Anjali Kaushik: Sailing safe in cyberspace: protect your identity and data

Abstract

Anjali Kaushik reviews 50 global cyber crime incidents reported in the last decade (pg xxii) and tries to analyze them based on (i) motivation that lead to it, (ii) technological exploits (threats and methods used), (iii) impact, trends and role of government in combating them and (iv) recommend methods for being against them. The author acknowledges the fact that cyber security breach, though results in loss of confidentiality–integrity–availability (CIA) of data, is not a technical issue alone. It impacts individuals, organisations and nations at large. A ‘risk management’ approach with effective use of controls (Straub and Welke 1998) would be better way to address cyber attacks. The author hints at (i) risk assessment, (ii) risk quantification and (iii) risk mitigation strategies, in a cursory manner in this book. In section I, the author sites variables such as (i) social, (ii) economic, (iii) biological and (iv) criminal justice system as being instrumental in promoting cyber crime. The author may have also referred to Deterrence Theory (Gibbs 1968; Bulgurcu et al. 2010) and Protection Motivation Theory (Rogers 1975, 1983; Bulgurcu et al. 2010) for arriving at the motivational factors for cyber crime. Throughout the entire book, the author focuses on external attacks, but internal attacks by disgruntled employees (Pahnila et al. 2007; Herath and Rao 2009) are an issue of serious concern too. In Section 2, the author takes the readers through a journey of the various threats that lead to cyber attacks, namely (i) spam, (ii) malware, (iii) phishing, (iv) identity theft, (v) denial-of-service attacks, (vi) botnets, (viii) hacking, (ix) social engineering. She uses recent security breach incidents to (a) illustrate the mechanism in which these attacks impacted individuals, organizations and countries at large and (b) propose mitigating strategies for them. She concludes this section by highlighting the imminent threats to currently popular technologies such as (i) mobile computing, (ii) social media and (iii) cloud computing. Use of controls and best practices along with technological solution will be a better mitigation strategy. In Section 3, the author discusses the monetary losses arising from cyber crime based on data from various surveys conducted by Antivirus publishers. She also sites instances of intangible losses to nations which are political and social in nature. The author also suggests that organization do face loss of reputation due to cyber attacks, but do not refer to studies by Campbell et al. (2003), Cavusoglu et al. (2004), Chai et al. (2011) and Chen et al. (2011), where they use event study methods to quantify the impact. The author highlights the problem of estimating the frequency of cyber attack and its severity in this section, but does not refer to any of the existing literature where researchers (Bohme 2010, 2005; Bohme and Schwartz (2010); Bohme and Kataria A. Mukhopadhyay (&) Information Technology and Systems Area, Indian Institute of Management, Lucknow, India e-mail: arunabha@iiml.ac.in