investigating & proving cybercrime

Investigating and Proving Computer Fraud

Jenny Reid

Director

WAS• Hacking• Phishing• Data Espionage• Data Interference

MOVING TO• Intellectual property theft• Identity theft• Social Engineering

Fin24 – April 2014

Computer Fraud

HACKING

A technical effort to manipulate the normal behaviour of networks, connections and information

PHISHING / SMISHING

Fraudulent practice of sending messages purporting to be fromreputable companies in orderto induce individuals to reveal personal information, such as passwords and credit card numbers, online.

DATA ESPIONAGE

Data espionage describes the stealing of secrets stored in digital formats or on computers and IT networks

DATA INTERFERENCEData corruption refers to errors in computer data resulting in unintended changes to the original data.

INTELLECTUAL PROPERTY THEFT

The theft of any innovation any method or formula with economic value; or any unique name, symbol, or logo that is used commercially. It can also be the theft of company data.

IDENTITY THEFT

Identity theft is a form of stealing an identity for personal or corporate gain.

• True Name• Account Takeover

SOCIAL ENGINEERING

The manipulation of people to divulge confidential information

Common Denominator???

70% of African companies have been subjected to

computer fraud

• Global incidents increased by 48%

• 117 339 incidents per day

• Increased 66% year on year since 2009

• Budgets have remained steady since 2009

• Financial costs• Reputation damage• Social damage• Personnel infiltration• Theft of resources

Implications……

Common Denominator

The problem with human resourcesIs that they are human, with all that entails.

Truthfully, the human condition is by and large good.

Most people are honest, sincere, responsible

And prepared to work hard for a fair shake.

But there are others that give people a bad name.

These are the ones that lie, cheat and steal.

They are the businessman’s worst nightmare

For the damage they can cause.

These are the people you don’t want working for you.

• Incidents by insiders increased by 10%

• Incidents by contractors / suppliers rose by 17%

• Incidents by competitors increased by 64%

The problem with human resources• Communication via social networks is one of the

most popular activites on the internet• Social networking – 3rd most popular activity• 75% of people pay no attention to possible

hackers• 13% discuss private information with strangers• 20% share information on social networks that

they would never share in person• 18% share online account data from public wi-fi

Computer Forensics

Imaging hard drives

Analysis of data

Data verificationTransgressions

of internal policies

Legal Advice

Where are you right now?

Insurance against Cybercrime

People

Risk

Risk Assessment

Training

Established relationship with fraud

investigations expert

Ongoing vulnerability assessments People Risk

Management Programme

People RiskPre

Employment Screening

Lifestyle Audits

ContractorsSuppliers

Exit Interviews

People Risk Management Programme

Risk Assessment

Physical Risk

Systems & Procedures

TechnologyManpower

Ongoing vulnerability assessments Cybercrime

Risk Assessment

Training

Policies

Social Media

Regular Updates

Ongoing vulnerability

assessments

People Risk Management Programme

Company Value SystemDisciplinary

Code

Company

Culture

Value

SystemCorporate

Ethics

Regular Assessments

Jenny Reid+27 82 600 8225jenny@ifacts.co.zawww.ifacts.co.za