# 15.6: Security Issues in Electronic Communication

### Learning Objective

1. Identify and discuss challenges faced by companies engaged in e-commerce.

E-commerce has presented businesses with opportunities undreamt of only a couple of decades ago. But it also has introduced some unprecedented challenges. For one thing, companies must now earmark more than 5 percent of their annual IT budgets for protecting themselves against disrupted operations and theft due to computer crime and sabotage (Alexander, 2011). The costs resulting from cyber crimes—criminal activity done using computers or the Internet—are substantial and increasing at an alarming rate. A 2010 study of forty-five large U.S. companies revealed that the median cost of cybercrime for the companies in the study was $3.8 million a year (Ponemon, 2010). And some cybercrimes involve viruses that can spread rapidly from computer to computer creating enormous damage. It’s estimated, for example, that damage to 50,000 personal computers and corporate networks from the so-called Blaster worm in August 2003 totaled$2 billion, including \$1.2 billion paid by Microsoft to correct the problem (Shukovsky, 2011). The battle against technology crime is near the top of the FBI’s list of priorities, behind only the war against terrorism and espionage (Alexander, 2011). In addition to protecting their own operations from computer crime, companies engaged in e-commerce must clear another hurdle: they must convince consumers that it’s safe to buy things over the Internet—that credit-card numbers, passwords, and other personal information are protected from theft or misuse. In this section, we’ll explore some of these challenges and describe a number of the efforts being made to meet them.

## Data Security

In some ways, life was simpler for businesspeople before computers. Records were produced by hand and stored on paper. As long as you were careful to limit access to your records (and remembered to keep especially valuable documents in a safe), you faced little risk of someone altering or destroying your records. In some ways, storing and transmitting data electronically is a little riskier. Let’s look at two data-security risks associated with electronic communication: malicious programs and spoofing.

## Malicious Programs

Some people get a kick out of wreaking havoc with computer systems by spreading a variety of destructive programs. Once they’re discovered, they can be combated with antivirus programs that are installed on most computers and that can be updated daily. In the meantime, unfortunately, they can do a lot of damage, bringing down computers or entire networks by corrupting operating systems or databases.

## Viruses, Worms, and Trojan Horses

The cyber vandal’s repertory includes “viruses,” “worms,” and “Trojan horses.” Viruses and worms are particularly dangerous because they can copy themselves over and over again, eventually using up all available memory and closing down the system. Trojan horses are viruses that enter your computer by posing as some type of application. Some sneak in by pretending to be virus-scanning programs designed to rid your computer of viruses. Once inside, they do just the opposite.

## Spoofing

It’s also possible for unauthorized parties to gain access to restricted company Web sites—usually for the purpose of doing something illegal. Using a technique called “spoofing,” culprits disguise their identities by modifying the address of the computer from which the scheme has been launched. Typically, the point is to make it look as if an incoming message has originated from an authorized source. Then, once the site’s been accessed, the perpetrator can commit fraud, spy, or destroy data. You could, for example, spoof a manufacturing firm with a false sales order that seems to have come from a legitimate customer. If the spoof goes undetected, the manufacturer will incur the costs of producing and delivering products that were never ordered (and will certainly never be paid for).

Every day, technically savvy thieves (and dishonest employees) steal large sums of money from companies by means of spoofing or some other computer scheme. It’s difficult to estimate the dollar amount because many companies don’t even know how much they’ve lost.