South African companies are warned that cybercrime is set to increase in 2013 and will place their profitability, their competitiveness and perhaps even their existence at risk.
An alarming fact is that South Africa hosts the third-highest number of cybercrime victims in the world, behind only Russia and China, according to the recently released Norton Cybercrime Report for 2012.
The report also shows that cybercrime is growing at rates never seen before. It states there are 556 million global victims of cybercrime per year, which equates to over 1.5 million victims per day, or about 18 victims per second. Furthermore, Norton puts the global price tag of consumer cybercrime at $110 billion.
“These statistics are astounding, but to put it in a local perspective, The South African Cyber Threat Barometer 2012/13 puts the total direct losses to cybercrime in South Africa between January 2011 and August 2012 at R2.65 billion. Of this, an estimated R662,5 million was not recovered,” says Hedley Hurwitz, MD of Magix Security.
With cybercrime growing unabated and little help from government to deal with it, it is up to business to tackle this problem. Hurwitz says cybercrime is set to increase in 2013 for four primary reasons.
The latest employment statistics show that unemployment is up and if the recent census data is correct, unemployment is even higher than the figures supplied by Statistics SA. More people without work quite simply means more soft targets for syndicates.
Internet and mobile access continues to grow
With more people online and accessing the Internet via their cellphones, companies have to continually add new security measures to protect themselves. However, the more complex the access and authentication controls, the bigger the loopholes and vulnerabilities that cyber criminals can take advantage of.
“The reality is that syndicates are at an advantage because they work full time focused only on finding ways to find and exploit vulnerabilities,” adds Hurwitz.
Insider threats grow
The primary threat to business is from insiders who are working for syndicates or for themselves. Most often it is middle and senior managers with access to sensitive information or corporate bank accounts that feel justified in stealing from their companies.
“If you’re under financial pressure and someone offers you R10 000 for a copy of your company’s client database, many people will comply,” notes Hurwitz. “It’s not like you’re taking the database, just a copy; nobody gets hurt and you get an unofficial bonus.”
SA lags in insider threat awareness
Insider fraud has always been seen as a cost of doing business, but with the realisation of the actual costs involved, companies are starting to pay attention to it. “In a perfect world, we can simply trust our employees,” says Hurwitz. “In the real world, however, trust must be earned.”
As revenues decline and business leaders are forced to focus on cutting costs, 2013 will be the year of increased focus on cybercrime in all its forms. “This is a risk companies will have to mitigate through a variety of means,” says Hurwitz. “However, in mitigating cybercrime, businesses will be pleasantly surprised at the amount of money they will save. In larger companies, the money saved can translate into millions of Rands added directly to the bottom line.”