By Nadrat Mazrui
In computer networking, hacking is any technical effort to manipulate the normal behavior of network connections and connected systems. Cyber hacking and the breach of information systems security is emerging as one of the top risks to the business sector. A hacker is someone who seeks and exploits weaknesses in a computer system or computer network. The very definition of hacking is breaking onto a computer or computer network without permission.
Hackers may be motivated by a multitude of reasons such as profit, protest, challenge, enjoyment, or to evaluate those weaknesses to assist in removing them. Anyone who uses a computer connected to the Internet is susceptible to the threats that computer hackers and predators pose. The impact of computer hacking will vary from a simple invasive procedure to an illegal extraction of confidential or personal information.
Hacking is a crime when the perpetrators access systems without the owner’s permission or knowledge. Computer hacking is often used as a method to commit crimes such as fraud or information theft. The hacking of computers is a crime, which has occurred much more frequently since the inception of the internet leading to a new breed of intellectual pirates. It is often glamorized in films with individuals carrying out different variety of cyber crimes but the reality is far from the case.
Computer hacking pervades global society in the digital age. It is common for businesses to install security systems to keep their properties safe. However, computer hackers can damage company websites, typically with a virus. When hackers gain access to your computer network, they can see everything. Reputation damage can be devastating to a company’s fortunes. It affects organizations in a variety of ways, key among them being defacement seeing as it can hurt a business and show just how vulnerable the system is.
Companies spend mountains of money securing their networks and buying software insurance. The actual cost of hacking however can be difficult to calculate. While it’s true that a hacker may not target your small business, no single enterprise is safe from it seeing as in almost every case, the end goal of a cyber attack is to steal valuable information.
Kenya is experiencing a growing number of cyber crimes. The methods used by cyber criminals and technology keeps changing too quickly. However illegal computer hacking may be, there are varying views on the subjects within the underground community of computer hackers.
There are several widely acknowledged subgroups of computer hackers:
White Hat -These hackers hack onto computers for noble reasons, and often act as security specialist for corporations;
Black Hat -This brand of hackers is what most people commonly think of when they talk of criminal computer hacking. They have malicious intent to defraud, vandalize, or steal;
Grey Hat -As the name suggests, the legality of these hackers is uncertain. While they aren’t normally thought to hack for personal gain or have malicious intentions, the tight rope they walk is what puts them in grey territory;
Script Kittie -This is a derogatory term for a novice who breaks into computer systems by using software written by someone else. They usually have little to no understanding of what they are doing and lastly;
Hactivist -A hacktivist uses their hacking skills for political activism.
Computer hacking affects organizations in a variety of ways, some universal, others specific to the nature of the reason for hacking and the business in question. The direction of hacking, whether the organization hacks or gets hacked also has an effect. Instances of hacking cost organizations considerable amounts of employee time, resulting in the loss of yet more money. While large businesses possess the financial framework to absorb such costs, the loss of revenue and employee time may prove markedly detrimental to small organizations.
Computer hacking often revolves around information. Organizations steal information such as research, business strategies, financial reports and more from one another through hacking operations. Digitized client databases also fall victim to hacking, with hackers stealing names, addresses, emails and even financial information from organizations. Such a loss of information to a small business may cost a competitive edge or the complete loss of a client base, effectively ruining the organization.
On the opposite end of the spectrum, a business participating in computer hacking may gain a wealth of information providing a competitive edge and access to new client bases through the act. Personal or business information gained through computer hacking can serve as leverage in business dealings.
The structure of organizations previously hacked, at risk for hacking or with extensive digital networks requiring protection from hacking often reflects the threat of hacking.
Businesses in such a position employ extensive information technology (IT) teams, which work constantly on creating, updating, developing and improving computer networks and safety to prevent or deter hackers from accessing information. Small businesses with limited budgets may face radical reorganization to cope with such efforts, while new businesses anticipating such preventative measures must work them into the initial business plan.
Organizations in the computer and technology industry may benefit or lose drastically from instances of computer hacking. Independent firms specializing in hacking prevention, software or network development stand to benefit tremendously as the impact of hacking spreads throughout the world. Small businesses in particular may expand operations exponentially if successful in obtaining and retaining a client base. However, a company in this field whose product or efforts fail in the face of hacking face a ruined reputation and thereby the potential loss of a client base and an inability to attract additional clients.
The most sophisticated hackers do not try to penetrate a company’s perimeter defenses, such as firewalls. Instead, they target personal workstations through email, hoping that a careless or distracted employee will click on a bogus link, allowing the hacker entry. This poses a widespread risk, considering the size of business enterprises today and their diverse operations. End-user computers are the weakest spot in most companies’ systems.
Typically, these computers are protected only by antivirus software, and the most sophisticated hackers attack at that point rather than try to work their way through a web server.
Once cyber pirates gain access to a computer system, they typically have the ability and desire to stay there and hide. Their goal is not to snatch information and flee, but to remain secretly entrenched, monitoring the information flow and harvesting ever more valuable intelligence. Hackers can maintain a presence in corporate systems for months without detection, unless a firm takes proactive measures. Companies that rely heavily on communications technology frequently hire outside experts to test the security of their networks. These outside firms, called ‘ethical hackers’, are usually able to penetrate internal networks.
Privacy and confidentiality are bedrock qualities for business enterprises. The theft of confidential information could be devastating to a firm’s reputation, which is their most important asset.
Mechanisms for successfully fighting, tracking and calculating cyber crime losses are not well established in Kenya. Despite efforts by the Government to fight cyber crime, Kenya is still ill equipped as most attacks are committed by staff and are very sophisticated, taking at least 120 days to detect. However, a new cyber-crime law is in the offing, with the draft Bill set for tabling in Parliament for debate by March.
The draft, named Cyber-Crime and Computer Related Offences Bill 2014, is to address offences against confidentiality, integrity and availability of computer data and systems. Kenya however still relies on Central Depositories Act and the Penal Code, among other frameworks, that are not clear with regard to arresting and prosecuting cyber-crime suspects.
“This will go on record as one of the most effective cyber security laws in Kenya as it aims to concentrate on ways of getting electronic evidence against the accused and at the same time focuses on police and prosecution,” says Director of Public Prosecution Keriako Tobiko.
Kenya has for long relied on physical evidence to arrest cyber criminals, a move that has stifled efforts towards reduction of the vice. ICT specialists say that cyber criminals need cyber expert surveillance since it is hard to physically detect both international and local cyber criminals.
In the meantime, simple ways of managing cyber crimes is by making sure company leadership is sensitive to the threat and aware of the importance of constant vigilance. This approach provides an open communications channel from the IT people to senior management and ensures that data security has the attention of the highest level. Another way is to install antivirus programs that protect against known viruses. To be effective, these programs must be centrally managed and updated regularly. Continuous update of spam filters is again necessary if they are to do an adequate job of intercepting unwanted or suspicious email.
As a business it is crucial to develop a response in case the firm’s systems are violated. This should consist of a plan regarding whom to notify if a breach occurs, as well as what actions to take to protect the data, determine who violated the system (and how), and minimize the damage and disruption to the firm. It is important that all staff become sensitive to the threat of an information-security breach and be educated in what they can do to prevent or detect it. A culture of awareness should therefore be developed in the company via ongoing training programs and best practices aimed at protecting information.
While we await the birth of the Cyber-Crime Act, businesses need to be extra mysterious in regards to their online secrets seeing as firewalls are not as safe as they once used to be having recently grown microscopic eyes and ears.
