Security issues in cyberspace continue to threaten the integrity of information distributed and accessed. In today’s digital economy, Alvin Toffler in his book Power Shift indicated that the axis of power is shifting towards the entity that possesses more substantial knowledge. Information technology in this case is both a powerful medium and a vulnerable platform. Although information is emerging as a new currency, it is not a guarantee that all information collected is true and accurate.
The entry and dominance of information technology in all aspects of life in this century have generated various issues that affect the entire social, political and economic structure of world economies. The influx of information technology affects people as “every new technology creates hidden effects in its environment, rearranging the social order it penetrates. Many of these effects are inextricably linked to ethical issues” (Cooper 71+). Fillis & Wagner discussed in E-business Development: An Exploratory Investigation of the Small Firm some of the benefits of adopting small business into e-commerce.
The benefits include “improved communications, cost savings, greater visibility, ability to develop new markets and greater levels of information retrieval”(625). The authors likewise discussed the barriers associated with e-commerce. They include issues like privacy, security and inadequate technical knowledge (625). While information technology provides the impetus for a new business paradigm to develop, there are issues that remain. With e-business overcoming the national boundaries and barriers, companies engaged in e-commerce should not relax its vigilance on security concerns.
The Internet is a gateway for companies to globalize their operations but security issues remain a threat. Security as an Ongoing Concern Some of the major trends associated with recent developments in e-business include web-based platforms, content, search engines and database management, integration and security. When the dot. com bubble bursts in the late 90’s, e-business practitioners became more cautious and vigilant regarding their business practices. Competition on cyberspace also tightened with more businesses joining the bandwagon.
For many e-businesses are modeled after the ‘click and mortar’ structure, success is dependent on integration of online and offline activities to make e-businesses work. Recently, most e-businesses also had increased the security level of transactions online. Infrastructures were established so payments made online would be secure. Privacy has become a prominent issue in e-business. With the introduction of “smartcards, authentication devices and real-time fraud detection using sophisticated bank systems, security levels at online transactions increased.
Alternative online payment like SSL and Paypal offered secure payment systems” (Bwired). Despite those advances in security protocols in e-commerce, the problem of security is still an ongoing concern for most e-business enterprises. The absence of clear delineations and governing policies concerning the use of the Internet and the conduct of its users has also brought several issues to the forefront. For example, Maignan and Lukas’ study respondents used the words “anarchy” and “chaos” to describe the structure within cyberspace.
Other respondents though considered the Internet as a place for “communities” (366). Presently, while there may be no consolidated laws that regulates or punishes perpetrators that commit computer fraud, The Wiretap Act prohibits any individual from obtaining information illegally. If stored information is accessed, the Computer Fraud and Abuse Act and the Stored Communications Act are consulted (Hofstadt 14). The Federal Bureau of Investigation (FBI) has at its disposal countermeasures against cyber crime such as Carnivore.
The intention was to protect the interests of the American public against unlawful use of cyberspace to perpetrate crimes. The main targets of the Carnivore are “terrorism, information warfare, child pornography, fraud (including white collar), and virus writing and distribution” (Durham n. p. ). The Carnivore is capable of filtering e-mails from suspected criminals and tracing the origins of these messages. It operates on two modes, the “pen” and “full”. The “pen” mode will only capture the addresses of the messages while the “full” mode can access the entire contents of the e-mails (Etzioni 59).
Security threats are still difficult issues to address especially when the web is constantly subjected to attacks and hacking and perpetrators grew bolder. Compromised security and system integrity is something that every organization dependent on information technology wishes to avoid. Compromised security would be too costly and perhaps cause the collapse of businesses and institutions. With incomplete laws or the absence of regulations to prevent the onslaught of technology-driven improprieties would weaken any type of security measures.
The cost of procuring hardware to initiate a virtual existence may be expensive. The software tools are constantly evolving. There might be technical shortcomings when it comes to the required bandwidths and reliability of the system. There may be some compatibility problems with the infrastructure and the various institutions’ present IT structure. It would become more difficult to integrate the two systems. Resolving Security Issues in E-commerce Bob Worner in Choosing the Right Security Infrastructure for E-business Success reiterated the importance of security in E-business.
It is not enough that e-businesses put their focuses on employee and customer satisfaction. Critical to the success of companies engaged in e-commerce is a solid strategy for information security. The author suggested that security management must include limits to information access and use, criteria for evaluating security infrastructure choices underscoring the importance of choosing the right type of security protocol will spell the difference between the success or demise of an e-business enterprise.
David Thompson in The Social Engineering of Security provided a balanced view of the factors to consider businesses decide to create a virtual entity. E-business security management requires serious contemplation and e-business enterprises must look beyond the surface. Security strategies must be consistent and organizations must be able to strike a balance in mitigating the risks. The managers are the lead actors that should be able to understand the implications of going virtual.
Hence, e-business security strategies and solutions must emanate from prudent and careful selection of security tools, as well as being aware of the risks involved in establishing an e-business. Leon in Ten Tips to Combat Cybercrime, recognizing the lack of a unified front against computer fraud proposed strategies where individuals or companies can protect themselves against illicit intrusions. He advised that one should be suspicious of emails from unknown sources. Always open a new window and avoid accessing websites through direct URL links. Always use encryption and digitally signed emails when sending messages.
Almost all the residents of cyberspace agree on at least one thing: “For security reasons, or simply for privacy, encryption of certain transmissions over electronic networks is sometimes necessary” (Davis). Do not allow permanent cookies in the web browsers. Disable scripts in web browsers. Understand the vulnerability of the systems and institute preventive measures against intrusions such as putting up a firewall or installing countermeasures against hackers. Ruhnka and Bagby in Forensic Implications of Metadata in Electronic Files described the importance of metadata in forensics.
Metadata is referred to the electronic equivalent of DNA because it could reveal information on the “origins, context, authenticity and distribution of electronic evidence” (68). Metadata fall under two categories: one is application metadata and the other is systems metadata. The application metadata is created by software applications that usually are embedded on every file created every time a software application is used. The systems metadata resides in “the system registry of the computer system or server used to access and store that file” (69).
Metadata in litigation procedures could assist in discovering “human and system actions in information systems; can be used to investigate and verify fraud. abuse, mistakes, or system failures; and can help to establish elements such as causation, timing, and the extent of knowledge or mens rea (guilty knowledge)” (70). Fortifying the e-business against unauthorized breach is imperative. Just as information technology is a mediating tool to perpetrate fraudulent acts, it is also the best tool to secure the organization against such attacks. Fighting fire with fire is the most logical direction to take.
Network intrusion detection system (NIDS) is essential for any information system that requires vigilance against unauthorized incursions. They essentially run on the periphery of a local area network (LAN) primarily positioned to “detect log Internet-based attacks against a local network, such as attempts at buffer overruns, cross-site scripting, and denial-of-service” (Schuff, Choe & Pai 138). Unlike firewalls which shut off external access to suspected intrusions, NIDS monitors “attacks on externally-exposed ports used for running network services” (138).
The entire network of the organization requires that additional security features be implemented aside from the standard features offered in a typical OS platform. The implementation costs should also be minimal. When implementing Internet links and access to both internal and external users, the system must be protected from unauthorized intrusions. Overall, the implementation of a secure network infrastructure favors the business or production environment. It will deter possible malicious intrusions that are likely to affect the organization’s productivity.
While it is true that having a good network infrastructure makes a company function better, the presence of a network, wired system also exposes the e-commerce company to information security nightmares. Another solution that could secure e-commerce portals in cyberspace is to deploy honeypots to detect and trace unauthorized users. The biggest threat to system integrity comes from remotely controllable backdoors. Not only do they permit industrial espionage at the most sophisticated level, it also devastates the target victim’s entire system.
These malwares are commonly referred to as botnets (Wicherski 1). Botnets posed serious threat to the internet for two main reasons: the sum of resources available by a single botnet is so immense that they can cause severe damages…and the control of so many resources is the sending and delivering huge amounts of spam” (1). Applying the principles of hunting, honeypots were created to serve as bait to potential intruders and hackers. Security specialist put up systems that appeared to be vulnerable to attacks.
However, these systems are useless because they contain no data or information, administration controls, and computers to destroy. These dummy systems are referred to as honeypots. Honeypots are exposed to unwanted intrusion and they essentially lure hackers and intruders and deceive them into thinking they got into the system successfully. The security specialist can now monitor the movements of the would-be hacker while effectively keeping valuable system information safe. Honeypots can now “collect data for research or legal action, and alert administrators of attacks in progress” (Raikow).
This also sets a precedent for successful apprehension and prosecution of the perpetrator (Martin 1). Conclusion The foregoing discussion supported the view that companies engaged in e-commerce should not relax its vigilance on security concerns. The issue of security remains a threat. The reliability of security systems is constantly challenged, as newer and more sophisticated intrusive systems are developed. One should be concerned that security measures employed might not be able to keep up with the speed malicious hackers can compromise the security of network systems.
Businesses and organizations dependent on information systems to operate on a regular basis need to protect themselves from unauthorized intrusion. The use of information technology as a mediating tool for both solving the problem of intrusion and perpetuating illegal entry in network systems is a paradox that needs to be considered by organizations engaged in e-commerce. The law lacks teeth that could apprehend individuals with malicious intent and this increases the possibility of more individuals using information technology as a platform to commit inappropriate acts.
The lack of real understanding on the implications of new developments in information technology within a critical and analytical framework will always lead to incorrect assumptions. Information technology may have brought advances in today’s world but coupled with it are contentious issues that need to be resolved immediately. Security issues that came about merely signal the weaknesses of the integration of information technology into the business paradigm.