Top Five Cyber Crimes in 2023
To mitigate the risks of cyber-attacks on electric grids, it’s important for utilities and grid operators to take a proactive approach to cybersecurity. This includes implementing robust security measures such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) tools. Additionally, regular security audits, penetration testing, and employee training on cybersecurity are important.
Global Cybercrime Report: Which Countries Are Most at Risk in 2023?
How Does the Threat of Cybercrime Differ Around the World?
There are innumerable ways that cybercrime differs from country to country, but there are also certain factors that can be observed internationally, such as instances of phishing and data breaches. Here we look at how each country can be rated for its levels of cyber safety and ultimately consolidate the data of various security authorities to conclude how each country fares in its attempts to remain safe in the digital world.
Indeed, the digital frontier that we enjoy today opens up a world of risk as well as opportunity. With everyone on the planet just a click of a button away, it has never been easier for fraudsters and other criminals to find unsuspecting victims.
This has led to a booming new province for the criminally-minded, who can attack innocent internet users from the comfort and security of their own homes.
In fact, the remote working and isolation seen in the COVID lockdowns of 2020 have bolstered the landscape for cyberattacks, which have played a significant role in worsening the security of online software and financial systems – all of which has led to a new decade of increased economic uncertainty.
The threat isn’t limited to individuals either, with governments and multinational corporations also in the cybercriminals’ crosshairs.
The Center for Strategic & International Studies (CSIS) tracks these cyber attacks on government bodies, defense agencies, and high-tech companies, as well as economic crimes that amount to a loss of at least $1 million.
CSIS reported that in January 2023, a joint advisory warning was issued from three US-based cybersecurity authorities – the CISA, NSA (National Security Agency), and MS-ISAC (Multi-State Information Sharing and Analysis Center) – about the increase in phishing and other attacks against civilian branches of the US Government.
To counteract these increasing cyber threats, countries have been developing strong cybersecurity programs and enacting legislation aimed at tackling cybercrime and protecting themselves from digital dangers.
In addition to this, the private sector has been at the forefront of developing innovative cybersecurity solutions ranging from antivirus programs to dedicated fraud prevention software.
For instance, businesses can vastly reduce risk by utilizing anti-fraud products such as data enrichment and browser fingerprinting to block suspicious logins, prevent account takeovers, and detect when someone is using multiple accounts.
While the combination of public and private sector efforts to tame the digital Wild West has made it more difficult for online fraudsters in some respects, cybercrime remains a persistent threat for internet users.
But what are the most common forms of cybercrime? And is this threat spread equally around the globe?
The Cyber Threat Around the Globe
To find out if the dangers of cybercrime are equally spread across the globe we’ve taken a look at 93 countries to see what geolocations have fraud peaks, which have valleys, and why.
Combining data from three major cybersecurity authorities, namely the National Cyber Security Index (NCSI) (updated on a live basis), the Global Cybersecurity Index (GCI) (2020), and the Cybersecurity Exposure Index (CEI) (2020), we’ve created a global ranking to present the ten countries that are, respectively, the least and most risky for internet users.
The results have been determined by finding the cybersecurity scores, all three of which needed to be expressed as percentages, of the NCSI, GCI, and CEI – and assigned each of those scores to the 93 countries that we’ve reported on. We then calculated the mean average of those two scores for each of the said countries. This mean average of the NCSI, GCI, and CEI’s total scores is what we refer to here as the Cyber-Safety Score.
Let’s now take a look at the top ten most low-risk and top ten most high-risk countries based on this scoring system.
The Top 10 Lowest-Risk Countries for Cyber Threats
These are the countries where cybersecurity is strongest, and people are most protected from cybercrime through legislation and technology.
The top three are Belgium, Finland, and Spain, which have a Cyber-Safety Score of 90.69, 90.16, and 88.61 respectively.
The Cyber-Safety Scores are calculated by adding the NCSI, GCI, and CEI’s most recent scores and then calculating the mean average of those three data points.
You can learn more about how these scores were assigned by checking out the Commentary section further down the page.
The Top 10 Highest-Risk Countries for Cyber Threats
At the other end of the scale are the countries that offer the least protection against cybercrime. These countries have very weak legislation regarding cybercrime – or even none at all – and therefore carry the greatest risk when processing sensitive transactions. Here we’ve listed the ten countries with the lowest overall Cyber-Safety Score.
The top three countries in terms of having a low Cyber-Safety Score are Afghanistan, Myanmar, and Namibia, which have a Cyber-Safety Score of 5.63, 18.60, and 19.72 respectively.
The Most Common Forms of Cybercrime
Here we can see the most commonly reported cybercrimes of 2022, and all the way back to 2018. These figures come from the FBI-run US Internet Crime Complaint Center (IC3), so they are limited only to cybercrimes committed in the United States and reflect only those crimes that were actually reported – likely a minority of cases.
However, they do provide insight into the current trends followed by cybercriminals, showing the ways in which the internet is most commonly used for illegal activity.
Phishing and Pharming – 2022 USA Victim Count: 300,497
Data focused on 2022 found that the most common type of cybercrime in the US is phishing and pharming. Phishing and pharming refer to the fraudulent practice of luring people into revealing personal information, such as passwords, login details, and credit card numbers.
When carried out via email this practice is referred to as phishing, whereas it’s referred to as pharming when the victim is directed to a fake website disguised as a legitimate one.
Personal Data Breach – 2022 USA Victim Count: 58,859
Data focused on 2022 found that the second most common type of cybercrime in the US are personal data breaches. Typically, data breaches online are when a hacking attack successfully accesses a database of sensitive information, most often personal data, payment information, or login credentials.
Data breaches can lead to a victim’s personal info being sold on digital marketplaces, and, depending on the nature of the breached data, can lead to common but potentially devastating cybercrime-like synthetic identity fraud, account takeovers (ATO), and other forms of payment fraud.
Non-Payment/Non-Delivery – 2022 USA Victim Count: 51,679
The second most common type of cybercrime was non-payment and non-delivery, which was reported 51,679 times in 2022. Though they are at two ends of the customer-merchant relationship, they are not necessarily linked. Non-payment refers to a buyer not paying for goods or services received – often a headache in the ecommerce space, particularly for marketplaces with no-return policies.
This kind of fraud – often referred to as first-party fraud – is both on the rise and very difficult to detect. Meanwhile, non-delivery refers to the failure to deliver goods or services that have been paid for. In the cybercrime field, non-delivery is often associated with fraudulent storefronts set up at online marketplaces, phishing, classified ads posted by scammers, and other person-to-person scams, such as forex fraud.
Cybercrime Affecting US Businesses
Online threats have become a major problem for businesses in the USA. Activities such as using ransomware to extort money out of organizations and leaking the personal information of customers and employees are both now bigger threats than ever.
‘The financial cost of fraud report 2021’ by Crowe LLP and The University of Portsmouth found that fraud costs businesses and individuals a total of £137 billion (roughly equivalent to $189 billion) each year.
Whether they’re involved in ecommerce fraud or credit card fraud, these criminals now have a plethora of tools at their disposal to trick you into handing over your money. This puts both consumers and businesses at risk when conducting transactions online – with fraudsters counting both parties as fair targets.
According to research by Juniper published in mid-2022, the ecommerce industry saw a $41.4 billion loss due to fraud in 2022. And yet, despite this, only 34% of companies are investing in fraud prevention and mitigation measures.
This suggests that many businesses would benefit from investing in new counter-fraud systems and technologies which would enable them to scale to better fit the expanding global market, while not assuming the burden of losses to fraud and cybercrime.
While fraud has become a huge drain on ecommerce businesses and their customers, data leaks can also pose a threat to their employees, customers, and clients. Data leaks – the resulting dissemination of sensitive info as a result of a data breach – have become a serious issue in the USA, with thousands of data breaches taking place each year.
To look into the risks further, check out the below graph, which is based on 2023 data from Statista and covers the US’s instances of data compromises, individuals impacted, and records exposed.
Here we can see that the risks of compromised cybersecurity practices are multifaceted: Far from it being the case that the data compromises, individuals impacted, and the number of records exposed only ever increase with time, the lines on the graph fluctuate considerably throughout those three metrics.
These stark fluctuations can largely be attributed to major data breach events throughout the last several years. Statista’s data commentary, published in April 2023, emphasizes that dramatic increases in such compromises are largely industry-specific. As of 2022, the enormous sectors of healthcare, financial services, and manufacturing have seen the biggest data breaches.
One thing that is consistent, however, is the general upward trend involved in the total number of data compromises. This has increased from 785 million in 2015 to 1.802 billion in 2022.
The graph also reflects the fact that cybercrime is not only a danger to large industries and organizations with highly sensitive information, but it also poses a significant risk to individuals. Between 2021 and 2022, in fact, the number of individuals impacted rose from 298.08 million to 422.14 million.
Major incidences appear to be the biggest factor in these impacted individuals. For example, March 2018 saw the third biggest data breach, when India’s national identification database, Aadhaar, was exposed leading to the exposure of 1.1 billion records.
Full Global Cyber-Safety Index
This is our full Cyber-Safety Index, looking at data from 93 countries. The countries are ranked from low risk to high risk, according to their overall Cyber-Safety Score.
This score has been formulated by combining data based on each country’s performance on a range of indices relating to cybersecurity, digital fraud, and cybercrime, as well as the breadth of legislation and government strategies for cybersecurity in each location.
The overall cyber-safety score is based on the mean average that we arrived at when calculating the NCSI, GCI, and CEI’s results for the 93 countries observed. In the case of each data point, the score has been presented as a percentage for the sake of this report (see Commentary for more information on the methodology involved).
Download the Full Cyber-Safety Index
This is our full Cyber-Safety Index, looking at data from 93 countries. The countries are ranked from low risk to high risk, according to their overall Cyber-Safety Score.
Commentary
This global cybersecurity report was updated in Q1, 2023. It looks at the cybersecurity data that has been made available since the start of 2020.
The limitations of the reporting come down to the fact that it uses a broad timeframe: While the NCSI’s data is updated on a live basis, the other cybersecurity authority sourced, the GCI, was published in 2020, with a new Global Cybersecurity Index report planned for publication in late 2023/early 2024.
Our Cyber-Safety Score reflects a calculation of the average of the scores sourced. Though there are some metrics that cross over between the scoring systems, we feel that the score we computed gives a robust idea of the country’s overall cybersecurity environment, based on factors taken into account by the respective data sources, such as the level of commitment to cybersecurity, comprehensiveness of any existing legal frameworks, and rate of implementation of technical security measures.
Notably, to calculate this mean average-based cyber-safety score, we converted some data so all our data sources could be computed hygienically. Unlike the NCSI and GCI, which use percentage-based scoring – 0 being the worst and 100 being the best – the CEI (Cybersecurity Exposure Index) 2020 uses a rating score of 0 to 1.
On this 0 to 1 scoring scale, 0 means the least exposed to cyberattacks (meaning the best possible score), 1 is the most exposed to cyberattacks (meaning the worst possible score), and 0.500 is a completely neutral result. Accordingly, each of the CEI’s scores from 0 to 1 was converted into the corresponding percentage. This meant, for example, that 0.300 translates to 70.00%. Each country’s Cybersecurity Exposure Index score went through this process so that the mean average calculation would always be made up of percentage scores throughout the NCSI, GCI, and CEI’s international data.
Ultimately, this report, published in Q1, 2023, has taken authoritative, recent data, all of which can be updated over the years to come in ways that will ultimately show trends in Cyber-Safety Scores throughout the ever-changing cybersecurity landscape.
Top Five Cyber Crimes in 2023
With the rise of technology, the nature of crime has also transformed. Crime becomes more lethal and untraceable. Cyber security expert warns about the new nature and domain of cybercrime in 2023.
Cyber Attack on Hospital
Cyber-attacks on hospital systems can have serious consequences, as they can disrupt the delivery of healthcare and potentially put patients’ lives at risk. Hospitals are often targeted by cybercriminals because they may have valuable personal and financial information about patients and because the consequences of a successful attack can be severe.
In a cyber-attack on a hospital system, the attacker may try to gain unauthorized access to the hospital’s computer systems and steal or manipulate data, disrupt the operation of medical devices, or disrupt the delivery of healthcare. The attack may also involve ransomware, where the attacker holds the hospital’s data hostage and demands a ransom to restore access.
It is important for hospitals to have strong cybersecurity measures in place to protect against cyber-attacks. This may include measures such as firewalls, antivirus software, and secure passwords, as well as ongoing training for staff on how to recognize and prevent cyber-attacks.
Scanning QR Code
Scanning a QR code has the potential to compromise your personal data if the QR code is linked to a malicious website or if it is used to steal your personal information. It’s important to be cautious when scanning QR codes, especially if they are from unfamiliar sources.
It’s also a good practice to check the URL of the website that the QR code leads to, to make sure it is a legitimate website and not a phishing site or other type of scam.
It’s also a good idea to use a QR code scanner app that checks for safety and has some sort of building security checks, also updating your device and QR scanner app on regular basis will make sure you have the latest security patches.
It’s a good practice to avoid scanning QR codes from untrusted sources and only scan QR codes from sources that you know and trust.
Cyber-attack on Supply Line
A cyber-attack on a supply chain can have significant consequences for the affected organizations and their customers. These types of attacks can disrupt the flow of goods and services, leading to delays, lost revenue, and potentially even damage to a company’s reputation.
In a supply chain cyber-attack, attackers typically target the systems and networks that companies use to manage and track their inventory, orders, and shipments. For example, an attacker might target a company’s enterprise resource planning (ERP) system, which is used to manage inventory and production, or a transportation management system (TMS), which is used to track shipments and deliveries.
The attacker can gain access to these systems through a variety of methods, such as exploiting vulnerabilities in software, phishing scams, or other forms of social engineering. Once they have access, they can steal sensitive information such as customer data, financial data, and intellectual property, or disrupt the normal operation of these systems. This can lead to delays in deliveries, stakeouts, and unplanned downtime in production.
It’s important for organizations to take steps to protect their supply chains from cyber-attacks, by implementing measures such as security awareness training for employees, regular security audits and penetration testing, and the use of advanced security technologies such as firewalls, intrusion detection, and prevention systems, and security information and event management (SIEM) tools.
In addition, organizations should also be proactive in monitoring for signs of an attack and be ready with incident response plans, which can help minimize the damage of a successful attack and help with a faster recovery.
Cyber-attack on electric cars/vehicle
A cyber-attack on an electric vehicle (EV) can have serious consequences, potentially compromising the safety and privacy of the vehicle’s occupants, as well as the integrity of the EV’s systems and networks.
One way that attackers may target an EV is by exploiting vulnerabilities in the vehicle’s electronic control units (ECUs), which are the computer systems that control various aspects of the vehicle, such as the powertrain, brakes, and steering. Attackers could potentially take control of these systems and manipulate the vehicle’s behavior, potentially causing accidents or other dangerous situations.
Another way attackers may target an EV is by exploiting vulnerabilities in the vehicle’s communication systems, such as the onboard diagnostics (OBD) port, or wireless connectivity systems, such as Bluetooth or cellular networks. This can allow attackers to gain access to the vehicle’s systems and data and potentially steal sensitive information such as location data, driving history, and personal information of the occupants.
To mitigate the risk of cyber-attacks on EVs, it’s important for manufacturers to design and build vehicles with security in mind. This includes the use of secure coding practices, regular software updates to address known vulnerabilities, and the use of robust security protocols to protect the vehicle’s communication systems.
It’s also important for EV owners to be aware of the risks and take steps to protect their vehicles. This can include keeping their vehicles’ software up to date, being cautious about connecting their vehicles to unfamiliar networks or devices, and not leaving sensitive information such as personal data in the vehicle.
As the trend of Electric cars is getting more popular and advancement in technology is increasing, Cybersecurity in Electric cars will be a crucial area to ensure the safety and security of both vehicles and their occupants.
Cyber-attack on Electric Grid
A cyber-attack on an electric grid can have serious consequences, potentially causing widespread power outages and disruptions to the electricity supply. Electric grids are complex systems that rely on many interconnected components, including power generators, transmission and distribution systems, and control systems.
One way that attackers may target an electric grid is by exploiting vulnerabilities in the control systems, such as supervisory control and data acquisition (SCADA) systems and other industrial control systems (ICS) that are used to monitor and control the grid. Attackers can use malware, phishing scams, or other techniques to gain access to these systems and manipulate the grid’s behavior, potentially causing power outages or other disruptions to the electricity supply.
Another way that attackers may target an electric grid is by exploiting vulnerabilities in the communications systems that are used to transmit data and control signals between different parts of the grid. This could include exploiting vulnerabilities in the networks that connect power plants, substations, and other grid components, or by targeting the systems used to manage the grid’s transmission and distribution systems.
To mitigate the risks of cyber-attacks on electric grids, it’s important for utilities and grid operators to take a proactive approach to cybersecurity. This includes implementing robust security measures such as firewalls, intrusion detection and prevention systems, and security information and event management (SIEM) tools. Additionally, regular security audits, penetration testing, and employee training on cybersecurity are important.
It’s also important for government agencies, utilities, and grid operators to work together to share threat intelligence and coordinate incident response efforts. Furthermore, Industry Standards and regulations such as NIST-CIP, IEC62443, and others provide guidelines for protecting industrial control systems like those used in the electric grid.
Given the critical importance of electric grids to our daily lives, ensuring their cybersecurity is a vital step towards protecting our communities and infrastructure from potential cyber threats.
Related Topics: Cyber warfarecybersecurityIntelligence
The Curious case of Estonian Cyber Capabilities: Lessons for Pakistan
Is Russia losing the cyber warfare?
Muhammad Shahzad Akram is a Research Officer at the Center for International Strategic Studies (CISS) AJK. He holds an MPhil degree in International Relations from Quaid I Azam University, Islamabad.
Continue Reading
You may like
Chinese proposals for Metaverse show that we are negotiating for “Cyberterritory”
Prigozhin: A Bitter End or The Greatest Trick
WP: US intelligence says Ukraine will fail to meet offensive’s key goal
Mounting Cyber Espionage and Hacking Threat from China
Digital Sovereignty in Russia and China
Whistleblowers: the Unsung Heroes
Intelligence
Mounting Cyber Espionage and Hacking Threat from China
Earlier this month a ransomware attack on America’s Prospect Medical Holdings, which operates dozens of hospitals and hundreds of clinics and outpatient centres across the states of Connecticut, Rhode Island, Pennsylvania and Southern California was forced to shut off its centres in several locations as the healthcare system experienced software disruptions. In June India’s premier hospital, the All India Institute of Medical Sciences (AIIMS) faced a malware attack on its systems which was thwarted by its cyber-security systems. This is not the first time that the premier hospital’s data was breached. In November 2022, AIIMS had experienced a cyberattack within weeks of announcing that from January 2023, it would operate on a completely paperless mechanism. The cyber attack which involved ransomware, designed to deny a user or organisation access to files, lasted for nearly a month affecting the profile of almost 4 crore patients – affecting registration, appointments, billing, laboratory report generation, among other operations of the hospital. Regarding the quantum of data that was compromised, the government revealed that “five servers of AIIMS were affected and approximately 1.3 terabytes of data was encrypted.”
Till June this year, Indian Government organisations faced over one lakh cyber security incidents and financial institutions saw over four lakh incidents. Data presented by the Indian Computer Emergency Response Team (CERT-In), which has the mandate of tracking and monitoring cybersecurity incidents in India, indicates rising Cyberattacks to government organisations. or systems year on year. From 70798 in 2018, to 112474 in 2023 (up to June) incidents of cyber attacks have been on the rise, on a year on year basis. Presenting this data at the Parliament, Minister for electronics and IT Ashwini Vaishnaw said, “With innovation in technology and rise in usage of the cyberspace and digital infrastructure for businesses and services, cyber-attacks pose a threat to confidentiality, integrity and availability of data and services, which may have direct or indirect impact on the organisation.”
A lot of the hacking activity points towards China. Western intelligence agencies are becoming increasingly wary of digital intrusion by hacking teams that they believe are being backed by China’s government. Almost a decade ago, American computer security firm Mandiant had made the startling claim that these hacking groups are operated by units of China’s army. The firm was able to trace an overwhelming percentage of the attacks on American corporations, organisations and government agencies to a building on the outskirts of Shanghai. Mandiant made the case that the building was one of the bases of the People’s Liberation Army’s corps of cyberwarriors. US intelligence analysts have detected that a central element of Chinese computer espionage is Unit 61398 which targets American and Canadian government sites. Mandiant, which was hired by The New York Times, found that hacker groups like “Comment Crew” or “Shanghai Group” were behind hundreds of attacks on U.S. companies, focusing “on companies involved in the critical infrastructure of the United States — its electrical power grid, gas lines and waterworks” thereafter bringing that information to the military unit 61398.
In their defence the China’s authorities simply denied any form of state-sponsored hacking, and have in turn dubbed the US National Security Agency (NSA) as “the world’s largest hacker organisation.”
Nonetheless, since the 2013 revelations, Chinese hacking teams have generated a lot of interest and Western cybersecurity companies and intelligence agencies have accused them of global digital incursion. They allege that Chinese government-backed hackers attempt to target everything from government and military organisations to corporations and media organisations.
Most recently in the footsteps of the incident involving the Chinese spy balloon Microsoft claimed that in an ongoing effort Chinese state-sponsored hackers group ‘Storm-0558’ was forging digital authentication tokens to gain unauthorised access to Microsoft’s Outlook accounts and urged users “close or change credentials for all compromised accounts”. On May 24, Microsoft and US intelligence state-sponsored hackers of ‘Volt Typhoon’ were engaged in ongoing spying of critical US infrastructure organisations ranging from telecommunications to transportation hubs, using an unnamed vulnerability in a popular cybersecurity suite called FortiGuard, and had been active since mid-2021.
According to US cybersecurity firm Palo Alto Networks cyber espionage threat group ‘BackdoorDiplomacy’ has links to the Chinese hacking group called ‘APT15’and they are all involved in cyber intrusions and financially motivated data breaches for the Chinese government. During the visit by then-US House of Representatives Speaker Nancy Pelosi to Taipei, APT27 initiated a range of cyber attacks targeting Taiwan’s presidential office, foreign and defence ministries as well as infrastructure such as screens at railway stations. Television screens at 7-11 convenience stores in Taiwan Began to display the words: “Warmonger Pelosi, get out of Taiwan!”
Mara Hvistendahl’s article in Foreign Policy, 2017 ‘China’s Hacker Army’ estimated China’s “hacker army” anywhere from 50,000 to 100,000 individuals, but rejected the belief that it was a monolithic cyber army. Mara contends that Chinese hackers are for the most part dangerous ‘freelancers’ whose ‘causes neatly overlap with the interests of the Chinese government’ and these hackers are left alone as long as they target foreign sites and companies.
Although cyber attacks have gone up globally, data by Check Point, an American-Israeli software company, reveals that weekly cyber attacks in India have gone up by 18 per cent this year, which is 2.5 times more than the global increase. Furthermore the cyber attacks are becoming more sophisticated as hackers try to weaponize legitimate tools for malicious gains. For instance the use of ChatGPT for code generation, enables hackers to effortlessly launch cyberattacks.
Last year in a massive case of cyber espionage, Chinese-linked hackers broke into mail servers operated by the Association of Southeast Asian Nations (ASEAN) in February 2022 and stole sensitive data. At the recent ‘Conference on Crime & Security on the theme of ‘NFTs, AI and the Metaverse’, current G20 President India, has highlighted the need for cooperation to build cyber-resilience in an increasingly connected world. Both cyber attacks and cyber crimes have national security implications.
In India, investigations into the cyberattack, which had crippled the functioning of India premier health institution AIIMS, revealed that “the IP addresses of two emails, which were identified from the headers of files that were encrypted by the hackers, originated from Hong Kong and China’s Henan province”.
Earlier this year, US Federal Bureau of Investigation (FBI) Director Christopher Wray had an alarming metric, – that Chinese hackers outnumber FBI cyber staff 50 to one. Addressing a Congressional panel he said, China has “a bigger hacking programme than every other major nation combined and has stolen more of our personal and corporate data than all other nations — big or small — combined.”
China is today home to some of the most sophisticated hackers, whose capabilities have only improved with time. Their motivations and actions might be independent but are conveniently entwined. However, much more needs to be understood about the hacker culture from China in recent years, if the menace of cybercrime and ransomware is to be mitigated successfully .
Intelligence
Whistleblowers: the Unsung Heroes
Whistleblowing is a bribery and corruption prevention strategy that does not receive the credit it deserves. In fact, rather than relying exclusively on laws, regulations, and resolutions, whistleblowing can be considered a highly effective method to combat bribery and corruption in any field, including government or corporate settings. Whistleblowing often leads to sustainable solutions, as it involves voices from various levels, ranging from grassroots to top-tier management. However, there are plethora of challenges whistleblowers face when they blow the whistle. Nonetheless, whistleblowers play a crucial role in preventing bribery and corruption, and this pivotal role enables preserving the security of any nation.
As stated by the National Center for Whistleblowing (2021), at its core, a whistleblower is an individual who discloses instances of wastefulness, fraudulent activities, misconduct, corruption, or hazards to public well-being, with the intention of prompting corrective actions. While whistleblowers are often affiliated with the organization where the wrongdoing occurs, it is not a prerequisite; anyone can assume the role of a whistleblower as long as they reveal information about the wrongdoing that would otherwise remain concealed. In simple terms, a whistleblower is a person who acts responsibly on behalf of themselves as well as others. Whistleblowers play an extremely imperative role in any society, as they stand for justice, promote accountability, and advocate transparency.
When looking at its link to national security, whistleblowers play a crucial role. One prominent action is whistleblowers exposing imminent and occurred security threats. They are capable of disclosing breaches of security, illegal surveillance, and in situations where individuals or entities are attempting to divulge material information. Whistleblowers uncover injustices, misconduct, and beyond-the-scope activities of decision-makers within government or private entities. If individuals engage in unethical practices, illegal actions, or actions jeopardizing integrity, whistleblowers blow the whistle. One such example, as reported by St. Francis School of Law in 2022, is whistleblower Frank Serpico’s case. He was the first police officer who openly testified about corruption within the New York Police Department, reporting instances of police corruption, including bribes and payoffs, despite facing numerous obstacles. His revelations contributed to a 1970 New York Times story on systemic corruption in the NYPD, leading to the formation of the Knapp Commission. In 1971, he survived a suspicious shooting during an arrest, raising concerns about potential attempts to harm him. Serpico’s bravery emphasized the importance of accountability and transparency in law enforcement.
Whistleblowers also contribute by facilitating accountability by bringing into light corrupt practices such as mismanagement of money. An example is, in 1968 when A. Ernest Fitzgerald, known as the “godfather of the defense movement,” exposed a staggering $2.3 billion cost overrun related to the Lockheed C-5 transport aircraft. His courageous testimony before Congress shed light on issues in defense contracting and resulted in substantial government savings. Fitzgerald’s contributions went beyond the immediate case, playing a crucial role in the passage of the Whistleblower Protection Act of 1989. This results in a culture of accountability where representatives of the public are answerable to their actions. Whistleblowers uphold the rule of law and promote justice by defending the rights of the citizens. It fosters democracy.
However, whistleblowers are often subjected to criticism for standing up against injustice. They fear retaliation, as guilty parties may try to silence them out of revenge. Additionally, companies or institutions may not take whistleblowers seriously, leading them to avoid addressing the reported issues. In many cases, this happens because governments or authorities in power might be involved in bribery and corruption. Public recognition and appreciation of whistleblowers’ contributions to society are vital and should not be perceived as excessive. In addition, there are situations where groups of individuals create sub cultures within organisation and act against rules and protocols jeopardising inclusive culture. In such situations, reporting to a superior will be seen as favoritism or being overly devoted to the institution. This toxic environment demotivates valuable employees or those willing to stand against injustice. The lack of adequate legal protection further compounds the challenges faced by whistleblowers. Moreover, the courage to stand against bribery and corruption is in dire need, as many individuals may lack the moral fortitude to do so.
Whistleblowers are internationally and domestically protected, primarily through the adoption of the United Nations Convention against Corruption. Other international agreements, such as the African Union Convention on Preventing and Combating Corruption and the Organization of American States Inter-American Convention against Corruption, also demonstrate a commitment to whistleblower protection. Various influential international organizations, including the G20, OECD, and APEC, have played a role in promoting whistleblower laws and best practices worldwide. On the domestic front, countries like Sri Lanka have specific laws dealing with corruption, while OECD findings highlight countries with comprehensive whistleblower laws such as the United States, Canada, Japan, and others.
Despite these efforts, there are still some ambiguities and gaps in provisions that hinder effective whistleblowing. For instance, the proposed anti-corruption bill in Sri Lanka allows public officers to accept gratifications authorized by written law or employment terms, which undermines the core objectives of the bill and enables influential individuals to evade accountability for corrupt gains. In Russia, whistleblower protection is limited, with unsuccessful attempts to establish protective measures in 2017. This puts Russia behind the EU, which has implemented robust whistleblower protection through the Whistleblowing Directive.
It is evident that whistleblowers play an indispensable role in combatting bribery and corruption, acting as a highly effective strategy to preserve the security of any nation. Despite facing numerous challenges, these individuals contribute significantly by uncovering wrongdoing, promoting accountability, and upholding transparency. By exposing imminent security threats and holding corrupt practices accountable, whistleblowers safeguard the rule of law and foster democracy. However, to harness the full potential of whistleblowing, it is crucial to address barriers to reporting and remedy afore mentioned legal hurdles. Encouraging a whistleblowing culture and recognizing their contributions will enable society to effectively mitigate and combat bribery and corruption, by creating a more just and transparent environment. To accomplish this, organizations can embrace a culture of whistleblowing, by conducting awareness campaigns, implementing training programs, and fostering a safe and supportive environment for whistleblowers to come forward. In addition, implementing technical measures and policies to ensure whistleblower protection, authorities can demonstrate their commitment to supporting those who expose wrongdoing. These collective actions will strengthen the pivotal role of whistleblowers in preserving security by combating bribery and corruption, fostering a safer and more ethical society for the future.