New age cybercrime a bigger threat than ever before warns Deloitte
As society becomes hyper connected, the growing number of devices and people operating those devices pose a greater security risk than ever to both the public and private sectors.
Priya Singh, a manager within the Risk Advisory business unit of professional services firm, Deloitte in KwaZulu-Natal, warned that increased connectivity meant that cybercrime is more prevalent and is a very real risk of which both public and private sector organisations need to be aware. As fraud and corruption move into the digital age, organisations needed to re-think the way they view cybercrime risks and the security measures needed to protect their data.
She was responding to a strong warning from senior forensic manager and cybercrime expert, Eben Louw, who was speaking at the ACFE Anti-Fraud and Corruption Conference in Durban. The event, held as part of the International Fraud Awareness Week, was intended to raise awareness of corruption and crime as well as highlight challenges and the importance of prevention.
“The world of technology opens many doors and, if you don’t understand that, you will suffer,” he warned.
Singh agreed. “Increased criminal activity in cyberspace has become one of the fastest growing security threats to individuals and organisations. Unfortunately, cyber culture is growing faster than cyber security,” she said, explaining that, with the increase in the number of internet enabled devices as well as increased adoption of services such as cloud computing, this risk was growing exponentially globally.
As a result, the definition of cybercrime itself is becoming more extensive and covers all criminal activity that involves networks and computers. “Everything that is exposed to cyber activity is at risk – private data, intellectual property and cyber infrastructure can be compromised by deliberate attacks as well as inadvertent security lapses,” she said.
For example, individuals could become victims of identity theft and organisations held to ransom by denial of service attacks. Organisations could suffer reputational damage and financial prejudice. Financial institutions could also face penalties and legal consequences – not to mention reputational damage - due to non-compliance with stringent legislation governing the protection of confidential information.
Organisations today are not only at risk of being infiltrated by isolated incidents by individual hackers but, with the growth of connectivity, they are also at risk of being infiltrated by organised crime syndicates. Organised crime syndicates use sophisticated cutting edge hacking tools such as malware, spyware and viruses.
Most attacks are very focussed and co-ordinated. Organised cybercrime syndicates are not just an external threat but include someone (intentionally or not) from inside a company with access to crucial systems to facilitate these crimes, she pointed out.
Both Louw and Singh said that South African companies were coming under increased threat as this country is seen as an important business hub and gateway to Africa.
Singh said that companies and organisations within both the public and private sectors needed to urgently rethink how they viewed cybercrime as well as the security measures needed to counter what was a very real and growing threat.
She noted that it was disturbing that many still felt that cyber threats did not apply to them. This lapse was often closely connected to the fact that organisations did not necessarily know how criminal syndicates viewed them and the value of their data/information.
Although risk profiles vary from individual to individual and organisation to organisation, she explained that cybercrime was no longer just about simple theft. Personal data as well as intellectual property was increasingly valuable and public sector institutions, such as municipality billing systems were huge repositories of personal information.
Deloitte participated in the ACFE Anti-Fraud and Corruption Conference hosted by eThekwini Municipality in partnership with KZN Provincial Treasury and the ACFE to both support and advise organisations to rethink the way they view cybercrime and the security measures to protect their data, taking a risk based approach rather than a more traditional security based approach.
She said that many organisations were under the misconception that the simple “wall and fortress” security measures around the perimeter of their systems would counter all threats. This centred on incoming data only.
“We can assist organisations to plan and execute a risk based approach to mitigate cybercrime. This focuses on monitoring and identifying data that is both leaving and entering an IT environment. This approach helps our clients to classify data according to its importance and risk and to build security tools and put in place measures needed to protect specific categories of data,” she explained.
Singh stressed that it was important to take a proactive rather than a reactive approach to both cybercrime and cyber security. A risk based approach allocated resources based on the vulnerability and value of certain data. To mitigate the risks of cyber threats effectively, individuals and organisations should expand their capabilities to include proactive, continuous monitoring, while enhancing existing security practises to leverage cyber intelligence.
