Tue | Sep 27, 2016

Commentary - Many dangers lurking in cyberspace Part 1: Managing the threats

Published:Friday | January 1, 2010 | 12:00 AM



Cedric Stephens

Individuals and entities in the public and private sectors in Jamaica have become increasingly dependent on information and telecommunication technologies.

Digital equipment and devices of all kinds that employ the technologies are being used to communicate, drive and improve business processes and to create value.

Evidence of that reliance is on our roads, in homes, schools, offices, factories and other types of organisations of all sizes.

The use of these hi-tech tools creates unexpected consequences.

Consumers are exposed to new strains of risks. Some risks have their equivalents in the real world. Others are specific to the virtual world. Here are some examples.

The principals of one local company sued another entity in the United States for libel. The plaintiff alleges that libellous comments were made in email messages.

The Jamaican Government enacted the Electronic Transactions Act, which came into effect on April 2, 2007.

Its aim was to facilitate the sale of goods and services. This is known in the jargon as electronic commerce (e-commerce).

A May 2000 survey conducted by Lloyds of London in the United States, identified e-commerce as "the greatest single business risk for the 21st century."

Since January 2009, police authorities here have received "an average of 10-15 'cyber-related' complaints per month", according to a report in the August 30 issue of the Jamaica Observer.

Three days earlier, the newspaper reported on complaints to the police about computer networks being "compromised through network intrusion, data interception and data and identity theft."

Government is said to be drafting a cybercrime bill in response to these types of incidents. It also said that a 26-year-old computer student had hacked into the system of a telecoms giant and reportedly stole $10 million in calling credit.

On September 15, the same newspaper reported that the information technology centre of a leading commercial bank "had been implicated in what police have described as the identity theft of a former president". Civil proceedings are said to be contemplated.

A small industry has developed around the creation of websites for individuals, businesses and other organisations.

Thousands of transactions are being processed daily at ATM machines, point-of-sale terminals and by way of e-banking.

Blogging and the use of social networks like Facebook and Twitter have become very popular for the dissemination and sharing of information, especially for members of the younger age groups.

All of these examples share one thing: they use information and communication technologies.

This article examines some of the risks that are linked directly to the use of these hi-tech tools, and seeks to create public awareness of the growing numbers of risks that are associated with the use of the technologies, and accelerate the development of appropriate strategies to manage the threats.

"Computer systems organised in networks are a marvel of engineering. Local networks of dedicated lines are complemented by shared networks consisting of telephone lines, cables, undersea lines and satellites grouped under an internet organisation (internet service provider) - this complex world is prone to failures, malfunctions and disorders, and ever-changing technology is a challenge for users and companies who are constantly obliged to upgrade their programmes, verify compatibility and train their staff," says international insurer, Swiss Re.

Technical problems account for most of the computer outages.

Traditional machines

While these types of problems are not new to most businesses that use traditional machines or equipment, the consequences are likely to be far more severe when they affect information/communications systems.

At worst, business processes may be brought to a complete standstill until such time that replacement parts or new machines from overseas are ordered, shipped, delivered, installed and tested. At best, manual systems have to be implemented - usually at additional costs - while the repair or replacement work is being carried out.

Computer networks that have internet access are exposed to internal and external threats.

The frequency of the threats is expected to increase over time.

In a canvass of US businesses conducted by the Computer Security Institute (http://www.gocsi.com) in 2000, companies reported losing a total of US$378 million to cybercrimes. By 2006, the US Federal Bureau of Investigation (FBI) had estimated the total cost of cybercrimes to be in excess of US$67 billion.

External threats can come in many forms - from virus attacks, worms, denial of service, and Trojan horses.

Tom Reilly, in an article published in FT.com last September, said "threats are targeted missions aimed at stealing corporate secrets, customer identities or electronic funds from customer accounts."

The latter types of incidents are taking place locally, based on recent newspaper reports.

Sabotage by a disaffected employee or a group of employees is the main internal threat.

This type of risk is by no means remote. Only a few weeks ago, a disgruntled employee of a hardware establishment located in Spanish Town reportedly set fire to the premises of his employers putting several persons out of work.

The second-most frequent cause of incidents that affected digital equipment in the US last year was "insider abuse of networks". Portable media such as disks and USB drives provide inexpensive channels for companies' intellectual property to 'walk through the door' undetected.

Websites and online services, including social networking sites and user-generated content, according to Stephen Pritchard, writing in the Financial Times, are now "the main way that malware is spread to PCs".

Part two of this article will explore the legal risks associated with the use of the information and telecommunications technologies.

Cedric E. Stephens provides counsel and advice on risks and insurance, and writes a weekly column, Insurance Help-Line, for The Sunday Gleaner. Email: aegis@cwjamaica.com.

Cedric Stephens

Columnist

aegis@cwjamaica.com