Introduction
The existence of the Internet and its rapid speed of innovation continue to bring new challenges for individuals, businesses, and governments alike. With time, cybercrimes have evolved from on-site hardware hacking to the use of cloud services and technology that allows getting access to large amounts of data in minutes. Thus, the range of cybercrimes and their damage to every person has evolved as well, endangering the information of every technology user.
Almost 40 percent of people use the Internet in some capacity, meaning that they provide some type of their data to various services, potentially exposing it to one of the most widespread cybercrimes – personal data and identity theft (Armin et al. 143). Attackers can steal data from individual users, companies and organizations, and even governmental entities, which implies that the scope of this crime can span international borders. Although the severity of data theft may have various repercussions on economics and politics, the current approach to laws and regulations does not provide a sufficient way to disrupt the chain of breaches.
Case Description
This case focuses on personal data theft and its impact on different spheres of people’s lives. First of all, it is necessary to understand the concept of stealing information and related procedures. Before the Internet, identify theft could be conducted by collecting information about a person through his/her documents, mail, and conversation. After the creation of technology, databases and serves started to receive data from users, including their emails, phone numbers, and names.
However, the rise of the Internet and corporate use of technology increased the volume of information collected and shared for everyday use. Currently, people can provide access to such data as their social security number, identification, credit card number, family status, health history, and much more. As a result, the process of stealing this information may affect individuals and businesses much more severely than before.
To evaluate the significance of this problem, it is vital to understand the outcomes of private data being stolen. Regardless of the source of this information, it is mostly used for several purposes. First of all, criminals may impersonate an individual by using his/her data to complete a financial transaction or other operations. Here, the damage may be small and temporary or severe and lasting, depending on the ability of the victim to locate the problem and mitigate its effects. Second, some sensitive information may be sold to companies which then use it to target persons with advertisements or use their data for other unethical practices (Hutchings and Holt 13). These are the two primary outcomes for individual users.
Companies may also be affected by such cybercrimes. The main possible outcome is reputational damage – a business that loses customers’ data is seen as untrustworthy, and clients may stop using its services or products after hearing the news. This problem leads to another one – financial losses. A firm which reputation is damaged can suffer from lower profits, a decreased stock value on the market, and additional costs for recovery and future considerations for data protection (Balan et al. 64). Balan et al. note that many companies are very reluctant to pay for cyber-defense software and specialists (64). This often leads to them having to spend more money on covering the damages than they would need to prevent a breach from happening in the first place.
Thus, financial losses from data theft can be devastating for both small and large businesses. According to Wheatley et al., the cost of one stolen piece of private data is equivalent to more than $200 (1). While this number does not present any danger by itself, the amount of data that is usually stolen during one cyber attack often includes thousands of names, personal identification details, and financial records. For instance, in 2008, the cost of one cyberattack could reach more than 1 trillion US dollars of economic damage, which is a significant loss even for a large corporation (Wheatley et al. 1).
These expenses can not only destabilize a business and turn away customers but also put a company under significant strain and lead to various problems for stakeholders and the industry as a whole. Notably, large companies suffer from such crimes more often than small ones, as they possess more information and are more interesting to attackers (Wheatley et al. 10). Therefore, data theft can reach devastating results as successful breaches expose extensive amounts of information to misuse and exploitation.
The amount of attacks and stolen information has also increased because of innovative technology. While older software required hackers to manually conduct each operation, the current rise of technology automated most processes. Some criminals can sell so-called “crimeware” – malicious software designed for different ways of hacking. Other innovations are related to the Internet as a whole.
The use of cloud storage, for example, has led to data breaches with massive quantities of stolen information, as cloud technologies allow companies to store much more information than a physical server and can provide access to data from virtually anywhere (Wall 532). Cloud space can also be used by hackers who automate their procedures and steal information from multiple sources with a few clicks, further increasing the possible damage of such crimes. Cybercrimes committed in the cloud present a danger that should raise concerns not only on the local but the international level as well.
The process of finding criminals who utilize such technology is difficult for authorities because of multiple reasons. First of all, criminals often use software that protects their location and device information, making tracking almost impossible. Various technologies for rerouting and creating new IP addresses also complicate the official procedure. Transactions between criminals and their potential clients may be protected as well with the help of encrypted or disappearing messages, untraceable cryptocurrencies, and closed channels of data transferring. Furthermore, as cybercrimes can be initiated from and targeted at any place in the world, some national and international concerns apply here.
Currently, the state of regulations related to cybercrimes and security offers several recommendations and laws. For example, an international cybersecurity standard ISO 27001 indicates which requirements have to be followed by organizations to provide information security for their clients and important data (Aggarwal et al. 50). This initiative attempts to systematize the variety of security controls and create a system for their implementation.
Furthermore, it encourages company management to analyze the state of their businesses and outline possible risks and vulnerabilities. The following data is needed to fulfill the next step of the regulation – the creation of a unified system for all utilized information security controls to prevent the highlighted problems from occurring. Finally, the recommendations note the significance of the ongoing monitoring and recalibration of services to maintain cybersecurity at all times and update the utilized technology on time. However, this standard along with other cybercrime laws may not be sufficient enough to prevent these crimes from occurring. Thus, an analysis of possible impacts and solutions to the problem needs to be conducted.
Case Analysis
The analysis of cybercrimes and data theft, in particular, needs to not only address its damage and outcomes but also uncover possible flaws in the current system and present some solutions and improvements needed to make the problem less significant. Currently, the impact of cybercrimes continues to evolve steadily with the innovation of technology (Wheatley et al. 10). The increasing amount of private data being stored and used for everyday activities such as shopping, working, or accessing health care also complicates the process of employing new regulatory procedures. Moreover, as more and more people engage with services and products through the Internet, the coverage of data theft crimes becomes wider as well. Thus, the influence of cybercrimes grows and creates more dangers for the world.
As noted above, the impact of cybercrimes on businesses may be extremely damaging to both their reputation and their financial state. Thus, enforcement of a security standard seems to be an important measure in protecting client data. However, the ever-evolving state of crimeware technology continuously presents new ways of attacking the installed protections, making the regulation ineffective because of its lack of dynamic change.
The slow speed of creating barriers that could prevent data breaches from happening does not equate to the rate at which cybercriminals develop new malware. While the latest edition of the standard covers cloud computing and related issues, its less regulated implementation allows companies to be certified without following specific controls. Other measures employed both locally and internationally address reoccurring breaches, known dangers, and overall integrity of information (Aggarwal et al. 51). However, all may fall victim to unexplored crimeware and innovative technology.
For example, the introduction of cryptocurrencies, which were first introduced to the general public in 2008 and have been gaining recognition since, poses a potential threat to the process of uncovering illegal financial transactions. Although some types of such currencies have an open system that presents some information about the operation and its participants, a number of them attempt to provide full anonymity to all processes, completely decentralizing and encrypting all aspects of a money transaction.
The lack of regulations in the sphere further increases the dangers that can come from criminals using such services for their business. Current laws are not equipped to deal with such financial operations, therefore, complicating the persecution of cybercrimes. The existence of various anonymous messengers and encrypted information transfer can also contribute to cybercrime.
The international responses to such innovations have differed from one country to another. On the state level, some nations chose to regulate citizens’ access to such technologies, condemning cryptocurrencies or encrypted messengers as illegal (Deeks 6). For example, Pakistan, Colombia, and Russia have attempted to impose strict regulations on the use of encrypted technologies, while China and India proposed regulations for choosing which information has to be accessible to the government at all times (Deeks 6).
Such attitudes show that some states believe in the direct connection between such decentralized services and illegal activities, including money laundering and terrorism. The process of data theft is another concern, although its impact is primarily financial. While these arguments may have a foundation, the choice to establish complete control over user’s information and conversations does not contribute to supporting their human rights.
Other countries such as the US may see potential in these technologies and recognize their possible benefits to personal security. For example, end-to-end encryption allows users to protect their information from cybercrimes, including data theft, as it does not transfer valuable information or store it in places that can be easily accessed with crimeware. This advantage is also seen by major corporations that collect massive amounts of data every day.
Apple and Google, for example, both realize that encryption protects people’s financial records, which limits the criminals’ possibility of accessing someone’s credit card numbers and passwords (Deeks 13). This outlook of large businesses impacts the state of affairs in the US and the world as almost all such companies are based in North America but sell products worldwide. Thus, some conflicts based on different views may arise internationally, as companies interested in keeping their place on the global market try to appeal to the governments of countries with strict regulations.
Another point of disagreement and tension may occur if cybercrime is committed on an international level, involving two or more countries as a result. As such criminals are already difficult to detect and apprehend, their residence in another state may also complicate the process of persecution and judgment. Thus, international laws for such cybercrimes need to be developed to systematize the procedure of resolving challenging cases.
However, as many nations have varying views about digital security, protective methods, and safe practices, their collaboration to design a unifying framework may be unpredictable. Similarly, the enforcement of international and national standards on companies may also put businesses in a difficult position as they attempt to navigate different state laws. The outlook of Apple, mentioned before, ever-evolving put under question by governments that want to have full access to people’s data. There, a process of monitoring information security may be more laborious if one’s personal identification information is no longer encrypted due to the local laws.
As can be seen in the aforementioned issues, the crime of data theft may lead to not only economic but also political and social impacts on people and businesses. From an economic point, it may be more advantageous to keep the data encrypted as this way of protection secures information from criminals, firms, and governments, limiting all access to people’s records. The implementation of such technologies could save companies money as it could reduce the number of breaches and decrease the need to recuperate from cybercrimes. Moreover, the security of payments in these systems may also provide businesses with a more reliable transaction framework that would encourage customers to buy more products without the fear of their information being stolen.
This proposition, however, contributes to the debate about possible uses of such encrypted technology. Although it can make the information more secure than before and provide companies with a way to protect data from it being stolen, it can also be used by criminals to conduct illegal operations. Thus, encryption is viewed differently by states – both as a possible solution to and as a cause of cybercrimes. Thus, the global implementation of a unified standard for its use seems impossible at the current moment.
The political outcomes of identity theft may be connected to crimes that involve people from one country targeting data storages from another state. In this case, the process of finding and persecuting a criminal becomes an issue as it is unclear according to the laws of which country such persons need to be judged. On the one hand, the crime is committed against one country. Thus, it has the right to decide an appropriate punishment. However, the current laws of extradition do not follow one procedure as well, being different from country to country. Furthermore, the process of finding a criminal may also be challenging, as the law enforcement agencies of the affected state may not have the ability to use all their resources. Thus, various political concerns call for a reassessment of contemporary data security regulations.
The social implications of information theft relate to people’s trust for companies and governments’ integrity and capability to protect. The difference between total control over people’s data and their ability to use encrypted services without being judged also influence the way people share information on the Internet. It can be assumed that not all persons fully understand how companies store data. Thus, their awareness about information security may also either contribute to or prevent cybercrimes.
The social impact of information theft may lie in increasing people’s knowledge about technology. This outcome, however, is not the only one. People may also be afraid of sharing information over the Internet or becoming suspicious about companies’ integrity. These negative attitudes may result in both social conflicts with businesses and dissatisfaction of people with services. The use of encryption may have the same effects on people as it has on governments – some may support it while others can oppose it.
While people have some recommendations about securing their information, companies have a set of standards that they are required to follow to be certified. Nevertheless, these principles and advice are not universal for preventing all types of cybercrimes. As mentioned above, some businesses do not want to adhere to such criteria, exposing the collected data to attacks. According to Balan et al., more than 90 percent of all businesses were impacted by cybercrimes and were exposed to monetary loss as a result (67).
This rate shows that the level of compliance with protective measures may be extremely low. Another possible reason for such a high level of impact is the ineffectiveness of current rules. Regardless of which reason is more prevalent, both of them need to be addressed. New approaches should be discussed and recalibrated to include modern devices and crimeware and imposed on companies to secure people’s data.
Conclusion
The current changes in technology reveal new challenges for countries and businesses, requiring more attention to deal with cybercrimes. Such crimes have a direct connection to people’s personal information, as data theft remains one of the most widespread illegal activities in this sphere. Private data safety is an issue that needs to be discussed on many levels, including national and international. The Internet and new technologies help companies evolve in their protection of data.
However, they also contribute to new ways of committing crimes. Currently, laws and regulations are not systematized to impose a unified set of rules which would decrease the rate of cybercrimes in the world. As different countries possess their personal views about data security, encryption, and the right to privacy, there is no consensus on what can be done to stop cybercrimes from inflicting damage on people’s lives. Thus, data theft continues to have a significant impact on companies and people worldwide.
Works Cited
Aggarwal, Pooja, et al. “Review on Cyber Crime and Security.” International Journal of Research in Engineering and Applied Sciences, vol. 2, no. 1, 2014, pp. 48-51.
Armin, Jart, et al. “2020 Cybercrime Economic Costs: No Measure No Solution.” Combatting Cybercrime and Cyberterrorism: Challenges, Trends and Priorities, edited by Babak Akhgar and Ben Brewster, Springer, 2016, pp. 135-155.
Balan, Shilpa, et al. “Data Analysis of Cybercrimes in Businesses.” Information Technology and Management Science, vol. 20, no. 1, 2017, pp. 64-68.
Deeks, Ashley. “The International Legal Dynamics of Encryption.” Hoover Institution, AEGIS Paper Series, no. 1609, 2016, pp. 1-27.
Hutchings, Alice, and Thomas J. Holt. “The Online Stolen Data Market: Disruption and Intervention Approaches.” Global Crime, vol. 18, no. 1, 2017, pp. 11-30.
Wall, David S. “Towards a Conceptualisation of Cloud (Cyber) Crime.” International Conference on Human Aspects of Information Security, Privacy, and Trust, edited by Theo Tryfonas, Springer International, 2017, pp. 529-538.
Wheatley, Spencer, et al. “The Extreme Risk of Personal Data Breaches and the Erosion of Privacy.” The European Physical Journal B, vol. 89, no. 1, 2016, pp. 1-17.