A WHAT IS SO DIFFERENT ABOUT OPERATING AS A FIRM TODAY IN TERMS OF MARKETPLACE THREATS TO ONE’S SECURITY?
The world has become a global village, everything, everyone, and every business is now interrelated. Any firm that chooses to operate in isolation and not move with the trend is likely to fizzle out of business.
The emerging changes in technology today has brought about changes in the way businesses are been run. Prior to the emergence of the internet and the new innovation like the internet of things, artificial intelligence, data mining and cloud computing to mention but a few. Business owners were not prone to the kind of security threats that accompany operating business in today’s market.
Most businesses today operate E-commerce which is the business of buying and selling on the internet. Amazon, E-bay. Ali-express etc. are examples of big players in e-commerce. There are so many other smaller businesses that engage in E-business. Taking business away from the conventional open store system where people walk in and transact to online operations involves some risk which include but not limited to Credit card and debit card fraud , identity theft , unauthorized access to customer data which are issues in e-commerce business thereby hackers can hack into the merchant database obtain credit card records of unsuspecting customers to transact illegal business transaction thereby causing problems for firms transacting business in today’s market place .
Furthermore, the emergence of new technologies like the internet of things, big data, artificial intelligence, cryptocurrency, social media, and cloud computing has made firms and their numerous client vulnerable to threat. With internet-of-things, almost all products can be connected to the internet, and most of them can also be used for spying and other malicious activities which might affect firms security. (Madnick, S., Johnson, S. & Huang, K., 2019) These days, so many organization thrive on data with so many firms investing in big data. The situation wasn’t like this twenty years ago. Relevance has been attached to data nowadays, with many companies making fortunes dealing with data. This has made data theft a hotspot for hackers desperately looking for means to steal data from the data owners.
Due to globalization, some firms operate in many countries of the world with physical presence in some of these countries. As a result of this, firms operating across border need to have a centralized communication system that makes them share information across the border. (Durden, O., 2019). So many intellectual properties and business secrets are shared on these platforms which are susceptible to hacking either by competitors or general hackers. As a result of trying to operate in today’s market place, these firms have to allow their business information to be shared on the network as against the old way of having them in a centralized place thereby posing threats to firms.
In 2004, Omogui Ifueko was appointed as the chairman of Federal Inland Revenue Service and in her quest to operate a world-class tax system she sourced the help of the international monetary firm and the World Bank and one of their recommendations was the full implementation of the self-assessment regime in Nigeria a system which is a regime operational in other developed countries of the world. The self-assessment regime gave opportunity to taxpayer to access themselves to tax, pay the tax liabilities and file their returns online as against the old practice where taxpayers have to visit the tax office and tax officer assess them to tax and the liabilities thereon are paid in cash to the tax officer who on many occasions failed to remit such revenue to the government purse.
As a result of this, the service had to go automate in compliance with the IMF and the world banks recommendation. And for the first time in the history of the service taxpayers were able to file their tax returns online in 2012. In a bid to automate, and measure up to world standard, in 2013, the threat to security manifested with hackers hacking into the database and stealing vital information of taxpayers and staff which were used in defrauding some taxpayers and staffs. Phishing emails were sent to staff and taxpayers which led to the loss of vital information and money. This is an example of a threat to the security of a firm trying to do business in today’s market place.
(B) WHAT ARE THE MARKETPLACE, TECHNOLOGICAL, AND SOCIAL FORCES THAT INTERPLAY TO CREATE QUITE UNIQUE CHALLENGES FOR A FIRM TO FUNCTION AND OPERATE USING NETWORKED IT INFRASTRUCTURE TODAY? IN OTHER WORDS, WHAT ACCOUNTS FOR THE DIFFICULTY OF OPERATING SECURELY IN TODAY’S NETWORKED, DIGITAL, AND Internet-enabled MARKETPLACE?
Operating a firm successfully today comes with some market place, technological, and social forces challenges. Prior to the invention of the internet, the firm’s major problems were getting their products across to their customer, competing with their competitors for fair share of the market, keeping customers happy and staying profitable. With the introduction of the internet , doing business has changed significantly especially in today's networked, digital and internet-enabled marketplace.
MARKETPLACE FORCES: A marketplace is a platform that connects sellers and buyers together. Before the internet, the marketplace used to be the conventional malls where we have different stores but with the internet, we now have an online marketplace.
An online marketplace is a website or application that facilitates shopping from many different sources. The operator of these marketplaces may not own any inventory, their business is to present other people’s inventory to a user and facilitate a transaction example include eBay, Amazon, OFX, Rakuten, Etsy, Zibbet, etc. (Kestenbaum, R., 2017).
The major forces in the marketplace are the merchants (sellers) the customers etc. Customer satisfaction in a conventional marketplace is much easier as the seller and the buyer has direct contact and issues about product are resolved even before the customer leaves the premises of the seller in an online marketplace the operator of the marketplace needs to provide an avenue for the customer to communicate with the seller before issues can be resolved and this may have taken time and the customer could have switched to another competitor making competition in today’s market very challenging.
Another challenging issue in a marketplace is data breach since its an online market that uses network infrastructure, data spill can arise with intellectual pieces of information and business secrets been leaked to competitors. Credit card and personal information of unsuspecting customers can be breached thereby by leading to reputational issues and financial loss.
Another issue in the online marketplace is that it gives the customer access many options when it comes to making a decision on what and where to purchase. In this situation, the seller needs to be more open by providing a lot of information than it used to be in the conventional market leading to more investment in IT infrastructure.
TECHNOLOGICAL- The new technological development in a marketplace include internet of things, data mining, cloud computing artificial intelligence has changed the operation of the marketplace from the way convention way. As a result of these, there are challenges that accompany these innovations. The issue of emerging technology and changes in IT infrastructure is a challenge, regulatory compliance that comes with the use of IT infrastructure is another challenge as there are many regulations to comply with when deploying a technology.
Another technological problem is getting the qualified and experienced hands to manage the IT resources necessary for smooth operation in the marketplace.
Another technological force is getting the right vendor for your IT infrastructure getting a third-party vendor to provide the correct technological advice and equipment to compete favorably in a marketplace can be an issue.
Struggling to balance security control and achieving efficiency in business is another technological issue that can arise.
The social forces include public opinion, social media, extreme groups, use of email marketing, social media marketing. Establishing a social media culture and been able to manage criticism on social media and making good use of feedback are the challenges social force creates in a marketplace.
C. THE NEW CYBER THREATS
The countries of the world need to be conscious of the severity of this cybercrime problem. A study conducted by cybersecurity ventures predicts these crimes will cost the world $6 trillion a year by 2021. (Rafter, D., 2018)
This is a big number, but this should not take anyone who has followed the exploits of hackers and online scammers in 2018 by surprise. Cybercrimes have become big news, with large data and security breaches at companies such as Facebook and Under Armour generating headlines, and cyber threats from foreign locales such as China and Russia threatening U.S. businesses and elections. (Rafter, D., 2018.)
In September 2018, Facebook reported that hackers exploited a network vulnerability in their system which allowed them to gain access to user accounts, potentially exposing the personal information of nearly 30 million users. Reuters said that this exposure ranks as the worst security breach in Facebook’s history. Reuters reported, too, that the vulnerability hackers attacked had existed since July 2017. This big security breach provided yet another example that the huge social media companies, even as tech-savvy as they are, are not immune to cyber attacks and this should put everyone on their toes. (Rafter, D., 2018.)
Here’s a look at some of the most troubling cybersecurity threats we saw in 2018, which are still very much active and the new ones that have been predicted by the expert in the cyber security field for 2019 and beyond.
RANSOMWARE: This is malicious software that gain unauthorized access to files or systems and prevent the users of these files and system from gaining access to them. These systems and files are thereby held hostage by the hackers using some encryption and these owners are been made to pay ransom in exchange for the decrypted key which will enable them to regain access to their files and systems. (Groot, D. J., 2019.)
Ransomware is a form of malware that takes over networks administrative access to prevent real owners’ access to the network data. Hackers use ransomware to force a business or organization to pay for access to be returned to the hijacked network (Gudmundson, E., 2018.)
Ransomware can be seen to be so old and yet so new with the first documented ransomware attack dated as far back as 1989 with the attack targeted to the healthcare industry. The attack was initiated by Joseph Pop an AID researcher with the attack termed as the “AID TROJAN” (Groot, D. J., 2019.)
Years after the attack the health sector remains vulnerable to ransomware attack with Ottawa hospital attacked in March 2016. Some other sectors like San Francisco Municipal Transportation agency also fell victim of ransomware attack in 2016 that disrupted the train ticketing system. Ransomware in 2018 and beyond will target cloud computing businesses to gain unauthorized access to data warehoused by this cloud owners in order to obtain ransom from them. (Giles, M., 2018).However, attackers are increasingly targeting more senior executives and the c-suites with the ransomware attack.
Technically, ransomware gain access to their target system through an infection vector which can be an email attachment, a pop up on the systems or messages on our various mobile system.
CRYPTOJACKING: This is one of the most emergent cyber threat. Crypto hijackers target the nodes on the network and individual systems of the target. The primary purpose of this malware is to use an individual’s computer processing power to mine cryptocurrencies without the knowledge of the target. (Gudmundson, E., 2018.) Mining cryptocurrencies require vast amounts of computing capacity to solve the complex mathematical algorithms problems required to hack a crypto network. This has encouraged hackers to compromise millions of computers in order to use them for such a malicious act.
Some of the recent cases of hacking ranged from the hacking of public wi-fi in a Starbucks in Argentina to a significant attack on computers at a Russian oil company. As cryptocurrency markets keep growing, so will the hackers’ temptation to breach many more computer networks. (Giles, M., 2018).
MORE HUGE DATA BREACHES
The cyber-attack on Equifax Credit Company in 2017 that led to the theft of over social insurance numbers, birth date and other personal data of over 145 million Americans. This led to Equifax facing a lot of regulatory issues, deep fall in its share price of Equifax and much senior staff losing their jobs. (Srinivasan, S. &Pitcher Q., 2018)
This incident is a stark reminder to all custodian of sensitive data that hackers are thinking big when it comes to targets and should rise up to this challenge. Other companies that hold lots of sensitive information will be in their sights in 2018 and beyond “Marc Goodman, a security expert and the author of Future Crimes, thinks data brokers who hold information about things such as people’s personal Web browsing habits will be especially popular targets. “These companies are unregulated, and when one leak, all hell will break loose,” he says”. (Giles, M., 2018).
SMART CONTRACT HACKING – “Smart contracts are software programs are written and stored on a blockchain that automatically execute some form of digital asset exchange if conditions encoded in them are met” (Giles, M., 2019). Many business owners are using this smart contract for almost all business transaction ranging from money transfers, intellectual property protection, etc. Though the smart contract is still in its early stage with researchers in this field finding bugs in some of the contracts so also are the hackers exploiting these flaws to defraud people in millions of dollars’ worth of cryptocurrencies.
Users in 2019 and beyond should be careful of this smart contract hacking.
ARTIFICIAL INTELLIGENCE DEFENSE POISONING – From our previous lectures, artificial intelligence is the creation of intelligent machines that function as a human. This was discussed extensively in previous classes. Some organizations have deployed artificial intelligence as a tool to detect an attack on their networks and systems. However, some highly “professional “hackers can target the data sets used to train models used in this AI and try to poison them. One of the tools used by these hackers is the generative adversarial network (GAN) which work by pitching two artificial intelligence neural network against each other. GAN can also be used to guess which algorithm the defenders are using in their AI model. (Giles, M., 2019)
EXPLOITING AI GENERATED FAKE VIDEO AND AUDIO-
The advancement in artificial intelligence has made it possible to create fake video and audio messages that are incredibly difficult for the public to distinguish from the real thing. These “fake” could be beneficial to hackers in a couple of ways. AI-generated “phishing” e-mails that aim to trick people into handing over passwords and other sensitive data have already been effective for people to fall prey to than the original ones generated by humans. Now hackers will be able to throw highly realistic fake video and audio into the mix, either to reinforce instructions already circulated in a phishing e-mail or as a standalone tactic to the get the perpetrate their evil intentions.
These cybercriminals could also use the technology to manipulate stock prices by circulating phishing emails that a will suggest to the readers that a target company is facing a financing problem or some other crisis so as to force people to engage in panic sales thereby forcing the price of the shares to go down.
INTERNET OF THINGS (IOT) SECURITY BREACH - Hacking of IOT will enable hackers to manipulate and gain access to a more personal element of their target like gaining access to their personal data. For individuals that use a smart lock, smart plugs, and smart thermostat, and individuals with life-saving devices installed in their body, etc. These group of people is more vulnerable as these hackers can easily gain access to their personal world and hold them hostage.
The new threats are so many the most important thing is for organizations to be vigilant, do a continuous backup, and stay up to date on the security of their IT infrastructure.
Not giving adequate attention and a proactive measure to the information received by Equifax on the vulnerability of the apache struts used by Equifax which the management ought to have patched on receiving the warning caused the company a huge loss both in reputation and in financial terms.
There will be other threats like banking Trojan, multifactor authentication, quantum cryptography, and electioneering hacking organization should stay watchful.