Cybercrime a big risk in SA: Deloitte

Cybercrime is now posing major increased strategic risks to South African companies‚ Deloitte said on Monday.

Threats posed to organisations by cybercrime have increased faster than potential victims — or cyber security professionals — can cope with them‚ placing targeted organisations at significant risk.

This is according to a key finding of Deloitte’s review of the results of the 2010 CSO Cyber Security Watch Survey‚ sponsored by Deloitte and conducted in collaboration with CSO Magazine‚ the US Secret Service‚ and the CERT Coordination Centre at Carnegie Mellon.

As the trend to technical convergence and offering consumers access to corporate information‚ products and services continues‚ so the risk of disruption arises.

The risk of disruption is also heightened as more services and products are offered on cellphone platforms‚ creating new opportunities for theft and fraud‚ says Nerisha Singh‚ senior manager‚ risk advisory at Deloitte.

“What makes cybercrime even more serious in SA is that it often goes unreported by corporations. There are presently no laws or regulations that require reporting of cybercrimes.

"Many corporate victims simply do not acknowledge that their corporate defences have been breached as they wish to avoid the potential loss of public faith in their institutions.

"This silence unfortunately assists perpetrators‚ as they thrive within environments of anonymity and often operate simultaneously across several geographical boundaries.”

However‚ Singh said South Africans did not have to look far to find what the consequences of cyber fraud could be.

Several additional developments had increased the opportunities for cybercrime globally‚ she said.

These included the proliferation of communication devices‚ networks and users; social networking; the increase in online banking services‚ investing‚ retail and wholesale trading services; attacks through cyberspace by organised crime and terrorist organisations; and the growth of the “wire mule” phenomenon. This has seen cyber criminals gaining access to systems through the unwitting assistance of authorised users. The criminals then operate as if they were users‚ navigating pathways‚ copying data and executing transactions.

Trends emerging that demand strong‚ rapid corporate responses‚ said Singh‚ were an increase in the frequency of cyber attacks; use of new malware and “anonymity” techniques that evaded current security controls; perimeter- intrusion detection; signature based malware and anti-virus solutions that were rapidly becoming obsolete; cyber criminals leveraging innovation at a rate that outpaces security vendors; a lack of effective deterrents for cybercrime; the possibility of industrial espionage; and cybercrime intersecting to a great degree.

“These trends cannot be underestimated‚” warned Singh‚ who pointed to international attacks against corporations such as Sony‚ Citibank‚ Lockheed Martin‚ the UK’s National Health Service and the IMF as examples.

SA‚ she said‚ was no exception to the international rule.

“According to the February 2011 figures from the RSA Anti-Fraud Command Centre‚ SA was only surpassed by the USA and UK when it came to volumes of phishing attempts.

"Cybercrime has become a significant contributor to economic crime losses‚ and is now ranked the fourth most common crime after theft of assets‚ bribery and corruption and financial statement fraud.

To counter the threats of cyber intrusions and crime‚ companies should make use of services which offered a multi-pronged approach to the problem of cybercrime.

According to Singh‚ these included a “cyber compromise diagnostic” process aimed at analysing information security event logs; a remote access compromise analysis; online application transaction analysis; and information security control assessment.