Personal, legal, and group recognition is essential to individual uniqueness within society. The state names a person based on their accumulated documents such as passports, birth certificates, and credit reports. These designators and other relevant tokens such as Social Security Number (SSNs) can easily be stolen in cyberspace. According to Thomas (2018), 13 million people were victims of identity theft in 2013; this figure grew by 49% by 2016. Such a breach of data has caused significant financial deprivation to companies and individuals. According to Kuo-Chung et al. (2020), “2013 to 2015 is $188 for 2013, $201 for 2014 and $217 for 2015” (p.18). The research problem is, although measures are being taken by the government and other entities to make digital platforms secure, an increased prevalence of stealing recognition details by hackers. This paper covers the factors leading to identity theft, the challenges to individuals and organizations, and potential solutions, respectively. The data breach is one of the crimes which causes many systematic damages, both financial and non-financial.
Discussion of Challenges
There are many forms of cybercrimes, including bullying, hacking, phishing, intellectual property abuse, and the intentional sending of computer viruses. This paper is, however, limited to identity theft within the computer space. According to Shulzhenko & Romashkin (2020), 15% of people who use the Internet have at one point in their life encountered fraudsters and lost their personal information. In the United States, from 2014 to 2016, 800,000 passwords were lost, and 12 million accounts were stolen (Shulzhenko & Romashkin, 2020). Similarly, Li et al. (2018) report that 6.05 billion pieces of personal data were disclosed in China. The cost of such crimes ranges from financial misappropriation to systemwide risk where multiple people and organizations connected through the Internet of Things (IoT) are negatively affected.
One of the challenges in the issue of theft is that there are multiple ways that hackers are now using to defraud their prey. The intruders who use phishing focus on fishing sensitive information through some weak email links to unsuspecting users. Perpetrators are also capable of cloning webpages to misdirect users and cause them to surrender vital details of their targeted accounts (Selby et al., 2017). When multiple users are the target, automated tools such as the hypertext preprocessor (PHP) can send scam emails to more than one thousand individuals. In some cases, the criminals can call or send text messages under pretense that they are authorized by a company.
Most people who access online services do not have the expertise to identify suspicious activities; hence they can easily become victims. The negative implication for organizations exceeds that of individuals since the company not only loses money and critical infrastructure but also their reputation (Kuo-Chung et al., 2020). Since spammers are becoming more sophisticated in their strategy to intrude privacy of companies and individuals’ better approaches to security are needed.
Connectivity of devices and information between multiple stakeholders is also a significant issue in cyber criminality. In the modern world, IoT has streamlined business processes by ensuring that vendors are connected with partners, suppliers, customers, among others (Selby et al., 2017). The issues with such interaction are that when the security of one stakeholder is compromised, then then the entire system is at risk of experiencing fraud (Cuadrado-Gordillo & Fernández-Antelo, 2020). For example, a hacker who is targeting the identity of the finance manager of a company may do so by stealing the name of a trusted supplier. By the time the former realizes that he has been dealing with a fraudster, some systemwide losses have already been incurred. When working on a platform with multiple users, it is important for each individual to have the competencies of securing their end.
The identity thieves are, in some cases, people who are close such as relatives and colleagues, which makes it difficult to suspect their crimes. A person is most likely to suspect an outsider for stealing than people within their close circles. Interestingly, Kuo-Chung et al. (2020) state that more breaches in the company were found to emanate from the employees and not the customers. The implication is that people who have some background information already have an advantage when stealing. To avoid suspicion, the person may liaise with other hackers and provide details such as passwords to facilitate the crime. Identifying such breaches on time has proved difficult for most organizations. There is also the challenge of lack of vigilance on victims who easily cooperate with the perpetrators. Most legitimate account holders share their financial information carelessly and neglect their account passwords or computers. In some cases, the computer software is not protected by up-to-date antispyware and antivirus.
Globalization also poses a challenge in identity theft because the intruders liaise with people in other countries who are not liable to the state laws. The perpetrators within the United States may be working with a larger criminal network located in multiple cities across the world (Cuadrado-Gordillo & Fernández-Antelo, 2020). This is a challenge because charging non-citizens or even identifying their whereabouts can be difficult unless there is international cooperation (Shulzhenko & Romashkin, 2020). Some legal enterprises have also been involved in stealing the private information of their customers and employees. For example, Li et al. (2018) state that in November 2017, Uber acknowledged that it hacked personal data of at least 57 million drivers and customers. Such a complex system of criminals makes prosecution impossible hence the need for proactive strategies.
The perpetrators operate with multiple identities and the law enforcement agencies do not have a uniform standard for reporting such cases. The hackers are wired to use all the necessary techniques to enable their activities to be untraceable. A cyber identity thief may use nicknames, actual specifications, multiple stollen documents all in achieving one illegal errand (Selby et al., 2017). During investigations, the confusion will occur as the law enforcers will open investigations for different people when they are looking for one person.
Another issue is that there is no standard documentation of case files involving online stealing. Some cases are reported to the consumer protection agencies such as Equifax while others to the police. Without cooperation, each party may have half information, which, when merged, can lead to capturing of the thieves, but they keep working alone. Combined, multiplicity of hackers’ identity and lack of cooperation between the legal authorities makes the process of identifying the criminals challenging.
Discussion of Solutions
In seeking solutions, it is crucial to focus on preventive measures while minimizing the need for punitive measures. As discussed in the previous section, most cases of cyber identity theft are challenging to trace, yet the individual and systemic effects are devastating. The procedures of looking for the criminals is also time-consuming. Therefore, most of the recommendations that will be provided seek to make it difficult for hackers to intrude privacy without being caught.
Computer users must ensure that they protect their electronic devices with robust software and updates as per manufacturers’ instructions. When a malicious application is installed in a machine, it provides the criminals with the key to intrude. It is also vital to ensure that the operating systems for the laptops are functioning correctly. Purchasing from original developers who can provide the right licenses is also important to get continuous information to be protected from potential cyber-attacks. Improvements can also be added by installing antispyware and antivirus from credible suppliers. The focus is to ensure that there is no room left for hackers to send any malware since it will be scanned and rejected.
Restriction on accessibility is also an important preventive strategy against identity theft in the cyberspace. It is important that the secret key is complex (includes letters, punctuation marks, and numbers) and difficult to guess even by close acquaintances. Using the same watchword on all accounts may be easy to remember and risky because if one system is hacked, then the same security detail can be used to log in to other sites. Whenever possible, two-factor verification should be used so that even when the access details are stolen, it will not be sufficient to guarantee entry. In IoT, Asharf et al. (2020) suggests that an intrusion detection system can be integrated to avoid crimes progressing for a long time before being identified. Setting up alerts for any relevant activities such as log-ins from a different device or withdrawal of money is also important in ensuring that illegal transactions are identified within the shortest time.
Organizations should educate their stakeholders on how to recognize spam and scams and take the necessary precautions. Some phishing attempts on social networks and email addresses can appear legitimate and difficult to recognize. However, some training can help people to know the links that are not secure and avoid clicking on pop-ups that appear on mail. Also, it is important for individuals to be warned against submitting personal information through phone calls or text messages that they did not initiate even if the caller appears to be an official of a company. Such basic knowledge ensures that users can decline suspicious requests, which results in cybercrimes.
Buying insurance for the critical infrastructures, computers, software, and users of information technologies is also important. There is a possibility that even after following all the preventive guidelines, the hackers still find a way to intrude and cause harm. To avoid unrecovered losses, organizations and even individuals can secure their information. In their study, Mukhopadhyay et al. (2019) proposed that the cyber-risk assessment and mitigation (CRAM) model can be used in assessing risk and calculating the net premium that can be charged for each system. When a user loses critical information or incurs losses due to cybercriminals, they can ask for compensation. This method is suitable as it allows many people to come together and contribute to a pool so that when one of them is affected, they do not have to start over.
Organizational policies on cybersecurity are needed to prevent breaches and enhance safety. At the company level, the head of information technology can provide directions on the rules such as the active bundle and cryptography, to protect data (Tri et al., 2019). A hierarchy for information and devices access should be in place so that the most vital systems are used by minimal number of people. In the case where a firm has the bring your own device (BYOD) policies, there should be standards for operation. For example, all the tablets and laptops used for business operations should be protected against viruses. The policies should be designed to protect all stakeholders since a single intrusion can affect the entire system.
Laws on online identity theft need to be reinforced both at the national and the international level. The constitution should have a clause that allows charging fraudsters with intrusion with and intention of commit an offense. The police and investigation officers who are tasked with enforcement must have academic certification in computer science or related disciplines. Given that the spammers can operate in sophisticated networks globally, it is important to have regional regulations. For example, according to Cuadrado-Gordillo & Fernández-Antelo (2020), the European Union (EU) have agreed on similar practices in combating crime. Also, the Organisation for Economic Cooperation and Development has set aside expert committees to tackle computer crimes. Worldwide collaboration and the policies of individual companies have a higher potential to succeed in enforcing regional cybersecurity.
Conclusion
Identity theft within cyberspace has become a common yet costly crime for individuals and organizations. The fraudsters often have different intent in stealing the names, including committing fraud or withdrawing victims’ money. Spammers have become more sophisticated in their operations and networks, thus posing a significant challenge to computer users. Issues also arise due to the recklessness of users in keeping private data. The solution is for every person to be vigilant in taking security measures such as hard to guess passwords, standard software and operation systems, insurance cover, and policies. Continuous research and innovation of new strategies are still needed to reduce the cases of cyber offenses.
References
Asharf, J., Moustafa, N., Khurshid, H., Debie, E., Haider, W., & Wahab, A. (2020). A review of intrusion detection systems using machine and deep learning in internet of things: Challenges, solutions and future directions. Electronics, 9(7), 1177-1184. Web.
Cuadrado-Gordillo, I., & Fernández-Antelo, I. (2020). Connectivity as a mediating mechanism in the cybervictimization process. International Journal of Environmental Research and Public Health, 17(12), 4567-4572. Web.
Kuo-Chung, C., Yu-Kai, G., & Shih-Cheng, L. (2020). The effect of data theft on a firm’s short term and long-term market value. Mathematics, 8(5), 808-905. Web.
Li, X., Yang, Y., Chen, Y., & Niu, X. (2018). A privacy measurement framework for multiple online social networks against social identity linkage. Applied Sciences, 8(10), 1-19. Web.
Mukhopadhyay, A., Chatterjee, S., Bagchi, K. K., Kirs, P. J., & Shukla, G. K. (2019). Cyber risk assessment and mitigation (CRAM) framework using logit and probit models for cyber insurance. Information Systems Frontiers, 21(5), 997-1018.
Selby, N., Vescent, H., Chow, E., & Buckley, C. (2017). The cyber-attack survival manual: Tools for surviving everything from identity theft to the digital apocalypse. Weldon Owen Publishers.
Shulzhenko, N., & Romashkin, S. S. (2020). Internet fraud and transnational organized crime. Juridical Tribune Journal 10(1), 162-172. Web.
Thomas, J. (2018). Individual cyber security: Empowering employees to resist spear phishing to prevent identity theft and ransomware attacks. International Journal of Business Management, 12(3), 1-23. Web.
Tri, H. V., Fuhrmann, W., Fischer-Hellmann, K., & Furnell, S. (2019). Identity-as-a-service: An adaptive security infrastructure and privacy-preserving user identity for the cloud environment. Future Internet, 11(5), 116-124. Web.