Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cyber Crime and its implications for citizens and businesses in the Information Society Richard Henson Senior Lecturer in Computing University of Worcester.

Published byMarianna Dorsey Modified over 6 years ago

Similar presentations

Presentation on theme: "Cyber Crime and its implications for citizens and businesses in the Information Society Richard Henson Senior Lecturer in Computing University of Worcester."— Presentation transcript:

1 Cyber Crime and its implications for citizens and businesses in the Information Society
Richard Henson Senior Lecturer in Computing University of Worcester

2 Structure of Lecture Chronology of Evolution of the Information Society and parallels with previous technology breakthroughs… Extent of Threats to Personal Data – does it matter if it is (e.g.) copied? Company Data – as above What can be done to make cyber crime more manageable?

3 NOW! The Hyperconnected World
networks social media Skype, VOIP Cloud BYOD etc…

4 Protecting your computer data IS common sense…
As is safely driving a motor car but with each, there are accidents…

5 Computer Technology offered so much… and still does!
How did we become so dependent on computer technology Why isn’t it safe? Why can people steal your data so easily? Lets go back in time…

6 Origins of Computing… First computer: Babbage First program: Lovelace
First maths to support logic: Boole All in early Victorian Era… Lovelace and Boole would both have had 200th birthdays last Autumn

7 Bletchley Park… Computing needed to crack codes Turing… provided maths
9000 clever volunteers used it to crack codes on an industrial scale Result: allies knew exactly what Germans were doing, but didn’t let on! ….

8 Post-war Technology: Transistor
Boole’s logic no longer processed manually Thousands… then millions… of 0/1 logic gates on a single chip of material (silicon) Computers used transistors on a massive scale…

9 Mainframe Computers Massive machines
Changed the world in the 60s and 70s rapid processing of data automated banking electronic documents, and business path of data carefully charted through telephone system (but slow…)

10 “So where did Computing start to go Wrong?”
In the 1980s… Personal Computer “End User” Computing Legislation introduced but not policed or understood Lack of policy or inconsistent implementation of policy Data handling training issues

11 Safe Storage of Organisational Information
Before Digital Data… Paper in a Locked, Fireproof Cabinet, in a locked room…

12 Use of Digital Data within Organisations in the early days
BIG Computers centralised resources & storage Terminal-only access to data Printing only via centralised resource Data processing areas private…

13 The Rise of End User Computing
The PC offered the possibility of organisational data in the hands of “non professionals”… network administrators and some academics predicted that there would be big problems… few people listened… THEY SHOULD HAVE!

14 Have we been down this road before?
Days of “mainframe” or “centralised” computing… comparable to mass transport systems (e.g. stage coach, railways, bus) “professional” drivers people driven about

15 Computing “revolution…”
Example of Technological Change causing rapid Cultural Change Systems provided by society to cope… inadequate

16 Also true of the coming of the motor car…
4 m.p.h speed limit initially imposed!

17 “The motor car”: rapid cultural change…
Transport became personalised no restrictions those handling motor vehicles often a menace to other road users… many accidents, injuries, lives lost

18 Society DID catch up with this cultural change…
Professional bodies ineffective DRIVERS and CARS only controlled through the use of legislation cars… minimum standards for brakes etc. drivers…had to be 17 to drive…

19 More cultural change… Massive increase in cars (& accidents)
And then more legislation… Driving Test National Speed Limit Even safer cars…

20 Are roads safe today? Despite increases in traffic, UK road deaths been falling consistently for many years safer cars? better driving? tougher penalties? So a cultural problem CAN be brought under control…

21 The Challenges of “End User Computing”
In early 1990s, the immediate workplace computer-related threats were… RSI eye strain Result: EU Health & Safety legislation (1992)

22 Portable Storage of Digital Data
Remember Floppy disks… could carry personal data and also viruses which could stop computers functioning! early warning… Digital data became “uncontrollable”! but only small amounts… (OK then?)

23 The Hidden Threat Lot of changes with the coming of the PC…
but the threat to personal data from removable media NOT fully acknowledged floppy disks could only hold small amounts of data… Data Protection Act, 1984, only a civil offence massive end-user computing use not anticipated…

24 More Technological change…
Two big technological advances in 1990s Writeable CDs.. removable media could now carry huge amounts of personal data Internet/World Wide Web… organisational networks linked to the world… unlimited amounts of data to be potentially taken off organisational machines…

25 1998: Data Protection Act updated
Minor changes from 1984 Law Did not address the problems… end user in control large amounts of digital data easily carried/transported around

26 The USB stick Employees had been happily copying data to writeable CD… even writeable DVD… MUST have been data losses! So what? Not a Health & Safety issue! Data Protection? Max penalties not enough of a deterrent to even focus minds on reading it…

27 USB stick encouraged… People had problems using writeable CDs
USBs more convenient Stored even more data Less bulky to carry around (!!!) Disaster waiting to happen perhaps the only surprise was that it took so long… (remember 2007?)

28 SMEs, and being hijacked!
SMEs, and even larger businesses often don’t even know it’s happening… Features of this hack: keyloggers… malware via attachment others?

29 So… why such a long wait? Again… back to the motor car
Original Highways Act? law in 1835 only substantially updated in… 1959 Why then? had become a matter of public concern Equally, Data Protection now (finally!) A MATTER OF PUBLIC CONCERN latest surveys: citizens as concerned about privacy as they are about terrorism!

30 Policing, Technology, Social Change, and Crime
Policing in UK according to Peel’s principles Usually changes only in response to public demand via MPs changes in legislation Police retraining & extra resources (e.g. bicycles… became cars!)

31 Police: approach to Cyber Crime
Based on 4 “P”’s Prevent… stop people getting into cyber crime! Protect… advise on plugging vulnerabilities, raise staff awareness, reveal consequences of a breach, cyber bullies, etc. Prepare… advice to (potential) victims, and support for victims Pursue… catch the cybercriminals!!!

32 Is that enough? Well, we’ve been here before
How safe were the roads in the 1920s? over 4000 deaths in 1926, the year this family photo was taken… And in the 1930s/40s? worse… approaching deaths by 1941 And today? 1721 deaths in 2012… helped by robust policing

33 Meanwhile, at the “macro” level
Government vision (2011 Cyber Security Strategy) : “make Britain one of the safest places in the world to do online business” potentially very good for UK business… Bold aim: how can the law & police work help achieve this?

34 Is Good Cyber Security Common Sense?
YES… just as driving safely is common sense BUT… even good drivers could fall asleep at the wheel What would the roads be like today if: 1835 Highways Act was still in force unchanged? no-one had to pass a driving test?

35 Is this analogy appropriate? Is (more) legislation needed?

36 Where does the Small Business fit in?
Hackers may be after corporate data, but don’t bother with SMEs… right? no wrong, very wrong… Hackers use weak security in SMEs to get at large businesses, or government…

37 High Level Threat: The Reality
Corporate/UK critical infrastructure hacker X X Internet… (800+ million Gateways!)

38 Technology and Society
New Technology opens up opportunities… Society finds out ways to use that technology SAFELY to improve peoples lives… role for academics? politicians? If technology moves fast too quickly (c.f. motor car?)… society gets left behind

39 Academics and IT (especially Information Security)
A lot to answer for !? Dangers started to emerge as soon as PCs became networked (mid-late 1980s) Too timid? Stereotyped? Decision-makers didn’t understand? Just not listened to… too much money involved?

40 Relevant Research (not necessarily technical IT…)
Human factors 60-80% of data breaches… employees (!) Why? What can be done about it Economics of Information security Balancing costs of breaches v costs of “taking the risk”

41 Knowledge Transfer: feeding research findings to business
Lots of talk… more often with large companies No too much effective action? SMEs don’t engage/not invited to engage cascade model doesn’t work in a competitive environment

42 The Good News  Relevant research areas in information security growing very rapidly… Government funding for SME cyber security through a range of schemes Police are catching cyber criminals

43 What can (all) SMEs do? Become aware of the problem
Acknowledge that it does relate to them Demand more support from govt agencies to help deal with it… Get the Cyber Essentials badge! Get cyber insurance “just in case”?

44 Summary Technology has always changed society…
Current changes even more profound Education desperately needed Structures of society (e.g law) need urgently to catch up Will be expensive… (but necessary!)

45 Questions?

Download ppt "Cyber Crime and its implications for citizens and businesses in the Information Society Richard Henson Senior Lecturer in Computing University of Worcester."

Similar presentations

Information Security and Common Sense Richard Henson University of Worcester October 2008.

Information Security and Common Sense Richard Henson University of Worcester October 2008.
Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.

Turning Policy Into Reality Tony S Krzyżewski Director, Chief Technical Officer Protocol Policy Systems.
Terminal Safety. Objectives Identify main causes Outline terminal safety organization State the safe working practices.

Terminal Safety. Objectives Identify main causes Outline terminal safety organization State the safe working practices.
PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.

PRIVACY COMPLIANCE An Introduction to Privacy Privacy Training.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Governmental Opportunities and Constraints

Governmental Opportunities and Constraints
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.

UNDERSTANDING THE RISKS & CHALLENGES OF Cyber Security DAVID NIMMO InDepth IT Solutions DAVID HIGGINS WatchGuard NEIL PARKER BridgePoint Group A BridgePoint.
SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012.

SMEs: The Hacker’s Preferred Route into the Corporate World Richard Henson Worcester Business School February 2012.
Information Security and Common Sense Richard Henson University of Worcester November 2008.

Information Security and Common Sense Richard Henson University of Worcester November 2008.
Imapact of I.T on International Commerce: Management of transnational corporations and Business Concentrations.

Imapact of I.T on International Commerce: Management of transnational corporations and Business Concentrations.
Road safety: What works? Margie Peden Coordinator, Unintentional Injury Prevention Department of Injuries and Violence Prevention World Health Organization.

Road safety: What works? Margie Peden Coordinator, Unintentional Injury Prevention Department of Injuries and Violence Prevention World Health Organization.
SMEs: Why Information Assurance is Important Richard Henson Worcester Business School November 2012.

SMEs: Why Information Assurance is Important Richard Henson Worcester Business School November 2012.
COMP1321 Digital Infrastructure Richard Henson University of Worcester December 2012.

COMP1321 Digital Infrastructure Richard Henson University of Worcester December 2012.
James McQuillen. Data protection Act 1998 The main aim of it is to protect people's fundamental rights and freedom to a particular right to privacy of.

James McQuillen. Data protection Act 1998 The main aim of it is to protect people's fundamental rights and freedom to a particular right to privacy of.
CS 4001Mary Jean Harrold1 Class 25 ŸComputer crime ŸAssign ŸTerm paper—due 11/20.

CS 4001Mary Jean Harrold1 Class 25 ŸComputer crime ŸAssign ŸTerm paper—due 11/20.
International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.

International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson THE LINK BETWEEN.
E-Safety. A great place… Image by: Shutterstock/nasirkhan As we have discussed over the last few lessons, the Internet is a great tool for sharing information,

E-Safety. A great place… Image by: Shutterstock/nasirkhan As we have discussed over the last few lessons, the Internet is a great tool for sharing information,
Information Security January 2016. What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Information Security January What is Information Security?  Information Security is about the physical security of our equipment and networks as.

Similar presentations

Ads by Google