Wednesday, May 6, 2020

Australian Organizations are Prone to Cybercrime for Dilemma

Question: Discuss about theAustralian Organizations are Prone to Cybercrimefor Ethical Dilemma. Answer: Introduction In this particular essay, primary concern is put forward as Australian organizations gradually becoming easygoing targets for cyber criminals. Majority of Australian organizations are turning in to low-hanging fruit as lack of appropriate controls exists for cybercrime. Therefore, an ethical controversy emerges where a decision should be made among possible actions; though possible actions are not adequate to resolve the ethical issue (Hursthouse, 2013). In this essay, this concern is analyzed in view of four ethical theories that are mentioned as utilitarianism, deontology, virtue and contract. These theories, their implications towards primary concern, critical viewpoint are discussed for raising arguments (Ferrero Sison, 2014). Moreover, the ethical outcomes and analysis is summarized for providing recommendations. The recommendations are included in later section so that ethical approach can be effective for handling cybercrime threat for Australian organizations. Australian Organizations are Prone to Cybercrime: Ethical Dilemma Discussion Background: As in current context, Deloittes Asia pacific unit leader, James Nunn-Price told that organizations were unable to report against ransomware. Ransomware locks the user from accessing systems until they make a ransom amount of payment to the attacker; rather perpetuate the crime; organizations are paying ransom amount of money (Condie, 2016). Deloitte leader also exclaimed that several Australian organizations are paying money just because the organizations are realizing payment of money is easier than investigate ransomware incident (Tonge, Kasture Chaudhari, 2013). Australian organizations have huge funding support from external and internal corporate and they can afford few hundred dollars. In this situation, Australian organizations are choosing an apparent decision with paying money to resolve the ransomware issue. The companies think they are not gullible rather they are making conscious decision. Most likely, they are sorting the problem out by just paying the atta ckers and carrying on their business (Andress Winterfeld, 2013). In this way, ransomware incident was kept under control until the number of involved accounts escalated and victim organizations reported to federal police. Former FBI cybercrime special agent Mary Galligan, declared that involved accounts were not protected well enough. The protection level was not at simple password protection or granting access and management; whereas, protection level was quite poor; causing criminals to bully banks and organizations as weakest kid on the block (Condie, 2016). CERT Australia, partner agency and computer emergency response team, combined together responded to more than 11,000 cybercrime incidents during 2014 to 2015. Tommy viljoen, leader of Deloittes risk advisory and security team told that business entrepreneurs need to understand about cyber security and finance values. Tommy Viljoen put up two different scenarios as when someone asks to fix bank account reconcilement that is under poor shape for six months and system is hit by malware and patched for few years (Miller et al., 2013). For first scenario, organization responds responsibly and promptly taking consideration of appropriate steps to res olve the issue. However, in the second scenario, organizations still cannot understand the urgency of removing malware issue from system. Therefore, risk advisory security team leader thinks that Australian organizations and banks need to conduct several activities to stop becoming easy targets for cybercrime. Implications from Utilitarianism ethical theory: Utilitarianism ethical theory is utilized for identifying major utilities for any action that would be adequate for increasing advantages of actions. As per Utilitarianism ethical theory, the Australian organizations should assess the malware and ransomware consequences and outcomes inevitable for organization. Utilitarian argues about the consequences being several numbers of individuals for given society deserving moral deliberation (Von Solms Van Niekerk, 2013). As per the theory, Australian organizations should not pay the ransom demanded by the attackers. Paying ransom is most realistic decision for resolving the issue though; paying money cannot guarantee unlocking access to stolen files. Therefore, earlier the files should have proper and secured backup storage; so that in ransomware incidents, the files can be restored from backup. Best way is to remove the victim system and remove the threat from network architecture (Chakrab arty Bass, 2015). Therefore, ethically appropriate action should be taken as not to pay ransom and remove threat by removing affected system and recover files from good backup. Implications from Deontology ethical theory: Deontology helps to analyze morality behind an action that is entirely dependent over rules and regulations for organization. Deontology ethical theory can determine some rules, policies, and regulations on which ransomware issue can be resolved (Hayry, 2013). Prone organizations should implement Symantec Endpoint Protection 12.1 (SEP 12) so that spyware protection policy can be generated for handling ransomware threats. Default policies can be edited though; the SEP and protection policy contains specific details for mitigating threat. In Virus and Spyware Protection Policy, the download protection feature can be utilized with specific modifications (Dierksmeier, 2013). Modifications in policy can result in to detection of ransomware threat and enabling suitable measures for preventing the threat. Endpoint anti-virus can be used with Virus and Spyware Protection Policy enabling quarantine the risk. Implications from Contract Ethical theory: Contract based ethical theory states societal lawfulness and originality; this theory is dependent on socio-contract model providing motivation to be moral and develop moral system with rules (Hursthouse, 2013). As per contract-based ethical theory application, bank and organizations heads and authority should be made aware about ransomware threats and its consequences. Authorities should know ransomware threat vector is spear phishing that employs unsolicited mail from unknown sender and attachment for executing the attack (Ferrero Sison, 2014). Therefore, employees should not check unidentified senders and their mail attachments and it is crucial to handle the unsolicited mails with specific actions. To resolve unsolicited mail; mail server should include filter for mail content scanning and block potential attachments that can pose major threat. Implications from Virtue Ethical theory: Character-based ethical theory pinpoints person character or virtue as primary element that is not related with rules. Therefore, as per virtue-based ethical theory, current ransomware threat can be resolved with putting user restrictions. Ransomware threat can easily peek inside mapped drive through encrypting data (Chakrabarty Bass, 2015). User access restriction can provide limitations to mapped drives so that the attack cannot encrypt files from mapped drives. Therefore, individual user should be restricted from endless access inside mapped drives of mainframe. Moreover, critical, sensitive, transactional data should be kept in secured backup. This particular backup solution should be contained in removable media and should be stored disconnected from network server (Miller et al., 2013). Removable and isolated backup solution is most important safeguarded data from ransomware threat. Conclusion and Recommendations This particular essay addressed primary situation for Australian banks and organizations facing real cybercrime threats and attacks. The essay considered consequences of this concern, duties to be performed to mitigate the concern, contract and character ethics for analyzing appropriate activities to resolve threat. Ethical theories are applied to show justification on whether the prescribed actions can be adequate with utilities, policies, socio-contract model, and virtue of individual or not. The Australian organizations should incorporate proper measures and actions to prevent ransomware threat while not paying ransom amount to resolve the threat. Therefore, applying ethical theories and proper implications of them obtains list of recommendations that could be helpful for Australian organizations to resolve ransomware threat properly. First, the organizations should incorporate removable backup storage for sensitive and critical files. Backup storage should be placed in workstation and it should be accessible during ransomware incident. Secondly, the organization should not pay ransom to the attackers. Paying ransom can never stop and prevent the attack; resulting in continuously posing threat. Thirdly, the affected systems should be removed from internal network architecture. End point should be incorporated with anti-virus solutions for enabling quarantine feature to reduce impact of threat. Finally, the mail server should be filtered for mail content scanning and stopping malicious attachments from unsolicited mails. These recommendations are justified with utilitarianism, deontology, virtue and contract ethical theories. References Andress, J., Winterfeld, S. (2013).Cyber warfare: techniques, tactics and tools for security practitioners. Elsevier. Chakrabarty, S., Bass, A. E. (2015). Comparing virtue, consequentialist, and deontological ethics-based corporate social responsibility: Mitigating microfinance risk in institutional voids.Journal of Business Ethics,126(3), 487-512. Condie, S. (2016). Australian companies 'open to cyber crime'. The Sydney Morning Herald. Retrieved 11 May 2017, from https://www.smh.com.au/it-pro/security-it/australian-companies-open-to-cyber-crime-20160201-gmiwrw.html Dierksmeier, C. (2013). Kant on virtue.Journal of Business Ethics,113(4), 597-609. Ferrero, I., Sison, A. J. G. (2014). A quantitative analysis of authors, schools and themes in virtue ethics articles in business ethics and management journals (19802011).Business Ethics: A European Review,23(4), 375-400. Hayry, M. (2013).Liberal utilitarianism and applied ethics. Routledge. Hursthouse, R. (2013). Normative virtue ethics.ETHICA,645. Miller, S., Mameli, P., Kleinig, J., Salane, D., Schwartz, A. (2013).Security and privacy: global standards for ethical identity management in contemporary liberal democratic states(p. 291). ANU Press. Tonge, A. M., Kasture, S. S., Chaudhari, S. R. (2013). Cyber security: challenges for society-literature review.IOSR Journal of Computer Engineering,2(12), 67-75. Von Solms, R., Van Niekerk, J. (2013). From information security to cyber security.Computers Security,38, 97-102.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.