Analytical Paper
Technology & Society
Introduction
When it comes to this digital age, there needs to be some form of regulations put in place in lieu of the diminishing state power and the intelligification and networking of the material world. The Internet of Things is a good example of the numerous technologies that are ingrained within our lives because we see them in our kitchens, homes, cars, and many other places. Due to this, we have had to adapt our lifestyles to streamline the integration process and this would include not only people, but the businesses, groups, markets, and other organizations that these individuals are involved in. This would be for the best, otherwise they would eventually become obsolete and left behind the others that chose to adapt. Though knowing this, the way that regulations are enacted need to be adjusted to tail the trend that is being followed by these groups. For example, the laws that we had previously, pertaining to transaction policies and taxes did not have many portions dealing with the online transactions and the protection of customer data. We also did not have as many cybercrime issues before, but now there are frameworks that have been created to combat these issues. While some are mandatory, there are many that are voluntary to give some freedom for each business. That way, they are able to tailor the guidelines to best fit their situation. As you can see, these adaptations have been beneficial so far, even though compliance with these frameworks does not guarantee protection from breaches. It is a constant back and forth battle with criminals that adapt along with the security measures and this is what begets the limitations of certain actions.
As I am well aware that change can be difficult for some, when looking at the amount of cybercrime that is rampant, it is paramount that this change occurs and there can be ways of doing this that would result in progress, coupled with minimal backlash from those that are affected. By making compliance with cybersecurity frameworks mandatory for businesses that has any form of transaction or private data, this would be one large step in the direction where we need to go. I only give this solution because there are organizations that are self-claimed to be compliant with certain frameworks for the sole purpose of seeming appealing to a customer. Since compliance isn’t officially verified, we never know what could occur with the data they acquire.
Evidence
In the field of cybersecurity, it is up to us to prevent any interactions between an offender and the potential victims. Through knowing this, it is a given that cyber technology plays a large role in being a link between the two. Some technologies such as computers, servers, cell phones, and other IOT devices can have vulnerabilities that offenders can exploit, thus causing damage to the user’s systems. This would be seen as a positive impact from the offender’s point of view because they are getting what they want. This can be data such as social security numbers, passwords, taxes, health records, and even funds from banking websites. Of course, the users of these systems would not want that to happen, so they have safeguards implemented to combat this. Firewalls, antivirus and antimalware, complex passwords, and many other security features are used to keep offenders out of the system. In this scenario, it would be seen as a positive impact for the user because they have more protection for their data and to negatively impact the offender’s chances of compromising any data. There are also some cyber technologies that protect physical assets as well. This could be some sort of security cameras that scan the perimeter of the property to see any suspicious activity. If an offender is seen trying to break into the facility, action can be taken in accordance to the threat level. In some places, there are also biometric scans available that give access to certain data depending on the level of security that you’re cleared for. If an unauthorized person were to enter the facility and tried to gain access to the sensitive data, they would be barred from entering. From my perspective, this shows that all these technologies create a link between victims and the offenders of the cyber world and places more importance on how these increased regulations can benefit in keeping the connection secure from potential risks.
The term cyber risk could encompass many things which would stem from the failure of an organization’s information technology systems. For example, this could be financial loss, breaches of systems, be it unauthorized or accidental, or some form of data disruption. While it may seem that this can only happen to large businesses that appear to financially well off, this is not the case. Cyber-crime can occur to any business regardless of its size and this can be seen through statistics alone. According to nbins.com, since 2015 when cyber-crime became the second most common type of economic fraud in Canada, the number of incidents that occur has increased by an astonishing 160 percent. In order to keep the number of incidents to a minimum, professionals such as a cyber security engineer or an information systems security engineer, provide services pertaining to their specialized field. For information systems security engineers, they essentially are responsible for determining a system’s security requirements and building systems based off these requirements in order to fortify system and information security. They can also test for vulnerabilities within the network through periodic scans and penetration testing. When it comes to the Cyber security engineer, they can go by several other names such as an Application / Web security engineer, Data security engineer, and an IA / IT security engineer. Regardless of the name, the specialized services that they perform are slightly different from the information systems engineer’s but overall very similar. This would include defining security protocols, installing and configuring software, troubleshooting, penetration testing, or observing and responding to intrusion detection cues. For the most part, these engineers work together to provide an organization a service in the efforts of obtaining an optimally secure system so that the organization may continue to prosper throughout the years to come regardless of what risks they may face.
Conclusion
Overall, we have been progressing rapidly with technology and have found numerous ways to utilize them, but we need to also develop more mandatory rules and regulations in tandem to increase each system’s security. While many would find this beneficial, there some that would make an argument against this. They wouldn’t agree with making these frameworks mandatory because not all businesses contain sensitive data or engage in transactions with customers. Especially for smaller businesses, this can be too expensive to become compliant and should be up to the discretion of the business. In response, I would say that regardless of the kind of business it is, there is always data that is stored within. This could be employee data, tax information, and some other sensitive information that you wouldn’t want to be free to the public. By having the proper safeguards in place, you will be able to obtain compliance. Also, not all frameworks are the same nor do they have the same requirements, therefore, if given a choice to pick from the most popular ones, a small business could select the most affordable while being compliant at the same time. This shows that mandatory compliance in response to this growing issue has little to no complications that I can see. While I do not foresee this being an immediate transition, it can be implemented over a reasonable span of time that would give businesses a chance to etch a framework into their policies.
“What Is Cyber Risk, and Why Should I Care?” Northbridge Insurance, 6 Nov. 2018, www.nbins.com/blog/cyber-risk/what-is-cyber-risk-2/.
Bell, Kennedey Monet. “Privacy Law in the Digital Age.” Penn State, 3 Dec. 2017, sites.psu.edu/academy/2017/12/03/privacy-law-in-the-digital-age/.
Nohe, Patrick. “2018 Cybercrime Statistics: A Closer Look at the ‘Web of Profit.’” Hashed Out by The SSL Store, 27 Sept. 2018, www.thesslstore.com/blog/2018-cybercrime-statistics/.