This article has been written by Shoronya Banerjee, from Amity University, Kolkata. This article focussing on cybersecurity talks about how digitalization has facilitated cybercrimes and has also helped in strengthening the cybersecurity system worldwide.
Table of Contents
Introduction
With the progress in science and technology, the world has been introduced to a new digital and virtual world. With technology making life easier and more efficient on one side, it also reveals one’s personal life, works, private information, financial details and so on, to unknown faces on the other side of the screen. While the University of Maryland found that hackers attacked in every 39 seconds, 2,244 times a day, Yahoo reached record-breaking data breaches hitting 500 million accounts. Where Uber in 2016 reported the breach of records of 35 million users worldwide, security intelligence put forth that $3.92 million was the cost of data breaches for 2019.
Technology has made the modes of commercial and personal transactions extremely easy, completely based on interactions and transactions over the internet. Where information technology has facilitated the introduction of the internet, e-banking, business, etc, it has revealed the institutions and people utilizing it to several threats as well. Criminals use technology as a medium and weapon to achieve what they want and carry out their unethical activities. Private and sensitive information is just a click away for every cyber offender. This has highlighted the requirement of cybersecurity. Even though technology brings forth the facets of cybercrimes, it is the technology itself that can protect everyone from such breaches.
Cybercrimes in the wake of 21st century
Technical gadgets and shared network devices are the most important ingredients of cybercrimes. Cybercrimes involve criminals conducting their illegal activities via the internet and support of technology for monetary gains, viruses to be sent on gadgets like phones and laptops to damage and hack them for retrieving personal and sensitive information. It could also involve hacking and acquiring private pictures for blackmailing and receiving money in return and so on. The trend of attacking larger networks has made it easier for criminals to become untraceable. There are several types of cybercrimes some of which include identity theft, forgery, cyber abuse, blackmailing, hacking and so on.
Cyber terrorism out of all of these has attracted a lot of attention from the authorities as well as media. Not only does technology and the internet make it easy for criminals to commit crimes, but it also gives them a great opportunity of escaping without their identities being revealed. This scope of retaining the anonymous identity has simplified the process of forming unique and new groups of terrorists over the internet. Security of the nation, information on industries, famous personalities, experts of fields have all been put to the stake because of cyber terrorism. This mode of crime is also appealing as it is easy to get away with, is economical, hardly needs physical involvement, can help in acquiring sensitive information, and so on. The introduction of the new dimension requires the articulation of stronger laws and also measures to do away with it.
In 2012 and 2016, one of the biggest social networking mediums of all business professionals, LinkedIn, had turned into a major prey for hackers. In 2012, LinkedIn had announced that 6.5 million passwords had been stolen and inserted in a Russian hacker forum. It was 2016 when LinkedIn addressed the complete incidence. It was revealed that the hacker trading MySpace’s data had been found offering email addresses and passwords of almost 165 million LinkedIn users for 5 bitcoins which was around $2,000 in 2016. LinkedIn had accepted the instances of a breach and issued a statement ensuring the safety and security of LinkedIn members’ accounts. It claimed to have taken steps to reset passwords of the affected accounts and strengthen the security further.
Requirement of cybersecurity
In the wake of the 21st century and the plague of cybercrime, cybersecurity also facilitated by digitalization is a great remedy to do away with the crimes. Cybersecurity involves the measures and methods of protecting technical gadgets, networks and data from illegal and unwarranted access or hacking done for exploiting, blackmailing, attacking or abusing someone. It revolves around application, disaster, information and network security. In a world where data is breached and gadgets are hacked every minute, cybersecurity is extremely essential for all the people handling or operating technology for protecting themselves and their work. Cybersecurity enables us to protect our private information, government information system, intellectual property, etc.
Cybersecurity aims to keep the networks withholding and storing personal and business information secure. This makes the network hard to get into, it also acts like an alarm notifying experts about the probable trial of hacking. People have also gotten aware of spam calls tricking everyone into disclosing passwords, login information, bank details and so on over the phone or email. But even after such awareness, people yet get tricked and become victims of cybercrimes. The consequences of this can be serious, leading to identity theft, loss of money, designs and ideas of business or product, and so on. The immense requirement of cybersecurity has also established it as an in-demand industry with several jobs and a great scope.
In the case of A. Shankar v. State, the petitioner, a Special Assistant of Confidential Section in Directorate of Vigilance and Anti-Corruption office, had entered Chennai’s Legal Advisor of Directorate of Vigilance and Anti-Corruption room with the motive of causing damage to the Directorate of Vigilance and Anti-Corruption position and reputation as he had disregarded his appointment to the Secretariat as Assistant Section Officer. The petitioner had illegally accessed the Legal Advisor’s computer and with the help of his pendrive “SUJATHA” he had invaded important files. All these were published in an English newspaper known as the “Deccan Chronicle” and it was also telecasted on the channels “Makkal TV” and “Jaya TV.” The Court had refused to quash the filing of the charge-sheet on the grounds of Section 72 of the Information Technology Act 2000.
Information security
Information security provides for a process preventing illegal access, disclosure, modification, recording, destruction of information, etc. Information can comprise any personal details, a profile on social media, biometrics, plans for the business, etc. Information security has a great scope expanding over Cryptography, Mobile Computing, Forensics, Social Media, etc. It was the Second World War when the formal alignment of the Classification System was formulated. Alan Turing’s decrypted Enigma Machine was used by Germans to encode warfare data. Cyber Security and Information Security is often considered to be corresponding with each other, both work with security and protection. But a major difference could lie between Data and Information because “not every data can be a piece of information.” While cybersecurity safeguards data from outside the resource through the internet, information security prevents unauthorized users from accessing data and information which puts someone’s safety and integrity into danger.
Confidentiality, integrity and availability are considered to be the objectives providing a groundwork for constructing Information Security programs. Confidentiality upholds the importance of preventing unauthorized access over personal information and data. Integrity is extremely important as well because unauthorized access of information and data could also result in modification and deleting of important data without anyone’s knowledge. To have vigilance over such data and information, it is also important that they are available when required.
Recently, a letter petition was sent to the Chief Justice of India concerning a breach of Fundamental Right to Privacy introduced by the use of the application ‘zoom’. The petition highlighted that ‘zoom’ was not a secured platform and therefore, required more safety provisions for the safer experience of private individuals. The letter petition mentioned how in the face of lockdown brought in by the COVID-19 pandemic, video chatting and conferencing has become so important that millions of people gained access to the application ‘zoom.’ The petitioners claimed that the application did not have any end-to-end encryption giving rise to possibilities of cyber threats. The petitioner pointed out the conditions attached to this software which allows the transfer of data outside India and therefore, subject it to “commercial exploitation”. It also suggested that video-conferencing software formed by the National Informatics Centre would be the safest to use for the government and the judiciary. The petition also put forth a plea of making video conferencing and live streaming a part of “critical information infrastructure” with its security regulated according to the Information Technology (National Critical Information Infrastructure Protection Centre and Manner of Performing Functions and Duties) Rules, 2013.
Cryptography
Digitalization has facilitated the development of the science of cryptography. Cryptography is a procedure of altering and addressing classified data and using complicated and intricate mathematics and logic to design encryption methods for encoding such data and only allowing particular individuals to have access over it. The term ‘Cryptography’ has been derived from a greek word where “crypto”, means hidden and “graphy” writing. Cryptanalysis, on the other hand, forms the path for breaching Cryptography. Cryptography upholds the principles of privacy and secretiveness. It involves the process of verification which gets sure about the authentic identity of the sender or operator to avoid any sort of malpractices. The goal of non-repudiation makes sure that no operator of the system can refuse to access it.
The Internet works on the Secure Socket Layer and Transport Layer Security protocols. Encrypting and decrypting of data is done by them over the wire that stands to be the main reason behind users inserting their financial and personal details on certain online portals for specific purposes, for instance, online shopping. Both the Secure Socket Layer and Transport Layer Security protocols are built on the public key cryptography that establishes data security. So, for carrying out the online purchase, the data has to be encrypted and the website has to be controlled by a proper and legal party. The web server has to have a Secure Socket Layer certificate verified by a legitimate certification authority ensuring the genuineness of the party and proper compliance with a security standard. A cryptographic system is divided into two parts, Symmetric Key Encryption and Asymmetric Key Encryption. In a system of Symmetric Key Encryption, the sender and receiver, both work with an identical key and in the Asymmetric Key Encryption, the key has to be conveyed carefully to the receivers and the senders without any opportunity of a breach.
While cryptography has ensured a strong and safe cybersecurity system, cyber offenders haven’t given up on any chance of attacking it. Communication with the help of a network makes the circumstances vulnerable and perfect for an attack to be launched. The system of a person can be obstructed with intruding databases, malware, viruses, etc which could eventually result in a loss of data. While transmitting data into different channels, private details could be stolen in that process. In short, an attacker can interject in any connection, establish the position of a middle man to wait and attack silently.
Network security
Network security covers the processes required to safeguard the integrity and security of several networks. They are configurations invented to protect the confidentiality and privacy of networks and data functioning on software and hardware technologies. Every industry, organization, government, firms, individuals and so on is compelled to take help of network security solutions for forming a guard against cyber threats. Network security is an essential part of cybersecurity, protecting data sent through devices connected to the same network and assuring that there is no interception. Network security breach can occur at any strata of the network. The network security has to protect organization, industry, firm, government or individual confidential data from every type of cyber threats including viruses, trojan horses, hacking, spyware, etc.
Network security consists of physical, technical and administrative levels of security which plays an essential role as a network breach can take place at any level. Physical network security frequently neglected helps in preventing unauthorized individuals from getting hold of physical access to network parts such as routers, cabling cupboards, etc. Access, control, inspection and testing are some of its important elements. Technical security control, on the other hand, protects data already stored in the network or being transmitted out of it. It strongly looks for authentication and tries to prevent theft of sensitive information. Administrative network security regulates security policies and user’s behaviour, even their authentication and level of access.
Scope of Artificial Intelligence in cybersecurity
Artificial Intelligence (AI) relates to a machine-made with the capability of human decision-making. AI can be utilized to discard excessive data and allow security experts to conduct strict vigilance over cyberspace and expose any abnormal activity. AI can pave the way for forming methods and techniques of detecting cyber threats. It could also process and update existing systems of software to detect and reduce cyber threats.
A hacker uses malware, viruses and other sources to invade and find an escape outlet in the pre-existing system to conduct the hacking of the system. This makes a situation where sites requiring high protection have to be dependent on AI as the main procedure for detecting cyber attacks. The AI while working thinks exactly like a hacker trying to break into a security code and produces the way of opposing it. AI is based on machine learning, natural language processing, etc for prohibiting hackers from gaining control over servers and other such valuable data and information. With further progress in AI, it will become an essential part of cybersecurity as it increases human productivity index and thereafter, results in more time being spent on cybersecurity to chalk out new innovative methods of protection.
Conclusion
Information technology has added speed to the process of cybersecurity development. Where technology has expanded the source of cybercrimes, it has also been the framework for formulating the terms and standards of cybersecurity. Cybercrimes can be caused by individuals in the form of indecent exposure, harassment, cyber-stalking, bullying, fraud, cheating, etc. It is caused against property in the form of net-trespass, virus transmission, software piracy, trademark infringement, etc. With technological development, cyber crimes pose a threat to the government concerning which cyber terrorism has fetched a lot of attention for posing fatal threats to the safety of the nation. Human trafficking, forgery, sale of illegal goods, etc, have found the cyberspace to be a safe place for the commission of these crimes. Cybersecurity is, therefore, the remedy to prevent all these crimes. It is extremely important to keep the software backing up every gadget that one owns, updated, unique processed passwords are a must, connecting to unsecured wifi networks should be avoided and emails and links from unfamiliar websites must be ignored. Even though a system of cybersecurity functions all over the world, the rapid development of technology has the ability to surpass the existing security system. Therefore, it is essential to make more stringent laws, strong softwares and invest more in the development of a cybersecurity system.
References
LawSikho has created a telegram group for exchanging legal knowledge, referrals and various opportunities. You can click on this link and join: