Effects of Cyber Threats

Effects of Cyber Threats

Introduction

Cyber threats are defined as acts of malice that are aimed at destruction or damage of data, interfere with digital life and machines, or generally theft of data. Cyber threats include the use of computer viruses, attacks on denial of services (DoS), and breaching on data. This essay will mainly focus on cyber threats and how to impact on government management controls. Lately, in today’s smart world, cyber threat has become more frequent. This prevalence has made people visualize the threats as physical because people find it hard to contextualize how digital signals can sum up to an attack. These attacks happen from cyberspace (a non-existing computer-generated space) to weaponry damaged digital devices. Some of the cyber threats are serious and threatens peoples live while others are just meant to cause nuisance or less damage. The government is faced with various cyber threats across the operations. These threats include physical damage, theft of intellectual property, data breaches, data loss, and system disruptions.

There are various common cyber threats; some of them include malware that targets a system and takes over it through corrupting data and performing malicious tasks. Phishing is a mail-based attack that tricks the recipient of an email into revealing confidential information or by downloading a hyperlink in the message. Spear phishing is a more sophisticated version of Phishing where the hacker impersonates another person so that the victims can trust them. MitM attack in which the attacker creates and get in between the recipient and the sender of a message, intercepts and alters the information. MitM can be used in the military to counter the enemy. Trojans which, has the capability of changing forms. It enters a system in particular for and changes its form once in the host. Ransomware which works in a way that it demands exchange so that the user can access the system again. the effects of ransomware are low in damage. DDoS attack in which, the attacker bring so many computer devices together and makes the system to crash because of the overload. A breach attack involves stealing data from an organization by a malicious actor mostly to embarrass the organization.

Physical damage

Physical damage as a cyber threat will involve harm or damage of government hardware assets; for example, network devices, laptops, or servers. Incase these devices lack proper maintenance or are by any chance handled carelessly, the government gets into the risk of cyber-attack. A government management control that is connected to the ministry of defense, for example, can their equipment critical damaged through hacking. If a hacker gets into weapons and command control systems, high tech equipment can be destroyed or rendered useless.

Physical damage can also affect other governmental agencies by making them lose data permanently. An example of government physical damage was witnessed in Bahamas Public Treasury in the year 2012 where it was reported that the treasure computer systems went down for several days as a result of water leakage in the treasury building interfered with the servers as confirmed by the treasury minister Michael Halkitis. Although there no reported cases of data loss, regular and day to day operations were disrupted for days before the repairs and maintenance were done. Research has shown that most of the organization’s concern is hardware failures. The results also showed that 52 percent of the organizations named hackers as the main threats in cybercrime.

Theft of intellectual property

This kind of cyber threat involves people of companies being robbed of their inventions and ideas. Intellectual property consists of several aspects, namely; software products, grants, contracts, agreements, trade secrets, and other propriety products. Intellectual property may seem not to be relevant to the government and government agencies. Still, it is dangerous and can have adverse effects on the public sector and other stakeholders like an organization that carries out important research, government contractors, especially those in aircraft industries and the energy and telecommunications sector. In such cases, theft of intellectual property can lead to a damaged reputation, high finance expenses, and loss of competitive advantage.

Unfortunately, most governments and government agencies do not seem to understand the danger of theft of their intellectual property that faces them instead put more emphasis on spyware. An example of an intellectual property theft happens in the united states between ten Chinese nationals, an unnamed French company operating in the U.S. in the year 2015. A combination of different technics of hacking was used to get inside the french company aerospace, which was manufacturing engines in collaboration with a U.S. company. The techniques used according to the complaint included malware, phishing schemes, domain hijacking, among others. Allegedly, the malware that hit the French company was Sukula malware, which was the same malware that hit Oregon and Arizona manufacturing company in Massachusetts. This case is still going on, and as stated, the reason for the hacking was that a Chinese aerospace company was also determined to develop a similar commercial aircraft engine, and hence they wanted that technology too. In research, 43 percent of the respondents said the malware is the leading cause of intellectual property theft, while 24 percent said the leading cause is the spyware. Additionally, a large organization holds hackers responsible for the loss of intellectual property, but it is them, the regular users in those organizations that are the leading cause.

Data loss

Data can be lost whenever information is destroyed though the failure of storage procedures, through information processing and information or data transmission. The threat in data loss involves intentional activities to cause the damage; examples of these activities include erasure, malware infiltration, sessions hijacking IoT exploits. In other cases, software failure and human mistakes can lead to data loss. In case a government or government agencies lose data through the above means, their services are disrupted for both the employees and the general public, and the may face prosecutions from the citizens whose data has been endangered and compromised. Consequently, through data loss, sensitive information like personal information, financial information, among other data, may fall into the wrong hand of the hackers, and this may expose the citizens into fraud, phishing attacks and blackmail.

An example of data loss happened in the Department of Veterans Affairs in the united states in the year 2006. The scenario involved an employee of the department who was a data analyst when hackers stole his computer and its equipment in his house in Maryland. The computer’s hard drive carried unencrypted personal and private data of more than 26.5 million across the United States, including the members of the veteran department. The analyst reported the case, and luckily the hard drive was recovered, and after a forensic examination, it was determined no information or data had been lost. Although this happened, the department of veteran Affairs had to pay $20 million to 5 veterans who took to a lawsuit for allegedly that their personal information had been exposed to risk.

Data breaches

Data breaching is a cyber threat that involves using various malicious techniques like Phishing, human mistakes, misconfigured databases, lost devices, and sponsored attacks. Through breaching, information is copied, viewed, transmitted, stolen, or used by unauthorized people. Research shows that a third of the breaches are a result of errors made by insiders and privilege misuse. Government stores susceptible data about the citizens they employ and citizens they serve. In the case of Office Personnel management (OPM), which is among the famous breaches, hackers accessed both personal and security clearance records, which was a very confidential data regarding the former and the current employees of the government. Whenever such information falls into the wrong hands, citizens can be extorted, blackmailed, or be victims of fraud and eventually harm their reputation.

Key repercussions of a data breach in the public sector are that the government is likely to face lawsuits from the affected citizens, fines, resignation of key employees, loss of trust by citizens, damaged reputation, and high costs of investigations and instilling remedies. In cases where the massive government data has been breached, the regulatory bodies put up strict rules which at times, are difficult for the employees to comply with.

An example of a data breach was the most recent Office Personnel Management that happened in the year 2014. OPM reported to the U.S. government that their computers had been penetrated by Chinese hackers, probably with interest to get information about federal employees. The breaches touched 21.5 million Americans and four million records of former and the current government employees. After the investigation, it was found the OPM had not encrypted the information and had failed to implement the login authentication of its employees and contractors. This breach led to damage to government credibility, and as a result, they were lawsuit filed by a federal employee, and later the director of the agency resigned.

System disruption

Unlike other Information Technology risks, system disruption may not seem as fatal, but its repercussions can very severe to government organizations. System disruption leads to failure of I.T. functions or renders them the inability to operate for quite some time. The main causes of system disruption are; destructive techniques either by outsiders or insiders. Like ransomware, power outages, human mistakes and negligence, and natural disasters. In such instances, the organizations can not serve their citizens, schedule appointments, send complaints, address citizens, or use their management systems; hence citizens and the employees are frustrated.

An example of a system disruption happened at the State information technology agency (SITA) in the year 2018, where power outage affected systems of departments, including the presidency in the government in South Africa. After investigations, it was discovered that the backup generator at the SITA offices failed after the power outage hence delaying services countrywide. The delays led to the suspension of all government operations like birth, smart I.D., passport, and marriage service. Shortly after the systems were restored, another power outage occurred, making the situation even worse. However, SITA apologized to citizens and stakeholders, but the Executive of the organization was highly criticized because of lack of proper recovery and contingency plans to respond to the problem entirely.

Summary

Surveys and researches have shown that most government organizations fail to decisively determine the proper procedures when it comes to cybersecurity; hence poor results that may lead to information being exposed. The most cyber threats that organizations emphasize on are spyware and ransomware. Other findings have seen data breaches and data losses as being the significant IT risks that affect government organizations with these effects, not only leading to disruptions but also prosecutions in the court of law by the affected employees and its citizens. Employees of these organizations resign due to damaged reputation while the citizens are left exposed to an attacker who has their personal information. The above effects have to countries and government organizations awaken in reality and have raised investments in the security sector to improve results by the year 2023.

As we have seen, even big organizations that compose of high talents and great resources that are channeled towards combating cyber threats have, in the past, suffered greatly due to compromised security procedures. This tells us that other smaller organizations are even with greater challenges. This reveals that cyber threat is a complex area that requires knowledge and understanding from various disciplines of learning, which include and not limited to Information Technology, computer science, economics, psychology, sociology, engineering, political science, organization behavior, law, international relations, and decisions sciences. The organizations are being advised to come up with a vulnerability management life cycle to combat the dynamically increasing cyber threats since research has shown that the attacker is using an attack life cycle. This vulnerability management will help counter the attacker’s efforts in the quickest way possible.