The question is not ‘if’ or ‘when’ cybercrime will comprise the most significant portion of financial crime losses. It’s already happening and is not waiting for the Forensic Services profession to catch up. There has been a global increase in cyber-related incidents and this is fast becoming the next major crime wave, says Clayton Thomopoulos, a Deloitte Director at Risk Advisory.
According to Verizon’s 2014 Data Breach Investigations Report, there has been a “marked increase in instances of recorded cybercrime over the last 12 months”. With 2013 having seeing the largest ever number of cybercrimes on record, Verizon estimated that “2014 will go down in history as a watershed moment for cybercrime”.
Thomopoulos therefore cautions companies to take adequate precautions before they suffer financial losses and more importantly, damage to reputation that typically accompanies such incidents. “The vulnerability of countless companies, consumers and even governments is increasing with exponential increases in electronic access to data, communications, financial services and the like. However, solutions are becoming available through an entirely new methodology in the approach to cybercrime, known as Next Generation Forensics (NGF).
“Today, technology rules our working and personal environments due to an increased dependency on technology by consumers and business. With enhanced connectivity comes the danger of increased levels of fraud, corruption and cybercrime,” says.
Worldwide, the traditional forensic approach to investigation, prevention and detection of criminal activities is proving inadequate to keep pace with the speed at which new avenues of criminal perpetration are evolving. Individual thefts of funds can pale into insignificance compared to theft of Intellectual Property and personal information - as are seen in media reports on a regular basis. Fraud and misrepresentation for financial gain has now reached pandemic levels with the increase in avenues enabling fraud perpetration such as social engineering.
“Hard currency has been augmented by digital currency. Face to face fraud perpetration has been augmented by cyber-related exploits from around the globe. No need to travel, just logon. The message is fairly self-evident. Simply put, the manner in which financial crime has been addressed will no longer suffice. There is an urgent need for critical reform of Forensic Services without which effective mitigation of financial crime will be severely hampered,” says Thomopoulos.
Cybercriminals are able to identify and feed off the inherent weaknesses present in many Information Technology (IT) environments and the consumer and business need for increased dependency on technology, an activity far beyond traditional ‘cops and robbers’. Nonetheless, traditional investigations will still play an important role in forensic interviews, analysis, analytics, financial reconciliations, affidavits and the like.
“However the approach to identifying key persons of interest and/or perpetrators is where the need for critical reform resides. For this, there is a need to supersize the skills set of forensic practitioners. It is here that NGF demands a cold hard view of the current approach, as well as a change in mind set. NGF practitioners need to minimally understand cybercrime, the impact and risks posed by malware, inadequate IT controls, dark web access and social engineering practices. The multi-jurisdictional layering often associated with cybercrime highlights the issue of Cyberlaw in order to facilitate investigations across multiple countries,” says Thomopoulos.
“The NGF practitioner must have a broad-based skills set, one that enables him to conduct multiple facets of Forensic Services such as data collection, imaging, processing of data, eDiscovery reviews and interviews. Speed of response, technical considerations, legislative compliance and evidence handling will be key areas of focus when taking on the current cybercrime infestation.”
To achieve this level of response, Thomopoulos says that prevention and detection approaches will require equal reform since many of the risks identified from an IT perspective may pose significant opportunity for tech savvy criminals to exploit.
Fraud risk assessments, awareness and education, compliance disclosures and forensic analytics will now need to factor in the IT infrastructure related risks. In order to adequately address this, the NGF practitioner will need to have a sound understanding of these risks and the appropriate mitigation strategies.
“Consequently, a bridge needs to be rapidly established between tradition and technology. Failure to take cognisance of this vital component of Forensic Services will most certainly increase the risk of both financial and reputational prejudice resulting from criminal activity within the cybercrime context,” concludes Thomopoulos.