CYBER SECURITY IN E-BUSINESS 1
CYBER SECURITY IN E-BUSINESS 2
Cyber Security in E-Business
Technological advancement has resulted in the significant simplicity of carrying out activities and processes in many areas. The business world has attained a significant benefit from this advancement. Through it, e-businesses have emerged, where individuals and organizations can electronically carry out business activities, thus without the need to be physically present at the point and time of transacting. According to Furnell (2004), e-business refers to a model of doing business or a segment of a larger model that allows commercial transactions to be undertaken throughout an electronic network such as the Internet. A major challenge is, however, facing electronic business entities, where the majority of them are facing network insecurity (Furnell, 2004). Through these insecurities, business organizations and individuals lose significant amounts of money to highly skilled but ill-intentioned individuals who manage to hack into the networks and attain unauthorized access to business and individual resources. This paper evaluates the issue of insecurity within the e-business world and provides effective methods through which these issues can be resolved.
Statement of the problem
Despite the fact that e-businesses possess numerous opportunities for growth and development, convenience, and simplicity, there is increased security concerns and risks involved. With the increased pool of users and interested parties, the need for information protection is even more amplified. Cybercriminals pose an immeasurable threat to online business space. Threats to e-business are largely multi-faceted and are largely manifested as privacy and confidentiality, integrity and non-repudiation, authenticity, access control, cost and availability (Scott, 2004).
E-businesses are faced with the complex challenge of protecting details of their customers from unauthorized access as well as security in transmission and storage. Cybercriminals are continuously exploring means and ways of executing credit card theft and information mining. It is therefore imperative that personal and confidential information from customers remain secured and accessible to only authorized personnel. Another major security concern for e-business platforms is authenticity. With millions of Internet users worldwide e-business risk identity theft and malicious presence with an aim of gaining a financial advantage or causing havoc. E-commerce participants are therefore needed to establish that a person is who the real claim to be, (Lowry et.al, 2001).
Definition of terms
The following provides the description of the main terms used in the study for better understanding of the research
i. E-business – a model of doing business or a segment of a larger model that allows commercial transactions to be undertaken throughout an electronic network such as the Internet.
ii. E-commerce – refer to buying and selling of goods and services via an electronic network.
iii. Cybercrime – refers to criminal activities that are carried out through the utilization of computer networks with or without the inclusion of the internet.
iv. Spoofing – it refers to a form of hoax or trick, which hackers utilize to trick the system and gain unauthorized access.
v. Data mining – refers to the process through which individuals examine data and manage to generate new information from the data.
vi. Credit card fraud – refers to criminal activities where a credit card of an individual is accessed without his or her authorization and utilized to steal money from that individual.
vii. Encryption – Refers to the process of encoding a message or some information to ensure that only individuals who are authorized can gain access.
viii. Cybersecurity – refers to the protection of systems that are internet connected to prevent access from individuals that are not authorized
ix. Hacker – refers to a skilled computer expert who utilizes his or her knowledge to overcome or cause a problem in a computer network.
The research study is mainly based on obtaining data from primary sources regarding the issue of carrying out business activities electronically or other topics related to the topic of e-businesses and cybersecurity, analyzing the data and utilizing it to prepare a study and research results on this topic. The research study analysis involves the evaluation of the results obtained by different researchers and using their findings to compile a comprehensive explanation on the issue of e-commerce state of insecurity and effective methods and means that can be utilized to effectively succeed in
The significance of the study
E-business is gradually turning out to be an integral part of businesses process and operations. Almost every business today has some form of e-business undertaking ranging from complex web systems and application to simple social networking. Studies estimate that the e-commerce industry is currently worth upwards of $2 trillion. With such humongous capital and transaction outlay, it is imperative that we take a concerted effort in ensuring e-business security is at its premium. Failures to do so may lead to catastrophic losses and outages of general and critical services for the general population.
Technology adaptation in e-businesses
E-businesses are based on technology. Without the current technological advancement, e-businesses would not exist. It is for this reason that electronic businesses recently emerged in the late 19th century when the internet became applicable in the business world and most people attained devices that could provide them with internet access. Over time, gradual changes have occurred with most improvements making it extremely easy for individuals and organizations to carry out business activities easily despite being physically in different geographical regions. Business activities have thus increased their reliability to technology. Currently, some business organizations simply cannot exist without technology. A good example is a business organization like Facebook, which is currently one of the largest companies in the world. Such a business entirely relies on technology and the need for people to socialize with others. Many other businesses offer services and manufactured products but completely rely on technology to carry out their services smoothly (Velmurugan, 2009).
Technology has thus provided businesses with significant capabilities, which have provided them with a significant competitive advantage compared to their competitors who may not be using the technology. In the first stage of establishing a business organization, businesses use technology to establish effective business plans and carry out research to determine the viability of their plans. After the business has been established, technology is also utilized to help in the recruitment plans for the business employees. The organization then automates its manufacturing or service providing process, still using technology.
In the marketing section, technology plays a major role in helping business organizations manage to reach their targeted customers and inform them, of the products and services that they are offering and the means through which those products will provide value for them. The organizations then still use technology to transact with the customers in the section on e-commerce. With this understanding, technology is completely implemented and adapted to the business world, from the stage where a business is established to the point where it makes sales of its products to the customers. The more effectively a business manages to take advantage of technology, the more capable the business organization becomes in gaining profits (Smith, & Rupp, 2002).
In the e-business section, business organizations make it possible for clients to make purchases of products through the internet without having to physically visit an organizational store. Many businesses have currently adopted this model of doing business. Different types of payment methods are used to transact through the internet. A number of significantly large organizations have attained their current status and rank from carrying out business through this strategy. A good example includes organizations like e-bay, Alibaba, and Amazon.
Amazon is currently a large organization that operates worldwide. The organization began with the utilization of the store method where it sold books from its stores among other products. As technology was advancing, the organization also kept implementing the technological advancements to its operations. Currently, the organization makes most of its sales through the internet. The organization has a complex website, where customers can explore the products that it offers and then using the website to make purchases of the products. The website is maintained on a daily basis and all the new products that the organization is offering are updated into the organizational product collection. It also has readily available customer service, where customers can obtain further assistance on the products and have their inquiries addressed immediately (Smith, 2004).
After organizational customers pay for the products, the organization then delivers them to an area where the customers can access them. With this method, the organization does not have to make any form of expansions to certain geographical areas in order to expand to those markets. As long as the individuals can access the organization’s website through an internet capable device, then they can make purchases of the products that the organization offers. These aspects make the organization one of the most successful retail organizations operating through the internet. Other organizations like e-bay and Alibaba also use this model to carry out their business activities.
Types of cybercrimes in e-businesses
Cyber-crimes are among the main challenges that business organizations that utilize electronic methods to complete transactions face. Cyber-crimes refers to criminal activities that are carried out through the utilization of computer networks with or without the inclusion of the internet. Criminal activities that are thus carried out within the network of e-businesses are thus considered to be cybercrimes. There are different types of cybercrimes that are carried out within the e-business process. The first type of such cybercrimes is identity theft (Pettit, 2012).
In order to complete an e-business transaction, the organization offering a product requires the customer to make certain payments. The payments can currently be made through a large number of options among which include credit cards or electronic methods of fund transfers. Through these methods, a customer is able to send money from his or her account to the organization from which he or she is making a purchase. The process that takes place in order to have the money transferred is that the organization collects data from the credit card for the customer and then uses that data to claim the agreed-upon amounts of money from the organization that stores money for the organization., this may be a bank or any other money storing online organization like Paypal or Skrill among others.
With this data, an individual can manage to access funds from the accounts of the customer. If an individual is thus able to obtain the data from the credit of the customer without the customer knowing that the same has occurred, then he or she could also access the money of the customer using his or her credentials. His access is however unauthorized and thus it becomes the criminal activity referred to as identity theft. If the details or information is utilized to carry out a transaction, the transaction is said to have been carried out by the original owner of the details (Nabi, 2005).
The other type of cybercrime that individuals utilize which can significantly impact the process of e-business is Cyber extortion. Business organizations that utilize e-commerce rely on the internet band their servers to carry out business-oriented operations. With this regard, in a case where their servers became operational, they would lose a significant number of customers and in the process attain significant losses. With a clear understanding of this fact, ill-intentioned individuals capitalize on hacking the systems of these organizations to cause their servers to malfunction. They also ensure that the damage they make to these servers, they are the only ones capable of altering their changes and making the servers operate normally again. When they succeed, they then contact the organizations and demand for money in order to have the servers function normally again. In many occasions, the organizations are forced to pay the money requested since without their servers operations they may lose significant amounts of money, much higher than the ransom that criminals request (Kesan, Majuca, & Yurcik, 2005).
Another major type of a cyber-crime that many organizations are significantly afraid of being subjected to, is data mining. When electronic methods of making payments are made, business organizations collect customer data and information with the aim of keeping a record of the sales and purchases made. This data includes credit card numbers and names for the customers who make purchases of products and goods from their organizations. Data mining is when some ill-intentioned individuals who are also highly skilled in computer networking hack these organizations and collect this data. When they obtain success, they cause significant problems for both the organization and the customers. With this data, the individuals can manage to access the accounts for different customers and even withdraw their credit card money. This form of crime can result in significant loses for the organization through processes like having their reputation tarnished and compensating the customers whose data was fished from them (Karake Shalhoub, 2006).
Case studies of massive cybercrimes in e-businesses
In the e-business organizations, massive cybercrimes have taken place where a large number of organizations have been subjected to becoming victims of cyber-criminal activities. One of the largest cybercrime that took place is the target-Organization data fishing cyber-crime. Target organization is one of the largest retail organization in the United States after Walmart. In the year 2013, the organization experienced one of the largest data breach challenge, where hackers managed to fish more than 40 million debit and credit card information from the organization’s system. The hack began earlier before the Christmas evening when there was certainty that many people would make purchases of Christmas gifts among other products from the organization. From this attack, Target has been facing a significant challenge since then to ensure that its customers begin trusting that the organization is capable of protecting their data and at the same time due to the significant loses the organization made compensating those whose data was fished by the hackers.
Another significantly large and massive cyber-attack that recently occurred is the 2016 attack on one of the DNS provider organization Dyn. This attack caused a large number of an e-commerce based organization like Twitter, Netflix, the guardian and Reddit among others to stop functioning. The purpose of this attack was simply for the hackers to reveal that they are capable of carrying out such an attack. The disruption, however, caused these organizations not to operate for more than a day and thus through it, they managed to lose a significant amount of money. An organization like Netflix, for example, gains significant amounts of money through its website services, where individuals are able to stream movies and attain other services for a fee. The disruption thus caused a significant amount of loss and inconvenience for the organizations that it affected (Furnell, 2004).
Another well recognized and significant cyber-attack that took place is the 2015 global banks hack. In the year 2015, hackers managed to infiltrate different bank’s network and gained data from a large number of institutions around the world. With this data, the hackers attained the ability to impersonate bank staff and thus managed to steal more than 650 million euros. They gained access through which they could even order an ATM to dispense cash without being provided with a bank cash. This hack was significant and targeted the banks that had the ability to carry out any form of e-commerce activities. From these case studies, it is thus clear that the challenge of cyber-crimes is significant in the e-business world.
Statistics showing cybercrime activities in e-businesses
Statistically, cyber-crime has caused a significant negative impact on a large number of individuals and organizations all over the world. To begin with, recent studies reveal that a number of companies that operate online are currently in loss of over 5 million dollars through the stolen data. There are also other organizations whose losses through this channel exceed 100 million dollars. Millions of consumers that utilize the services of these organizations have their bank account details being compromised and thus hackers can easily manage to access their accounts and withdraw their money easily. The activities that have been taking place in the world which revolve around cyber-criminal activities reveal that by the year 2019, the world will have lost more than 2.1 trillion dollars through cybercrimes. With this understanding, it is essential to ensure that certain measures have been put in place which will play part in making sure that organizations succeed in securing their business activities from cybercriminals (Bosworth, & Kabay, 2002).
Mitigation of cybercrimes in e-businesses
Business organizations also have attained a clear understanding of the open threat that they are facing through cyber-criminal activities. With this understanding, there are certain measures that have been put in place, which are aimed at helping the business organizations manage to remain secure and capable of protecting their operations and customer data from ill-intentioned and skilled hackers. To begin with, there are highly capable anti-malware programs that business organizations currently utilize, which are aimed at detecting any form of abnormal activities within the computer networks which could easily be malware. These programs help the business organizations manage to identify different forms of cyber-attacks before they happen and thus they stay alert to prevent the attacks from occurring.
A simple anti-malware program is however not sufficient in keeping hackers out of a network. With this understanding, large business organizations have considered making purchased of complex cyber-security programs capable of detecting any form of activities that hackers may involve in. a good example of such a program is the FireEye. This program is able to detect any form of malware of hack before it manages to break an organization’s security. It is also the program that could have helped the target organization manage to completely minimize the impact of the attack that the organization experienced in the year 2013. With this regard, the organization is taking caution by investing in cyber-security measures to avoid attaining losses which may occur through hackers. Taking these measures is thus one of the main ways through which the e-business organizations are utilizing to address the data breach challenges that they are facing (Akhter, & Kaya, 2008).
E-businesses have recently become major entities and effective ways of earning for many business organizations. Through them, many organizations have attained the ability to remain completely effective in their operations and increase the gains that they obtain on a daily basis. These business organizations and their ways of carrying out business operations are currently being threatened by the challenge of cyber-crimes. Many organizations have faced adverse negative challenges caused by hackers, through which their systems and ways of doing business has been disrupted and threatened. Business organizations are currently implementing measures to address this issues, by investing in network security resources and programs that can help them identify and completely eliminate an attack (Scott, 2004). An effective way to ensure that cyber-attacks do not occur is thus for an organization to remain prepared for one and ready to challenge the hackers with an effective security system.
Akhter, F., & Kaya, L. (2008, March). Building secure e-business systems: technology and culture in the UAE. In Proceedings of the 2008 ACM symposium on Applied computing (pp. 1474-1475). ACM.
Bosworth, S., & Kabay, M. E. (Eds.). (2002). Computer security handbook. John Wiley & Sons.
Furnell, S. (2004). E-commerce security: a question of trust. Computer Fraud & Security, 2004(10), 10-14.
Karake Shalhoub, Z. (2006). Trust, privacy, and security in electronic business: the case of the GCC countries. Information Management & Computer Security, 14(3), 270-283
Kesan, J., Majuca, R., & Yurcik, W. (2005, June). Cyber insurance as a market-based solution to the problem of cybersecurity: a case study. In Proc. WEIS (pp. 1-46).
Lowry, Paul Benjamin; Cherrington, J. Owen; Watson, R. J. (2001). E-Business Handbook. Boca Raton, FL: CRC Press.
Nabi, F. (2005). Secure business application logic for e-commerce systems. Computers & Security, 24(3), 208-217.
Pettit, R. (2012). Learning From Winners: How the ARF Ogilvy Award Winners Use Market Research to Create Advertising Success. Psychology Press.
Scott, J. E. (2004). Measuring dimensions of perceived e-business risks. Information systems and e-Business Management, 2(1), 31-55.
Smith, A. D. (2004). Cybercriminal impacts on online business and consumer confidence. Online Information Review, 28(3), 224-234.
Smith, A. D., & Rupp, W. T. (2002). Issues in cybersecurity; understanding the potential risks associated with hackers/crackers. Information Management & Computer Security, 10(4), 178-183.
Velmurugan, M. S. (2009). Security and Trust in e-Business: Problems and Prospects. International Journal of Electronic Business Management, 7(3)