SA facing increased cyber-crime threats
Cyber-crime is now posing major increased strategic risks to South African companies. Threats posed to organizations by cyber-crimes have increased faster than potential victims—or cyber security professionals—can cope with them, placing targeted organizations at significant risk.
This is the key finding of Deloitte’s review of the results of the 2010 CSO Cyber Security Watch Survey, sponsored by Deloitte and conducted in collaboration with CSO Magazine, the U.S. Secret Service, and the CERT Coordination Centre at Carnegie Mellon.
As the trend to technical convergence and offering consumers access to corporate information, products and services continues, so the risk of disruption arises.
The risk of disruption is also heightened as more services and products are offered on cell phone platforms, creating new opportunities for theft and fraud, says Nerisha Singh, Senior Manager, Risk Advisory at Deloitte.
“What makes cyber-crime even more serious in South Africa is that it often goes unreported by corporations.
“There are presently no laws or regulations that require reporting of cyber-crimes. Many corporate victims simply do not acknowledge that their ‘corporate defences’ have been breached as they wish to avoid the potential loss of public faith in their institutions. This silence unfortunately assists perpetrators, as they thrive within environments of anonymity and often operate simultaneously across several geographical boundaries.”
However, said Singh, South Africans did not have to look far to find what the consequences of cyber-fraud could be.
Several additional developments had increased the opportunities for cyber-crime globally, says Singh. These include:
* The proliferation of communication devices, networks and users;
* Social networking;
* The increase in on line banking services, investing, retail and wholesale trading services;
* Attacks through cyber space by organised crime and terrorist organisations;
* The growth of the ‘wire mule’ phenomenon. This has seen cyber criminals gaining access to systems through the unwitting assistance of authorised users. The criminals then operate as if they were users, navigating pathways, copying data and executing transactions.
“Added to these increased risks is the present state of international economies which have caused financial hardships for many people. Resentment against employers, or pure necessity, can drive employees or former employees to cyber-crime,” says Singh.
These trends demand a bold response by the corporate sector, says Singh.
“Presently, many companies are either over-confident about the continued integrity of their systems, are employing ‘non-agile’ security tools and processes and failing to recognise cyber-crimes in their IT environments. In many cases misallocation of limited resources sees only lesser threats being dealt with.”
Trends emerging that demand strong, rapid corporate responses, says Singh, are:
* An increase in the frequency of cyber-attacks;
* Use of new malware and ‘anonymity’ techniques that evade current security controls;
* Perimeter- intrusion detection, signature –based malware and anti-virus solutions that are rapidly becoming obsolete;
* Cyber criminals leveraging innovation at a rate that outpaces security vendors;
* A lack of effective deterrents for cyber-crime;
* The possibility of industrial espionage and cyber- crime intersecting to a great degree.
“These trends cannot be underestimated,” warns Singh, who points to international attacks against corporations such as Sony, Citibank, Lockheed Martin, The UK’s National Health Service and the IMF as examples.
South Africa, she says, is no exception to the international rule. “According to the February 2011 figures from the RSA Anti-Fraud Command Centre, South Africa is only surpassed by the USA and UK when it comes to volumes of phishing attempts. Cyber-crime has become a significant contributor to economic crime losses, and is now ranked the fourth most common crime after theft of assets, bribery and corruption and financial statement fraud.”
To counter the threats of cyber intrusions and crime, companies should make use of services which offered a multi-pronged approach to the problem of cyber-crime. These include a ‘cyber compromise diagnostic’ process aimed at analysing information security event logs; a remote access compromise analysis; on line application transaction analysis, and information security control assessment.
“Forensic investigations play their part in this approach by tracking and detecting sources of hacking attacks. Following trace-routes, if the source of the attack has an IP address, extracting the evidence required to remove electronic data from the system then follows. The evidence is then preserved for prosecutions, repairing systems and checking for other vulnerabilities exploited by hackers. The final step is an audit aimed at preventing future attacks.
“The bottom line is that organisations must make use of cyber intelligence to develop capabilities that are able to deal with the threats they could face. Organisations must go beyond the traditional ‘detect and respond’ security functions. They must add tools that help them protect against possible threats and identify threats that could apply specifically to their companies.
“The advent of the cloud, social computing and the rise of mobile technologies, mean that companies do not have total control over their systems and data any longer. Core services will therefore have to be reviewed and based on a backbone that is secure.
“Achieving what is required will provide for a secure operational environment that will ultimately enhance a company’s market competitiveness,” says Singh.