1.2 Fraud and Theft

Computer systems can be exploited for conducting fraudulent activities and for outright theft. Such criminal acts are accomplished by "automating" traditional methods of fraud and by inventing and using new methods that are constantly being created by enterprising criminal minds. For example, individuals carrying out such criminal activity may use computers to transfer a company's proprietary customer data to computer systems that reside outside the company premises, or they may try to use or sell this valuable customer data to that company's competitors . Their motive may be profit or inflicting damage to the victimized company to compensate for some perceived injustice, or it may just be an act of malicious behavior for entertainment or bragging rights. Computer fraud and theft can be committed by both company insiders and outsiders, but studies have shown that most corporate fraud is committed by company insiders. [3]

In addition to the use of technology to commit fraud, computer hardware and software resources may be vulnerable to theft. Actual examples include the theft of unreleased software and storage of customer data in insecure places such as anonymous FTP accounts so that it can be accessed and stolen by outsiders. Data being exposed to these threats generates a secondary threat for a company: the loss of credibility and possible liability for damages as a result of premature release of information, exposure or loss of information, and so on. Preventive measures that should be taken here are quite simple, but are often overlooked. Implementation of efficient access control methodologies, periodic auditing, and firewall usage can, in most cases, prevent fraud from occurring or at least make it more easily detected .