This article is written by Shambhavi Tripathi, a 3rd-year student of LL.B. in Panjab University, Chandigarh. The article deals with the relation and differences between cyber crime and cyber security, elements of cyber security and different categories of cyber crimes.
Cyber crimes are increasingly becoming social engineering, where cyber criminals invest resources and time to gain knowledge about technical and scientific aspects of cyber security and because of that the term “cybercrime” is often confused with the term “cyber security”. Even though the two are extremely different and belong to different areas of expertise, yet they are interrelated with each other. The two are discussed below.
Relation between Cyber Crime and Cyber Security
Cyber crime is a crime that involves the use of computer devices and the Internet. It can be committed against an individual, a group of people, government and private organizations. Usually it is intended to harm someone’s reputation, cause physical or mental harm or to benefit from it, for example, monetary benefits, spreading hate and terror etc. As happened in 1998, a group of Tamil guerrillas, known as Tamil Tigers, sent over 800 e-mails to Sri Lankan embassies. The mails read “We are the Internet Black Tigers and we’re doing this to disrupt your communications.” Intelligence authorities identified it as the first known attack by terrorists against a country’s computer systems.
The main principle of cyber crime law is punishing unauthorized access or illegal use of computer systems and the internet with criminal intentions, so that damage and alteration of systems and data on it can be prevented. However, the largest threat of cybercrime is on the financial security of an individual as well as the government.
Cyber security is a technique to protect computers, networks, programs, personal data, etc., from unauthorized access and threats. It is an activity by which information and other communication systems are protected and defended against the unauthorized use or modification or exploitation of the device. Cyber security is also called information technology security. It includes the techniques of protecting computers, networks, programs and data from unauthorized access or attacks that can cause damage to them or exploit them in any way. Basically cyber security is a technical approach to secure systems from such attacks.
Good cyber security recognizes all the vulnerabilities and threats a computer system or network contains. It then identifies the cause of such vulnerabilities and fixes those vulnerabilities and threats and secures the system. Strong cyber security programs are based on a combination of technological and human elements.
Differences between Cyber Security and Cyber Crime
There are certain aspects on which cyber crime and cyber security can be differentiated upon, they are:
- Types of crimes: In cyber security, the kinds of crimes are where a computer software or hardware or computer network, is the main target (ransomware, viruses, worms, distributed denial of service attacks etc).
In Cyber crimes, the crimes are where an individual or a group of individuals and their data is the main target. Governments and organizations can also be the targets of cyber crimes (cyber bullying, hate speech, child pornography trafficking, trolling).
- Victims: Victims in these two fields are also different. In cyber security, victims are governments and corporations whereas, in cyber crimes, the range of victims is rather broad as victims can extend from individuals, families, organizations, governments and corporations.
- Area of Study: Both these fields are studied in different areas. Cyber security is dealt with under Computer science, computer engineering, and information technology. Coding, networking and engineering strategies are used for making networks more secure.
On the other hand, cyber crimes are dealt with under Criminology, psychology, sociology. Basically, it is the theoretical understanding of how and why crime is committed and how it can be prevented.
Various elements of cyber security
For a strong cyber security system certain elements are needed. The elements are as following:
- Application security: Applications play an essential role in business ventures; that is why every firm needs to focus on web application security. Web application security is important in order to protect customers, their information and interests. Application security helps in thwarting any attempts to violate the authorization limits set by the security policies of the computer system or networks.
- Information security: Information includes business records, personal data, customer’s data, intellectual property etc; hence, it is important for a corporation to have strong cyber security for information to prevent its leakage.
Information security involves safeguarding sensitive information from illegitimate access, usage, or any other kind of damage. This also ensures that the important data does not get lost when any issue like natural disasters, malfunction of system, theft or other potentially damaging situation arises. The characteristics defining information security are confidentiality, integrity and availability. Information security also includes Data Confidentiality, Data integrity, Data availability, and Data authenticity.
Network Security: Network security consists of protecting the usability and reliability of network and data. A network penetration test is conducted to assess the vulnerabilities in a system and network.
It refers to broad range security policies for thwarting and monitoring unauthorized access, misuse, damage to a computer system and other network systems. Network security extends coverage to diverse computer networks, surrounding private and public communication systems among corporations and organizations.
- Disaster Recovery/ Business continuity planning: Business continuity planning (BCP), also known as disaster recovery, is about being prepared for any kind of interference or cyber threat by identifying threats to the systems on time and analyzing how it may affect the operations and methods to counter that threat.
- Operational security (OPSEC): Operations security is used to protect organization functions. It identifies important information and assets to track down threats and vulnerabilities that exist in the functional method.
- End-user education: It is important for an organization to train their employees about cyber security because human error is one of the major causes of data breaches. Every employee should be aware of the common cyber threats and should have the knowledge to deal with them.
Training will allow management to accustom themselves with system users and threats to it and user training will help in eliminating resistance to change and advancements and lead to user scrutiny on a closer level.
Leadership commitment: It is important to have leadership commitment in organization and corporations in order to have a strong cyber security program. Without having the leadership in the team it is complicated to develop, implement and maintain the cyber security processes.
Different Categories of Cyber Crimes
The cyber crimes may be broadly classified into four groups. They are:
Crime against the Individuals
Crimes against the individual refers to those criminal offences which are committed against the will of an individual to cause certain harm to them like physical or mental harm. For example assault, harassment, kidnapping, and stalking etc. but in cyber crimes the nature of crimes against individual changes a little bit and takes the form of cyber stalking, pornography, cyber bulling, child abuse, fraud, cyber threats etc. Such as cyber defamation is committed to cause harm to the reputation of an individual in the eyes of other individuals through the cyberspace. A few cyber crimes against individuals are:
- Harassment via electronic mails.
- Dissemination of obscene material.
- Indecent exposure.
- Unauthorized control/access over computer system.
- Email spoofing.
Crime against Property
The second category of cyber crime is that of cyber crimes against property. With the growth of international trade, businesses and consumers are increasingly using computer and the internet to create, transmit and store information in the electronic from instead of traditional form. This has ultimately lead to certain cyber offences which affect a person’s property. These types of cyber crimes include cyber vandalism to steal information of other organizations or to steal someone’s bank details, use software to gain access to an organization’s website etc. This is similar to instances of a criminal illegally possessing an individual’s bank or credit card details. In cyber crime, the hacker steals a person’s bank details to gain access to funds, make purchases online or run phishing scams to get people to give away their information. They could also use any kind of malicious software to gain access to a web page with confidential information. These types of crimes include vandalism of computers, intellectual property crimes (Copyright, patented, trademark etc), online threatening etc. Cyber crimes against property include:
- Computer vandalism.
- Transmitting virus.
- Unauthorized access / control over computer system.
- Internet thefts.
- Intellectual Property crimes:
- Software piracy.
- Copyright infringement.
- Trademark infringement.
Crime against Governments or Organizations
There are certain cyber crimes committed to threaten the international governments or organizations. These cyber crimes are mainly committed for the purpose of spreading terror among people of a particular country. The instigators or perpetrators of such crimes can be governments of enemy nations, terrorist groups or belligerents etc. Cyber crimes against Government include cyber attack on the government website, military website or cyber terrorism etc. In these kinds of cyber crime, cyber criminals hack governments or organization’s websites, government firm, and military websites and then circulate propaganda or threats or rumors. These cyber crimes are known as cybercrimes against Governments or Organizations. Following are the few examples of crime against Governments or Organizations:
- Unauthorized access / control over computer system.
- Cyber terrorism against the government or organization.
- Possession of unauthorized information.
- Distribution of Pirate software.
Crime against Society
Those cyber crimes which affect the society at large are known as cyber crimes against society. These unlawful acts are committed with the intention of causing harm or such alterations to the cyberspace which will automatically affect the large number of people of society. The main target of these types of crimes is public at large and societal interests. The cyber crimes against society include the following types of crimes:
- Child pornography.
- Indecent exposure of polluting the youth financial crimes.
- Sale of illegal articles.
- Online gambling.
- Web jacking.
In conclusion, cyber security can be considered as a set of guidelines and actions intended and needed to prevent cybercrime but cyber security is not only limited to that. The two types of problems differ considerably in terms of what happens and who the victims are, as well as the academic areas that study them. Therefore, the two, cyber security and cyber crimes, must be considered as separate issues, with different safeguards designed to address the different privacy and security issues of each.
All sorts of data whether it is personal, governmental, or corporate need high security. Some of the data, which belongs to the government defense system, scientific research and developments, banks, defense research and development organization, etc. are highly confidential and even small amount of negligence to these data may cause great damage to the whole nation or society at large, therefore, such data need security at a very high level.
Hence, cyber security is all about protecting government, organizations and corporate networks, intending to make it difficult for hackers to find weaknesses and exploit them or threaten them. Cybercrime, on the other hand, tends to focus more on individuals and families online. It is highly needed that the top leaders of an organization or government should invest in the cyber security measures to make it strong and impenetrable.
- Cyber Crime and Cyber Security; tutorialspoint; Date of Access: 30.10.2019 <https://www.tutorialspoint.com/fundamentals_of_science_and_technology/cyber_crime_and_cyber_security.htm>
- The difference between cyber security and cybercrime, and why it matters by Roderick S. Graham; The Conversation; Dated: 19.10.2017; Date of Access: 30.10.2019 < https://theconversation.com/the-difference-between-cybersecurity-and-cybercrime-and-why-it-matters-85654>
- Understanding the Difference between Cyber Security and Cyber Crime; Privacy International; Date of Access: 30.10.2019 <https://privacyinternational.org/explainer-graphic/2273/understanding-difference-between-cyber-security-and-cyber-crime>
- Elements of cyber security by Robert Roohparvar; InfoGuard Cyber Security; Dated: 02.03.2019; Date of Access: 30.10.2019 < http://www.infoguardsecurity.com/elements-of-cybersecurity/>
- Elements of Cyber Security; Cross Domain Solutions; Date of Access: 30.10.2019 < http://www.crossdomainsolutions.com/cyber-security/elements/>
- Chapter III: Meaning, Concept and Classification of Cyber Crime; Shodhganga; <https://shodhganga.inflibnet.ac.in/bitstream/10603/188293/11/11_cha%5bpter%203.pdf>
- Types of cyber crime; Panda Security; Dated: 20.08.2018; Date of Access: 30.10.2019 < https://www.pandasecurity.com/mediacenter/panda-security/types-of-cybercrime/>
- Cyber Crime Vs Cyber Security: What Will You Choose?; Europol; Date of Access: 30.10.2019 <https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/cyber-crime-vs-cyber-security-what-will-you-choose>
Students of Lawsikho courses regularly produce writing assignments and work on practical exercises as a part of their coursework and develop themselves in real-life practical skill.