Take cybercrime seriously, urge experts
28 May 2013, 16:37
Johannesburg - Organisations must take the threat of cybercrime seriously as it impacts organisational integrity, an expert panel convened to discuss the threat has said.
Banks face a serious attempt from organised criminal syndicates trying to gain access to customer financial information and they have had to up their security.
"You're dealing with organised entities and I think the whole cyber space issue, you're dealing with people working across the globe," Kalyani Pillay, CEO of the South African Banking Risk Information Centre (Sabric) told News24.
She said that the fact that criminals operated in cyberspace made them difficult to track down.
"Members don't necessarily even need to know each other because of the anonymity again of electronic communication."
An academic said that although the banks had employed effective online security measures, their partners were not always as ready to proactively prevent cybercrime.
"What we're also seeing, especially with the SIM swopping, is you're dealing with different service providers... cyber crime has caught them unawares," said Sylvia Papadopoulos, lecturer in the Department of Mercantile, Cyber Law at University of Pretoria.
Media24 CEO Esmaré Weideman recently lost thousands in an apparent SIM swap scam.
Her bank was able to freeze her account, but the thieves managed to get away with about R360 000.
According to the UN Interregional Crime and Justice Unit (Unicri), organised crime syndicates have turned to cybercrime and intellectual property theft because weak enforcement made the practice highly profitable.
"Transnational organised crime networks have turned to counterfeiting and piracy to take advantage of the high profits and minimal penalties set forth by intellectual property rights law as well as the weak enforcement measures associated with these crimes," said Marco Musumeci, responsible for the anti-counterfeiting programme at Unicri.
Trustwave highlighted the role of education in the fight against cybercrime, saying that consumers should be made aware that suspicious links or mobile applications cold potentially compromise security.
"The banks are doing quite a lot in terms of educating, and there are a lot of supporting vendors that do awareness training. We've got to start with making the banks aware of what's out there," said Andrew Kirkland, country manager for Trustwave in South Africa.
Papadopoulos argued that the scale of cybercrime had reached serious proportions that it demanded urgent action.
"It is a war and we can't sit back and be complacent."
"Calling it [cybercrime] a war, treating it as cyber warfare shows an intent to fight back," echoed Beza Belayneh, CEO and CIO oof the South African Centre for Information Security.
Trustwave, which provides analysis of cyber threats facing companies, said that targeted attacks on individuals could compromise corporate security.
"What we're seeing from an organisation's perspective is they want to understand the risks; the risks to their users as well. You're not only putting personal information on these devices, you're actually linking the personal information with potentially corporate information," said Michael Aminzade, director delivery EMEA, for Trustwave.
Belayneh lobbied for companies to become more proactive in creating secure software platforms.
"Now what we should do in the fight back industry is like the banks: We should have a predictive, sophisticated system that would simulate the problem. We have to create the problem before they [hackers] create the problem."
Aminzade though, said that increased security would inevitably impact on usability and that a balance should be found.
"No-one wants to bring anything to market that is insecure, but what it is always is - and it will always be - is functionality versus security."