Gebm os presentation final

E-Business & Online Security:

A Technical Concern Or A Strategic Priority

Monroe Myers

Sunny Joshi

Global E-Business Marketing (200232) Online Seminar



Definitions

Literature Review & Findings

Specific Topic Related Examples

Discussion & Recommendations

Video

Futuristic Scenario

Questions & Answers



Agenda

Definitions

Online security Threat

“A threat that creates a circumstance, condition, or event with the potential to cause economic hardship to data or network resources in the form of destruction, disclosures, modification of data, denial of service, and/or fraud, waste and abuse”(Kalakota and Whinston, 1997).

Information security

“The technical guarantees that ensure that the legal requirements and good practices with regard to privacy will be effectively met”(Flavian and Guinaliu, 2006).



Definitions

Information warfare

“The actions intended to protect, exploit, corrupt, deny, or destroy information or information resources in order to achieve a significant advantage, objective, or victory over an adversary” (Alger, 1996).

Internet Security Risk (ISR)

“The degree of uncertainty and mistrust aroused from thoughts about providing personal and financial information over the internet” (Lynn et al., 2011).



DefinitionsTrust

“The willingness to rely on another based on expectations of ability, benevolence, and integrity”(Lee and Turban, 2001; Bhattacherjee, 2002).

“The willingness of a trustor to be vulnerable to actions of a trustee due to an expectation the trustor will behave responsibly” (Mayer et al., 1995).

Privacy

“The degree to which the online shopping web site is safe and protects the customers’ information” (Chiu et al., 2009).




In general, the need for trust is created in instances involving vulnerability and uncertainty (Bhattacherjee, 2002; Koufaris and Hampton-Sosa, 2004).

Under online conditions, the need for trust is significantly enhanced.(Bart et al., 2005; Grabner-Krauter and Kaluscha, 2008).

Lack of consumer trust is considered a major factor in impeding e-commerce (Casalo´, Flavia´n and Guinalı´u, 2007).




As new technologies enhance the complexity of information and its capacity to be processed, privacy is increasingly becoming an important issue, therefore, consumer distrust about gathering and processing personal information is on the rise (Flavia´n and Guinalı´u, 2006).




Consumers do hesitate when shopping online whenever they feel that their financial information is likely to be compromised(Collier and Bienstock, 2006).

Consumers’ perceptions of privacy carry a positively significant effect on trusting online vendors (Chiu et al., 2009).




One of the most striking features of the fight for online 'supremacy' is connected with the fact that novel approaches to undermining personal and financial information follow in the steps of state-sponsored cyber-warfare practices.

(Cronin, 2002; Hutchinson, 2002)



Literature Review & FindingsAround the world, many nations spend large sums on information warfare programs. Those include Russia, China, India, Taiwan, Israel, France, Brazil and Iran (Adams, 2001).

China, for instance, has committed itself to improving information warfare capabilities (Rhem, 2005).

Therefore, special attention needs to be paid to security concerns when considering outsourcing IT functions to foreign-country organisations, for example (Pruitt, 2004).




Internet-based, low cost cyber-threats target civilian information assets and threaten the economic stability of modern societies (Bush, 2003).

Information warfare may become commonplace in four spheres: military, economic, social and personal(Cronin and Crawford, 1999)




Criminal activity is rapidly expanding into an underground economy specialising in identity theft, phishing and spam (Verton, 2004) as technical barriers to gaining access to valuable resources fall (Kenneth, Knapp and Boulton, 2006).




Cyber-technology is increasingly used in corporate espionage (Hansell, 2004).

The rise of trusted malware exemplifies the harnessing of the very tools, designed by security firms for enhancing protection, for gaining unfettered access to valuable information and serve to infiltrate networks.

53,834 pieces of signed malware were detected in the first 5 months of 2011, a 300% increase on the previous year (AVG, 2011).




Recently, stolen digital certificates made headlines with the Stuxnet 'worm' and the RSA hack of Lockheed Martin network breach (AVG, 2011).

Spyware and adware can take the form of legitimate applications with illegal intentions (Stafford and Urbaczewski, 2004).



Around 7,000 spyware programs reportedly existed five years ago and are responsible for 50% of all PC crashes (Sipior, Ward and Roselli, 2005).

91 percent of home computers host spyware code (Richmond, 2004).

Identity theft is another type of 'cyber-terrorism against individuals' (Sterling, 2004).





As a result of the growing risk, demand for certifiably skilled cyber-security specialists is growing as organisations move to protect an increasingly valuable asset, information.

In conjunction with senior management, qualified personnel facilitate programmes in security education, risk assessment and cultural change towards a better understanding of data security (Dutta and McCrohan, 2002).



Literature Review & FindingsLately, cyber-criminals are turning their attention to Mac users as the Mac OS platform expands its market share (AVG, 2011).

Cyber-crime has ventured into the mobile platforms as they increase their online presence with even greater promises of personal data to compromise.

The rise of rogue smart-phone apps such as those relating to Google's Android Market and others is another worrying trend in the battle for online security (PC World, 2011).



Literature Review & FindingsMost of the victims of cyber-attacks choose not to inform the outside world about such breaches. In 2005, only 20% of intrusions were reported to law enforcement agencies in the US, primarily because of concerns with negative publicity (Gordon et al., 2005).

Despite the escalation in the veracity of information technology threats, business managers often lack an adequate understanding of the risks, or are reluctant to take decisive action for providing appropriate levels of information security (Austin and Darby, 2003).



Literature Review & FindingsTop management support was ranked as the most critical information security issue facing organisations by 874 Certified Information System Security Professionals (CISSPs) (Kenneth, Knapp and Boulton, 2006).

As a result of the recent wave of cyber-attacks and flowing from the perceived effects of potential liability, including leaks of corporate communications, negotiation contracts and other sensitive information influencing a firm's competitive-advantage in its industry and markets, demand for cyber-insurance is growing fast (Kolodzinski, 2002; Keating, 2003).



Specific Topic Related Examples McAfee, through its five-year long “Operation Shady RAT”, identified 72 government and corporate parties that have been silently compromised, in some instances over years without being detected (Alperovitch, 2011). The list includes:

International Olympic Committee (IOC),The United Nations,ASEAN,South Korean steel and construction companies,A US real estate firm,Four US defense contractors,US federal, state and county government agencies, and, ironically, A computer network security company



Discussion &Recommendations

Given current and projected growth of information technology, its use in e-commerce and the magnitude, spread and affordability of launching cyber-threats in their many forms, contemporary levels of complacency afforded by business organisations, individuals and governments are largely and alarmingly inadequate.



Discussion &Recommendations

As the stakes go higher for all concerned with maintaining a relatively safe and secure online environment, the lack of concerted action by those implicated is likely to prove detrimental to future prospects of growth for e-business should current attitudes to the seriousness of the matter continue to go under-checked.



Discussion &RecommendationsTherefore, it is strongly recommended for all stakeholders to adopt appropriate cyber-strategies for effective information security management.

A multi-layered approach to protecting online communications and data from prying eyes is needed in order to boost confidence in online services.

Under the proposed scheme, governments, business organisations and individuals alike will need to collaborate in creating and maintaining an array of defense barriers in order to minimise chances for over-exposure to the rapidly sophisticated intrusions of the online world.



Discussion &RecommendationsFor an effective strategy against the invisible threat, elements of technology, law and societal awareness are advised to be incorporated in management's strategy.

Bush (2003), for instance, divided the complex cyber-challenge into five levels as part of the National Strategy to Secure Cyberspace. These levels are: home users and small businesses, large enterprises, critical infrastructure sectors, national vulnerabilities, and the global information grid of networked systems.



Discussion &RecommendationsIssues of regulation of the Internet on an international basis might need to be further clarified and the responsibilities of those bodies charged with looking into the global dimension of the threat reassessed in light of recent developments.

Corporations are recommended to collaborate with governments in designing appropriate mechanisms for dealing with the problem and reaching binding agreements with regard to their rights and obligations in the process.

Individuals carry the ultimate responsibility for using the expanding medium while raising awareness of the dangers of venturing unprepared into the 'World Wild Web'.



Discussion &RecommendationsAs superior cyber-attack technologies trickle down from state-sponsored labs to the increasingly sophisticated, financially-motivated cyber-criminals of late, businesses of all sizes are faced with the challenging task of managing the risks involved.

As the cost of acquiring and effectively deploying the right tools for combating intrusive online behaviour rises, smaller enterprise is likely to attract greater attention by those on the wrong side of the law due to heightened levels of vulnerability.

Therefore, it is of significance to help SMEs become better acquainted with their increasingly important role in securing B2B and B2C networks and data streams in an effort to foster a safer online environments.



Discussion &RecommendationsThe rising trends of cloud computing and social networking, although promising in terms of attracting a larger audience and enhancing the efficiency of communications, are likely to increase the risks associated with cyber-attacks as the pool of stored data is significantly increased.

Therefore, top management is advised to reconsider the risk/benefit scenarios of their online endeavours and adjust plans accordingly as restoring lost consumer trust, as a result of inaction, could prove a much more challenging task than securing corporate and consumers' communications. Think Vodafone Ausralia post-VodaFail campaign!



Discussion &RecommendationsFinally, a proactive approach to guarding sensitive information resources such as data encryption, backup and access authentication procedures are among the practices to enlist in the virtual war unfolding.

E-marketers, in particular, due to their front-line positions need to enhance their security strategies especially those connected with website security design and secured cart and payment solutions in addition to compliance to stringent interface certification practices.



Online security video(Citi Bank)

http://www.youtube.com/watch?v=3S4qmfKNxv8



Futuristic ScenarioIts 22nd of August, 2015. Armageddon has arrived in its electronic form facilitated by lax online security, the irrational exuberance of e-business growth of late, the proliferation of cyber-warfare tools in the hands of financially- motivated criminals in many advanced and emerging nations.

Firms with compromised information infrastructure are faced with a barrage of attacks on a daily basis for which there appears to be no quick remedy.

Skyrocketing demand for cyber-insurance has rendered the costs of moderately- effective detection and elimination code unaffordable to most SMEs.



Futuristic ScenarioConsumers’ electronic confidence is plummeting faster than anyone thought possible. Online shoppers are turning away from the increasingly unsecure environment in favour of the traditional way of buying goods and services.

Social networking and Cloud computing have been identified by some online security firms as the biggest sources of information leaks used in identity theft incidents.

Corporate information databases have been regularly compromised with unspecified sums paid out as a result of victims’ legal actions…

Discuss!



Thank You!

Questions??



Gebm os presentation final

Technology

Transcript of Gebm os presentation final