Cybercrimes are on the rise in the world and Pakistan is not an exemption. Innovations of technologies and human lust for easy money have trigged its intensity. With the dawn of virtual reality in terms of social media and border less connectivity through computers, the science and arts of cybercrimes have become more complex and complicated in the world. The Internet has made information exchange easier and more efficient, but it has also created a new space in which criminals and terrorists can operate almost undetected. No longer is modern human conflict confined to the physical world; it has spread to cyberspace which is one of the main reasons of increasing cybercrimes in the world.
Latest Research Papers (2018-19)
According to various latest research papers (2018-19) as well as statistical information more cyber-attacks are associated with social, political, economic, and cultural (SPEC) conflicts.
Politically Motivated Attacks
Politically Motivated Attacks can be members of extremist groups who use cyberspace to spread propaganda, attack websites and networks of their political enemies, steal money to fund their activities, or plan and coordinate physical world crime. Based on the nature of an attack, politically motivated attacks can be further subdivided as: protests against political actions, protests against laws or public documents, and outrage against acts related to physical violence.
Various Case Studies
1. In the past, September 199S, Indonesia, attack on websites to protest against human right abuse in East Timor. Portuguese hackers modified the websites from 40 Indonesian servers to protest against human right abuses in East Timor. The hackers posted the slogan “Free East Timor” on the websites.
2. October 199S, the website of Mexican president Ernesto Zedillo was attacked to demonstrate against colonization, genocide, and racism throughout the world. June 1999, Cologne, Germany had a cyber-attack to protest against the GS summit. Hackers from Indonesia, Israel, Germany, and Canada reportedly launched 10,000 cyber-attacks over five hours on various companies protesting the GS meeting in Cologne. The attackers intended to disrupt financial centers, banking districts, and multinational corporate power bases.
3. Moreover, December 2008, Beijing, website of French Embassy attacked. Spring 2011, French embassy website came under attack by Chinese hackers immediately after the meeting of French President Nicolas Sarkozy with the Dalai Lama.
4. Even FBI’s e-mail system was hacked in February 2005. Travelling documents of NATO forces were hacked in Afghanistan. Denial of Service (DoS) was attacked by ‘Mafia Boy’ on eBay, Yahoo! and other popular sites (2000).
It needs a global response and comprehensive implementation mechanism. Ironically, despite of losses of billions of dollars through cybercrimes, there is still not concrete global agenda for the security of global financial system and human survival. Now cybercrimes is a looming threat to whole humanity on this planet because of intricacy, concealing and modifying of nonstate actor apparatus. Cybercrime has now become new front of conflicts, proxies and hidden wars for various power brokers and interest groups operating in the international relation system.
We are passing through the Fourth Industrial Revolution (FIR) due to which the global business ecosystem is undergoing profound and rapid change. Though this evolution offers opportunities for innovation, diversification, agility, and cost optimization, it also carries with it an increased exposure to a new and jeopardizing risk i.e. Cyber-Attack. It has become a digital apocalypse.
Pakistan is also facing a taunting challenge to curb this increasing menace in the banking, financial, industry sectors and society as well where public and private money is at the mercy of hackers who easily commits cybercrimes and mostly live beyond the access of law enforcement agencies in the country. Even comfort zones of common people in terms of family, friendship and finances have been eroded through cyber technologies. Illegal use of “Facebook” has defaced many families which fall in the category of cybercrimes. Although successive governments have promulgated various legislations to define its scope with remedial methodologies but cybercrime free system and society is still a far cry.
Cyber-crime is relentless, undiminished, and unlikely to stop. It is just too easy and too rewarding, and the chances of being caught and punished are perceived as being too low around the globe. Cyber-criminals are technologically sophisticated people who have moved quickly to adopt cloud computing, artificial intelligence, Software as a Service, and encryption to achieve their goals. Cyber-crime remains far too easy, since many technology users fail to take the most basic protective measures, and many technology products lack adequate defenses.
According to Official Annual Cybercrime Report (2019), cyber-criminal activity is one of the biggest challenges that humanity will face in the next two decades. Cyber-crime is the greatest threat to every company in the world, and one of the biggest problems with mankind.
In August of 2016, Cyber security Ventures (CSVs) predicted that cyber-crime would cost the world $6 trillion annually by 2021, up from $3 trillion in 2015 which represented the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.
Cyber-crime have multiplier effects and its costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
Cyber-attacks are the fastest growing crime in even the U.S. and they are increasing in size, sophistication and cost. Marriott (2018) have exposed 500 million user accounts. According to international cyber-crime data (2019) the “Yahoo Hack”, the largest ever was recalculated to have affected 3 billion user accounts and the Equifax breach in 2017 with 145.5 million customers affected exceeded the largest publicly dis closed hacks ever reported up until that time.
These major hacks alongside the “WannaCry” and “NotPetya” cyber-attacks which occurred in 2017 are not only larger scale and more com plex than previous attacks, but they are a sign of the times.
The cyber-crime epidemic has hit the U.S. so hard that a supervisory special agent with the Federal Bureau of Investigation who investigates cyber intrusions told The Wall Street Journal (WSJ) that every American citizen should expect that all of their data (personally identifiable information) has been stolen and is now on the dark web.
Cyber Attack Surface
We are living in a globalized world where our entire society and the Planet Earth, is connecting up to the Internet. The rate of Internet connection is outpacing our ability to properly secure it. The World Wide Web was invented in 1989. The first-ever website went live in 1991. Today there are nearly 1.9 billion websites. There were nearly 4 billion Internet users in 2018 (nearly half of the world’s population of 7.7 billion), up from 2 billion in 2015. Like street crime, which historically grew in relation to population growth, we are witnessing a similar evolution of cybercrime. It’s not just about more sophisticated weaponry; it’s as much about the growing number of human and digital targets.
Cyber-security Spending (CSS)
Cybercrime has now created unprecedented damage to both private and public enterprises and driving up information technology (IT) security spending. According to the latest forecast from Gartner Inc (2019), worldwide spending on information security (a subset of the broader cyber-security market) products and services will reach more than $114 billion (USO) in 2018, an increase of 12.4 percent from last year.
IT analyst forecasts remain unable to keep pace with the dramatic rise in cybercrime, the ransomware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under protected Internet of Things (loT) devices, the legions of hackers for hire, and the more sophisticated cyber-attacks launching at businesses, governments, educational institutions, and consumers globally.
Definition of Cybercrime
Cybercrime is defined as a crime in which a computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to commit an offense (child pornography, hate crimes). Cybercriminals may use computer technology to access personal information, business trade secrets or use the internet for exploitative or malicious purposes. Criminals can also use computers for communication and document or data storage. Criminals who perform these illegal activities are often referred to as hackers.
Classification of Cyber Crime
Against Individuals, the crimes committed against individuals include harassment via e-mails. cyber stalking, dissemination of obscene material, defamation, unauthorized access over computer system, indecent exposure, email spoofing and acts of cheating and fraud While these criminals also commit crimes against the property of an individuals and these include computer vandalism, transmitting virus, intellectual property crimes and inter net time thefts etc.
| Countries | Associated Measures/Policies |
| Australia | Australian government established an online reporting system for cybercrime in an attempt to improve law enforcement efforts to confront online offenses in December 2014. Since its inception recorded more than 114,000 instances of cybercrime, with almost 24, 000 coming in the first half of 2017 alone. Australian telecom operator Telstra found that in 2016, almost 60% of businesses were detecting security incidents on at least a monthly basis. It is supporting its new National Cyber Security Strategy and proposing legislation that expands the country’s anti-money laundering rules to domestic cryptocurrency exchanges. |
| Brazil | It has one of the most unique cybercrime ecosystems in the world. There is a well-developed community of Brazilian “black-hat” hackers, so much so that courses in spamming and malware implementation are sold openly online. Fifty-four percent of cyberattacks reported in Brazil originate from within the country. Cybercrime is the most common financial crime in Brazil. Banks and financial institutions are common victims, with cybercrime accounting for 95% of losses incurred by Brazilian banks. In Brazil, more than half of all banking transactions are made with internet-connected devices, but the lack of strong laws against cybercrime is one reason Brazil is both the number-one target and the leading source of online attacks in Latin America. Worldwide, it is the second leading source of attacks and third most-affected target. |
| Canada | Complaints of cybercrime handled by the Royal Canadian Mounted Police increased 45% between 2014 and last year, evidencing a dramatic increase in cybercrime faced by the Canadian population. According to the Canadian Chamber of Commerce, nearly half of small and medium-size businesses in the country have been the victim of a cyberattack, with cumulative costs to Canada’s economy representing billions of dollars a year. |
| Canadian director general for federal policing for criminal operations admitted that law enforcement was struggling to adapt to the explosion of cybercrime. Even the Bank of Canada recently warned that the Canadian financial system was highly vulnerable to the cascading effects of cyber-attacks, urging new cyber-security initiatives to prevent the kinds of breaches that could undermine public confidence in the financial system. | |
| Germany | According to German IT industry association Bitkom, more than half of all German companies have been the victims of cybercrime, causing damages of more than $64 billion per year. These costs are rapidly increasing, with the total number of cybercrime instances reported to German law enforcement almost doubling between 2015 and 2016 to a total of 82,000. The head of German federal cybercrime unit has warned that rampant underreporting of cybercrime means that the true damages are likely far higher than many believe, and others within the German federal police force have called for new legal authorities to enable law enforcement officials to properly confront the problem. |
| UAE | According to the UAE Cyber Security Centre, the UAE is the second most targeted country in the world for cyber-attacks. The country’s high internet penetration, technological sophistication, and highly visible profile have been cited as reasons for the high cost of cybercrime for the UAE, estimated at $1.4 billion per year. |
Against Organizations, cybercriminals do vandalize big organizations including the government, private firms and private companies. This includes attacks involved to capture unauthorized access over the computer system, to get hold of unauthorized information, and cyber terrorism against the government organizations. 3. Against Society at large, these may be considered as petty crimes committed by cybercriminals and usually their scales are enormous and they target the whole society, considering the fact internet users comprised of a global village. This fact makes clear that no one is safe at the hands of cybercriminals. The type of crime committed against the society may include, pornography, polluting youth with indecent exposure, financial crimes, sale of illegal and contraband article, online gam bling and forgery etc.
Cybercrime includes any type of illegal scheme that uses one or more components of the Internet (chat rooms, email, message boards, websites, and auctions) to conduct fraudulent transactions or transmit the proceeds of fraud to financial institutions or to others connected with the scheme. Cybercrime also applies to generating spam emails, downloading viruses or spy ware to computer, harassing another through the Internet, child pornography, and solicitation of prostitution online. Perhaps the most prominent form of cybercrime is identity theft, in which criminals use the Internet to steal personal information from other users.
The Center for Strategic and International Studies (CSIS), in partnership with McAfee, present Economic “Impact of Cybercrime: No Slowing Down” (2018) concludes that close to $600 billion, nearly one percent of global GDP, is lost to cybercrime each year, which is up from a 2014 study that put global losses at about $445 billion. The report attributes the growth over three years to cybercriminals quickly adopting new technologies and the ease of cybercrime growing as actors leverage black markets and digital currencies.
An expanding number of cyber crime “centers” that now include Brazil, India, North Korea, and Vietnam. A growing financial sophistication among top tier cybercriminals makes monetization easier. A senior British official reported, for example, that half of all reported crime in the UK is cyber-related.
Financial Cybercrime (FCC), banks remain the favorite target of skilled cybercriminals. This has been true for more than a decade. Cybercrime imposes a heavy cost on financial institutions as they struggle to combat fraud and out right theft. Most recent cyber attack on Pakistani banking industry is the prime example of it. One report says that banks spend three times as much on cyber-security as non-financial institutions, and there is agreement among bank regulators around the work that cybercrime poses a “systematic” risk to financial stability.
CSIS sees the expansion of cybercrime has been enabled by the easy availability of tools like “Bitcoin” and “Tor”, which have allowed cybercriminals to conceal their identities while paying for services through a digital medium that significantly complicates law enforcement tracking efforts. Bitcoin has long been the favored currency for dark-net market places, with cybercriminals taking advantage of its pseudonymous nature and decentralized organization to conduct illicit transactions, demand payments from victims, and launder the proceeds from their crimes. Cybercriminals benefit from the fact that no personally identifying information is linked to the use and exchange of Bitcoin, allowing criminals to operate with near impunity despite the fact that all Bitcoin transactions are publicly recorded.
The above table clearly indicates that uniform implementation of basic security measures like regular updating and patching and open security architectures and investment in defensive technologies from device to cloud remain crucial. Protection against most cybercrimes does not require the most sophisticated defenses. This responsibility mainly falls on companies and consumers. The need for increased international law enforcement cooperation is obvious, both with other nations’ law enforcement agencies and with the private sector, but with this comes a requirement for additional resources for investigation and to expand agency resources, and for cyber crime capacity building in developing nations. It includes improving existing processes, such as the Mutual Legal Assistance Treaty (MLAT). MLATs allow one government to request the help of another in investigating cybercrime or in obtaining evidence. MLATS were created for the pre-internet era, are inadequate, and need to be modernized or replaced. Greater standardization (threat data) and coordination of cyber-security requirements would improve security, particularly in key sectors like finance.
Budapest Convention
The Budapest Convention, a for mal treaty on cybercrime, defines state responsibilities for enforcement and cooperation, but the Budapest Convention has made slow progress in the face of opposition from Russia and other countries. Russia claims the treaty is indiscreet and may also have little interest in curtailing Russian criminal groups. China, Brazil, and India also refuse to sign the treaty on the grounds that they were not involved in its negotiations. Waiting to negotiate a new convention will slow any progress in reducing cybercrime.
National Assembly of Pakistan
The National Assembly of Pakistan passed the “Prevention of Electronic Crimes Act, 2016” on August 11, 2016. Even upper house the Senate had unanimously passed the said law, with a number of amendments. But because of its various arcane provisions and mechanism/ applications it was rated a “controversial cybercrime law” by the fraternity of law in the country.
Main Purpose
The main purpose of the said act was “to prevent unauthorized acts with respect to information systems and provide for related offences as well as mechanisms for their investigation, prosecution, trial and international cooperation”
PECA is a classic example of what is wrong with the law-making process and why it is never wise to accept at face value any legislative attempts in the name of “national security” and “for the public good.” The intent behind PECA was always to control rather than provide relief to the average person and it is this intended aim that is being pursued.
Types of Cyber Crimes
1. Mobile/ Credit Card I Balance Transfer Fraud
2. Bank Fraud Credit Cards/ ATM /Loan
3. Mobile /Phone / Threatening through SMS/Calls
4. Tracing of IP/ Email Address
5. Threatening/ Abusive/ Massages & Emails
6. Hacking /Illegal access of Websites
7. Hacking of Account/ Email Address
8. Fraudulent Emails
9. Fraud through mobile messages regarding Winning of Vehicle
10. Misuse of Information on Internet
11. Lottery Award Cases
12. Electronic Money Laundering and Tax Evasion
13. Electronic Vandalism, Terrorism and Extortion
14. Sales and Investment Fraud
15. Illegal Interception of Telecommunications
16. Telecommunications Piracy
17. Electronic Funds Transfer Fraud
18. Theft of Telecommunications Services
19. Communications in furtherance of Criminal Conspiracies
20. Dissemination of Offensive Materials
Details of Offenses
The Act introduced a range of offenses not confined to the unauthorized access, transmission, copying, or interference in an information system or data. Harsher penalties were set for these crimes if they involved information systems or data connected to critical infrastructure. The Act also introduced the offense of cyber-terrorism. A cyber-terrorist crime was deemed to have been committed if a crime connected to critical infrastructure was carried out with the intent to commit terror ism. The punishment for such an offense upon conviction was up to a 14-year term of imprisonment or a fine of Rs5 million (about US$47,450), or both. The glorification of terrorism-related offenses, hate speech, and the recruitment for or funding and planning of terrorism “through any information system or device” were also punishable crimes under the Act. The Act also introduces crimes of spamming and of distributing and transmitting malicious code.
Crimes against Persons
Section18 (1) of the law essentially criminalizes defamation “through any information system.”
The Act prescribes that:
“Whoever intentionally and publicly exhibits or displays or transmits any information through any information system, which he knows to be false, and intimidates or harms the reputation or privacy of a natural person, shall be punished with imprisonment for a term which may extend to three years or with fine which may extend to one million rupees or with both”.
Spoofing:
A Controversial Provision
Being a lawyer, I personally think that certain provisions, such as one on “spoofing,” have been particularly controversial, because they might be used to target satirical online content. The spoofing provision stipulates, “however with dishonest intention establishes a website or sends any information with a counterfeit source intended to be believed by the recipient or visitor of the website to be an authentic source commits [the offense of] spoofing.” This crime is to be punished upon conviction with up to three years of imprisonment or a fine of Rs.500,000 (about US$4,745), or both.
Offenses against the Modesty
Section (19) of the Act which deals with offenses against the modesty of a natural person or a minor, prohibits, among other acts, superimposing a photograph of the face of a natural person over any sexually explicit image or video remains controversial. Other newly introduced crimes against the person are cyber stalking and producing, distributing, possessing, or procuring online child pornography.
Investigative Powers
The powers to investigate crimes set forth in the Act include those of preservation, search and seizure, and retention of data, and also the real time collection and recording of information through a court order or warrant.
Section 26
Section 26 grants the Federal Government the power to establish or designate a law enforcement agency “as the investigation agency for the purposes of investigation of offences under this Act.” On September 9, 2016, the Federal Cabinet designated the Federal Investigation Agency (FIA) as the Investigation Agency under the Act.
Section 34
Section 34 of the Act grants the Pakistan Telecommunication Authority (PTA) the power to remove or block or issue directions for removal or blocking of access to an information through any information system if it considers it necessary in the interest of the glory of Islam or the integrity, security or defence of Pakistan or any part thereof, public order, decency or morality, or in relation to contempt of court or commission of or incitement to an offence under this Act.
| Natural of Crimes | Punishments |
| Life Cyber terrorism | 10 Million |
| Pornography | 3 Lac |
| Spoofing | 50,000,6 months |
| Cyber spamming | 3 lac 3 months |
| Cyber stalking | 5 lac 5 months |
| Defence | 5 Lac 5 months |
| Malicious code | 3 Lac 3 months |
| Unauthorized access to code | 3 Lac 3 months |
| Misuse of Device | 7 Lac 7 months |
| Electronic Forgery | 7 Lac 7 months |
| Electronic Fraud | 3 Lac 3 months |
| System Damage | 3 Lac 3 months |
| Data Damage | 3 Lac 3 months |
| Criminal Data Access | 3 Lac 3 months |
Reaction to the Act
Human rights and free speech activists and even prominent jurists/ lawyers are worried that many of the provisions of the Act are framed in vague terms that “could lead to curtailment of free speech and unfair prosecutions. the overly broad language used in the bill ensures that innocent and ignorant Pakistani citizens, unaware of the ramifications of what the bill entails, can be ensnared and find themselves subject to very harsh penalties.”
Cyber Laws in Pakistan
1. Prevention of Electronic Crimes Ordinance, 2007
2. Electronic Transactions Ordinance, 2002
3. Pakistan Telecommunication (Re-organisation) Act, 1996
4. Wireless Telegraphy Act, 1933
5. Telegraph Act, 1885
6. Federal Investigation Agency Act, 1974
7. Payments & Electronic Fund Transfers Act, 2007
Electronic/ Cyber Crime Bill 2007
Prevention of Electronic Crimes Ordinance, 2007″ is in force now. It was promulgated by the President of Pakistan on the 31st December 2007 the bill deals with the electronic crimes included
It offers penalties ranging from six months imprisonment to capital punishment for 17 types of cybercrimes. It applied to every person who commits an offence, irrespective of his nationality or citizenship. It gives exclusive powers to the Federal Investigation Agency (FIA) to investigate and charge cases against such crimes.
Punishments
Under this law there are defined punishments for the offence. Every respective offence under this law has its distinctive punishment which can be imprisonment or fine.
Critical Analysis
a. There are 21 ‘cyber’ issues covered in this Bill. It may seem to cover all aspects of the new digital era. The FIA has been given complete and unrestricted control to arrest and confiscate material as they feel necessary which may be misused.
b. Moreover, the Government has purposefully attempted to insert a new word in the English language. The word TERRORIS TIC is without doubt a figment of their imagination vocabulary Hence they attempt to define the word, quite literally compounding the problem at hand. They have actually defined what real-life terrorism might be but fail to explain what they mean by the word Cyber in cyber terrorism. The concern is that there happens to be no clear-cut explanation on how a Cyber Terrorism crime is committed.
Electronic Transaction Ordinance 2002
The Electronic Transactions Ordinance (ETO), 2002, was the first IT-relevant legislation created by national lawmakers. A first step and a solid foundation for legal sanctity and protection for Pakistani e Commerce locally and globally laid the foundation for comprehensive Legal Infrastructure. It is heavily taken from foreign law related to cybercrime.
There are 43 sections in this ordinance. It deals with following 8 main areas relating to e- Commerce. Recognition of Electronic Documents Electronic Communications, Digital Signature regime and its evidential consequences Web Site & Digital Signatures Certification Providers Stamp Duty Attestation, notarization, certified copies Jurisdiction Offences.
Important Sections
Violation of privacy information gains or attempts to gain access to acquire the information Gain Knowledge Imprisonment 7 years Fine Rs.1 million, damage to information system, etc. alter, modify, delete, remove, generate, transmit or store information to impair the operation of, or prevent or hinder access to, information knowingly not authorised Imprisonment 7 years Fine Rs.1 million.
Remedial Strategies to Curb Cybercrimes
1. Administrative
Responding to cybercrime is even more challenging because the economics favor the criminals. With just a laptop, a single individual can wreak havoc on individuals and organizations with minimal cost and little risk of being caught. More advanced technologies and protective measures will eventually deter nefarious conduct, help security officers catch and prosecute perpetrators and level what has become an unbalanced playing field. In the meantime, it is imperative that all digital users practice basic cyber security hygiene to increase their own protection and improve cyber security overall. It is estimated that roughly 80 percent of exploitable vulnerabilities in cyberspace are the direct result of poor or nonexistent cyber hygiene.
a. Raising awareness: A comprehensive and sustained national cyber-security education campaign is essential for raising public aware ness of the risk and impact of cyber activity and the need to deploy basic protective measures on desk tops, laptops, tablets, phones and other mobile devices.
b. Leveraging trusted resources: building, maintaining, scaling and updating an online source of information on how users of all levels of sophistication can establish and improve their protection profiles in cyberspace is imperative.
c. Building an economic frame work: Simply purchasing every new tool or security product is not the answer. From the individual user to the small business to the large enterprise, it is important to make investment decisions for cyber security in a risk management construct that includes trying to secure the biggest bang for the buck.
d. Working with invested partners: Improving our national and global capabilities to detect, pre vent, mitigate and respond to cyber events through a joint, integrated, 24×7 public/ private operational capability that leverages information sharing, analysis and collaboration should be a prior.
e. Implementing a response plan: Implementing a National Cyber Incident Response Plan, is essential to national and economic security. It should recognize the unique nature and risk presented by cyber events and provides a predictable and sustained clarity around roles and responsibilities of various stakeholders during thresholds of escalation. A strategic, yet agile, framework should be accompanied by operational playbooks that focus on critical infrastructure.
f. In case of Pakistan, Promotion of Research & Development in ICTs is not up to the mark.
g. Security forces and Law enforcement personnel are not equipped to address high-tech crimes.
h. Present protocols are not self-sufficient, which identifies the investigative responsibility for crimes that stretch internationally.
i) Budgets for security purpose by the government especially for the training of law enforcement, security personnel’s and investigators in ICT are less as compare to other crimes
2. Legislative Measures
Crime is seen as an omnipresent temptation to which all humankind is vulnerable and so the prevention of crime is like a beast to tame. Crime is an act perpetrated by criminals against the law abiding majority of the population and crime prevention is an under stood purpose of any deliberate strategy of crime control pursued by state or private agencies. The theory of situational crime prevention is based on the principle that crime can be reduced, if not altogether prevented, by altering various dimensions of the opportunity structures that are available to potential offenders which may also be applied to counter incidents of cyber-crimes.
1, Reliance on terrestrial laws is an untested approach: Most countries still rely on standard terrestrial law to prosecute cyber crimes. The majority of countries are relying on archaic statutes that predate the birth of cyberspace and have not yet been tested in court.
2, Weak penalties limit deterrence: The weak penalties in most updated criminal statutes provide limited deterrence for crimes that can have large-scale economic and social effects.
3, Self-protection remains the first line of defense: The general weakness of statutes increases the importance of private sector efforts to develop and adopt strong and efficient technical solutions and management practices for information security.
4, A global patchwork of laws creates little certainty: Little consensus exists among countries regarding exactly which crimes need to be legislated against, even in the 19 countries that have already taken steps to address cyber-crimes. In the networked world, no island is an island. Unless crimes are defined in a similar manner across jurisdictions, coordinated efforts by law enforcement officials to combat cyber-crime will be complicated.
5, A model approach is needed: Most countries, particularly those in the developing world, are seeking a model to follow. These countries recognize the importance of outlawing malicious computer-related acts in a timely manner in order to promote a secure environment for e-commerce. But few have the legal and technical resources necessary to address the complexities of adapting terrestrial criminal statutes to cyberspace. A coordinated, public private partnership to produce a model approach can help eliminate the potential danger from the inadvertent creation of cyber-crime havens.
6, Firms should secure their networked information
7, Governments should assure that their laws apply to cyber crimes
8, Firms, governments, and civil society should work cooperatively to strengthen legal frameworks for cyber-security’
1, Uniform global cyber-crime vision: Integrated smart cities, 5G networks, artificial intelligence and cloud computing will shape our digital future, but they also have the potential to accelerate rapidly the scale and impact of cybercrime which needs to be negated through a uniformed global cyber-crime vision.
2, Building global capabilities to enable increased enforcement: Cyber-crime is a shared global issue which requires a global response. No one country or corporation operates in a vacuum. The world as a whole need to build a new generation of partnerships across transnational, national and corporate entities. Without the attribution and prosecution of attackers, technical defences often just shift them to easier targets in new sec tors or countries.
3, Setting global principles for public-private partnerships: The global community needs to recognize that investigating cybercrime is different from investigating traditional types of crime. This is not simply an issue of law enforcement agency capacity. Every victim, data helper or investigative body, whether in the public or private sector, part of a global ecosystem that: increasingly connected and mutually dependent.
