Should We Blame People for Cybersecurity Errors?
|✅ Paper Type: Free Essay||✅ Subject: Information Technology|
|✅ Wordcount: 2846 words||✅ Published: 8th Feb 2020|
Cybercrime and its related risks are a growing concern in this society with the growing use of electronic gadgets and networking technology(Kröger,2008, Pfleegerand Ca-puto,2012) unlike the other kind of crimes, cybercrime is a bit more challenging due to several reasons. Firstly we can say that cybercrime is easily adaptable. It is so because there are a number of ways to attack and the greed of attackers makes them steal personal details of people ( Choo, 2011) Secondly the devices that are used by an individual will have pre-installed malware which can make the attack pretty much easier ( Subashini and Kavitha, 2011). Finally, there are people who are not aware of the attack and can compromise their device for different reasons. All these reasons can actually make an individual vulnerable to the attacks including the small scale business. Small scale business was forced to get their employees to behave in a cyber-secured manner or else they had to cope with the “responsibilisation conundrum”.( MacEwan, Neil Finlay 2017) Despite all these the current century people use multiple devices for their day-to-day activity. As all these devices are connected to the same network, even one compromised device can give away the details stored in the other devices as well. This attack “Internet of things” is the latest concern in the cybercrime field.
If you need assistance with writing your essay, our professional essay writing service is here to help!Essay Writing Service
Even with all these concerns the government is not actually supporting the society to overcome this problem. They are concerned about physical crime and have taken steps against it. There had been several refinements in the law in the past centuries but have no actual cybercrime mitigation laws(Lentz and Chaires, 2007). As this problem prevails a computer owner will be solely responsible for their cybersecurity ( Horgan and Collier, 2017). Which exactly means that the owner of the computer will be responsibilized on any cybercrime risk. Responsibilization is the phenomena of expecting an individual to take over responsibility for avoiding further risk. So, any individual should be expected to take responsibility for any negative outcomes if they have failed in taking the necessary precautions(Bertrand, M. and Hannah-Moffat, 2001). This is actually a shift of responsibility from the government to an individual ( Wakefield and Fleming, 2008). It is mostly the victim who himself be blamed for what has happened. A great example of cybercrime responsibilisation is in the case of “wannacry”. So when wannacry issue popped up, the initial blame was on the user falling for a phishing email. Then the blame came on to Microsoft for releasing a patch. When it was realized that the patch was already released then NHS was blamed not applying them. ( Hern, 2019) This went on as such without knowing that it actually can occur due to a system failure. This essay will further show about whether one should be blamed for any cybercrime which he/she has not committed.
RESPONSIBILIZATION IN CYBERCRIME
Responsibilzation is to be defined as crime control and neoliberal governance technique that helps an individual to take necessary steps to minimize the risk of being victims. If they do not take necessary precautions and fall into some trouble then they will responsible for the crime that occurred (Yan, 2015).even with the growing technical security human has always been the weakest link in the cyber risk. ( Torten, Reaiche, and Boyle, 2018) From the definition, we can see that firstly, an individual is responsible for the security of their devices(Renaud, 2016). Secondly, if they fall into trouble then they are blamed for not taking necessary precautions. This brings us to the conclusion that the government is responsibilizing all the cybersecurity risk. This is one point which should be argued. It is not necessary that the persons who own a device know the technology to commit a cybercrime. This point out a need for change in the responsibilizing on the individual who owns the device. Rather the real cause of the attack should be found. Following are that details about what current scenario of cyber security management is taken by the government and what are their regulatory regimes.
CYBERSECURITY RISK MANAGEMENT AND REGULATION REGIMES
Cyber threats have come into a widespread issue in the last 25 years. This was emerged mainly because of the usage of the same operating system by the majority. Apart from this the interconnectivity if devices have also paved ways for attackers to attack the devices easily. An actual risk can be seen from two dimensions. Mainly the expertise required to commit the crime and the people who are impacted by the risk. Considering these dimensions and that it is said that the device owner and its users will be responsibilized (Biebricher, 2011), cyber-attacks can be contagious and to manage the risk it might require specialist expertise. Anonymization also makes the investigation behind the crime difficult as the speed in which the deceptive identity evolves makes it necessary for evolving a control for that (van der Walt, Eloff and Grobler, 2018). Taking the concept of routine activity theory, the crimes are monitored using different elements, VIVA(value, inertia, visibility, and accessibility). This analysis is easy in the case of a terrestrial crime. The elements required for the analysis of the crime is real and are easy to investigate. When this concept is been taken to the virtual world it becomes difficult. There is no real element for a proper investigation. And moreover, the criminal himself will be anonymized making it even more difficult to analyze who and from where the attack has occurred (Leukfeldt and Yar, 2016).
All the other risk in society actually has got a risk management policy. But the cyber risk is still unattended. It can be as such because the nature of the attack and the technology keeps on changing day by day. as technology is growing the mode of attack is also been changed by the attackers. There is no proper way to defend these attacks by a common individual. Even if an attempt of defense is made it is been overcome by the modern hackers (Voiskounsky and Smyslova, 2003). So after an attack, there is only a little evidence to prove the innocence of the owner of the device. The current approach of the government in most of the country is individualist i.e, the responsibilization of an individual. For the above-said reasons, there is a regulation needed in order to prevent and protect any sort of attack. This can compel different organizations to protect their data from attacks like trojan, DoS, phishing, etc. (Srinivas, Das, and Kumar, 2019)
DRAWBACKS OF RESPONSIBILIZATION
Responsibilization is basically a government responsibility to give some advice on cybersecurity to every individual. But there several problems for this approach.
- The advice given by the government is not necessarily universally accepted. ( Muro and Vidal, 2017)
- This approach cannot guarantee to rensponsibilize an individual. And if this doesn’t work then the consequences can be fierce.
- Information – based behavioral change has proven to be a less efficient method in many other areas.
- We also need to make sure that the user is aware of the attacks and has got skills to defend against it.
But, there are some steps that need to be taken by an individual as well. One of these is taking backups regularly. This is not something that is known to a non-expert individual. It is not easy to measure the knowledge of each individual which makes it unreasonable to responsibilize any individual in the aspect of cybersecurity. Moreover, attacks can also be caused by a faulty device or a compromised device. Both of these can compromise all its connected devices and responsibilizing an individual on this scenario if injudicious.
CYBER SECURITY REGIME
If an individual fails in defending the cyber attacks it should have the help from the state. There are some aspects which the government should take a major step. Firstly standard settings should be created for easy management. Secondly, collect information by promoting users or companies to report cybercrime. Thirdly a modification in behavior by applying some sanction who does not follow the advice. These steps can make an individual or a company to be more cautious about cybersecurity matters (Dray, 1988).
- Prevention and Deterrence: preventive measure in very easy instructions should be given to an individual with a help center for advice whenever required.
- Deterrence: proper preventive measures should be advised to the people and make sure they understand them (Hatmaker, 2018).
- Prevention: clear guidelines of preventive measures should be advised to the company and need to make sure that they follow them. This calls for a standard technology for all the companies.
- Detection: it should be made sure that people do really follow preventive measures. If they don’t necessary actions should be taken against them.
- Incident management: practical assistance should be given on an attack and its recovery.
- Remediation: a proper legal action should be taken against all cybercriminals.
All these are possible only when the government really understand that there is a need for urgency. Ordinary people should actually insist on the government to make a proper risk regulation scheme against cybercrime. If a proper action or investigation is not done in this matter, the cybercriminal can still attack in a different manner and innocent people can be convicted for the crime that they have not committed.
Cybersecurity is a growing threat in the day to day life. Actors behind these attacks are always anonymous. They are very hard to be found as they do not leave any traces behind. This has made the government difficult to find who exactly is the culprit for a particular cybercrime. In most of the cases, the person who owns the device has been found guilty. But this is a very injudicious way of finding the attacker. Technology has grown in such a way that any person can manipulate their id to be someone else. This doesn’t exactly mean that it is that person itself who has committed the crime. There are also cases in which the culprit found do not have technical knowledge about the attack occurred. This makes it difficult to find the right culprit due to lack of evidence in cybercrime sequences.
Our academic experts are ready and waiting to assist with any writing project you may have. From simple essay plans, through to full dissertations, you can guarantee we have a service perfectly matched to your needs.View our services
All the other crimes have got proper management and preventive measure taken by the government. It is only cybersecurity which doesn’t have any proper management system or preventive measures. Common people are unaware of the attacks that can happen and what the consequence can be. Despite this government just responsibilise individuals for a crime committed through their devices. People should actually put pressure on the government on this scenario as innocent people should not be responsibilized for the crime they have not committed. Proper management and regime should be taken by the government. They should do a proper investigation on the crime committed rather than just responsibilizing the owner of the device. Proper rules and study on crime should be done by the government to create awareness among common people. The government should also open call centers for helping common people in overcoming the situation of cyber-attacks. All these steps can reduce the attack and people can make sure to an extent that they are safe from cyber crimes. Responsibilization is not exactly a solution for the cybercrimes happening in this current world. A right approach to this growing threat can make a great change in the cybersecurity among all people around the world.
- Bertrand, M. and Hannah-Moffat, K. (2002). Punishment in Disguise: Penal Governance and Federal Imprisonment of Women in Canada. Contemporary Sociology, 31(6), p.768.
- Biebricher, T. (2011). (Ir-)Responsibilization, genetics, and neuroscience. European Journal of Social Theory, 14(4), pp.469-488.
- Choo, K. (2011). The Cyber Threat Landscape: Challenges and Future Research Directions. SSRN Electronic Journal.
- Dray, J. (1988). COMPUTER SECURITY AND CRIME: IMPLICATIONS FOR POLICY AND ACTION. Office Technology and People, 4(3), pp.297-313.
- Hern, A. (2019). Who is to blame for exposing the NHS to cyber-attacks?. [online] the Guardian. Available at: https://www.theguardian.com/technology/2017/may/15/who-is-to-blame-for-exposing-the-nhs-to-cyber-attacks [Accessed 5 May 2019].
- Kröger, W. (2008). Critical infrastructures at risk: A need for a new conceptual approach and extended analytical tools. Reliability Engineering & System Safety, 93(12), pp.1781-1787.
- Lentz, S. and Chaires, R. (2007). The invention of Peel’s principles: A study of policing ‘textbook’ history. Journal of Criminal Justice, 35(1), pp.69-79.
- Leukfeldt, E. and Yar, M. (2016). Applying Routine Activity Theory to Cybercrime: A Theoretical and Empirical Analysis. Deviant Behavior, 37(3), pp.263-280.
- MacEwan, Neil Finlay (2017) Responsibilisation, rules, and rule-following concerning cybersecurity: findings from small business case studies in the UK. University of Southampton, Doctoral Thesis, 290pp.
- Muro, D. and Vidal, G. (2016). Political mistrust in southern Europe since the Great Recession. Mediterranean Politics, 22(2), pp.197-217.
- TechCrunch. (2019). New York City is launching public cybersecurity tools to keep residents from getting hacked – TechCrunch. [online] Available at: https://techcrunch.com/2018/03/29/nyc-secure-new-york-cybersecurity-app-de-blasio/. [Accessed 5 May 2019].
- Pfleeger, S. and Caputo, D. (2012). Leveraging behavioral science to mitigate cybersecurity risk. Computers & Security, 31(4), pp.597-611.
- S. Horgan, B. Collier (2017). Barriers to “Cyberaware” Scotland. Scott Justice Matters, 4 (3) (2017), pp. 19-20.
- Renaud, K. (2016). How smaller businesses struggle with security advice. Computer Fraud & Security, 2016(8), pp.10-18.
- Srinivas, J., Das, A. and Kumar, N. (2019). Government regulations in cybersecurity: Framework, standards, and recommendations. Future Generation Computer Systems, 92, pp.178-188.
- Subashini, S. and Kavitha, V. (2011). A survey on security issues in service delivery models of cloud computing. Journal of Network and Computer Applications, 34(1), pp.1-11.
- Torten, R., Reaiche, C. and Boyle, S. (2018). The impact of security awareness on information technology professionals’ behavior. Computers & Security, 79, pp.68-79.
- van der Walt, E., Eloff, J. and Grobler, J. (2018). Cyber-security: Identity deception detection on social media platforms. Computers & Security, 78, pp.76-89.
- Voiskounsky, A. and Smyslova, O. (2003). Flow-Based Model of Computer Hackers’ Motivation. CyberPsychology & Behavior, 6(2), pp.171-180.
- Wakefield, A. and Fleming, J. (2009). The Sage dictionary of policing. Los Angeles: SAGE.
- Zheng, Y. (2015). Encyclopedia of mobile phone behavior. Hershey, PA: Information Science Reference.
Cite This Work
To export a reference to this article please select a referencing stye below:
Related ServicesView all
DMCA / Removal Request
If you are the original writer of this essay and no longer wish to have your work published on UKEssays.com then please: