The private sector's biggest cyber enemy is on the inside
Expert urges companies that have been hacked to come forward so others can plug data leaks
Beware the insider threat.
This is the message that comes across loud and clear from digital forensic expert Veronica Schmitt, who tracks down cyber criminals and who spoke at a conference in Cape Town last week.
In 2017, according to the South African Banking Risk Information Centre, hackers helped themselves to R250m in nearly 13,500 attacks perpetrated via the internet and mobile devices.
This year, at latest count, attacks of this nature were up by 64%, with banking app hacks seeing the biggest leap: 100%.
“Phishing and spear-phishing are growing in South Africa,” Schmitt, a director at DFIR Labs, told delegates at the cybersecurity conference.
“A middleman gains access to your e-mails and then proceeds to impersonate a legitimate person. This isn’t something made to look real — it is real, because the person has actual access to the information you are sending and they can pose as you.”
She said companies were transferring large amounts of money to outside parties “and then only realising it” much later.
“The biggest problem is insider threat. It is employees who leak intellectual property or compromise systems from within,” she said, adding that this was her main observation in cyber crime in the private sector.
Pinning down the stats wasn’t always easy because “companies are often embarrassed to admit they have been hacked”.
She urged companies, however, to come forward so that those on the right side of the law can adapt.
“Rather share the information so that others can learn from it. In forensics, that is of utmost importance. To adapt and develop new approaches to new problems, we need to know what’s going on.”
It was crucial for people to understand that digital forensic work was scientific in nature. “You need to ensure that your first responders are trained sufficiently and are experienced at following strict scientific processes.”
In the face of rising cyber crime it was crucial that staff did not inadvertently leak clients’ personal information.
The most glaring recent example was the case of Liberty Holdings, which saw its share price drop by 5% in a day following a data breach which ended in hackers demanding a ransom.
Drew van Vuuren, a protection officer at conference host Eset, said the Protection of Personal Information Act was one of the most punitive in the world. Offences can earn a fine of up to R10m or 10 years in prison.
According to research by IBM, 59% of all successful ransomware infections are transported via phishing scams.