Cybersecurity 1 - cyber security notes, Study notes of Law

Download Cybersecurity 1 - cyber security notes and more Study notes Law in PDF only on Docsity!

about:blank Cybersecurity 1 - cyber security notes This is any criminal activity carried out by means of a computer or the internet. There are also cyber enabled crimes which are ordinary crimes that are increased in their scale or reach by the use of computers such as fraud or extortion. Cyber crimes can be damaging to people and businesses in terms of costs and reputation. But cyber crimes can be dangerous in terms of public safety or life. Elements of Cyber Crime ‘There are threat actors who carry out cyber attacks, these could be terrorists or disgruntled employees or anyone with a motive to cause harm. Attacks can be through malware attacks or web attacks, the cyber crime will cause some kind of nuisance or problem to people. The motive behind these crimes could be to damage reputation, to receive money, o gain access to commercial information. Costs IBM’ cost of a data breach report 2020 looked at information regarding data breaches including how long it takes a company to respond and the costs incurred, The average cost of a data breach in the UK in 2020 was $3.9m - this, was a 4.3% increase from 2019. According to their study, the average time for a company to identify a breach was 287 days, Costs can come out of litigation, specialist advice and remediation. Deterrents, ‘The EU convention on cybercrime sets out what will equate to a cyber crime, itis ultimately up to Member States to decide how to mitigate the harm. The Convention was an international treaty designed to harmonise national laws and improve investigative techniques, as well as increase co-operation among nations. As of 2020, 65 states have ratified the convention. In the UK, the Computer Misuse Act 1990 is the only real piece of legislation that directly deals with cyber criminal activity, as well as the GDPR. The 1990 Act was a result of the Regina v Gold and Schifreen 1978 case in which hackers stole the login information of a BT engineer and managed to find the Duke of Edinburghs email address. On appeal, the decision was overtumed because the culprits didn’t try to make any profit from the crime and therefore couldn’t be charged under the Forgery and Counterfeiting Act 1981, there was a clear need for the law to be updated to govern unacceptable behaviour regarding computer systems. The 1990 Act makes it an offence to enter a computer system without consent (hacking), to access a computer with the intent to commit a further crime (such as planting a virus), to modify data without authorisation (malware and spyware), and make/supply/obtain anything that can be used in computer misuse offences. These offences cover a range of crimes such as computer fraud and blackmailing. There are 3 penalties under the 1990 act - the lowest penalty is up to 6 months in prison and a £5000 fine for unauthorised access to computer material, and can go up to a ten year prison sentence with an unlimited fine for the crime of making/obtaining anything which can be used in computer misuse. Technology has vastly changed and grown since the act was introduced and has been critiqued for being outdated, the act has limited definitions and doesn’t distinguish between criminal and ethical hacking - this is perhaps a reason why less than 1% of cyber crime was investigated and resulted in prosecution in 2019. 113.