Abstract
This chapter discusses the protection of businesses from cyber penetrations using the lessons and principles of defending firms against competitive intelligence operations. Although popular culture could lead one to believe that cyber penetrations are all about devices and software exploits, the reality is that the human element plays a pivotal part. In our high-tech society, cyber penetrations all too often rely on low-tech approaches, which can often easily be foiled by alert employees and contractors. Without employee and contractor gullibility, it would be difficult to impossible to penetrate a well-crafted cyber-security system. Like the first reported swindler who conned people in to giving them their watches, today’s con artists are focused on big prizes—information. This chapter examines data and the methods businesses can use to identify what is critical to their operations, and some simple, yet effective ways to protect it. These approaches are used in competitive intelligence and state that regardless of the high-tech environment in which corporations operate, cyber penetrations are often facilitated by low-tech approaches via the human element.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
He is reported to have used other names, including William Thompson (Braucher and Orbach 2015: 252, fn. 16).
References
Ambrose E (2016) The hidden dangers of free public Wi-Fi. August 3, 2016. http://www.aarp.org/money/scams-fraud/info-2016/dangers-of-free-public-wifi-ea.html?intcmp=AE-MON-CONP-SPOTLIGHT-SPOT1-FWN-TM816-TKOVR. Accessed 19 Apr 2017
Bayuk J, Healey J, Rohmeyer P, Sachs M, Schmidt J, Weiss J, Joseph (2012) Cyber-security policy handbook. Wiley, Hoboken
Berman J (2017) Don’t wait for the Bait. Smart Meetings, April 2017. http://www.smartmeetings.com/technology-news/98427/dont-wait-bait-prevent-phishing. Accessed 13 July 2017
Braucher J, Orbach B (2015) Scamming: the misunderstood confidence man. Yale J Law Umanit 27(2):249
Bremmer I (2017) The real cost of ‘forced transparency’. Time, March 16, 2017, p 14
Chameleon Associates (2017) The method to the madness of criminal intent. February 9, 2017. https://chameleonassociates.com/cyber-security-methods/. Accessed 30 Mar 2017
Cooper BL (2017) Google: office inbox receives 6.2X more phishing and 4.3X more malware than your 779999Inbox at home. February 24, 2017. https://www.linkedin.com/pulse/google-office-inbox-receives-62x-more-phishing-43x-malware-cooper. Accessed 14 Apr 2017
Downing D, Covington M, Covington M, Covington C (2009) Dictionary of computer and internet terms, 10th edn. Barron’s Educational Series, Inc, Hauppauge
Enslin v. The Coca-Cola Company et al. US district court for the eastern district of Pennsylvania., No. 2:14-cv-06476. Opinion 31 Mar 2017
George Washington University, Center for Cyber and Homeland Security (2016) Into the gray zone—the private sector and active defense against cyber threats. October 2016. https://cchs.gwu.edu/sites/cchs.gwu.edu/files/downloads/CCHS-ActiveDefenseReportFINAL.pdf. Accessed 19 Apr 2017
Google (2017) Targeted attacks against corporate inboxes—a gmail perspective RSA 2017. https://www.slideshare.net/elie-bursztein/targeted-attacks-against-corporate-inboxes-a-gmail-perspective-rsa-2017. Accessed 14 Apr 2017
Hackett, Robert, Jeff John Roberts (2017) The future of online security. Fortune, May 1, 2017, pp 75–76
Identity Theft Resource Center (ITRC) (2015) Data breaches increase 40 percent in 2016, finds new report from identity theft resource center and cyberscout. http://www.idtheftcenter.org/2016databreaches.html. Accessed 12 Apr 2017
Kaspersky Lab. Social engineering. https://usa.kaspersky.com/resource-center/definitions/social-engineering. Accessed 13 Apr 2017
Lazarus A (2016) What you need to know to secure your IoT devices. December 7, 2016. https://www.consumer.ftc.gov/blog/what-you-need-know-secure-your-iot-devices. Accessed 19 Apr 2017
Makuch B (2017) Cyberwar—season 1. Viceland Network, Mar 2017. https://www.viceland.com/en_us/show/cyberwar
McGonagle JJ, Vella CM (1998) Protecting your company against competitive intelligence. Praeger, New York
Mitnick KD, Simon WL (2002) The art of deception. Wiley Publishing, Indianapolis
O’Brien C (2016) Oops: DNC continued to email passwords after they knew they’d been hacked. Townhall, Posted: 14 Sept 2016 10:00 AM. https://townhall.com/tipsheet/cortneyobrien/2016/09/14/oops-dnc-continued-to-email-passwords-after-they-knew-theyd-been-hacked-n2217948. Accessed 24 Mar 2017
O’Brien C (2017) Assange: Podesta’s Password Was ‘Password’. Townhall. January 4, 2017 12:00 PM. https://townhall.com/tipsheet/cortneyobrien/2017/01/04/assange-podestas-password-was-password-n2267069. Accessed 24 Mar 2017
Palmer A (2016) How to ensure your mobile data is secure at meetings. (interview with Terver Roald), March 23, 2016. http://www.successfulmeetings.com/Strategy/Meeting-Strategies/How-to-Secure-Your-Mobile-Data-at-Meetings/?t=head&cid=eltrMtgNews. Accessed 30 Mar 2017
Prunckun H (2015) Scientific methods of inquiry for intelligence analysis, 2nd edn. Scarecrow Press, Lanham
Risk Based Security (2017) Data breach quick view report: 2016 data breach trends—year in review. January 2017. https://pages.riskbasedsecurity.com/hubfs/Reports/2016%20Year%20End%20Data%20Breach%20QuickView%20Report.pdf. Accessed 24 Mar 2017
Roberts JJ (2017) Fake SEC emails target execs for inside information. Fortune. March 7, 2017. http://fortune.com/2017/03/07/sec-phishing/. Accessed 13 Apr 2017
Rubin C (2016) Before You Use the Public Wi-Fi, Read This. Entrepreneur. November 2016.https://www.entrepreneur.com/article/283943. Accessed 6 Apr 2017
Ruffini A (2017) Stay safe and enjoy the event. Incentive. 10 January/February 2017
Schiff JL (2017) How to fend off cyberattacks and data breaches. March 29, 2017. http://www.csoonline.com/article/3186389/cyber-attacks-espionage/how-to-fend-off-cyberattacks-and-data-breaches.html. Accessed 30 Mar 2017
Sjouwerman S (2017a) Dominos still falling 3 years after Yahoo data breach. Reading Eagle, Business Weekly, 7. March 28, 2017
Sjouwerman S (2017b) New phishing attack works 90% of time. Reading Eagle, Business Weekly, 7, April 11, 2017
Sjouwerman S (2017c) Pew survey finds Americans weak on online security issues. Reading Eagle, April 18, 2017
Sjouwerman S (2017d) Scam of the week blends CWO Fraud, W-2 phishing. Reading Eagle, February 14, 2017
Snell E (2017) Employee healthcare data security awareness top industry threat. Health IT Security, April 18, 2017. http://healthitsecurity.com/news/employee-healthcare-data-security-awareness-top-industry-threat. Accessed 4 May 2017
Stowell HG (2017) Teller trouble. March 1, 2017. https://sm.asisonline.org/Pages/Teller-Trouble.aspx. Accessed 30 Mar 2017
Symantec (2016) Internet security threat report. Volume 21, April 2016. https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf. Accessed 12 Apr 2017
Tolman WH (1909) Social engineering. McGraw Publishing Co., New York
Toren M (2014) 5 No-brainer tips to avoid getting hacked. Entrepreneur.com. February 17, 2014. http://www.nbcnews.com/id/54235589/ns/business-small_business/t/no-brainer-tips-avoid-getting-hacked/#.WPEn2IjyuUk. Accessed 14 Apr 2017
US Federal Communications Commission. Cyberplanner. https://www.fcc.gov/cyberplanner. Accessed 13 Apr 2017
US Federal Trade Commission (2011) Computer security. September 2011. https://www.consumer.ftc.gov/articles/0009-computer-security. Accessed 19 Apr 2017
US Federal Trade Commission (2015) Malware. November 2015. https://www.consumer.ftc.gov/articles/0011-malware. Accessed 19 Apr 2017
US Internal Revenue Service (2016) Protect your clients: security summit partners warn tax pros of cybercriminals, launch new awareness tips. IR-2016-163. December 7, 2016. https://www.irs.gov/uac/protect-your-clients-security-summit-partners-warn-tax-pros-of-cybercriminals-and-launch-new-awareness-tips. Accessed 19 Apr 2017
US Small Business Administration (n.d..) SBA Cybersecurity for Small Businesses. https://www.sba.gov/tools/sba-learning-center/training/cybersecurity-small-businesses. Accessed 30 Mar 2017
Vella CM, McGonagle JJ (2017) Competitive intelligence rescue: getting it right. Praeger, New York
Walsh B (2017) A safer, smarter grid. Time, April 10, 2017, pp 30–32
Washington Post (2017) Hack claims he’s released new episodes of netflix series. Reading Eagle, April 30, 2017, p A6
Webroot (n.d.) What is social engineering? https://www.webroot.com/us/en/home/resources/tips/online-shopping-banking/secure-what-is-social-engineering.Accessed 24 Mar 2017
Wilson M, Hash J (2003) Building an information technology security awareness and training program. US Department of Commerce, National Institute of Standards and Technology. October 2003. http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-50.pdf. Accessed 6 Apr 2017
Winkler I (2017) Why awareness needs to teach scam detection and reaction. March 2, 2017. http://www.csoonline.com/article/3176531/security-awareness/why-awareness-needs-to-teach-scam-detection-and-reaction.html. Accessed 19 Apr 2017
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
McGonagle, J.J. (2018). The Human Element: The “Trigger” on Cyber Weapons. In: Prunckun, H. (eds) Cyber Weaponry. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-319-74107-9_3
Download citation
DOI: https://doi.org/10.1007/978-3-319-74107-9_3
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74106-2
Online ISBN: 978-3-319-74107-9
eBook Packages: Law and CriminologyLaw and Criminology (R0)