Businesses and Cyber Threats: How Cyber Crimes Impacts Small and Big Business Organisations

 Businesses and Cyber Threats: How Cyber Crimes Impacts Small and Big Business Organisations

Abstract

Before the era of technology, crimes were committed physically. But these days even after technological advancements, crimes have increased with the help of them. Now cyber crimes are one of the biggest problems in the country. Though cyber crimes have several impacts the biggest impact is that it could even affect the overall economy by causing problems to the businesses. Cyber threats are making influence towards kids, teens, youth, and even aged people. All these threats are widely spoken about by researchers, however the attacks faced by businesses should also be analysed. Therefore this article addresses the various cyber threats faced by businesses, the legal implications and

Keywords: Cyber crimes, Businesses, Cyber threats, IT Act

Introduction

In today’s modern era cyber security is a main concern as the amount of convenience we receive through technology increases. Those accessibility could be used in the favour of illegal purposes also. When it comes to cyber crimes, various kinds of threats are increasing from hacking, malware attacks, data stealing, identity theft, spying, and more that cause financial loss to cyberstalking, bullying, pornography, sextortion, etc that cause threat to loss of reputation. Cybercriminals are often from well structured backgrounds, however some are just normal people.

Even though several cyber criminals are easily restrained or can be punished by law, the damage they cause to victims will be considerably big. By this mode of crime, not only the individuals suffer financial or other personal losses, but businesses also endure issues.

Small to huge companies, and another kind of e-commerce marketplaces are threatened and affected by these cyber attacks. Offenders do this for various purposes like financial advantages, looting and utilising data, spying on to know business secrets, and many more. Despite several legal implications made available by law it is evident that the Cyber threats faced by businesses are at an increasing level.

Businesses And Cyber Attacks

Widespread usage of computer networking made increases in the amount of e-commerce. Regardless of the size of companies, almost every business is utilising the online modes of trade or having their data stored electronically. The use of computers to perform illegal activities against businesses is referred to as cybercrimes in e-commerce. Some Cyber attackers may spread malware to corrupt the systems for crooked means, however some of them execute traditional crimes such as theft, defamation, or deception. In a few cases, Other forms of complicated reasons were behind the attacks such as disrupting the companies to avoid competition, state-sponsored attacks, or other political reasons. According to a report, the cyber attacks on small and medium businesses (SMEs) increased by 508%. [1]

When it comes to companies, high-profile ones also have to bear with these threats and the impacts are huge. The influence of cyber criminals in the commerce field is a concerning issue in society as in several circumstances the victims find it hard to overcome and regain their past position. Even in this digital era, not all folks are taking precautions for these security breaches. According to a report by Cloudflare, only 52% of the people who faced cyber attacks were previously prepared for those attacks. Various cybercrimes against businesses are occurring in current times. Businesses, which are small, medium, or large scale are affected in several ways by this and recent cyber attacks that are faced by renowned companies can also be studied as examples.[2]

Examples Of Cyber Incidents On High Profile Companies

MGM Resorts owns about 31 hotels and casino places globally. It is also a huge online sports betting arm. On September 11, 2023, it was reported that a cyber security breach occurred that made the computer systems shut down. It can be said that a complete outage in the operations occurred as the customers were not able to access their rooms that day, the booking system was down, games were shut down, people could not use their credit cards, and many more issues held. In addition, obviously a huge data theft happened. These security breaches made the incident one of the costliest cyber attacks that estimated a loss of $100 million. The offenders used social engineering techniques to conduct this breach.

 Domino’s, which is a reputed pizza restaurant chain, has also had data stolen. Domino’s India reported that a cyber security breach held 13 TB of data stolen by hackers. The attackers have been attempting to sell the data for about $380,000. On March 24th, 2021 the company disclosed through the mail that they had a data breach.[3]

Air India got their passengers’ data leaked by a cyber attack. The attack caused the information of 4.5 million passengers to be breached. While no passwords have been stolen, other data like name, ticket and credit card data, etc have been leaked.

A critical data breach affected Upstox, which is an Indian investment platform.including some other personal information, a ton of KYC details have been stolen. Hackers demanded ransom payment for the payback of the data that was stolen.[4]

On April 3, 2012  it was found that a data breach from facebook had happened. The breach included the data of 533 million facebook users. In addition to phone number and mail ids, various details like gender, relationship status, etc have been leaked.[5]

Distributed Denial Of Service Attacks

DDoS (Distributed Denial of Service) is an usual form of cyber attack that is made against businesses. The attackers focus on generating high traffic on the website and making it overloaded for disruption of functioning. The crashing of the server will cause the website or e-commerce store to be unavailable for the users. For the transfer of information between the computers, connection between them is required. The Server, before any transfer of information should know which computer it has to send the information to and is required to acknowledge if the computer is ready to receive the information. The DDoS occurs when a ton of requests are received from different IP addresses. This is made purposefully to crash the server and cause issues  to the real users.

Social Engineering Scams

Social engineering is said to be a successful form of cyber attack as this technique is performed by acquiring the trust of the users. It is basically a scam done by deceiving the customers by impersonating the real company and gathering information that should be kept confidential. The cyber criminals who pretend themselves as the employee of a particular company or an officer in a bank will influence the user to disclose the information for official purposes.

For example, the passwords, PINs, credit card details, and one-time passwords are mostly asked to reveal. This form of cybercrime becomes a cause of financial loss for consumers. Companies should spread awareness often about these kinds of security breaches. Phishing is a form of social engineering in which cyber criminals send malicious content through messages or emails that come with a link. When the link is clicked and the users reach the webpage, it may cause theft of their sensitive information. While literate people will be cautious of these attacks, most of the time ignorant ones fall into traps.

 Refund/ Return Fraud

Both physical and e-commerce sellers face this issue of refund fraud. However online business retailers are more vulnerable to this fraud. In the refund or return scams, the customers deceive a business by claiming that their products were delivered defective and demanding a refund. The fraudulent practice will lead the companies or marketplaces to financial loss. Keeping more strict return and refund policies is the way for e-commerce sellers to protect themselves from these scams. Large-scale companies are also deceived by this method of scam.

Amazon, which is a major e-commerce website, filed a case against the scammer based in Bangalore for creating a group for fake return services. People ordered expensive products and gadgets, then got refunded by deceiving the website as they have returned it. In this way, the scammers keep both the refund and the products. This technique was discovered by a former employee of the company and through investigation, it’s discovered that products worth 20.34 lakhs and 2.5 lakhs cash have been captured.[6]

Ransomware Attacks

The most common cyber threats that are hard to overcome are ransomware attacks. This cyber threat is done by encryption of company data that leads to the non-accessible condition of the data by the owners. Thus the businesses are forced to pay a huge sum to get their access back. About 71% of ransomware attacks are targeted at small businesses according to reports. Healthcare sectors are also majorly affected. In some cases, the business’s failure to pay ransom leads to disruption of its function and a high amount of losses.[7]

Cyber Crimes Against Intellectual Property

One of the most valuable things cyber criminals could theive is the trade secrets of the businesses. Intellectual property can be defined as the rights that are given to companies or an individual for their innovative discoveries. The right can protect their own and original inventions from usage by other parties. IP rights include rights such as trade secrets, patents, trademarks, copyrights, etc.

According to the FICCI report the top three threats in India are Intellectual property theft, cyber security attacks, and accidents. Intellectual property theft through cyber ways is a concerning issue. Theft of intellectual property by hacking is a new threat that menace the businesses and marketplaces. Cybercriminals mostly use malicious software to access other company’s data. Several cases come under state-sponsored cyber attacks. Cyber attack events by Chinese hackers have been common in this field. Australian mining technology company “Codan” was hacked by accessing their employee’s laptop. Their designs were stolen through this method which caused their annual profit to go from $45 million in the previous year to $9.2 million in June 2014.

Every year hackers steal up to $160 billion worth of intellectual property from Western companies. The critical loss that is faced by businesses due to the theft of intellectual property is the loss of reputation. The reputation of a company is an essential element of the trade and competitors  do these cyber attacks to make them lose it.[8]

Cybersquatting refers to the use of already registered trademarks as domain names Cybersquatters illegally use the domain for their websites without approval from the owner of the trademark. In addition to it, a number of them even try to ransom the trademark names. The oldest case is that a website consisting of a domain named ‘whitehouse.com’ diverted people from the original website ‘whitehouse.gov’.

In the USA, Anti Cybersquatting Consumer Protection Act 1999 is the law against this offence. India doesn’t have specific legislation for Cybersquatting however, the trademark laws give protection from this. In India, the first Cybersquatting case was Yahoo Inc. v. Akash Arora. In this case, the court gave an injunction order to the defendant who used the trademark name of Yahoo company for their domain. Despite the fact that they used the name ‘India’ with it, the verdict was in favour of the plaintiff as it is an infringement and confusing for the users.

Important Cases Where Cyber Crimes Affected Businesses

SMC Pneumatics (India) Pvt. Ltd. vs. Jogesh Kwatra

In this case, the plaintiff is a company which filed suit against the employee who sent emails that were obscene, vulgar and insulting that were defamation for the corporation. Those kinds of mails were sent by the defendant to the employers as well as the different subsidiaries of the company all over the world. As is clearly done in the intention of spoiling the reputation of the company, the court ordered an injunction against the defendant’s activities of sharing the defamatory mails. This is the first case of ‘cyber defamation’ in india.[9]

Poona Auto Ancillaries Pvt. Ltd, v. Punjab National Bank, HO New Delhi

The plaintiff Manmohan Singh Mataru, had an account in Punjab National Bank. He got scammed by fraudsters who stole Rs. 80.10 lacks from his account. He asked the bank to pay back the amount of rupees scammed from his account. Fraudsters used phishing to gain the information. The bank was also found negligent as it failed to do security checks.[10]

Kumar v. Whiteley

The accused, N G Arun Kumar caused the loss of Rs. 38,248 to the subscribers of BSNL. He accessed the Joint Academic Network (JANET) and altered the data of the users in the system. By unauthorisedly using broadband internet pretending to be legit users, this crime was committed. He was liable under section 420 of IPC and section 66 of IT Act.[11]

sony.sambandh.com case

A website called sony.sambandh.com was run by Sony India company. The site is focused on NRIs as it enables them to purchase and send the products to India by delivery. Customers pay through online after purchasing. A person named Barbara bought products from the site to deliver it to ‘Arif Azim’ who’s based in India. She gave the credit card details for the payment for what she purchased. The company delivered it to the prior address and sent the proof of delivery, then ended the transaction. However, after a few days the credit card company stated that the transaction was fraudulent as the real owner of the credit card denied that he didn’t make the payment. The company filed suit against the scammers under the section 418, section 419 and section 420 of Indian penal code and the defendant was found guilty.[12]

Nasscom vs. Ajay Sood & Others

The defendant of the case is a firm which specialises in recruitment. Nasscom, which is a major software association in India filed this case against the placement firm. Defendant used the trademark name of Nasscom as they sent emails to others in the name of Nasscom. They used the name and sent emails for the reason for collecting personal data that may be used for their headhunting purposes. This infringed the trademark rights of the plaintiff and an ex parte and interim jurisdiction were ordered by the court. In this case, the court held that one who commits phishing is liable for damages and injunction as it is illegal.[13]

Legal Framework In India

Legislation for cyber crimes includes the acts and rules such as Information Technology Act 2000, Information Technology (Certifying Authorities) Rules 2000, Information Technology (Security Procedures) Rules 2004, Information Technology (Certifying Authorities) Regulations 2001, The Indian Evidence Act 1872, The Indian Penal Code 1860. Various Intellectual property Laws are also applied when the infringement of IP rights occurs.

 The IT Act is an important law which deals solely with cyber crimes. Some sections under the Act are,

  • Section 65 – intentionally destroy, conceal, or concealing any computer source code is punishable by upto 3 years imprisonment or with a fine of Rs.2 lakhs or with both
  • Section 66 – hacking with computer systems and modification of data with intention of causing loss or damage. It is punishable upto 3 years imprisonment, or with a fine that
  • may extend upto 2 lakhs rupees, or both.
  • Section 66A – sending messages that are offensive or has threatening characters through computer in the intention of causing inconvenience, hatred, disgust, danger, etc such crimes are also punishable upto 3 years of imprisonment along with a fine.
  • Section 66 B – knowingly receiving stolen computer’s resources or communication. For this offence it could be sentenced either description for a term that may extend upto 3 years of imprisonment or with a fine of rupee 1 lakh or both.
  • Section 66D- Cheating by personation by the use of computer’s resources is punishable by upto 3 years of imprisonment along with a fine that may extend upto rupee 1 lakh.
  • Section 66C – identity theft is a crime which is done by either using a person’s digital signature, password or other identification.

Other few important sections of IT Act[14] that deals with crucial issues are,

  • Section 67A – Spreading materials that contains sexually explicit contents
  • Section 70 – Unauthorised access to
  • protected system.
  • Section 72 – Breach of confidentiality and privacy.
  • Section 74 – Publication for fraudulent purpose.

IPC deals with some cyber crimes as it is stated in

  • Section 379 – deals with the crime of theft, where the offenders also steal data by hacking or any other cyber methods.
  • Section 420 – Cheating, dishonesty acquiring property delivery.
  • Section 463 – email spoofing
  • Section 465 – forgery, and other sections to deal crimes such as stalking, sales of obscene materials, etc.

National cybersecurity policy is adopted by the Ministry of Electronics and Information Technology with the motive of increasing security in cyberspace and building more trust in the IT sector. This will help using Information Technology in a safe and better way possible. The policy aims to provide a facility of safe computing and extend more confidence in e-transactions.

Cyber Swachta kendra is the step taken by the government to clean botnets and malwares. It is started by the National cybersecurity policy to increase security in IT infrastructure. 

Precautions To Strengthen The Cyber Security

  • Securing wifi networks– it is important to keep the wifi networks of the workplaces encrypted and hidden. It is to be made sure that the network name is not broadcasted openly.[15]
  • Regularly backing up the data- The data should be backed up on a regular basis. Data like financial files, human resource files and accounting files have to be back-uped in cloud storage.[16]
  • Training the employees- Employees of the business organisation can be often deceived by phishing emails. It’s reported that about 3.4 billion phishing emails are sent globally. As these contain malicious contents, it has the risk of the company’s data being stolen. Thus it is important to educate them about these attacks.[17]
  • VPN- Vpnshould be used when the operations are done by accessing outside data networks or public wifi.[18]
  • Security policies- making policies and implications for the threats that are likely to be faced. Acces of company devices can be strictly regulated.[19]
  • Checking the dark web- This method is highly suggested to get knowledge of whether any of the organisation’s data is being stolen and leaked. This kind of hacked data is majorly leaked in dark webs, thus it should be scanned.

Conclusion

A common assumption is that cyber incidents mainly cause impacts in social or emotional aspects. It is because many cyber crimes are happening by targeting women and children. It is indeed true that the country is focused on the welfare of society. However economic welfare is also important for a welfare Nation. Cyber crimes cause more economic effects than expected. Therefore cyber issues faced by businesses irrespective of small e-commerces or large scale ones should be studied in a deep manner. Proper enforcement of laws should be done by the state as well as the business organisations should focus on following the precautions to cope with this modern problem.

References

[1]https://timesofindia.indiatimes.com/technology/tech-news/less-than-5-companies-globally-have-mature-level-of-readiness-to-fight-cybersecurity-risks/amp_articleshow/108852197.cms

[2]https://timesofindia.indiatimes.com/gadgets-news/over-80-indian-companies-hit-with-cyber-attacks-last-year-report/amp_articleshow/103394017.cms

[3]https://m.economictimes.com/tech/technology/india-most-targeted-country-by-cyber-attackers-report/amp_articleshow/104989856.cms

[4]https://www.crn.com.au/news/australian-company-devastated-by-chinese-hacking-ip-theft-405725

[5]https://expertinsights.com/insights/the-top-5-biggest-cyber-security-threats-that-small-businesses-face-and-how-to-stop-them/

[6] https://www.upguard.com/blog/reduce-cybersecurity-risk


[1] Annapurna Roy,State-sponsored cyberattacks against India up 278% in three years, The Economic Times, (Dec.16,2023, 7:00 PM), economictimes. indiatimes.com

[2] Over 80% Indian Companies Hit With Cyber Attacks Last Year: Report, Gadgets Now, (Dec.16,2023, 6:58 PM), timesofindia.indiatimes.com

[3] Lawrence Abrams,Domino’s India discloses data breach after hackers sell data online ,Bleepingcomputer (Dec. 19,2023, 5:19 PM),

Bleepingcomputer.com

[4] Serious data breach at upstox, Keller postman UK Data Breach (Dec.19,2023, 3:17 PM), kellerpostman-databreach.co.uk

[5] Facebook data breach 2021: Details of 533 million users leaked, what we know so far,CNBC TV 18 (Dec .19,2023, 4:00 PM),

cnbctv18.com

[6] Refund scam: Amazon’s internal probe on iPhone purchases leads to student’s arrest in Bengaluru, The Indian Express (Dec. 19,2023, 12:06 PM), indianexpress.com

[7] Joel Witts, The Top 5 Biggest Cyber Security Threats That Small Businesses Face And How To Stop Them, Expert Insights (Dec.18,2023 ,11:47 PM), expertinsights.com

[8] Reuters staff, Australian company devastated by Chinese hacking, IP theft, CRN Australia (Dec.18, 2023 ,3:31 PM), crn.com.au

[9] Smc Pneumatics (India) Pvt. Ltd v. Shri Jogesh Kwatra on 12 February, 2014

[10] Poona Auto Ancillaries Pvt. Ltd., Pune v. Punjab National Bank, HO New Delhi & Others (2013)

[11] Kumar V. Whiteley, [1991] 93 Cr. App rep 25.

[12] CBI v. Arif Azim (Sony Sambandh Case) (2013)

[13] Nasscom v. Ajay sood & others ,119 (2005) DLT 596

[14] Information Technology Act, 2000 ,No.21, Act of parliament, 2000 (India)

[15] Cybersecurity for small businesses, Federal communications commission (Dec.20,2023, 5:13 PM), fcc. gov

[16] Strengthen your cybersecurity ,SBA (Dec .20,2023,5:19 PM), sba.gov

[17] Axel Sukianto ,10 Ways to Reduce Cybersecurity Risk for Your Organization,UpGuard (Dec.20,2023 ,6:38 PM), upguard.com

[18] Protect Your business online, NI Business Info (Dec.20,2023 ,6:56 PM),nibusinessinfo.co.uk

[19] Protect your company from cyber attacks, Mass.gov (Dec.20,2023 ,6:56 PM)


Author: Adhila Fathima, a BA LLB Student at Chennai Dr.Ambedkar Govt. Law College, Pudupakkam.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *