, governments are likely to shoulder the higher responsibility of protecting the SCADA because many criminals are targeting SCADA to perpetuate…