What the Government Can
Do to Help"> Ultimately, what is law enforcements role in facilitating all of this? The best the government and law enforcement can do for private companies is to serve as a backstop. We can prosecute a certain amount of cases and that will help as a deterrent and to prove the punishments for committing cyber-crimes, but ultimately a lot of the burden falls on corporate America to use civil laws and remedies to go after perpetrators and recover some of their assets through restitution.In the case of cyber-crime, the technology is new but weve been fighting the same types of activity for over 200 years. The truth is that when youre prosecuting something like this there are a lot of similarities to ordinary mail fraud cases. As always, the challenge is in proving intent and the answer is looking at it in the same way we always have, by looking at the evidence and the persons behavior to try to prove their intent. In that sense, theres no difference from traditional fraud. So in that sense, technology may actually make it easier to establish some of these patterns. Technology can help in this process, its absolutely amazing what you see some people writing in e-mails they dont think will be read by anyone other than their anticipated recipients. Technology is both a blessing and curse; it helps leave a trail of evidence that we can follow, but it also opens up a lot of opportunity to commit crimes. Over the years weve heard a lot about cyber-terrorism, and even the ties that terrorists may have to common forms of computer-related crimes. What do businesses need to know about the place of terrorism in dealing with IT-based attacks? Theres a multifaceted threat with terrorism, and its not just the type of foreign terrorism that everyone thinks of first. You have the external threat of groups that want to steal, sell or use the data, and you have this threat of internal terrorism where employees want to steal something and sell it for a profit, or just to hurt the company for some reason. There are also domestic terrorists such as local rights groups who may launch computer-related attacks just to support some belief they support, and your Ted Kaczynski types who may have a beef with corporate America and carry out their own terrorist acts alone. Click here to read about the dark side of the search engine business. Really there are a host of things that can be done to inflict damage on computing networks that can be defined as terrorism. Corporations need to be aware of that and to watch out not just for the theft of data but also the potential destruction of data, and the timing that some of this sort of activity that goes along with considerations of all that. Some people feel that the outsourcing of jobs overseas could aid terrorists in harming U.S. companies. Do you think theres any truth to that idea? The best comparison that I can make is to a movie like "Bubble Boy." When you leave your bubble, all kinds of bad things could happen to you, you could get in your car and have an accident or catch a virus, but that doesnt mean we should stay locked up in the house as a result. You really have to put your seatbelt on, drive the speed limit and try to behave carefully when operating overseas. But, its not realistic to tell companies that they shouldnt go overseas to do business. They just need to realize the security risks and take reasonable steps to both prevent crime and take action when they are victimized, no matter where in the world it is that they might be doing business. Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.
We hear a lot these days about the internal threat, and how frequently people are exposing their employer to cyber-crime without even knowing it. How do businesses decide who is trying to hurt them intentionally, and who is just making a bad decision that leads to a problem?