Who enforces these laws? What are the consequences of breaking these laws? When do these attacks usually occur? How do cyber criminals carry out these attacks?
– 6 – 10 pages (excluding the cover page, references page, charts, and graphics).
– APA Style documentation.
– You are required to use charts and/or graphics to support your report.
—
Laws against Cyber Crimes
The digital economy represents promising opportunities for businesses and entrepreneurs. Also, it enables criminal activity such as internet crime, computer crime, information crimes, and technology and communications crimes. Cybercrimes present global problems that require coordinated and international solutions. Cybercrime laws are set to create penalties for the cybercrimes directed at the data or committed by people using computers or ICT. For example, cybercrimes can occur during credit card payments. High dependence on cyberspace causes cybercrime vulnerabilities. Cybercrime occurs when individuals use commuters as a tool for illegal acts. The first cybercrime was reported in 1820, but the rates have increased due to the enormous growth in e-commerce. A CBS report that released in 2015 stated that there are 4000 cyber-attacks every day. The businesses are targeted at the rate of 170 attacks every hour.
The primary cause of cybercrime is the users because they fail to be careful, thus allowing hackers to access their information quickly. Users that fail to keep security software, log out after every session, and ignore the security and privacy settings while sharing private information put their information in danger of hacking. The cyber law is under the Information technology Act (Jardine, 2015). The Act deals with the rules and provisions of the cyber field. The laws protect electronic commerce that manages the ever-changing dimensions of the crime world. The I.T. Act is used to penalize the cybercrimes and punish or imprison the people involved. Cybercrime law is enacted by the city, the federal and state laws. For example, the Indian government passed the I.T. Act in 2000. The policies were focused on guiding the people who would be vulnerable to cybercrime. The main goal was to enhance data transmission while maintaining safety.
The role of cybercrime law is to outline and enforce acceptable behavior in the communication technology world. The law prevents harm and protects the users in general while they receive services in the infrastructure. People have the right in the technology field, thus enabling investigations and prosecutions when online crimes are committed. Also, the laws facilitate investigations when cyber-crimes are committed between countries. The laws outline the rules of conduct, behaviors, and procedures in the cyberspace. However, some states have resolved t amend their national legislation by adding codes that address cybercrimes. These countries amend their laws instead of developing new laws against cybercrime (Jardine, 2015). The amendments separately criminalize illegal used of data and communication technology to commit a crime. Therefore, if a hacker uses unauthorized access to commit fraud, such behavior will be criminalized separately as two separate crimes.
Cybercrime requires coordinated responses; thus, organizations and businesses should comply with the regulatory requirements from the cyber laws. Becoming aware of cyber laws will impact the market; therefore, entrepreneurs need to attend cybercrime laws webinars and workshops. During cybercrime, the business should be aware of the legal requirement to learn how it applies to them. The organization must be aware of the cybercrime risks in its legal implications. Individuals who have been accused of cybercrime can use legal opinions to defend themselves. Legal opinion enables the accused to understand their chances of being convicted (Jardine, 2015). Also, businesses need to update their I.T. policies to ensure they are in line with the latest cybercrime laws.
Breaking cyber laws has many consequences. Security breaches can cause companies to lose customers and revenue, thus causing them to face lawsuits that tarnish their reputation. Cybersecurity laws require companies to maintain various levels of cybersecurity. Lack of maintaining these levels can cause companies to get fined and get subjected to penalties alongside other consequences. Cybersecurity laws depend on the type of company and the data they work with. Every organization that deals with medical data is under the Health Insurance and Accountability Act (HIPAA).Private financial information is protected by the Gramm Leach Bliley Act (GLBA). The laws outline how this information can be collected, stored, accessed, or shared. The information from tech companies is under the Cybersecurity Information Sharing Act (CISA). This law protects the shard data to identify and respond to threats. The government information is protected by the Homeland security and management Act (FISMA). The federal, health and information technology are private information that requires high-end security (Pinguelo and Muller, 2011).
Research shows that some states like California require notifications in case of a breach in an organization. The organization is not required to maintain specific cybersecurity regulations. However, there will be consequences if the protection approach is inadequate. States like New York only applies the security laws to financial businesses. The laws require businesses to provide annual certificates that represent their baseline approach to cybersecurity. According to (Pinguelo and Muller, 2011), only a few states have adequate laws in place ’therefore, businesses should not assume full complacency to these laws.
Security breaches caused by hackers can affect online businesses and invade political data. Hackers have invaded many retail companies and political data, thus changing lives. The varying degree of hacking has caused prevalence in society; therefore, it imperative for organizations to apply cybersecurity laws. There are penalties such as fines and fees relative to the nature of the attack. The impact of the breach depends on the amount of data that has been hacked and exposed. The penalties are expensive, and they cause disruptions in the daily operations of a business. Violating the HIPAA laws causes a fine that ranges from $50 to $50,000 per record. The penalties are based on the amount of medical records reported. The penalties can be charged yearly. However, organizations may receive a maximum fine for more years of imprisonment. The maximum fine per year is charged at $1.5 million, and the prison time ranges from 1 to 10 years. Violating the GLBA law can cause a penalty of up to $10,000 for each person involved and $100,000 fine for each violation. The individual may be convicted up to 5 years in prison (Pinguelo and Muller, 2011). Other laws with penalties include hacking laws. Hacking occurs when a person breaks into a computer system with malicious intentions. However, ethical hacking is not recognized as a crime because the hacker used legal authorization. The activity is regarded as a crime when a person invades a system without consent or authority. The federal hacking laws include The Computer Fraud Abuse Act (CFAA) that prevents unauthorized access to another network. The law encompasses any computer in the U.S.
Hackers that break the law to obtain national security information can get convicted up to 20 years in prison. Hackers that access a computer to cause fraud and obtain value can get convicted to ten years in prison. Trafficking passwords and extortion crimes involve conviction of up to ten years. Transmitting spam and damaging computer data can get the hacker convicted to five years in prison. Moreover, states have hacking laws as well that prevent computer crime laws. The state laws are specific in their prohibition to computer trespass, unauthorized access, as well as the use of malware and viruses. For instance, almost half of the states in the U.S. have amendments for DDoS attacks (Gupta and Mata, 2016). States like Florida consider this type of offense as a first-degree crime. Also, states like California have laws the criminalize ransomware as a first-degree felony.
Cyber-attacks happen for political or criminal reasons. Some hackers can hack a system for thrill and achievement purposes. Motivation determines why cyber-attacks happen. For instance, politically motivated cyber-attacks are instigated to jeopardize the image of a government to the public. Cyber-attacks towards the government is motivated towards leaking sensitive data that may tarnish the state. For example, in August 2019, Huawei technicians were accused of helping two government officials in African countries to access the encrypted communication of their political rivals (Jardine, 2015). Study shows that cyber-attacks can go further to theoretically create software that can get used to corrupt and destroy crucial infrastructure. Cyber-attacks happen when information is leaked online to cause financial fraud. The data breaches can be carried out on credit card details, customer names, and address and purchase histories. Such data can get used to carrying out identity theft. Study shows that fraudsters collect customer information for stockpile crime. Stockpile crime involves collecting an address from one contact, and credit card number form another to commit identity theft (Lewis and Baker,2013).
Vulnerabilities in a computer system is an opportunity for cyber attackers. Many cyber attackers explore such opportunities by finding the flaws in a code of a website and manipulation them, thus manipulating the authentication process. The most common Act of cyber-attack occurs when a hacker installs malware, thus damaging a system. Attackers can also apply phishing to gain access to a system. For example, in the 2016 U.S. elections, the top officials in the Democratic Party were attacked by phishing attempts that led to the release of 60,000 private emails (Gupta and Mata, 2016). On an individual level, cyber-attacks may have effects on an individual, especially if the attack is a cyber-warfare. The criminal offense can have a broader influence on society’s security.
Cybercrime occurs in three categories; crimes against people, against property, and the government. Crimes against people can affect the lives of people. The attacks can result in cyber harassment, distribution, stalking, and human trafficking: credit card fraud, spoofing, or online related slander activities. Crimes against property can occur on the computer servers. The attacker can hack the system, transmit the virus, and cause DDOS attacks and computer vandalism. Crimes against the government is conducted; it jeopardizes the sovereignty of the nation (Gupta and Mata, 2016). The cybercrime can occur by hacking the systems and accessing confidential information. DDoS attacks are used to crash the system because a system can handle one request at a time. For example, receiving too many phone calls because of DDoS attacks can cause the system to crash eventually. DDoS attacks cause vast amounts of traffic in the system, thus leading the system to crash. When the system crashes, the user can no longer access the services, thus leading to loss of revenue. For example, in 2016, a DDoS attack occurred in October 2016, therefore, causing Reddit, Twitter, and Spotify to crash, thus impacting the individuals involved.
A data breach directly affects individuals when their information gets used to carry out fraudulent activities. Preventing such attacks requires solutions like a two-step authentication process. Users can frequently change their passwords. Changing passwords can prevent hackers from gaining access and causing breaches (Jardine, 2015). Also, users must follow the best practices when sharing information online. Organizations must familiarize themselves with the phishing techniques to update their security systems. Organizations must strengthen the security controls perimeters to prevent intrusion and improve the detection systems. However, perimeter-based security controls are not enough to protect large scale structures. Large scale structures require multi-layer defense systems that can deflect threats as soon as they are detected. An example of a multi-layer defense architecture is the Akamai Cloud Security solutions. The system can detect and deflect threats ate a massive scale (Jardine, 2015).
Data breaches such as hacking is increasingly becoming a common occurrence. Security breaches can affect data in the economic field and the political arena, thus affecting the immediate society. However, cyber laws are enforced to ensure safety in the online world. The laws outline legal protections for people who use the internet for their daily activities. Understanding these laws is imperative to provide adequate protection of data. Also, following the legislation ensures that the cybercrime is dealt with very seriously if damages occur in a business or property (Jardine, 2015). The law presents various punishments depending on the rules. The penalties amendments have reduced the rates of cybercrime because the criminals become aware of the penalties, thus avoiding crimes. However, the penalties vary depending on the country’s or state’s legislation in place.
References
Jardine, E. (2015). Global cyberspace is safer than you think: real trends in cybercrime. Global Commission on Internet Governance Paper Series, (16).
Lewis, J., & Baker, S. (2013). The economic impact of cybercrime and cyber espionage. McAfee.
Gupta, P., & Mata-Toledo, R. A. (2016). CYBERCRIME: IN DISGUISE CRIMES. Journal of Information Systems & Operations Management, 10(1).
Pinguelo, F. M., & Muller, B. W. (2011). Virtual crimes, real damages: a primer on cybercrimes in the united states and efforts to combat cybercriminals. Va. JL & Tech., 16, 116.
