Cybercrime a serious threat to global business network

In its 2014 Global Economic Crime Survey completed by 5,128 respondents, PricewaterhouseCoopers (PwC) notes the continuing impact of cybercrime on businesses, with one in four saying they had experienced 

Whilst cybercrime was reported across a range of sectors, the survey showed how vulnerable financial services organisations were to this particular type of crime - 39% of respondents from this sector said they had been affected. It was the second most common type of economic crime reported by those respondents (after asset misappropriation).a cybercrime. Over 11% of these suffered financial losses of more than US$1million.

Yet PwC says many financial services firms have not fully realised the true scale and risk posed by cybercrime.

“Less than 40% of economic crime in the financial services sector was reported as cybercrime in our survey. In our experience, financial services organisations do not always identify and log the cyber-element of economic crime experienced. This leaves them exposed to cyber threats in spite of any existing cyber defence: if cybercrime is not being accurately tracked, the true risk of cybercrime cannot be fully grasped and understood.” says Andrew Clark, partner in PwC’s forensics practice.

He adds, “Cybercrime is growing and the methods are constantly evolving - we see no abatement in attacks on banks’ infrastructure. So it is concerning that 40% of all financial services respondents believe that it is unlikely their organisations will experience cybercrime in the next 24 months.

“Financial services need to recognise cybercrime as a risk type and establish proper cybercrime reporting,” he stresses.

The ICC Commercial Crime Services (CCS) also cautions that attacks and manipulation of IT systems of companies are increasingly becoming sophisticated, as recent events have shown.

“There is no organisation which is immune from such an attack. Updated awareness of the risks is key to minimising risk,” CCS says.

The PwC survey showed regional variations to economic crime and that some cyber threats ebb and flow. For example, the Middle Eastern cyber-attacks on large US banks in 2012 and 2013 seem to have subsided.

The US has seen huge rises in financial services economic crime –from outages created by Distributed Denial of Services (DDOS) attacks to massive ATM withdrawals by organised criminal gangs. Credit card fraud has become more prevalent.

In Japan, phishing scams have targeted bank customers’ personal computers via virus, using fake pop-up windows or emails posing as legitimate internet banking interfaces to trick customers into keying in their personal information.

PwC cyber security experts have also seen an upsurge in cybercrime from Africa, which correlates with government initiatives to roll out broadband in the region. Industry sources also indicate that cybercriminals are moving to South America from Europe as law enforcement agencies in EU boost cooperation.

Ultimately, PwC says cybercrime is not strictly speaking a technology problem but a strategy, human and process problem.

“Organisations are not being attacked by computers but by people attempting to exploit human frailty as much as technical vulnerability. As such, this is a problem which requires a response that is grounded in strategy and judgement about business process, access, authority, delegation, supervision and awareness – not merely tools and technologies.”

PwC’s 2014 Global Economic Crime Survey can be downloaded by going to their website here.