Open Access Publisher and Free Library
03-crime prevention.jpg

CRIME PREVENTION

CRIME PREVENTION-POLICING-CRIME REDUCTION-POLITICS

Posts tagged cybercrime reporting
IT Outage from CrowdStrike's Update: Impacts to Certain Public Safety Systems and Considerations for Congress

Pechtol, Colby; Gallagher, Jill C.

The following passage from the document contains multiple links embedded in the text: "On July 19, 2024, CrowdStrike, a U.S. cybersecurity firm, released a software update to their customers. The update caused certain systems to crash, disrupting services across several industries, including airlines, banks, hospitals, government agencies, and public safety systems. CrowdStrike reported that the incident was caused by 'a defect found in a single content update of its software on Microsoft Windows operating systems' and was not a cyberattack. Though the update affected less than 1% of all Windows machines, the impacts were widespread and global. The incident illustrates the vulnerabilities of information technology (IT) systems, increased dependence and risks in relying on third-party vendors for critical IT services, and lack of protocols and backup systems in the event of IT system failures. This In Focus discusses the incident's impact on certain U.S. public safety communications systems and services."

LIBRARY OF CONGRESS. CONGRESSIONAL RESEARCH SERVICE. 26 JUL, 2024.. 3p.

Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society

UNITED STATES. DEPARTMENT OF HOMELAND SECURITY. OFFICE OF INTELLIGENCE AND ANALYSIS; UNITED STATES. FEDERAL BUREAU OF INVESTIGATION; CANADIAN CENTRE FOR CYBER SECURITY; ESTONIAN NATIONAL CYBER SECURITY CENTRE; JAPAN COMPUTER EMERGENCY RESPONSE TEAM COORDINATION CENTER; NATIONAL CENTER OF INCIDENT READINESS AND STRATEGY FOR CYBERSECURITY JAPAN; FINLAND. NATIONAL CYBER SECURITY CENTRE; JAPAN. NATIONAL POLICE AGENCY; UNITED KINGDOM. NATIONAL CYBER SECURITY CENTRE

From the document: "Civil society--nonprofit, advocacy, cultural, faith-based, academic, think tanks, journalist, dissident, and diaspora organizations, communities, and individuals involved in defending human rights and advancing democracy--are considered high-risk communities. Often, these organizations and their employees are targeted by state-sponsored threat actors who seek to undermine democratic values and interests. Regularly conducted as a type of transnational repression (also referred to as digital transnational repression), state-sponsored actors compromise organizational or personal devices and networks to intimidate, silence, coerce, harass, or harm civil society organizations and individuals. According to industry reporting, state-sponsored targeting of high-risk communities predominantly emanates from the governments of Russia, China, Iran, and North Korea. Actors typically perform extensive pre-operational research to learn about potential victims, gather information to support social engineering, or obtain login credentials. Actors target organization networks or personal accounts (e.g., email) and devices of individuals for surveillance and monitoring, often via spyware applications--malicious software that collects data from affected devices. This guide provides recommendations for civil society organizations and individuals to mitigate the threat of state-sponsored cyber operations based on observed malicious behavior. The guide also provides recommendations for software manufacturers to improve the security posture of their customers."

UNITED STATES. CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY. 14 MAY, 2024. 19p.

Cybersecurity Futures 2030: New Foundations

By Cleaveland, Ann; Cohn, Alan, 1964-; Nagamine, Matthew; Thomas, Dawn H.; Rimsky Vernon, Alison

From the document: "This report presents findings from Cybersecurity Futures 2030, a global research initiative focused on exploring how digital security could evolve over the next five to seven years. The goal of this project is to help shape a future-focused research and policy agenda that is widely applicable across countries and sectors. The findings are based on discussions held at a series of in-person workshops conducted throughout 2023 in Dubai (United Arab Emirates), Washington DC (USA), Kigali (Rwanda), New Delhi (India) and Singapore, as well as a virtual workshop with participants from multiple European countries and the United Kingdom. The workshops centred on discussion of four scenarios that portray diverse 'cybersecurity futures' that are fictional (but plausible) depictions of the world roughly in the year 2030. UC [University of California] Berkeley Center for Long-Term Cybersecurity (CLTC) independently designed the scenarios to explore trade-offs in goals and values that decision-makers will have to contend with in the near future."

World Economic Forum . 2023. 16p.

Offensive Cyber Operations: States' Perceptions of Their Utility and Risks

Chatham House

From the webpage: "Cyberspace is now established as an important domain of national and international security. Until recently, informed and open discussion on the responsible use of offensive cyber capabilities has been constrained by high levels of secrecy around national strategies for their use. Insights as to how individual states view the utility of offensive cyber, and how they perceive and manage associated risks of escalation and conflict, have been hard to access. A lack of open debate around the limitations of cyber operations has also led to inaccurate portrayals of cyber capabilities as versatile 'silver bullet' solutions which can address a widening variety of security challenges. This paper offers an in-depth exploration of new or revised national cyber strategies, authorization mechanisms and legislation in nine NATO states, and draws on interviews with national cyber experts. As well as aiming to promote more informed debate on the key issues, it presents important policy recommendations to support the responsible use of offensive cyber and to contribute to the achievement of a secure cyberspace for all."

Royal Institute Of International Affairs Skingsley, Charlotte . 2023. 37p.

When do businesses report cybercrime? Findings from a UK study

By Steven Kemp, David Buil-Gil , Fernando Miró-Llinares and Nicholas Lord3

Although it is known that businesses report cybercrime to public authorities at a low rate, and this hinders prevention strategies, there is a lack of research on companies’ decisions to report cyber victimisation. This paper analyses the UK Cyber Security Breaches Survey to explore factors associated with cybercrime reporting by businesses. Results indicate that the type of cybercrime is relevant to the reporting decision, and that the likelihood of reporting increases when cybersecurity incidents generate negative impacts and when the company places high priority on cybersecurity. However, we find no association between having cybersecurity insurance and reporting. Finally, while having outsourced cybersecurity management is associated with reporting to anyone outside the organisation but not to public authorities, inhouse cybersecurity teams seem more inclined to report to public authorities. Findings are discussed in relation to the role of the private cybersecurity sector and the criminal justice system in combatting cybercrime.

Criminology and Criminal Justice, 2021.

Profile of Canadian Businesses Who Report Cybercrime to Police: The 2017 Canadian Survey of Cyber Security and Cybercrime

By Kayla A. Wanamaker

Cybercrime – crimes where the Internet and information technology (IT) are used, such as hacking, virus dissemination, and organized crime – is a growing concern for governments, organizations, individuals and businesses worldwide. Research conducted in the United States, United Kingdom and Canada has concluded that cybercrime and cyber security incidents are underreported to law enforcement. The reasons why this is the case, however, are not well known, especially within a Canadian context. As such, the goal of the current study was to examine the phenomenon of underreporting of cyber security incidents to police services using data from the 2017 Canadian Survey of Cyber Security and Cybercrime that was administered to Canadian businesses. Results indicated that while just over 20% of businesses experienced cyber-related incidents, only about 10% are reporting these incidents to the police. Businesses did not report incidents because they were resolved internally or through an IT consultant, or were thought to be too minor to report to police. Risk management, formal training, and sharing best practices were found to be related to businesses’ likelihood of reporting incidents to police. Larger businesses were more likely to report cybercrime to police when they implemented less security measures, whereas scores on security measures were not related to police reporting for small businesses. Results suggest a need to increase awareness of the frequency of cybercrime, as well as the availability of formal training options on cyber-related issues. They also underscore the importance of having enhanced cyber security protocols in place.

Ottawa: Public Safety Canada, 2019. 16p.

Cybersecurity in Poland: Legal Aspects

Edited by Katarzyna Chałubińska-Jentkiewicz, Filip Radoniewicz, Tadeusz Zieliński.

Presents a comprehensive and synthetic approach to issues related to the cybersecurity system of the Republic of Poland. Provides a research perspective that adopts issues of state security and citizen security as the fundamental level of analysis. The first part of the book is an introduction to cybersecurity issues. In the main part of the publication, the authors, guided by the systematics of the Act, discuss the role of individual entities included in the cybersecurity system, Part II presents tasks and competences of entities responsible for ensuring cybersecurity under the national cybersecurity system (“imperious entities”, e.g. competent authorities, CSIRTS), Part III describes the obligations of other entities included in the national cybersecurity system (“participants” of the national cybersecurity system, especially operators of essential services and digital service providers). The last part is dedicated to cybercrime and combating this phenomenon.

Cham: Springer, 2022. 506p.