Cyber Security Unit-5

Unit-5
Cyber Security: Organizational Implications
Introduction, Cost of Cybercrimes and IPR issues, Web threats for Organizations,
Security and Privacy Implications, Social media marketing: Security Risks and Peril
for Organizations, Social Computing and the associated challenges for Organizations.

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 1

Cyber Security Unit-5

5.1 Introduction
Organizational Implications-Introduction
In the global environment with continuous network connectivity, the possibilities for
cyber attacks can emanate from sources that are local, remote, domestic or foreign.
They could be launched by an individual or a group. They could be casual probes from
hackers using personal computers (PCs) in their homes, hand-held devices or intense
scans from criminal groups.

Fig: 5.1 A cyber security perspective.

EU is the European Union.

PI is information that is, or can be, about or related to an identifiable individual. It

includes any information that can be linked to an individual or used to directly or
indirectly identify an individual.
Most information the organization collects about an individual is likely to come under
“PI” category if it can be attributed to an individual. For an example, PI is an
individual’s first name or first initial and last name in combination with any of the
following data:
1. Social security number (SSN)/social insurance number.
2. Driver’s license number or identification card number.
3. Bank account number, credit or debit card number with personal identification
number such as an access code, security codes or password that would permit
access to an individual’s financial account.
CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 2
Cyber Security Unit-5

4. Home address or E-Mail address.

5. Medical or health information.
An insider threat is defined as “the misuse or destruction of sensitive or confidential
information, as well as IT equipment that houses this data by employees, contractors
and other ‘trusted’ individuals.”
Insider threats are caused by human actions such as mistakes, negligence, reckless
behavior, theft, fraud and even sabotage. There are three types of “insiders” such as:
1. A malicious insider is motivated to adversely impact an organization through a
range of actions that compromise information confidentiality, integrity and/or
availability.
2. A careless insider can bring about a data compromise not by any bad intention
but simply by being careless due to an accident, mistake or plain negligence.
3. A tricked insider is a person who is “tricked” into or led to providing sensitive or
private company data by people who are not truthful about their identity or
purpose via “pretexting” (known as social engineering).
•Insider Attack Example 1: Heartland Payment System Fraud
A case in point is the infamous “Heartland Payment System Fraud” that was
uncovered in January 2010. This incident brings out the glaring point about
seriousness of “insider attacks. In this case, the concerned organization suffered a
serious blow through nearly 100 million credit cards compromised from at least
650 financial services companies. When a card is used to make a purchase, the
card information is trans- mitted through a payment network.
•Insider Attack Example 2: Blue Shield Blue Cross (BCBS)
Yet another incidence is the Blue Cross Blue Shield (BCBS) Data Breach in October
2009 the theft of 57 hard drives from a BlueCross BlueShield of Tennessee training
facility puts the private information of approximately 500,000 customers at risk in
at least 32 states.
The two lessons to be learnt from this are:
1. Physical security is very important.
2. Insider threats cannot be ignored.
CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 3
Cyber Security Unit-5

What makes matters worse is that the groups/agencies/entities connected with

cybercrimes are all linked. There is certainly a paradigm shift in computing and work
practices; with workforce mobility, virtual teams, social computing media, cloud
computing services being offered, sharp rise is noticed in business process outsourcing
(BPO) services, etc. to name a few.

Fig: 5.2 Cybercrimes – the flow and connections.

A key message from this discussion is that cybercrimes do not happen on their
own or in isolation. Cybercrimes take place due to weakness of cyber security
practices and “privacy” which may get impacted when cybercrimes happen.
Privacy has following four key dimensions:
1. Informational/data privacy: It is about data protection, and the
users’ rights to determine how, when and to what extent information
about them is communicated to other parties.
2. Personal privacy: It is about content filtering and other
mechanisms to ensure that the end-users are not exposed to
whatever violates their moral senses.
3. Communication privacy: This is as in networks, where
CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 4
Cyber Security Unit-5

encryption of data being transmitted is important.

4. Territorial privacy: It is about protecting users’ property for
example, the user devices from being invaded by undesired content
such as SMS or E-Mail/Spam messages. The paradigm shift in
computing brings many challenges for organizations; some such key
challenges are described here.

Fig:5.3 Security threats – paradigm shift.

The key challenges from emerging new information threats to organizations are as
follows:
1. Industrial espionage: There are several tools available for
web administrators to monitor and track the various pages and
objects that are accessed on their website.
2. IP-based blocking: This process is often used for blocking the

access of specific IP addresses and/or domain names.

3. IP-based “cloaking”: Businesses are global in nature and economies are
interconnected.
4. Cyberterrorism: “Cyberterrorism” refers to the direct intervention of a
threat source toward your organization’s website.
CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 5
Cyber Security Unit-5

Confidential information leakage: “Insider attacks” are the worst ones.

Typically, an organization is protected from external threats by your firewall and
antivirus solutions
Cost of Cybercrimes and IPR Issues: Lessons for Organizations

Cybercrimes cost a lot to organizations

Fig 5.4 : Cost of cybercrimes

When a cybercrime incidence occurs, there are a number of internal

costs associated with it for organizations and there are organizational
impacts as well.
Detection and recovery constitute a very large percentage of internal
costs. This is supported by a benchmark study conducted by Ponemon
Institute USA carried out with the sample of 45 organizations representing
more than 10 sectors and each with a head count of at least 500 employees.
 Organizations have Internal Costs Associated with Cyber security
Incidents
The internal costs typically involve people costs, overhead costs and
productivity losses. The internal costs, in order from largest to the lowest
and that has been supported by the benchmark study mentioned:

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 6

Cyber Security Unit-5

1. Detection costs (25%)

2. Recovery costs (21%)
3. Post response costs (19%)
4. Investigation costs.(14%)
5. Costs of escalation and incident management.(12%)
6. Cost of containment.(9%)
 The consequences of cybercrimes and their associated costs,
mentioned
1. Information loss/data theft.(42%)
2. Business disruption.(22%)
3. Damages to equipment, plant and property.(13%)
4. Loss of revenue and brand tarnishing.(13%)
5. Other costs.(10%)
 The impact on organizations by various cyber crimes
1. Virus,worms and Trojans-100%
2. Malwares-80%
3. Botnets-73%
4. Web based attacks-53%
5. Phishing and Social engineering-47%
6. Stolen devices-36%
7. Malicious insiders-29%
8. Malicious code-27%
 Average days taken to resolve cyber Attacks
1. Attacks by Malicious insiders-42 days
2. Malicious code-39 days
3. Web based attacks-19 days
4. Data lost due to stolen devices-10 days
5. Phishing and social engineering attacks-9 days
6. Virus, worms and trojans-2.5 days
7. Malware-2 days
8. Botnets- 2 days

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 7

Cyber Security Unit-5

 There are many new endpoints in today’s complex networks;

they include hand-held devices.
Again, there are lessons to learn:
1. Endpoint protection: It is an often-ignored area but it is IP-based
printers, although they are passive devices, are also one of the
endpoints.
2. Secure coding: These practices are important because they are a good
mitigation control to protect organizations from “Malicious Code” inside
business applications.
3. HR checks: These are important prior to employment as well as after
employment.
4. Access controls: These are always important, for example, shared
IDs and shared laptops are dangerous.

5. Importance of security governance: It cannot be ignored

policies, procedures and their effective implementation cannot be
over-emphasized.
 Organizational Implications of Software Piracy
Use of pirated software is a major risk area for organizations.
From a legal standpoint, software piracy is an IPR violation crime.
Use of pirated software increases serious threats and risks of cybercrime
and computer security when it comes to legal liability.

The most often quoted reasons by employees, for use of pirated software, are
as follows:
1. Pirated software is cheaper and more readily available.
2. Many others use pirated software anyways.
3. Latest versions are available faster when pirated software is used.
5.2 Web Threats for Organizations: The Evils and Perils
Internet and the Web is the way of working today in the
interconnected digital economy. More and more business applications are
web based, especially with the growing adoption of cloud computing.

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 8
Cyber Security Unit-5

 Overview of Web Threats to Organizations

The Internet has engulfed us! Large number of companies as well as
individuals have a connection to the Internet. Employees expect to have
Internet access at work just like they do at home.
IT managers must also find a balance between allowing reasonable
personal Internet use at work and maintaining office work productivity and
work concentration in the office.
 Employee Time Wasted on Internet Surfing
This is a very sensitive topic indeed, especially in organizations that
claim to have a “liberal culture.” Some managers believe that it is crucial in
today’s business world to have the finger on the pulse of your employees.
People seem to spend approximately 45-60 minutes each working
day on personal web surfing at work.
 Enforcing Policy Usage in the Organization
An organization has various types of policies. A security policy is a
statement produced by the senior management of an organization, or by a
selected policy board or committee to dictate what type of role security
plays within the organization.

Fig 5.5 : Policy hierarchy chart

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 9

Cyber Security Unit-5

 Monitoring and Controlling Employees’ Internet

Surfing
A powerful deterrent can be created through effective monitoring
and reporting of employees’ Internet surfing.
Even organizations with restrictive policies can justify a degree of
relaxation; for example, allowing employees to access personal sites only
during the lunch hour or during specified hours.
 Keeping Security Patches and Virus Signatures Up to Date
Updating security patches and virus signatures have now become a
reality of life, a necessary activity for safety in the cyberworld! Keeping
security systems up to date with security signatures, software patches, etc. is
almost a nightmare for management.

 Surviving in the Era of Legal Risks

As website galore, most organizations get worried about employees
visiting inappropriate or offensive websites. We mentioned about Children’s
Online Privacy Protection.
Serious legal liabilities arise for businesses from employee’s
misuse/inappropriate use of the Internet.
 Bandwidth Wastage Issues

Today’s applications are bandwidth hungry; there is an increasing image

image content in messages and that too, involving transmission of high-
resolution images.
There are tools to protect organization’s bandwidth by stopping unwanted
traffic before it even reaches your Internet connection.

 Mobile Workers Pose Security Challenges

Use of mobile handset devices in cybercrimes. Most mobile

communication devices for example, the personal digital assistants has
raised security concerns with their use. Mobile workers use those devices
to connect with their company networks when they move. So the

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 10

Cyber Security Unit-5

organizations cannot protect the remote user system as a result workforce

remains unprotected. We need tools to extend web protection and filtering
to remote users, including policy enforcement
 Challenges in Controlling Access to Web Applications
Today, a large number of organizations’ applications are web based.
There will be more in the future as the Internet offers a wide range of online
applications, from webmail or through social networking to sophisticated
business applications. Employees use personal mail id to send business
sensitive information (BSI) for valid or other reasons. It leads to data
security breach. The organizations need to decide what type of access to
provide to employees.
 The Bane of Malware
Many websites contain malware. Such websites are a growing
security threat. Although most organizations are doing a good job of
blocking sites declared dangerous, cyber attackers, too, are learning.
Criminals change their techniques rapidly to avoid detection.
 The Need for Protecting Multiple Offices and Locations
Delivery from multi-locations and teams collaborating from multi-
locations to deliver a single project are a common working scenario today.
Most large organizations have several offices at multiple locations. In such
scenario Internet-based host service is best idea to protect many locations.
5.3 Security and privacy implications from cloud computing

Cloud computing is one of the top 10 Cyber Threats to organizations. There are
data privacy risks through cloud computing. Organizations should think about
privacy scenarios in terms of “user spheres”. There are three kinds of spheres
and their characteristics:

1. User sphere: Here data is stored on users’ desktops, PCs, laptops, mobile
phones, Radio Frequency Identification (RFID) chips, etc. Organization’s
responsibility is to provide access to users and monitor that access to

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 11

Cyber Security Unit-5

ensure misuse does not happen.

2. Recipient sphere: Here, data lies with recipients: servers and databases
of network providers, service providers or other parties with whom data
recipient shares data. Organizations responsibility is to minimize users
privacy risk by ensuring unwanted exposure of personal data of users does
not happen
3. Joint sphere: Here data lies with web service provider’s servers and
databases. This is the in between sphere where it is not clear to whom does
the data belong. Organization responsibility is to provide users some
control over access to themselves and to minimize users futures privacy
risk.

5.4 Social Media Marketing: Security Risks and Perils for Organizations

Social media marketing has become dominant in the industry. According to fall
2009 survey by marketing professionals; usage of social media sites by large
business- to-business (B2B) organizations shows the following:

Fig 5.6: Social Media Marketing Tools

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 12

Cyber Security Unit-5

1. Facebook is used by 37% of the organizations.

2. LinkedIn is used by 36% of the organizations.
3. Twitter is used by 36% of the organizations.
4. YouTube is used by 22% of the organizations.
5. My Space is used by 6% of the organizations.

Although the use of social media marketing site is rampant, there is a problem
related to “social computing” or “social media marketing” – the problem of
privacy threats. Exposures to sensitive PI and Confidential business
information are possible if due care is not taken by organizations while using
the mode of “social media marketing.”

 Understanding Social Media Marketing

Most professionals today use social technologies for business purposes.

Most common usage include: marketing, internal collaboration and
learning, customer service and support, sales, human resources, strategic
planning, product development.
Following are the most typical reasons why organizations use social media
marketing to promote their products and services:
1. To be able to reach to a larger target audience in a more spontaneous and
instantaneous manner without paying large advertising fees.
2. To increase traffic to their website coming from other social media websites
by using Blogs
and social and business-networking. Companies believe that this, in turn,
may increase their “page rank” resulting in increased traffic from leading
search engines.
3. To reap other potential revenue benefits and to minimize advertising
costs because social media complements other marketing strategies
such as a paid advertising campaign.

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 13

Cyber Security Unit-5

4. To build credibility by participating in relevant product promotion

forums and responding to potential customers’ questions immediately.

5. To collect potential customer profiles. Social media sites have

information such as user profile data, which can be used to target a
specific set of users for advertising
There are other tools too that organizations use; industry practices indicate the
following:
1. Twitter is used with higher priority to reach out to maximum
marketers in the technology space and monitor the space.
2. Professional networking tool LinkedIn is used to connect with and
create a community of top executives from the Fortune 500.
3. Facebook as the social group or social community tool is used to
drive more traffic to Web sense website and increase awareness
about Web sense.
4. YouTube (the video capability tool to run demonstrations of
products/services, etc.) is used to increase the brand awareness and
create a presence for corporate videos.
5. Wikipedia is also used for brand building and driving traffic.
There are conflicts views about social media marketing some people in IT
say the expensive and careless use of it. Some illustrate the advantages of
it with proper control of Security risk.
5.5 Social Computing and the associated challenges for Organizations
Social computing refers to the intersection of social behavior and
computational systems, often involving the use of social media platforms,
online communities, and collaborative technologies. In the context of cyber
security, social computing presents both opportunities and challenges for
organizations.

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 14

Cyber Security Unit-5

Opportunities:
Enhanced Communication: Social computing platforms facilitate real-time
communication, enabling seamless information exchange within
organizations.
Collaborative Decision-Making: Social platforms allow employees to
collaborate on projects, fostering innovation and collective problem-solving.
Customer Engagement: Companies can engage with customers directly,
gathering feedback and enhancing customer relations through social media.
Data Collection and Analysis: Social computing generates vast amounts of
data, which organizations can analyze for market trends and consumer
preferences.
Global Reach: Social media provides a global platform, allowing organizations
to reach a broader audience and expand their market presence.
Brand Building: Companies can use social computing to build and manage
their brand image, interact with customers, and address concerns publicly.

Challenges:
Data Privacy: Managing sensitive data on social platforms raises concerns
about privacy breaches and data leaks.
Cyber security Threats: Social computing platforms are susceptible to various
cyber threats, including phishing, malware, and social engineering attacks.
Reputation Management: Negative publicity or misinformation can spread
rapidly on social media, impacting an organization's reputation.
Regulatory Compliance: Organizations must navigate complex regulations
concerning data protection and online communication, ensuring compliance
with laws like GDPR.
Employee Productivity: Excessive use of social media by employees can
impact productivity, requiring organizations to implement effective usage
policies.

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 15

Cyber Security Unit-5

Information Overload: The vast amount of data generated can lead to

information overload, making it challenging for organizations to extract
meaningful insights.
Digital Identity Theft: Individuals and organizations are at risk of identity
theft and impersonation on social media, leading to reputational damage and
financial loss.
Resource Allocation: Managing social computing platforms requires
dedicated resources, including personnel and technology, which can strain
organizational budgets.
Crisis Management: Social media can amplify crises, requiring organizations
to have robust strategies in place for handling negative publicity and
managing public relations.
Lack of Control: Organizations have limited control over the content shared
on social media, making it challenging to prevent misinformation or
inappropriate content related to the organization.

CYBER SECURITY: ORGANIZATIONAL IMPLICATIONS Page 16