Many South African businesses cannot prevent cyber attacks because they lack a fundamental understanding of cyber crime and criminality in general, as well as what is needed to fight it.
So says Jason Jordaan, principal forensic analyst, DFIR Labs, who will be presenting on “Cyber crime – do we really understand it?”, at the ITWeb Security Summit 2022, to be held from 31 May to 2 June at the Sandton Convention Centre.
He says the majority of local entities in the private and public sector, treat cyber crime as an IT problem that requires an IT solution. “Too often, the responsibility for managing cyber crime ends up with people who don’t understand the nature of criminality.”
All about the intention
“Cyber crime is not an IT problem. Crime is committed by people, not technology,” Jordaan adds. “And although IT is used to commit of these crimes, and IT systems are targeted to achieve their ends, this is not the central element. The crime itself, and intention of the criminals is.”
Coupled with this, is the idea that because cyber crime is an IT problem, it can be fought with IT alone, explains Jordaan. “We see many organisations investing heavily in tools and systems, all promising to protect them from cyber crime, and while these can certainly help, they are simply tools, and if those tools are not effectively used by people trained and experienced in fighting crime, then you might as well not have them.”
He cites an example where DFIR Labs was recently involved in an investigation for an organisation that had invested significantly in a highly sophisticated EDR solution.
“The company was convinced that the solution was a “silver bullet” against cyber crime, and trusted the tool to prevent attacks. However, they didn’t have people managing cyber crime issues, and were hit badly by a cyber attack that the EDR solution failed to stop.”
The organisations was understandably upset, he says, but an investigation of the incident and the EDR solution, revealed ample data that indicated an attack was imminent. “A skilled cyber crime analyst would have picked this up, and would have been able to proactively defend the network and prevent it.”
He says the tool did exactly what it was designed to do, but without the human skills coupled to it, it was just another tool.
Focused on the objective
Similarly, he says the threat landscape is being misunderstood because most organisations have no real understanding of nature of cyber crime or its ecosystem. “This does not only extend to businesses, but even into some government agencies.”
The problem, explains Jordaan is that threats are asymmetric, flexible and focused on achieving their objective. “They are dedicated, motivated and willing to do what it takes -they are criminals after all. Organisations don’t understand the threat landscape because they don’t see or understand the perpetrators behind the technical methods and techniques used in the commission of these crimes. They only see the effect of the crime, and not the pervasive nature of the criminal conduct behind it.”
So what is the answer? Says Jordaan: “There is one thing that organisations need to start doing better, and that is to realise that cyber crime is not a technology issue, it is a human criminality issue, and to be fought, we need to rely on a set of diverse and interlinked skill sets that extend beyond cyber security. Cyber crime is not an IT problem, it is a problem of society, and we need to treat it as such.”
Share