Professional Documents
Culture Documents
Research Paper
Research Paper
Fall 2023
Table of Contents
Introduction
Preventing Attacks
Conclusion
Reference
Introduction
In today’s world, the use of technology is a normal thing for anybody. With everything
used in a human’s daily lives merging into the internet, there are increasing widespread
concerns regarding cybersecurity. As individuals and organizations become more dependent on
technology, personal information and data integrity has become increasingly important than
ever before. The aim of this research is to identify the different kinds of threats while knowing
the moral responsibility and ethics in dealing with them. This research also includes the
different kinds of cyber defense, threats, and laws from different countries with regards to how
they maintain confidentiality and protection to everyone.
While it is a fact that organizations and individuals need to protect themselves from
cyber-attacks, there is a question on how to deal with the threat while being ethically
responsible for the action taken. Sensitive data and access control are the most important
factors that need to be protected, whether it may be personal information or massive
organization data. As cybersecurity professionals, they are more knowledgeable in this manner,
hence organizations and government will employ these experts to protect systems and
sensitive information.
Background of the Study
The term ‘cyber defense’ refers to the ability to prevent cyber-attacks from infecting a
computer system or device (Ling et al., 2023). Cyber defense is the ability of an individual or
organization to prevent cyber threats. Threats such as infiltrating a computer system or
network to gain private information, or to gain control over the infrastructure to be held for
ransom or disrupt services. It takes a lot of decision making and necessary preventive actions
for a technological community to act. But at the end of the day, Cyber Defense is growing more
important than ever.
Organizations at some point will encounter persistent threats that will hinder the
business operations. Threats can be stealing sensitive data or disrupting the network
connectivity. These persistent threats are always knocking on any organization and
strengthening the defense against these will greatly improve the trust of individuals.
Hacking
Section 184: Any person who knowingly intercepts private communication, by means of
any electro-magnetic, acoustic, mechanical, or other device, is guilty of an indictable
offence carrying a maximum penalty of five years’ imprisonment (Ling et al., 2023).
Section 342.1: Any person who fraudulently obtains any computer services or intercepts
any function of a computer system – directly or indirectly – or uses a computer system
or computer password with the intent to do either of the foregoing, is guilty of an
indictable offence carrying a maximum penalty of 10 years’ imprisonment (Ling et al.,
2023).
Recently, in R. v. Senior, 2021 ONSC 2729, the Ontario Superior Court summarized the
essential elements required for the accused to be found guilty of an offence under
Section 342.1 of the Criminal Code and found the defendant guilty of unauthorized use
of a computer after running a license plate number contrary to York Regional Police
directives (Ling et al., 2023).
Section 380(1): Any person who defrauds another person of any property, money,
valuable security or any service is guilty of: (i) an indictable offence carrying a maximum
penalty of 14 years’ imprisonment where the value of the subject matter of the offence
exceeds $5,000; and (ii) an indictable offence or an offence punishable by summary
conviction carrying a maximum penalty of two years’ imprisonment where the value of
the subject matter of the offence is under $5,000 (Ling et al., 2023).
Section 430(1.1): Any person who commits mischief to destroy or alter computer data;
render computer data meaningless, useless or ineffective; obstruct, interrupt or
interfere with the lawful use of computer data; or obstruct, interrupt or interfere with a
person’s lawful use of computer data who is entitled to access it, is guilty of: (i) an
indictable offence punishable by imprisonment for life if the mischief causes actual
danger to life; (ii) an indictable offence or an offence punishable on summary conviction
carrying a maximum penalty of 10 years’ imprisonment where the value of the subject
matter of the offence exceeds $5,000; and (iii) an indictable offence or an offence
punishable on summary conviction carrying a maximum penalty of two years’
imprisonment where the value of the subject matter of the offence is under $5,000 (Ling
et al., 2023).
Denial-of-service attacks
Phishing
Phishing may constitute fraud according to Section 380(1) of the Criminal Code. For
example, in R. v. Usifoh, 2017 ONCJ 451, the accused was convicted of fraud relating to an
email phishing scam emanating out of Nigeria and Dubai where he lured victims into sending
funds. The maximum penalty for offences under Section 380(1) of the Criminal Code is 14
years’ imprisonment (Ling et al., 2023).
There are several types of Phishing that falls under the Criminal Code:
There are different cybersecurity laws applied depending on geographical jurisdiction. It can
be like the place where an individual resides, and it can also be totally different. It is important
to be aware of these to avoid conflict with the local authorities where you travel to or reside.
Below are some examples of cybersecurity laws by each region.
Cyber-attacks are targeted attacks. As such, every individual, or organization has the
moral responsibility to equip themselves in these situations. First, individuals working in cyber
defense have a moral responsibility to act ethically and with integrity. This includes honoring
the rights and privacy of the individuals, as well as ensuring the defense measures are
adequate. In addition, organizations that provide cyber defense services also have a moral
responsibility to act ethically and with integrity. Organization needs to ensure that their policies
and employees are properly aligned to the standard of cyber security and be able to handle
cyber threats, as well as implementing systems and counter measures to protect data and
privacy of everyone involved. Lastly, governments have a moral responsibility to protect their
citizens from cyber-attacks. They implement appropriate laws and regulations to make sure
that cyber defense measures are effective, as well as to update necessary adjustments since
technology keeps evolving. With this said, the importance of against Cyber-attacks is a necessity
for day-to-day life on an individual.
Protect your organization from insider threats. For the average organization, 23% of
cyber incidents emerge from malicious insiders (Cybertalk, 2022).
Obtain threat intelligence tools and share threat intelligence information with
competitors or adjacent organizations. Threat intelligence can help you see which threats pose
the greatest risk to your infrastructure, enabling you to devise a plan to protect your resources
(Cybertalk, 2022).
Invest in operational speed: Leaders prioritize moving fast when it comes to breach
detection and breach response. You want to be able to evaluate the number of systems
impacted by an attack, the duration of the incident, and where the organization could improve
in terms of isolating cyber incidents (Cybertalk, 2022).
Learn from your initiatives: Data shows that among organizations that are good at
scaling, they’re also four times better than average at identifying and defending against cyber
security attacks. This suggests that certain mentalities and ways of thinking can assist
organizations in expanding and enhancing their cyber defense (Cybertalk, 2022).
Preventing Attacks
In the article, that author asked the question if organizations are allowed to use the
following measures to protect their infrastructure which is technically part of their jurisdiction
(Ling et al., 2023). Examples of measures for preventing attacks are the following:
(i) Beacons are imperceptible, remotely hosted graphics inserted into content to trigger
a contact with a remote server that will reveal the IP address of a computer that is
viewing such content (Ling et al., 2023).
Canadian privacy laws require users to provide consent to and/or be provided with
sufficient notice of the collection, use and disclosure of their PI, and an opportunity
to withdraw such consent (Ling et al., 2023).
(ii) Honeypots are a type of security mechanism that is used to attract and identify
attackers. For example, digital traps designed to trick cyber threat actors into acting
against a synthetic network, thereby allowing an organization to detect and
counteract attempts to attack its network without causing any damage to the
organization’s real network or data (Ling et al., 2023).
The use of honeypots is not expressly prohibited under applicable Canadian laws,
and, to our knowledge, there is currently no case law that provides further guidance.
That said, the general application of Canadian privacy laws relating to the collection,
use or disclosure of PI applies notwithstanding that they may be used defensively
(Ling et al., 2023).
(iii) Sinkholes are used to redirect traffic for malicious purposes. For example, it
measures to re-direct malicious traffic away from an organization’s own IP addresses
and servers, and it is commonly used to prevent DDoS attacks (Ling et al., 2023).
The use of sinkholes is not expressly prohibited under applicable Canadian laws, and,
to our knowledge, there is currently no case law that provides further guidance.
That said, the general application of Canadian privacy laws relating to the collection,
use or disclosure of PI applies notwithstanding that they may be used defensively
(Ling et al., 2023).
Does your jurisdiction restrict the import or export of technology (e.g. encryption software and
hardware) designed to prevent or mitigate the impact of cyber-attacks? Canada has export
controls in place to ensure that exports of certain goods and technology (e.g., military, and
dual-use technologies) are consistent with national foreign and defense policies (Ling et al.,
2023).
Ethics can be described as ideals and values that determine how people live and,
increasingly, how businesses and their employees work (Chin, 2023). While it is not totally
related to technical topics such as networking and device configuration, it is important that
individuals involved in operating these technologies be equipped with these ideologies. It can
be included in a company’s corporate structure. The benefit of having a strong ethical
foundation is that individuals will make ethical decisions according to the rapidly changing
technology environment. With the world experiencing massive changes in artificial intelligence,
data collection and processing becomes imminent that individuals grow weary on how
protected their personal information is.
The cyber threat is rapidly evolving, and governments and businesses must make ethical
decisions to protect the credibility of their cyber defense to protect innocent individuals against
attackers. New technologies mean networks and counter measures need to elevate regarding
cyber security.
1. Use their skills to benefit society and people’s well-being and note that everyone is a
stakeholder in computing.
2. Avoid negative and unjust consequences, noting that well-intended actions can result in
harm that they should then mitigate.
3. Fully disclose all pertinent computing issues and not misrepresent data while being
transparent about their capabilities to perform necessary tasks.
4. Demonstrate respect and tolerance for all people.
5. Credit the creators of the resources they use.
6. Respect privacy, using best cybersecurity practices, including data limitation.
7. Honor confidentiality, including trade secrets, business strategies, and client data.
Professional Responsibilities
The Professional Responsibilities section also says that computing professionals must
prioritize high-quality services, maintain competence and ethical practice, promote computing
awareness, and perform their duties within authorized boundaries Strive to achieve high quality
in both the processes and products of professional work (Chin, 2023).
Professional Leadership pertains to any position within an organization that has influence or
managerial responsibilities over other members and has increased responsibilities to uphold
certain values set by the organization (Chin, 2023).
1. Ensure that the public good is the central concern during all professional computing
work.
2. Articulate, encourage acceptance of, and evaluate fulfillment of social responsibilities by
the organization or group members.
3. Manage personnel and resources to enhance the quality of working life.
4. Articulate, apply, and support policies and processes that reflect the principles of the
Code.
5. Create opportunities for members of the organization or group to grow as professionals.
6. Use care when modifying or retiring systems.
7. Recognize and take special care of systems that become integrated into the
infrastructure of society.
8. Compliance with the Code
Compliance with the Code of Ethics is the only way to ensure cybersecurity professionals
uphold certain ethical standards. Without enforcement of the Code of Ethics or similar ethical
considerations, it is impossible to document and recognize adherence to ethics and social
responsibility (Chin, 2023).
Modern business is obligated to protect data with the big amounts of data being
processed. Cybersecurity helps prevent infiltration on networks and data breaches that
threaten the confidentiality of information. There is so much at stake that cybersecurity
professionals should be willing to come under scrutiny by those in and outside the field (Chin,
2023).
“Cyber ethics encapsulates common courtesy, trust, and legal considerations” (Chin, 2023).
Cyber security professionals should always protect individuals. The following considerations will
explore the different effective cyber security approaches and how poor cyber security is
potentially unethical but also ineffective.
1. Information Security
Businesses have a moral obligation to protect their customers. They benefit from data
that allows them to operate and can give them a competitive advantage, but they need
to protect that information from hackers and accidental leaks (Chin, 2023).
Unfortunately, businesses that are hacked are often at fault. While nobody deserves to
be hacked, a business’s moral obligations to consumers are such that they are expected
to have adequate cybersecurity for their computer systems and respond promptly and
decisively in the event of a cyber incident (Chin, 2023).
For example, Equifax’s 2017 cyber-attack is a prime example of a business that damaged
its reputation due to inadequate cybersecurity and poor response to attacks. It was
hacked around May 2017 but did not disclose the breach until September (Chin, 2023).
2. Transparency
Ethically, businesses should be prepared to disclose the risks inherent to the business if
they could substantially affect people, whether customers, business partners, or their
supply chain (Chin, 2023).
Data breach reporting is a significant part of a business’s transparency. While reporting
a breach highlights a business in crisis, failing to report promptly can lead to a more
significant loss of trust, criticism from industry professionals, and sometimes, as in
Equifax’s case, action from investigators (Chin, 2023).
Even if a business operates in an unregulated industry or a cyber-attack does not cause
business disruption or affect clients, reporting all data breaches is a worthwhile ethical
consideration. The more businesses report cyber-attacks, the more information there is
for cybersecurity experts and industry professionals to share and learn from. This
protects other businesses and their clients from emerging threats (Chin, 2023).
3. Security vs. Privacy Protection
A great example of ethical dilemma in cybersecurity is that privileged professionals have
access to sensitive information. Because of this they understand how cyber criminals
operate and can perform counter actions to those attempts. In this manner,
cybersecurity professionals set access privileges and can monitor network activity. They
can scan personal machines therefore can also read personal files, and because of this it
can protect or compromise the privacy of an individual.
Collecting data leads to ethical questions but so does protecting it (Chin, 2023).
Everyone deserves their privacy. But how do business and organizations protect the
data once collected?
4. Confidentiality
Cybersecurity professionals need to demonstrate their moral standards when handling
sensitive data (Chin, 2023). During daily duties, cybersecurity professionals will have
access to confidential data and files, and this could include sensitive data such as payroll
details, private emails, and medical records (Chin, 2023).
Intellectual property theft is one of the most expensive cybercrimes, as stealing vital
information can affect an individual and business, giving the attacker an unfair
advantage in the situation. For example, intellectual property theft can be a serious risk
to human life in a critical infrastructure industry, such as defense or healthcare (Chin,
2023).
5. Security
Cybersecurity professionals cannot have a lapse of concentration since it is a big
responsibility for others’ information security is a massive contractual and ethical
responsibility. Cybersecurity professionals must maintain their competence level,
respect sensitive information privacy, and uphold the well-being of those they serve. It
requires honesty for these team members to evaluate their skills, abilities, and alertness
and ensure that they take the appropriate action to stay on top of their game (Chin,
2023).
6. Ethical Hacking
Ethical hacking refers to scheduled hacking by businesses or governing to discover their
own vulnerabilities and security gaps. Ethical hackers attempt to find vulnerabilities in
attempt to exploit and break into information systems and fix those issues before
cybercriminals find them. To protect data from hackers, particularly when they are using
increasingly sophisticated methods and rapidly advancing technologies, cybersecurity
professionals must use the same techniques (Chin, 2023). Cybersecurity programmers
need to know how to commit crimes by black hat hackers, such as stealing credit card
data (Chin, 2023).
Cyber professionals must be aware of computer ethics since what they do gives them
access to privileged information. This is especially true for professionals working in
critical infrastructure, including defense, healthcare, finance, and manufacturing, where
the consequences of unethical actions regarding sensitive data could cause serious harm
to individuals, organizations, and the economy (Chin, 2023).
7. Whistleblowing
Whistleblowing refers to someone reporting their organization’s wrongdoing, typically
an employee. A whistleblower’s objection might be that the organization or someone in
it is acting illegally, fraudulently, immorally, or without proper regard for safety or
human rights. Furthermore, the issue should be in the public interest (Chin, 2023).
If a cybersecurity expert reveals confidential information to stop a harmful practice, the
objective is good, but how they achieved this breaks the ethical confidentiality essential
to that employee-employer relationship (Chin, 2023).
Conclusion
In Astra Statistics 2023, it was reported that there are 2,2000 cyber attacks per day with
average cost of $9.44m worth of data breach and $8 trillion prediction cost by the end of 2023
(Palatty, 2023). There is an obvious need for cyber defense, whether it may be personal
responsibility, corporate responsibility, or government responsibility. First, as an individual
there are many tools available to make your data protect and identity private. Utilizing the
technology tools available and learning more on protecting is part of being a responsible
individual in a technological community. Second, any business is help responsible to any data
collected from its consumer. For example, hiring cybersecurity experts and maintain an
adequate network and security infrastructure to protect data loss and business reputation.
Lastly, the government is held responsible for the laws and consequence for those hackers.
Immense cyber defense for international threats and proper verdict to those who take the law
lightly.
There are laws implemented depending on the country of jurisdiction. In Canada alone,
there are 74,073 reported cases of cybercrime in 2022 as to compared with 15,184 cases back
in 2014 (Petrosyan, 2023). Around the world, only 156 countries (80 percent) have cybercrime
legislation (UNCTAD, n.d.). the evolving cybercrime leads to government implementing new
laws against them. Though cybersecurity experts and law makers need to take into
consideration the moral and ethical standards at hand especially when it comes to data privacy
and data breaches. Although exploitation is the common goal of a hacker, any individual with
the power to see data and control it has the moral and ethical behavior to handle the data
diligently. With these in mind, the technology has become a long way that it makes it scary with
AI technologies rising. Will AI technology recognize moral and ethical standards in their
algorithm or people in the community will never feel secure about their overall privacy and
protection.
Reference
Ling et al. (2023) Cybersecurity Laws and Regulations Canada 2024. https://iclg.com/practice-
areas/cybersecurity-laws-and-regulations/canada