The Need for Cyber Resilience at the Board Level
The internet’s extreme scattered system gives a level of transformation of worldwide connection and means of conversing, and at the same time ensures anonymity; a vital feature to the attainment of illegal actions. Cybercrime has developed quickly besides the growth of internet connectivity while e-business fastened the development of non-detectable web illegal markets like the Silk path internet drug sell (Bebchuk, Cohen& Ferrell 2008).The fast growth of cybercrime shows an assertion that an offence goes hand in hand with opportunity” (Adams, Hermalin& Weisbach 2010). While the connectivity range goes beyond the Things of the internet (IoT)—an electrical net of devices and its host systems—to every part of the Internet of, so will cybercrime. A large number of ‘soft-ware cum crime-ware’ tinkerers give out an extensive scope with dubious details, which often combine deceiving social production, keeping of stealing sites, and identity thievery with organizational effectiveness (Bhagat& Bolton 2008), targeting the day to day internet consumers.
The Centre of Cyber Security in Australia in its 2015 Threat Report (Gilson& Milhaupt 2009) highlighted that materialization of cybercrime as a utility, introduced novel commercial styles to cyber offenders, and therefore contributing to their growth and advancement. The Federal BI Cyber offences Division prosecutor Gavin Corn (Erkens, Hung& Matos 2012) noticed developed internet corporation among the criminals: previously cyber as an offence was not a component of organized crime but currently it’s a definite example, e.g. a quick look at protected and unidentified automation like re-routing structures failing to disclose the locality of internet interconnections and servers permitting unknown transaction structures such as bitcoin, (Ferrar 2008).
Further, by 2015 November, the Australian population of around 21 million was internet consumers while 14 million Facebook consumers which amounts to 93% and 73 % respectively
(Christensen, Kent& Stewart 2010) The IoT, coming up with additional businesses making use of the social media, will increased the extent covered by cybercrime threat vectors, as novel vulnerabilities in social network utilities come up.
In addition, in 2015 the Online Cyber offence Reporting Network in Australia documented around forty thousand cybercrime events (Harford, Mansi& Maxwell 2012).Also, the Commander of Australian Federal Police (AFP) David McLean accounted that, within a month more than 3,500 individuals had reached police about existing cyber-crimes. He also said that cyber threats were basically categorized as state-financed or criminally-influenced (Kahan& Rock2009). Such occurrences seem to be escalating. Scams and fraud are the most kind of cybercrime events reported to police and around 2 in 5 targeted persons are between ages 20 to 40. In addition, Social Network Sites (SNS) are a vital determinant for cyber misconducts (Habib & Azim 2008). Yearly occurring losses are approximated to be around 1 billion AUD mainly from fraud of credit cards & scams most of which come from online. Details’ coming from ABS regarding individual dishonesty survey confirms such tendencies, with over a million Australians reported as being causalities of individual fraud while about 1.3m being causalities of identified theft. Regarding this, not less than half of Australian populace of 15 years and above is vulnerable to not less than a scam, while 4% of it are exploited, either because of providing private details, monetary, or both, (Kahan& Rock2009).
Current Status of Cyber Resilience
On the other hand, the coming up of particular and well calculated types of crimes on computer like ransom-ware as well as sextortion might cause distress on victims. Ransom-ware is a known type of cyber offence done by the organized criminals. As a technique it uses malware that secretly installs on targeted persons, computers, protects their critical personal information, and thereafter claims to assist resolve the issue if payment of a restoration or decryption utility fee. Frequent victims include: medical clinic patient information, trade secrets like plans of egineers, and coming up commercial customer lists, (Kraakman& Hansmann 2017). Criminals frequently employ non-detectable crypto-currencies like bitcoin to move funds. Sextortion includes threats to disclose shameful and sexual clear images of the targets unless money is moved to a foreign account.
The fastening of the communication among cyber offences and cyber-war-kind of activities has contributed to increased cyber offences and cyber-security as the major pillars of state safety in the technological error. The Australian cyber-security policy in 2016 insisted on the need to increase training in cyber-defense and safety, guarding of infrastructure, and working together with personal business. (Kraakman& Hansmann 2017). Cyber misconducts also relate with surveillance cyber-warfare and cyber-terrorism, extremely interrupting countries and corporations. Also, the unclear boundaries in regards to crime and aggressive extremism by countries and non-state actors is a major element towards the contribution of enhanced complicated malware which might be spread into any unknown site and intensify malware employed by offenders to infringe and escape detection. Also, cyber wrongs has extremely interfered with industrial management & information acquiring (SCADA) systems, (Kraakman& Hansmann2017). These malware is made to control the computers, put in spyware, and interrupt significant infrastructure mostly employed in world war which include: counter espionage. For example, they were used by the army of the Chinese which financed trespass and taking away of very important files belonging to the US defense contractors (Kraakman& Hansmann2017). Also they include utility interruption called a Distributed Denial of Service (DDOS) on under attack internet sites. DDOS over a country took place in Estonia where internet conversing methods were made futile due to the overflow of email and other traffic that actually came from Russia. Aiming at oil and Energy Corporation, the virus Shamoon indiscriminately damaged information on the computers at Saudi Arabia’s nation-owned oil corporation and interfered with commercial activities for couple of weeks (Kent& Stewart 2008).
Cybercrimes comes in many different forms, in which there isn’t any particular means of classifying them. Indeed, an exclusive type may involve a couple of different misconducts cutting across a multitude of classes of crime which calls for the need to make a difference between crimes in which a technological device is a tool used to carry out the wrong and those in which it’s the main target of the crime (Kent&Stewart 2008).
Best Practices for Integrating Cyber Resilience Protocols
Also, legal instruments have made use of these primary differences with the various forms of cyber-activity that have been criminalized. They are frequently used in combination with dishonesty, deceitfulness, and pilfering offences as shown by the Commonwealth Criminal Code Act of1995 & more or less reiterated by other states (Mallin2011). In regards to the Criminal Code, it contains 3 sections covering the extent of the offences which include: accessing unauthorized information or altering it; unauthorized destruction of electronic medium of communication and making use of a carriage service to threaten, pester, or result in misconduct.
likewise, the 1986 US Computer Fraud and Abuse Act illegalizes the act of deliberately making the diffusion of a program, data, code, or order and therefore purposely causing injury to a secured computer, with intention, carelessly make way to a safeguarded computer with no permission and thereby bring about harm or loss. It also illegalizes the act of knowingly selling, buying, or trading security codes or other material documentation used to log into a computer with the intention of defrauding the targeted persons. The CFAA being a federal statute, it’s applicable to computers concerned with interstate or foreign commerce or those under the federal government. Most states as per now have made it illegal to access computers and to spread malware, while others have barred its making and distribution. (Psaros 2008).
Organizations that particularly fight malware today have turned to regular venues and run as
Computer Crisis Response companies or Computer Safety occurrence Response
Bodies make efforts in organizing state response to vulnerable and widely-spread computer strikes, and make available details on latest attacks on companies, government, and higher learning institutions.
Even if there isn’t a conclusive description of what makes up cyber offences or computer-related crimes an agreement has been reached of what comprises of an offences taking place within cyberspace (Mallin2011). These includes: telecommunications stealing; piracy; copyright theft; cyber-stalking, cyber-bullying and harassment; electronic laundering of money and evasion of tax.
On the other hand, cyber security, is the safeguarding of the computer systems against all forms of cyber crime that have been highlighted above which need working together with different organizations and governments worldwide to ensure its effective countering due to its global nature.
The company is a top wide spread real estate group with a focus on their investment goal. It appeared among the best on the Australian Stock Exchange top 200 list (ASX 200) which is normally ranked by the market capitalization exchange traded funds (EFTS). Therefore, being such a big company it needs to develop one of the best cyber security policies that can effectively meet the underlying changes in cyber-crime activities by incorporating the suggested recommendations which comprise the best way to come up with a cyber security measure/policy, (Stout& Blair2017).
Key Recommendations for the Company
It refers to the capability of a corporation to be able to continue providing its goods or services despite the unfavorable cyber occurrences. It’s a developing perception that is quickly gaining recognition in most states and companies. It basically entails different areas such as data safety, continuity of entities commercial activities and coming back/ resilience. Any company with any of the following needs to have or come up with a cyber resilience policy; information communication systems, business procedures, infrastructure that is critical in any way just to mention a few.
Therefore, in this instance Abacus company has to come up with a protocol in regards to cyber flexibility which will play a big role in protecting it against negative cyber strikes that can interfere with its operating system. The aim of doing so is to enable abacus to continue running its activities despite an attack or be able to easily recover its information or other modes of delivery that are important in its operation. In coming up with the protocol, it should put the following in mind: develop a flexible way of response i.e. one that can work under any conditions without failure; a monitoring mode which can be able to easily sense danger and give notice; a non predictable mode which can make changes from time to time to avoid cyber attacks.
Therefore, the conclusion regarding resilience is that, a company should be able to come up with a resilient mode of work operation that can enable it effectively respond to cyber attacks by protecting the company’s critical components to ensure its continuance operation regardless of the attacks.
Kaspersky Lab is among those rapidly coming up Information Technology security seller in the worldwide. The corporation was developed in 1997 and has risen up to a universal level working group in about 200 states and territories. It comprises of thirty three agent terrain places of work in thirty states on 5 continents. Its commercial customer base comprises of not less than 250,000 businesses situated in the world, starting from upcoming and moderate companies all the way to big governmental and business entities, (Stout& Blair2017). Considering its large capacity of clients it stands as one of the companies with good cyber policies able to counter cybercrime and therefore attract many clients.
With the propagation of internet-supported machines, cyber tradition is rising faster than cyber safety and therefore, anything relying on cyberspace is possibly in danger. Confidential information, intellectual property, cyber materials, and military state security can be interfered with by intentional strikes, inadvertent security lapses, and the dangers of a moderately less developed, not regulated worldwide Internet, (Tricker& Tricker2015). Cooperating with individual entity customers, it assists corporations to come up with and put in place an interconnected cyber way to connect the power of data networks, improve business activities, boost task concert and also boost client help without interfering with safety or confidentiality. Deloitte being able to offer such services shows how much of a success it has achieved in terms of cyber security.
Challenges and Potential Risks
Flexibility is basically impacting on how commercial activities done. Just enabling devices is an inadequate measure and therefore, to stay up to date one must organize his group, produce, apps & data. It provides the best universal secure, ample itinerant way to look into the novel indispensable, with help for technological tools comprising iOS, Android, Windows10, Mac OS X and BlackBerry 10, (Tricker& Tricker2015). Its policy is the most trusted by corporations and government of states worldwide to safely control apps and documents, assemble commercial procedures, give a safe voice and messaging, and also enable group communications. With it being able to provide such services, it’s a clear example of how successful it is in terms of cyber security.
Since cyber crime is a global problem requiring a global solution, the Abacus property group company in enacting its cyber security policy it will have to put the following into consideration for it to come up with an effective policy to ensure enhancement of its corporate activities and continue surviving against such a great threat. The recommendations include:
Formulating its policies in line with those of the resolutions of the Supreme Council of National Defense no 16/2013 and the G.D 271/2013 authorized by cyber security strategy through the National Cyber Security System (NCSS), (Walker 2009).
Incorporating the security policy approaches initiated by the European Union and NATO
Coming up with a Risk-Based Approach which provides specific measures to be used against particular risks faced by the company, (Young et al 2008).
Ensuring the company maintenance an innovative team and technological devices that can be able to effectively respond to ever developing cyber-crime attacks
Being part of the global policy measures which recognizes that cybercrime borderless wrong due to its connection with the internet.
Ensuring its employees and clients are educated about the cybercrime and how to help in preventing such attacks.
Working together with companies such as Blackberry and Deloitte that are considered to have and provide effective internet security measures.
Conclusion
Due to the borderless nature of the internet, cyber-crime has become a major threat to most states, public and private entities as well as individuals. This therefore calls all these organizations and individuals to work together in an effort to come up with better cyber security policies in an effort to counter it. Also, since cybercrime knows no border, private companies, more so international ones such as Abacus should not shy away from incorporating some of the laws adopted by unions such as the European Union or NATO in their policies as they prove to be effective. In doing so the companies will be able to come up with a policy that is flexible with the ever changing innovations in the internet world and therefore maintain its position in the top list of ASX 200 and realize increase in providence of services.
References
Adams, R.B., Hermalin, B.E. and Weisbach, M.S., 2010. The role of boards of directors in corporate governance: A conceptual framework and survey. Journal of economic literature, 48(1), pp.58-107.
Bebchuk, L., Cohen, A. and Ferrell, A., 2008. What matters in corporate governance?. The Review of financial studies, 22(2), pp.783-827.
Bhagat, S. and Bolton, B., 2008. Corporate governance and firm performance. Journal of corporate finance, 14(3), pp.257-273.
Christensen, J., Kent, P. and Stewart, J., 2010. Corporate governance and company performance in Australia. Australian Accounting Review, 20(4), pp.372-386.
Erkens, D.H., Hung, M. and Matos, P., 2012. Corporate governance in the 2007–2008 financial crisis: Evidence from financial institutions worldwide. Journal of Corporate Finance, 18(2), pp.389-411.
Farrar, J., 2008. Corporate governance: theories, principles and practice. Oxford University Press.
Gilson, R.J. and Milhaupt, C.J., 2009. Sovereign wealth funds and corporate governance: A minimalist response to the new mercantilism. In Corporate Governance (Vol. 463, No. 487, pp. 463-487).
Harford, J., Mansi, S.A. and Maxwell, W.F., 2012. Corporate governance and firm cash holdings in the US. In Corporate governance (pp. 107-138). Springer, Berlin, Heidelberg.
Habib, A. and Azim, I., 2008. Corporate governance and the value-relevance of accounting information: Evidence from Australia. Accounting Research Journal, 21(2), pp.167-194.
ROUTLEDGE in association with GSE Research.
Kahan, M. and Rock, E.B., 2009. Hedge funds in corporate governance and corporate control (Vol. 389, No. 461, pp. 389-461). ROUTLEDGE in association with GSE Research.
Kraakman, R. and Hansmann, H., 2017. The end of history for corporate law. In Corporate Governance (pp. 49-78). Gower.
Kent, P. and Stewart, J., 2008. Corporate governance and disclosures on the transition to international financial reporting standards. Accounting & Finance, 48(4), pp.649-671.
Mallin, C.A. ed., 2011. Handbook on international corporate governance: country analyses. Edward Elgar Publishing.
Psaros, J., 2008. Australian corporate governance: A review and analysis of key issues. Pearson Higher Education AU.
Stout, L.A. and Blair, M.M., 2017. A team production theory of corporate law. In Corporate Governance (pp. 169-250). Gower.
Tricker, R.B. and Tricker, R.I., 2015. Corporate governance: Principles, policies, and practices. Oxford University Press, USA.
Walker, D., 2009. A review of corporate governance in UK banks and other financial industry entities.
Young, M.N., Peng, M.W., Ahlstrom, D., Bruton, G.D. and Jiang, Y., 2008. Corporate governance in emerging economies: A review of the principal–principal perspective. Journal of management studies, 45(1), pp.196-220.