Globus An International Journal of Management & IT

A Refereed Research Journal

Vol 8 / No 2 / Jan-Jun 2017 ISSN: 0975-721X

A COMPARATIVE STUDY OF CYBER THREATS IN EMERGING

ECONOMIES
*
Dr Ruchika Gupta
**
Dr S.P. Agarwal
Abstract
With the ever increasing population of netizens in
the world, the cyber threat is also growing in
frequency and variation. Cyber threats include
cybercrime, cyber terrorism, cyber espionage,
cyber warfare etc. These threats pose a wide
range of risks for economies like identity theft,
financial losses, destroyed network infrastructure
and breach of confidential information. This
paper carries out a comparative assessment of
cyber threats in the world’s most lucrative
targets- the BRICS nations which are emerging
economies and at higher risk of cyber attacks.
The paper focuses mainly on the factors which
makes them vulnerable targets of such attacks as
well as on the impact assessment of such attacks
on these economies. While the impacts of these
threats cannot be over emphasized,
recommendations were proposed on how these
threats can be minimized if not totally eliminated.
Keywords- Cyber Threat, Cyber Attacks, BRICS
Introduction
Cyber threat looms as the 21st century’s most
vexing threat which arises from a variety of sources
like hackers, terrorists, criminals, insider groups,
and foreign nations. It challenges governments,
business and individuals worldwide. Moreover, it is
gradually becoming cheaper to instigate cyber
attacks while the cost of security frameworks are
raising. This expanding asymmetry is the game
changer. The research from HP Arc Sight (2011)
demonstrates that cyber attacks on big
organizations are becoming more frequent, and
additionally creating more issues for the
organizations whose frameworks they attack.
Furthermore, these threats have become more
sophisticated and multi dimensional, as we have
integrated into a networked global economy and
relying heavily on technology. This is the reason
different financial institutions, regulators and
government tend to put cyber security on top of
their priority list. As per the World Economic
Forum Report: Global Risks Report (2007-14), in
terms of likelihood, cyber attacks have been ranked
fourth out of the top five global risks for the year
2012 and 5th in the year 2014. The top 5 risks from
the year 2007 to 2014 are shown in Figure 1.

Fig. 1: Top 5 Global Risks in Terms of

Likelihood
Source: World Economic Forum
Report-Global Risks 2014

*Associate Professor, Amity Business School, Amity University, Greater Noida (UP)
**Senior Professor, Civil Engg. Department, Sai Nath University, Ranchi, Jharkhand
24
According to Verizon Data Breach Report (2012),
cyber crimes represent 83% of data breaches
worldwide and nearly 58% of the data stolen
globally was the result of hacktivist activity.
McAfee Report (2009) states that a few nations are
rising as clear wellsprings of dangers to delicate
information, specifically to licensed innovation. It
creates the impression that geopolitical
observations are influencing information strategy
reality, as China, Pakistan and Russia were
identified as inconvenience zones for different
legal, social and financial reasons.
G6 Nations by the year 2050. This subsequently
recommends the vitality of these developing
economies in shaping the global economy in the
near future.
Looking at the future prospects of these emerging
economies, it becomes imperative to assess their
cyber threat landscape so as to suggest ways to
combat these threats before it completely wreaks
havoc on these economies.
III. Objectives of the Study
• To assess the current scenario of cyber threat in
BRICS
• To identify the factors that makes BRICS nations
lucrative targets for cyber crime
• To assess the impact of cyber attacks on these
economies
• To suggest remedial measures to overcome this
problem.

IV. Cyber Threat Landscape of BRICS

Fig. 2: Threat Level of Different Countries
Source: McAfee, Inc. 2009
The developing economies of BRICS nations, in
the last few years have been able to successfully
acquire important and leading positions in the
world economy as potential consumer markets and
producers of goods & services (Cassiolato and
Lundvall, 2005). These five nations experienced
drastic changes in their monetary structure in the
times gone by. This economic growth can also be
witnessed in terms of technological advancement in
these countries. Table 1 gives the advancement of
technology in terms of increased number of internet
users in BRICS.

II. Need for Study Table 1: Internet Users & Population

A security report by Message Labs Intelligence Statistics
(2008), states that emerging economies like BRICS
are at higher risk of cyber attacks. The report Coun Populati Intern Interne Penetra
revealed that Brazil harbored the world’s largest try on et t Users tion (%
share with almost 10% of the global botnets being (2016) Users (2016) of
controlled and operated in the country. Turkey with (2000) Populat
9% and China with 7% stood second and third ion)
respectively while Russia, India and South Africa Brazi 209,567, 5,046,2 139,111 66.4%
were also amongst the top botnet harboring nations. l 920 75 ,185
Russi 143,439, 2,894,6 102,258 71.3%
Despite being the soft targets for cyber threats, the a 832 84 ,256
increasing growth potential of BRICS cannot be India 1,326,80 5,000,0 462,124 34.8%
overlooked. As per the Goldman Sach's Report 1,576 00 ,989
(2003), BRICS have been acclaimed as terrains of Chin 1,382,32 22,500, 721,434 52.2%
extraordinary prospects and advancements. During a 3,332 000 ,547
the period 2001 - 2010, Inter- BRICS trade Sout 54,978,9 2,400,0 28,580, 52%
exchange increased with an average annual growth h 07 00 290
rate of 28% while the total trade among these Afric
nations remained at US $230 billion in 2010. A a
comparative assessment of BRICS with G6 Nations Source: Internet Live Stats
based on factors like currency evaluation, (2016) (www.InternetLiveStats.com)
consumer spending and growth rates revealed that
the BRICS have been anticipated to outshine the

25
BRAZIL: - Brazil is alleged for being a primary
wellspring of botnets – i.e., networks of
programming robots run independently either to
deny services or circulate malicious code. As
surveyed by Price Water House Coopers (2012),
Brazil's heightening digital capacity has
encouraged a cybercrime blast that cost Brazilian
organizations, primarily financial institutions, more
than $1 billion in 2011. The nation's cybercrime
environment is fueled by a larger segment of
population earning higher wages and conducting
their business and personal transactions online.

RUSSIA:- Given Russia's abundance of tech-savvy

people who have restricted outlets for their
proficiency, it is not bewildering that hacking and
other cyber crimes are very common there. The
majority of the cyber crimes in Russia are intended Figure 3: Cyber Crimes over a Decade in India
with financial motives, for example, phishing, Source: NCRB (National Crimes Records
credit card forgeries and extortion. The Beaureau)
predominance of media reporting on cyber crime
incidents from Russia lately has hooked on As per the recent report of ICERT, number of
Russia's- assailant versus Russia-as-target. cyber security incidents keeps on multiplying.
Momentous among these have been the Distributed Within the first quarter of 2016, almost 8,000
Denial of Service (DDoS) attacks during 2007 and websites were reported to be hacked and nearly
2008 contrary to Georgia & Estonia, both of which 13,851 spamming violations have been reported.
were exceptionally compelling in upsetting system
operations in those nations.

INDIA:- In India, the current Cyber Defense is

deficient and far from satisfactory. In the present
structure around 12 stakeholders are included in
securing the Cyberspace in India. The nodal office
which deals with incidence of cyber crimes is
Indian Computer Emergency Response Team.
Altogether 9,01,19,369 Indian sites were hacked
worldwide in the last three years. Of these, 544
were government, including those of the defense
and various ministries (CERT-IN 2012). Although,
in any of the reported incidents, officials do not
precisely know what data was stolen, yet they
affirm that the prime targets have been the few
sectors like power, banking and aviation.
According to the report of CERT-IN (2012), there Figure 4: Cyber Attacks in India (2011 to 2016)
is multifold build in the number of digital assaults, Source: ICERT (Indian Computer Emergency
from 23 in 2004 to 10,315 in 2010 and 13,301 in Response Team)
2011.
In addition, around 13,083 fraud cases related to
Furthermore, over the last decade (2005-14) cyber ATMs, Credit/ Debit cards have been reported and
crime incidents have increased 19 times from 481 11,997 fraud cases related to internet banking have
in 2005 to 9,622 in 2014. Similarly, number of been reported by Banks in India during 2014-15.
arrests in such incidents also increased from 569 in Such incidents results in huge loss for the country.
2005 to 5,752 in 2014 which is also 9 times. As per As per the report commissioned by Delhi High
the NCRB data India ranks third as source of Court, such loss was around $4 billion (Res. 24,630
“malicious activity” on internet and also second as crores) in the year 2013. According to World Bank
source of ‘malicious code’. The first two positions Report, the global cost of cybercrime was
are hold by US and China respectively. anticipated between $375 billion to $575 billion for
the year 2014.

26
CHINA:- In 2011, around 8.531 million computers
in China were assaulted by rogue programs on a
daily basis, which represented 5.7% of every day
networked workstations, arriving at a development
rate of 48% in contrast to the year 2010. As per a
survey report distributed by China's Software Test
Center, a sample of bank sites got just 31.98
focuses (the full check is 100 focuses) in an
assessment review, which was the lowest score.
Likewise, another similar survey demonstrated that
60% of 2500 persons had their individual data
stolen; more than 66% of them concurred that we
ought to increase deliberations to battle the illicit
conduct.
SOUTH AFRICA:- As indicated by the report as
of Norton Cyberzone for 2012, South Africa stood
third in terms of increasing cyber incidents after
Russia and China. Comprehensively, the report
uncovers that there are around 556 million
casualties of cyber crime every year, which is equal
to around 1.5 million cybercrime exploited people
every day. The worldwide value relating to
consumer cybercrime victims far and wide is
around $110 billion.
V. Factors That Makes Brics Lucrative
Target for Cyber Attacks
A detailed comparative assessment of cyber threat
landscape of BRICS revealed various factors that
make these emerging economies lucrative targets
for cyber attacks. Some of these factors which
commonly apply to these 5 economies are as
follows:-
• Growing internet access thereby increasing the
vulnerabilities
• Lack of awareness about such threats
• Next to negligible laws regarding cyber attacks
• Lack of cyber law experts and cyber cells
VI. Impact of Cyber Attacks on Economy: An
Assessment
Estimating the extent and impact of cyber attacks
on economies is vital for the government at large so
as to restrain these kinds of incidents. But the
biggest challenge here is estimating the real impact
of cyber attacks in an environment in which people
lack awareness and information regarding these
incidents. In India specifically, it has been found
that most of the incidents go unreported. In such a
scenario, it is difficult to get an accurate picture of
the gaps in the control systems. In the absence of
reliable and accurate data about the cyber attacks, it
is difficult for organizations to accurately predict
the cost of cyber risks they are prone to. If the risks
are poorly predicted, it becomes difficult to decide
how much money should be allocated for securing
their digital assets. Even if they do allocate budgets
27
for cyber security, there are no standard methods to
analyze the effectiveness of such spending.
To address the complexity of cyber attacks impact,
which is one of the objectives of this study, we
propose a causal model- Impact Assessment
Matrix. This model provides a simple framework to
assess the impact of cyber attacks taking into
consideration various financial and non-financial
components that need to be counted in estimating
losses from cyber attacks.
For this purpose, we tried to evaluate the impact of
cyber attacks from various dimensions and the
possible costs that are associated with each
dimension so as to cover all the possible costs if
not all. The aggregate would help us measure the
total cost of cyber attacks.
Impact Assessment Matrix
VII. Conclusions & Recommendations
The increasing frequency of cyber crime results in
multifold disruption. The threat of cyber crime is
becoming a tougher challenge every day for the
nations to cope up with. Every year billion of
dollars go waste in an attempt to uncover these
crimes with very negligible hope to restrain it
owing to its complex nature. As long as the
financial gains out of these kinds of crimes
outweigh the consequences, it would be difficult to
control. In addition, the number of incidents that go
unreported is another major setback. In order to
fight with the issues of cyber threats, the following
recommendations have been made:-
• Global co-operation: Since cyber threat is a
global issue, it may be difficult for a single nation
to handle the threat single handedly. Moreover,
information systems are highly networked and
cross national boundaries. Hence, it is essential that
nations should join hands together and develop and
practice common resilience programs.
• Law enforcement: Laws have to be suitably
developed for taking care of incidents of cyber
threat. Old laws are inadequate as the issue of cyber
threat was almost non-existent a few decades ago.
Besides developing new and relevant laws,
implementation of such laws has to take place. This
may not be easy and the law enforcement agencies
must have training and required resources to
implement these laws and address cybercrime in
order to keep current on this newest method of
crime fighting.
• Reporting: As already mentioned, many times
cases of cyber crime are never reported. This could
be due to lack of awareness about the laws related
to cyber crime and the lack of an implementation
authority. Clearly, this is related to developing and
implementing relevant laws and making people
aware of these. Any case of cyber attack should be
compulsorily reported to the cyber cells so that the
investigators would have a real picture of the extent
and frequency of such crimes. This would
ultimately pave their way for better understanding.
• End user perspective: Cyber attacks are directly
affecting the end users of information technology.
Hence, end user perspective is of vital importance
in such incidents. Therefore, any provision made in
the law should be carried out keeping in mind their
perspective. A mechanism needs to be developed to
determine end user perspective.
References
1. Chun-Yao Tseng (2009), “Technological
Innovation in the BRIC Economies”,
Research- Technology Management, March-
April, pp. 29-34.
2. Mukhtar Ahmad Sofi (2014), “Cost of Cyber
Crimes and Information Insecurity in India”,
International Journal of IT, Engineering and
28
Applied Sciences Research (IJIEASR), Oct,
Volume 3, No. 10.
3. Ernst. H (2001), “Patent applications and
subsequent changes of performance: Evidence
from time-series cross-section analyses on the
firm level”, Research Policy 30, pp. 143-157.
4. Goldman Sachs (2013), “Dreaming with
BRICs: The path to 2050”, Global Economics
Paper No. 99, New York.
5. Crime in India 2013 statistics, “Report on
Cyber Crime chapter 18”- NCRB report
www.ncrb.gov
6. India Risk survey 2012 Report by FICCI and
Pinkerton - www.ficci.com
7. Norton Cybercrime report-2012 -
www.norton.com/2012cybercrimereport.pdf
8. Cybercrime Survey Report 2014by KPMG
9. “The South African Cyber Threat Barometer-
2012/13” by Wolfpack Information Risk (Pty)
Ltd
10. 15th Annual Computer Crime & Security
Survey 2010/11 by Computer Security
Institute
11. Verizon 2010 Data Breach Investigations
Report
http://www.verizonbusiness.com/resources/rep
orts/rp_2010-data-breach-report_en_xg.pdf
12. Symantec Global Internet Security Threat
Reporthttp://eval.symantec.com/mktginfo/ente
rprise/white_papers/b-
whitepaper_internet_security_threat_report_xv
_04-2010.en-us.pdf
13. Messagelabs Intelligence October 2010
14. http://www.messagelabs.com/intelligence.aspx
15. Ponemon Institute 2009 Annual Study: Cost of
a Data Breach
16. http://www.ponemon.org/local/upload/fckjail/g
eneralcontent/18/file/US_Ponemon_
CODB_09_012209_sec.pdf