Take cyber crime seriously, says E&Y

By Kaunda Chama for Ernst & Young
Johannesburg, 23 Feb 2006

Cyber crime is now one of the fastest growing global crimes both on the frequency of occurrence and the amount of money it costs corporates annually.

This is according to Ernst & Young, which says in the US, cheque fraud causes losses of $20 billion, credit card fraud of $1 billion and bank robberies of $120 million a year, while cyber fraud has reached $5 billion a year and has the potential to rise between 200% and 500% per annum.

Stieler van Eeden, the company`s assistant manager for IT security, said at a briefing this week that according to statistics obtained from the South African Police Service (SAPS), online fraud accounts for just over 50% of the country`s cyber crime.

Close behind online fraud in the cyber crime stakes are identity theft and industrial espionage, and what SAPS terms as violent crimes, like using the Internet to hire a killer. Van Eeden said the police report that most of the people involved in this type of crime are IT managers, financial managers, lawyers or doctors.

Illegal cartels

He noted that some perpetrators of cyber crime, such as hackers, are still doing it for the purpose of defacing Web sites, while the more serious cyber criminals access sensitive corporate data. He added that some illegal cartels are also using the Internet to extort money from online gambling sites.

"I must say, however, that the number of attacks seems to be going down due to the better corporate governance in the industry."

Van Eeden said malware is also becoming one of the hardest-hitting forms of attacks on corporates as the standard of malicious software becomes increasingly sophisticated.

Phishing has also become commonplace in almost every country, he commented.

"Locally, it is very difficult to quantify how much cyber crime is costing corporates and financial institutions because they prefer not to divulge information regarding such issues."

Taking advantage

The cyber crime threat is clearly growing, but local companies do not take such crime seriously enough, he said.

He advised that end-users also need to be better educated about the threat that exists in the cyber environment and at the same time they need to be more vigilant.

"Illegal syndicates are taking advantage of this. For instance, not many people are aware of the fact that Microsoft reported over 20 high-risk vulnerabilities in Internet Explorer over the past three years because the company does not want to widely publicise this."

Van Eeden said as an interim measure, companies should ensure employees become more responsible with their IT assets, implement rapid response measures in case of attacks, reduce authentication costs, follow regulatory guidance, and vendors and system integrators should improve application security.