It Risk Management -- Cyber Research Paper

Excerpt from Research Paper :

The organizations are usually run by a core group, which divides the different responsibilities of an operation (e.g. spamming, web design, data collection) among the members. The members run their own outer networks to fulfill those responsibilities -- rarely even having contact with each other online. The decentralized structure of the internet, as well as the high levels of anonymity it provides makes it difficult for law enforcement agencies to locate cybercriminal groups. A group could have networks in a myriad of different countries, whilst using servers based in numerous different countries and jurisdictions. Furthermore, many national jurisdictions lack the legislative framework required to properly prosecute online crime." (Collins, 2012)

These insights are illustrating how the lack of self-control is creating a situation where more criminals or organizations are turning to cyber crime. What makes the situation worse; is they can work anonymously and be able to conduct these activities with little to no negative effects. It is at this point, when these individuals and groups are participating in order to reap the lucrative rewards from them. This is illustrating how the self-control theory is highlighting why this becoming so common and the effects it is having criminals and other related organizations. (Collins, 2012)

The Routine Theory

The routine theory believes that crimes will occur when there is an intersection between the time, space, motivated offenders, attractive targets and a lack of effective law enforcement. This creates the perfect environment for someone to conduct illegal activities and it increases the odds that they will be able to get away with it. When this occurs, they will continue to commit these crimes over and over based upon the rewards they are receiving from them. According to Walsh (2010), this will encourage these activities to become more frequent, until there is some kind of effective deterrent in place to stop them. (Walsh, 2010)

Evidence of this can be seen with Walsh (2010) saying, "It does not so much matter why individuals are motivated to commit crimes, what matters is that an individual with the inclination to commit a crime is in the right place to move against his or her target at the right time when there is no one around to stop the offender. The absence of any one of the conditions would be sufficient to prevent a crime from occurring. If an individual is motivated to steal an object from a victim's house, but there is always someone home, then the offender will be unable to commit the crime. In sum, according to routine activity theory; a crime can only occur if there is an offender, a suitable target, and no guardians around to protect the target." (Walsh, 2010)

This is illustrating how criminal activities will occur when there is the opportunity to conduct them and a high probability of being able to benefit. In the case, of cyber crime, these issues are common with lack of regulations, effective monitoring and no one is aware of what is happening until it is too late. The more individuals and organizations realize this, the greater the odds are that these activities will become increasingly common. This is the exact situation and one of the reasons why it is continually increasing in scope. (Yates, 2013)

Tools / Techniques

There are a number of different tools and techniques which are utilized by cyber criminals to conduct a variety of attacks against vulnerable targets. The most notable include: botnets, fast flux, social engineering and skimmers. Each one of these areas has been utilized to achieve the different objectives of these individuals or organizations. In some cases, this can occur with them completely shutting down an entire computer system or network. While at other times, they will involve stealing personal or financial information. (Casey, 2011)

A botnet is a network of robots (i.e. bots) which are designed to spread malware. This is used to infect a computer system's files and provide criminals with access to the information inside it. This takes place in the form of a denial of service attack. When this occurs, it floods a server or network with traffic in order to make it unavailable to users. In many cases, this is often used as a preferred method of seeking out computers that are online and infecting them with some kind of virus. According to Robinson (2011), these techniques are the most common tools which are utilized to gain access to critical information. (Robinson, 2011) (Casey, 2011)

Evidence of this can be seen with him saying, "The use of botnets for malicious activities has grown significantly in recent years. Criminals leverage the flexibility and anonymity associated with botnets to harvest personal data, generate spam, distribute malware and launch distributed denial-of-service attacks. These same attributes readily translate to applications that can support operations in warfare. In 2008, distributed denial-of-service attacks launched by botnets targeted it assets belonging to Estonian banks, newspapers and parliament. This crippled their infrastructure for weeks. " (Robinson, 2011)

This is illustrating how these tools and techniques can allow criminals to take control of entire networks and exploit the information inside. When this happens, they can quickly retrieve it and prevent someone from being able to access it in the future. It is at this point, when the victim will be forced to spend time and money trying to restore everything back to normal. During this process, these individuals and organizations will have achieved their primary goals and moved onto another entity with similar vulnerabilities. Once this process is continually repeated, the rewards for these kinds of activities can be very lucrative for anyone who is conducting them. (Robinson, 2011) (Casey, 2011)

Fast flux is quickly moving data around to avoid any kind of detection of the malware software or where it originated from. This often involves using computers which have been hacked into and seizing control of them (in order to hide the location / identity of cyber criminals). The way that this is achieved is a large number of IP addresses are collected and these computers are utilized to hide the location where the attack is originating from. (Robinson, 2011) (Casey, 2011)

This makes it difficult to determine who is involved and the precise locations they are operating. For cyber criminals, this is an effective tool / technique to quickly steal information and have no one know where they are at until it is too late. It is at this point when they can move on to another location and protect themselves against detection from law enforcement. (Robinson, 2011) (Casey, 2011)

Social engineering is when cyber criminals will use lies and manipulation to trick someone into revealing their personal information to them (i.e. phishing). This involves them posing as a represenative from a legitimate organization and requiring this data to solve some kind of fictitious problem. Once they have revealed it, is the point these individuals will utilize this to gain access to their bank accounts and possibly commit identity theft. In some cases, this can provide them with the ability to go into the database of large organizations and steal entire quantities of files. (Robinson, 2011) (Casey, 2011)

Skimmers are used to steal credit card information when someone is at a store or restaurant and it is out of the sight of the owner. This data is sold online to various criminal organizations. They will utilize it to take large sums of money, gain access to bank accounts or charge various goods / services to the individual. (Robinson, 2011) (Casey, 2011)

These different tools and techniques are showing how criminals and related organizations have become very sophisticated in committing cyber crime. This helps them to gain access to the data they need and to protect their locations / identities. When this happens, they can conduct their operations quickly and then move onto the next target without the fear of retribution. (Robinson, 2011) (Casey, 2011)


To protect firms and individuals against these kinds of issues; requires using a risk management plan that will take into account the overall nature of the threat and evolve with new challenges in the future. This will allow everyone to keep up with the latest tools and tactics utilized by cyber criminals. It is at this point when they reduce the odds of them being able to exploit their different vulnerabilities. (Vacca, 2010) (Solomon, 2008) (Gregg, 2010)

The best way to mitigate cyber crime is to utilize an all encompassing strategy that is focused on a number of areas. The most notable include: having multiple firewalls in place, restricting access to who is provided with sensitive information, limiting the amount of data that is stored on mobile devices and always being watchful for suspicious activity. Anyone who is using a combination of these elements; will be able to keep up with the threats they are facing and reduce the chances of them or their organization becoming the victims of cyber criminals. (Vacca, 2010) (Solomon, 2008) (Gregg, 2010)…

Cite This Research Paper:

"It Risk Management -- Cyber" (2013, June 17) Retrieved August 21, 2017, from

"It Risk Management -- Cyber" 17 June 2013. Web.21 August. 2017. <>

"It Risk Management -- Cyber", 17 June 2013, Accessed.21 August. 2017,