Centenial Celebration

Transaction Search Form: please type in any of the fields below.

Date: November 25, 2024 Mon

Time: 8:13 pm

Results for cybercrime (international)

4 results found

Author: Tendulkar, Rohini

Title: Cyber-crime, Securities Markets and Systemic Risk

Summary:  The soundness, efficiency and stability of securities markets relies on the quality of information provided; the integrity of people and service provision; the effectiveness of regulation; and increasingly the robustness of supporting technological infrastructure. Yet, there is limited public, targeted and in-depth study into how one of the more prominent technology-based risks: cyber-crime could and is impacting securities markets.  Cyber-crime can be understood as an attack on the confidentiality, integrity and accessibility of an entity’s online/computer presence or networks – and information contained within. The Evolving Nature of Cyber-Crime  In recent years, cyber-crime has become increasingly sophisticated, making it difficult to combat, detect and mitigate. The rise of a relatively new class of cyber-attack is especially troubling. This new class is referred to as an ‘Advanced Persistent Threat’ (APT).1  The costs of cyber-crime to society so far may already be substantial. Some studies cite figures as high as $388 billion2 or $ 1 trillion3. While these high numbers are contentious due to lack of reliability when it comes to reporting direct and indirect costs, a growing number of high-profile cyber-attacks, high financial losses incurred, and other real-world manifestations suggest a potential for widespread impact. A focus on the world’s exchanges  To gather unique insights into the cyber-crime threat from a securities market perspective, the IOSCO Research Department, jointly with the World Federation of Exchanges Office, conducted a cyber-crime survey (hereafter the WFE/IOSCO survey) to some of our core financial market infrastructures - the world’s exchanges.4  This survey is intended as part of a series of surveys exploring perspectives and experiences with cyber-crime across different groups of securities market actors, financial institutions and regulators.  In this first survey, a vast majority of respondents agree that cyber-crime in securities markets can be considered a potentially systemic risk (89%). The following factors shed light on why:  Size, complexity and incentive structure  Cyber-crime is already targeting a number of exchanges. Over half of exchanges surveyed report experiencing a cyber-attack in the last year (53%).  Attacks tend to be disruptive in nature (rather than aiming for immediate financial gain). The most common forms of attack reported in the survey are Denial of Service attacks and malicious code (viruses). These categories of attack were also reported as the most disruptive. Financial theft did not feature in any of the responses.  This suggests a shift in motive for cyber-crime in securities markets, away from financial gain and towards more destabilizing aims. It also distinguishes cyber-crime in securities markets from traditional crimes against the financial sector e.g. fraud, theft.  Potential effect on market integrity and efficiency; infiltration of non-substitutable and/or interconnected services  The instances of attacks against exchanges means that cyber-crime is already targeting securities markets’ core infrastructures and providers of essential (and non-substitutable services). At this stage, these cyber-attacks have not impacted core systems or market integrity and efficiency. However, some exchanges surveyed suggest that a large-scale, successful attack may have the potential to do so.  Level of transparency and awareness  Transparency in the form of information sharing is occurring widely. 70% of exchanges surveyed note that they share information with authorities, overseers or regulators. However, most of these arrangements are national in nature.  There is also a high level of awareness of the threat across exchanges surveyed. Around 93% of exchanges surveyed report that cyber-threats are discussed and understood by senior management and almost 90% report having in place internal plans and documentation addressing cyber-crime.  Level of cyber-security and cyber-resilience  All exchanges surveyed appear to have in place myriad proactive and reactive defence and preventative measures (see Annex B) and report that cyber-attacks are generally detected immediately. Annual cyber-crime training for general (non-IT) staff is also a staple amongst the majority of respondent exchanges.  However, a small but significant number of exchanges surveyed recognize that 100% security is illusionary, with around a quarter recognizing that current preventative and disaster recovery measures may not be able to stand up against a large-scale and coordinated attack.  Around half of exchanges surveyed report having two separate groups for handling physical and cyber threats. Separation of the two teams could lead to challenges in engaging with cyber-physical threats, however these challenges may be easily overcome (if not already) through efficient and on-going coordination between the two groups. Further information around the level of coordination between these two groups could shed light on this point.  Around 22% of exchanges surveyed report having cyber-crime insurance or something similar. This is mainly due to lack of availability or insufficient coverage of available insurance.  Effectiveness of regulation  A number of respondents expressed doubt over the effectiveness of current regulation in deterring cyber-criminals from damaging markets, since the global nature of the crime makes it difficult to identify and prosecute them. Only 59% of exchanges surveyed report sanctions regimes being in place for cyber-crime, in their jurisdiction. Of these, only half (55%) suggest that current sanction regimes are effective in deterring cyber-criminals. Engaging with the risk  In terms of the future role of securities market regulators in engaging with cyber-crime in securities markets, the following activities were highlighted most frequently by exchanges surveyed:  Updating/implementing regulation and standards (in collaboration with other authorities);  Identifying and providing guidance on best practice, principles and/or frameworks;  Building, partaking in and promoting information sharing networks;  Acting as a repository of knowledge for securities market participants to tap into (e.g. keep up to date with trends, house technical expertise to answer industry questions, collect and record cases, identify biggest risks).  Many of the exchanges surveyed underline a need for further policy but assert that any efforts in this space should:  avoid being prescriptive;  maintain flexibility to adapt to changing risks;  concentrate on information sharing; effective regulations/legislation; providing guidance and principles; and not interfere with an institution’s own tailored internal measures or policy.

Details: Paris: International Organisation of Securities Commissions or the World Federation of Exchanges. 2013. 59p.

Source: Internet Resource: Staff Working Paper: [SWP1/2013]: Accessed July 18, 2013 at: http://www.world-exchanges.org/files/statistics/pdf/IOSCO_WFE_Cyber-crime%20report_Final_16July.pdf

Year: 2013

Country: International

URL: http://www.world-exchanges.org/files/statistics/pdf/IOSCO_WFE_Cyber-crime%20report_Final_16July.pdf

Shelf Number: 129445

Keywords:
Computer Crime
Cybercrime (International)
Financial Crimes
Internet Crime
Securities Markets

Author: Ponemon Institute LLC

Title: Managing Cyber Security as a Business Risk: Cyber Insurance in the Digital Age

Summary: With the increasing cost and volume of data breaches, cyber security is quickly moving from being considered by business leaders as a purely technical issue to a larger business risk. This shift has spurred increased interest in cyber insurance to mitigate the cost of these issues. In a new study sponsored by Experian® Data Breach Resolution, Ponemon Institute surveyed risk management professionals across multiple sectors that have considered or adopted cyber insurance. Based on responses, many understand that security is a clear and present risk. Indeed a majority of companies now rank cyber security risks as greater than natural disasters and other major business risks.

Details: Ponemon Institute, 2013. 25p.

Source: Internet Resource: Accessed August 19, 2013 at: http://www.experian.com/innovation/business-resources/ponemon-study-managing-cyber-security-as-business-risk.jsp?ecd_dbres_cyber_insurance_study_ponemon_referral

Year: 2013

Country: International

URL: http://www.experian.com/innovation/business-resources/ponemon-study-managing-cyber-security-as-business-risk.jsp?ecd_dbres_cyber_insurance_study_ponemon_referral

Shelf Number: 129646

Keywords:
Crimes Against Businesses
Cyber-Security
Cybercrime (International)
Internet Crime
Risk Management

Author: United Nations Office on Drugs and Crime

Title: Comprehensive Study on Cybercrime

Summary: In 2011, at least 2.3 billion people, the equivalent of more than one third of the world's total population, had access to the internet. Over 60 per cent of all internet users are in developing countries, with 45 per cent of all internet users below the age of 25 years. By the year 2017, it is estimated that mobile broadband subscriptions will approach 70 per cent of the world's total population. By the year 2020, the number of networked devices (the 'internet of things') will outnumber people by six to one, transforming current conceptions of the internet. In the hyper-connected world of tomorrow, it will become hard to imagine a 'computer crime', and perhaps any crime, that does not involve electronic evidence linked with internet protocol (IP) connectivity. 'Definitions' of cybercrime mostly depend upon the purpose of using the term. A limited number of acts against the confidentiality, integrity and availability of computer data or systems represent the core of cybercrime. Beyond this, however, computer-related acts for personal or financial gain or harm, including forms of identity-related crime, and computer content-related acts (all of which fall within a wider meaning of the term 'cybercrime') do not lend themselves easily to efforts to arrive at legal definitions of the aggregate term. Certain definitions are required for the core of cybercrime acts. However, a 'definition' of cybercrime is not as relevant for other purposes, such as defining the scope of specialized investigative and international cooperation powers, which are better focused on electronic evidence for any crime, rather than a broad, artificial 'cybercrime' construct. In many countries, the explosion in global connectivity has come at a time of economic and demographic transformations, with rising income disparities, tightened private sector spending, and reduced financial liquidity. At the global level, law enforcement respondents to the study perceive increasing levels of cybercrime, as both individuals and organized criminal groups exploit new criminal opportunities, driven by profit and personal gain. Upwards of 80 percent of cybercrime acts are estimated to originate in some form of organized activity, with cybercrime black markets established on a cycle of malware creation, computer infection, botnet management, harvesting of personal and financial data, data sale, and 'cashing out' of financial information. Cybercrime perpetrators no longer require complex skills or techniques. In the developing country context in particular, subcultures of young men engaged in computer-related many of whom begin involvement in cybercrime in late teenage years. Globally, cybercrime acts show a broad distribution across financial-driven acts, and computer-content related acts, as well as acts against the confidentiality, integrity and accessibility of computer systems. Perceptions of relative risk and threat vary, however, between Governments and private sector enterprises. Currently, police-recorded crime statistics do not represent a sound basis for cross-national comparisons, although such statistics are often important for policy making at the national level. Two-thirds of countries view their systems of police statistics as insufficient for recording cybercrime. Police-recorded cybercrime rates are associated with levels of country development and specialized police capacity, rather than underlying crime rates. Victimization surveys represent a more sound basis for comparison. These demonstrate that individual cybercrime victimization is significantly higher than for 'conventional' crime forms. Victimization rates for online credit card fraud, identity theft, responding to a phishing attempt, and experiencing unauthorized access to an email account, vary between 1 and 17 per cent of the online population for 21 countries across the world, compared with typical burglary, robbery and car theft rates of under 5 per cent for these same countries. Cybercrime victimization rates are higher in countries with lower levels of development, highlighting a need to strengthen prevention efforts in these countries. Private sector enterprises in Europe report similar victimization rates - between 2 and 16 per cent - for acts such as data breach due to intrusion or phishing. Criminal tools of choice for these crimes, such as botnets, have global reach. More than one million unique IP addresses globally functioned as botnet command and control servers in 2011. Internet content also represented a significant concern for Governments. Material targeted for removal includes child pornography and hate speech, but also content related to defamation and government criticism, raising human rights law concerns in some cases. Almost 24 per cent of total global internet traffic is estimated to infringe copyright, with downloads of shared peer-to-peer (P2P) material particularly high in countries in Africa, South America, and Western and South Asia.

Details: Vienna: UNODC, 2013. 320p.

Source: Internet Resource: Draft: Accessed November 7, 2013 at: http://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf

Year: 2013

Country: International

URL: http://www.unodc.org/documents/organized-crime/UNODC_CCPCJ_EG.4_2013/CYBERCRIME_STUDY_210213.pdf

Shelf Number: 131602

Keywords:
Computer Crime
Cybercrime (International)
Financial Crimes
Internet Crime

Author: United Nations Office on Drugs and Crime (UNODC)

Title: Study on the Effects of New Information Technologies on the Abuse and Exploitation of Children

Summary: This Study on the effects of new information technologies on the abuse and exploitation of children was prepared pursuant to Economic and Social Council resolution 2011/33 on Prevention, protection and international cooperation against the use of new information technologies to abuse and/or exploit children, in which the Council expressed concern that increasingly rapid technological advances have created new possibilities for the criminal misuse of new information and communication technologies. The study is based primarily on open source research and the outcomes of an informal expert group meeting on ICT facilitated abuse and exploitation of children, held in Vienna from 23 to 25 September. In accordance with Council resolution 2011/33, relevant information from the 2013 Comprehensive Study on Cybercrime prepared for the consideration of the open-ended intergovernmental expert group on cybercrime is also taken into account. The study is divided into four chapters and contains a glossary as an annex.

Details: Vienna: UNODC, 2014. 72p.

Source: Internet Resource: Accessed October 9, 2014 at: https://www.unodc.org/documents/commissions/CCPCJ/CCPCJ_Sessions/CCPCJ_23/E-CN15-2014-CRP1_E.pdf

Year: 2014

Country: International

URL: https://www.unodc.org/documents/commissions/CCPCJ/CCPCJ_Sessions/CCPCJ_23/E-CN15-2014-CRP1_E.pdf

Shelf Number: 133926

Keywords:
Child Abuse
Child Protection
Child Sexual Exploitation
Computer Crimes
Cybercrime (International)
Internet Crimes
Online Communications
Online Victimization