M. V. Zhuravel,
Bachelor of Laws Yaroslav Mudryi National Law
University, Ukraine, LL.M in International
Corporate Governance and Financial Regulation,
University of Warwick, United Kingdom
To my teacher Mr Philip Rees with gratitude for his continued support
over the years and his faith in me
INCREASING YOUR CYBERSECURITY AWARENESS: UNDERSTANDING CYBERCRIME
AND FINDING WAYS TO FIGHT IT
«No person, organisation, or computer can ever be 100% secure. Someone with the patience, money and skill can break into even the most protected systems».
(Scott Shackelford, Associate Professor of Business Law and Ethics, Indiana University, USA1).
Dependency on global cyberspace is rapidly increasing nowadays. Virtual reality generates opportunities for enterprises, governments and individuals; however it also poses significant threats to security on different levels including the national level, whereby key state infrastructures can become a target of cyber attacks. This was seen during the Covid-19 pandemic when the healthcare system in a number of countries experienced cyber threats, which in the example of the Czech Republic, led to severe disruption of the medical processes in a hospital. Thus, cybercrime can cause detrimental effects not only to individuals or business entities, but also to a large group of stakeholders. Infinite cyberspace, the anonymous character of cyber attackers, advances in technology and a lack of cybersecurity measures in place — these all give cybercrime a sophisticated and aggressive nature and as a result, make us more vulnerable to it. This article will consider different categories of cybercrime, namely, crimes against the person; crimes against property, and crimes against the government, drawing examples from real life cases. This will be followed by an exploration of the methods which should be employed in the fight against cybercrime. In addition, the EU legislative framework will be considered as an example of legal measures against cybercrime.
Key words: Internet, cyberspace, cybercrime, cyber attack, cyber threat, cybersecurity, ransomware, cyber terrorism, European Union legal framework, NIS Directive, ENISA, ways.
1 Scott Shackelford, ‘Take these 5 critical steps to protect yourself from cybercrime’ Fast Company (17 August 2019) <https://www.fastcompany.com/90391332/take-these-5-critical-steps-to-protectyourself-from-cybercrime> accessed 28 March 2020.
B i b l i o g r a p h y
Council Decision (CFSP) 2019/797 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States ST/7299/2019/INIT <http://data.europa.eu/eli/dec/2019/797/oj> accessed 10 April 2020.
Council Regulation (EU) 2019/796 of 17 May 2019 concerning restrictive measures against cyber-attacks threatening the Union or its Member States ST/7302/2019/INIT <http://data.europa.eu/eli/reg/2019/796/oj> accessed 10 April 2020.
Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union (NIS Directive) <http://data.europa.eu/eli/dir/2016/1148/oj > accessed 10 April 2020.
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act) (Text with EEA relevance) PE/86/2018/REV/1 <http://data.europa.eu/eli/reg/2019/881/oj> accessed 7 April 2020.
Regulation (EU) 2016/679 of the European Parliament and of the Council on 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) <http://data.europa.eu/elireg/2016/679/oj> accessed 10 April 2020.
Eoyang M., Peters A, et al., ‘To Catch a Hacker: Toward a comprehensive strategy to identify, pursue, and punish malicious cyber actors’ (2018) Third Way <https://www.jstor.org/stable/resrep20153> accessed 12 April 2020.
Futter A, ‘Is Trident safe from cyber attack?’(Report 5 February 2016) European Leadership Network <https://www.europeanleadershipnetwork.org/report/is-trident-safe-from-cyber-attack/> accessed 23 March 2020.
Goodman W, ‘Tougher in Theory than in Practice?’ (2010) Vol. 4, No. 3 Strategic Studies Quarterly pp.102-135 <https:www.jstor.org/stable/10.2307/26269789> accessed 30 March 2020.
Kirsh E. M, et al., ‘Recommendations for evolution of cyber law’ (September 1996) 2 (2) Journal of Computer Mediated Communications, published online 23 June 2006 <https://onlinelibrary.wiley.com/doi/full/10.1111/j.1083-6101.1996.tb00056.x> accessed 28 March 2020.
McKenzie M. T, ‘Is Cyber Deterrence Possible?’ (2017) Air University Press <https://www.jstor.org/stable/resrep13817.9> accessed 21 March 2020.
Pawlak P., Biersteker T, ‘Laws of Gravitation. Due diligence obligations in cyberspace’ (2019) European Union Institute for Security Studies (EUISS) <https://www.jstor.org/stable/resrep21136.10> accessed 3 April 2020.
Van der Meer S, ‘Foreign Policy Responses to International Cyber-attacks’ (September 2015) Clingendael University <https://www.jstor.org/stable/resrep05303> accessed 08 April 2020.
Government and Organisational websites
ENISA <https://europa.eu/european-union/about-eu/agencies/enisa_en> accessed 25 March 2020.
European Commission: The Directive on security of network and information systems (NIS Directive) <https://ec.europa.eu/digital-single-market/en/network-and-information-securitynis-directive> accessed 5 April 2020.
European Commission: The EU Cybersecurity Act <https://ec.europa.eu/digital-singlemarket/en/eu-cybersecurity-act> accessed 10 April 2020.
Council of the European Union, ‘Cybersecurity in Europe: stronger rules and better protection’ <https://www.consilium.europa.eu/en/policies/cybersecurity/> accessed 5 April 2020.
Identity Theft Resource Center, Data Breach Report for 2019 <https://www. idtheftcenter.org/identity-theft-resource-centers-annual-end-of-year-data-breach-report-reveals-17-percent-increase-in-breaches-over-2018/> accessed 20 March 2020.
The United States Government website, ‘Identity Theft’ <https://www.usa.gov/identitytheft>accessed 20 March 2020.
United Nations Conference, Cyber Legislation Worldwide <https://unctad.org/en/Pages/DTL/STI_and_ICTs/ICT4D-Legislation/eCom Cybercrime-Laws.aspx> accessed 5 April 2020.
Company websites and professional blogs Cisomag, ‘Cybercrime Will Cost the World US 6$ Trillion by the End of the Year: Study’Cisomag (23 March 2020) <https://www.cisomag.com/cybercrime-will-cost-the-world-us6-trillion-by-the-end-of-the-year-study/> accessed 27 March 2020.
Beaumont K, ‘How LockerGoga took down Hydro — ransomware used in targeted attacks aimed at big business’ Medium (21 March 2019) <https://doublepulsar.com/how-lockergoga-tookdown-hydro-ransomware-used-in-targeted-attacks-aimed-at-big-business-c666551f5880> accessed 18 March 2020.
Hernandez E, ‘The 16 Most Common Types of Cybercrime Acts’ VoIP Shield (14 February 2018) <https://www.voipshield.com/the-16-most-common-types-of-cybercrime-acts/> accessed 20 March 2020.
Irwin L, ‘ 60 million in recovery costs for Norsk Hydro after refusing ransom demand’ IT Governance (27 June 2019) <https://www.itgovernance.co.uk/blog/60-million-recovery-costsfor-norsk-hydro-after-ransom> accessed 10 April 2020.
Johansen A. G, ‘What is ransomware and how to help prevent ransomware attacks’ NortonLifeLock <https://us.norton.com/internetsecurity-malware-ransomware-5-dos-and-donts.html> accessed 28 March 2020.
Lam V, ‘Cyber Crime: Types, Examples, and What Your Business Can Do’ Exabeam company website (24 December 2019) <https://www.exabeam.com/information-security/cyber-crime/>accessed 18 March 2020.
Novak, M.C, ‘Let’s Talk About Cyber Law: Crime, Security, and Legislation’ Learning Hub Tech (20 November 2019) <https://learn.g2.com/cyber-law> accessed 29 March 2020.
Pugh A, ‘8 Ways to fight cybercrime’ E-careers (18 April 2019) <https://www.e-careers.com/connected/cyber-security-careers/8-ways-to-fight-cybercrime> accessed 25 March 2020.
Shackelford S, ‘Take these 5 critical steps to protect yourself from cybercrime’ Fast Company (17 August 2019) <https://www.fastcompany.com/90391332/take-these-5-critical-steps-toprotect-yourself-from-cybercrime> accessed 7 April 2020.
Trend Micro team, ‘What You Need to Know About the LockerGoga Ransomware’ Trend Micro Inc. (20 March 2019) <https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/
what-you-need-to-know-about-the-lockergoga-ransomware> accessed 20 March 2020.
Yahoo! Inc. Customer Data Security Breach Litigation Settlement <https://yahoodatabreachsettlement.com> accessed on 27 March 2020.
Online news articles
Holmes A, ‘The biggest hacks of 2019 so far’ Business Insider (11 September 2019) <https://www.businessinsider.com/biggest-hacks-and-data-breaches-of-2019-capital-one-whatsapp-iphone-2019-9> accessed 14 April 2020.
Kunchler H, ‘Yahoo says 2013 cyber breach affected all 3bn accounts’ Financial Times <https://www.ft.com/content/9412c2b0-a87c-11e7-93c5-648314d2c72c> accessed 3 April 2020.
Men J, Finkle J, et al. ‘Yahoo security problems a story of too little, too late’ Reuters (18 December 2016) <https://www.reuters.com/article/us-yahoo-cyber-insight/yahoo-securityproblems-a-story-of-too-little-too-late-idUSKBN1470WT> accessed 1 April 2020.
Murphy H, Stacey K, ‘US health department targeted in cyber attack’ Financial Times (16 March 2020) <https://www.ft.com/content/a4ac1ad1-0c86-4c7a-a6ac-d5296cbaecb8>accessed 29 March 2020.
Porter S, ‘Cyberattack on Czech hospital forces tech shutdown during coronavirus outbreak’ Healthcare IT News (19 March 2020) <https://www.healthcareitnews.com/news/europe/cyberattack-czech-hospital-forces-tech-shutdown-during-coronavirus-outbreak> accessed 25 March 2020.
Sanchez Nicolas E, ‘Cybercrime rises during coronavirus pandemic’ EUobserver (25 March 2020) <https://euobserver.com/coronavirus/147869> accessed 28 March 2020.
Stempel J, Finkle J, ‘Yahoo says all three billion accounts hacked in 2013 data theft’ Reuters (3 October 2017) <https://www.reuters.com/article/us-yahoo-cyber/yahoo-says-all-three-billionaccounts-hacked-in-2013-data-theft-idUSKCN1C82O1> accessed 20 March 2020.
Vizcaino M. E, ‘Oklahoma Pension Fund Cyber Attack Shows Rising Risk for Munis’ Bloomberg (13 September 2019) <https://www.bloomberg.com/news/articles/2019-09-13/oklahoma-pension-fund-cyber-attack-shows-rising-risk-for-munis> accessed 21 March 2020.
Other Baohero formerly Taobao Agent <https://baohero.com/taobao> accessed 1 April 2020.
Goodreads on Jacques Ellul <https://www.goodreads.com/quotes/1297716-modern-technologyhas-become-a-total-phenomenon-for-civilization-the> accessed 23 March 2020.
Thelaw.com: Law Dictionary & Black’s Law Dictionary 2nd Ed. <https://dictionary.thelaw.com/cybercrime/> accessed 7 April 2020.