In speaking to Junaid Amra, head of the forensics technology solutions division at PwC, it is somewhat terrifying to hear the extent and sophistication of organised cyber-crime, and that it is on the increase.
By Jonathan Crisp, risk intelligence committee member at the Institute of Risk Management South Africa
This, at a time when the world is reeling from the effects of Covid-19.
PwC has various business units within their forensics technology division ranging from eDiscovery, search and seizure operations, data analytics, threat intelligence (which includes the monitoring of social media and the underground dark web) and an incident response team.
A shocking fact is that at the time Covid-19 struck, medical facilities were targeted aggressively by cyber criminals. One of the first recorded incidents was a medical facility in Prague where cyber criminals targeted a Covid-19 testing centre and disrupted operations.
What was interesting, however, is that as cyber criminals and all their loved ones fell ill, the conversations on the dark web changed to being unacceptable to target medical facilities; so the demand for stolen medical data dropped as certain sites refused to publish the information and holding medical care facilities ransom decreased significantly.
Cyber threats can be categorised as follows:
* State funded cyber warfare can include state sponsored espionage, corporate espionage focused on various sectors (such as defence, finance, mining etc) and hacking politically exposed individuals. Geopolitics are currently playing out in the cyber arena. Recent examples of this are state sponsored hackers breaking into ship building facilities looking for ice breaker ship technology/schematics in their race for the Arctic, other players have been targeting research on COVID-19 vaccines and there have also been continued attacks between India and Pakistan from a cyber-warfare perspective etc. In our own country, cyber hacking of high profile politically exposed individuals remains a huge threat. Imagine how advantageous it is for corrupt individuals files to just disappear or be amended ‘appropriately’. At a time when our country is being sunk by the corruption of unscrupulous individuals, now more than ever we as civil society require justice and transparency, which requires the protection of and integrity of our state systems and information.
* Organised crime which is focused on financial gain. These organisations are becoming more and more sophisticated and are no longer ‘mom and pop shops’ but rather well organised profit-driven corporate organisations.These organisations setup specialised divisions such as a software division for the development of malware software, a distribution network division, a money collection division etc. These organisations are expanding their operations by identifying channel partners to distribute their malware for a share of the proceeds. It is not uncommon for these criminals to realise a return on investment (ROI) of up to 400% on their malware based on some information seen in surveys in this space.
* Activists who express their anger and discontent through hacking. Good examples of this are Anonymous, who in April 2012, hacked 485 Chinese government websites (some more than once) to protest the treatment of their citizens and Blueleaks who recently leaked the personal information of 700,000 law enforcement officers.Other examples include the Arab spring, cyber-attacks against the SABC in 2016 /2017 when the SABC decided not to air the country-wide protests at that time and attacks on the sponsors of the football world cup held in Brazil in 2014 by those who did not want the tournament held in Brazil.
* Insiders such as employees and 3rd party service providers. The motives can be for personal gain, revenge (i.e. disgruntled employees) or insiders recruited by nation states. An increasing threat are ‘accidental’ insiders who unwittingly do silly things that end up exposing data and / or backdoors into their systems and data.What is disturbing is the increase in IP (intellectual property) theft by executives who leave an organisation due to retrenchment, to join another company or start their own company. Stolen IP may well give these executives a strategic advantage when joining a competitor company or starting their own businesses. There has been an increase in Anton Piller orders relating to IP theft, which is a court order that requires the defendant in proceedings to permit the plaintiff, or their legal representatives, to enter the defendant’s premises in order to obtain evidence essential to the plaintiff’s case.
There are no official stats for cyber-attacks in South Africa as legislation compelling organisations to declare incidents is lagging in South Africa. PwC statistics over the Covid-19 period show that there was a significant increase in cyber-attacks on sectors such as retail, manufacturing, telecoms and construction.
This was based on leaked information posted by attackers. These sectors are easier targets compared to the financial sector since they traditionally do not invest as heavily in cyber security as the financial sector. As result of COVID-19, there has been less demand for stolen credit card details due to the slowdown in international travel.
PwC recently analysed the top 250 emerging technologies and have come out with a list of 8 technologies that they believe will be the most transformative to organisations in the next three to five years. The eight transformative technologies are:
* Artificial Intelligence (AI). For example, PwC is leveraging AI technology to speed up investigations through the use of natural language processing on unstructured data.
* Augmented reality: Augmenting a virtual world into the real world. For example in complex manufacturing where the operator wears glasses to show them how to fit a part.
* Blockchain creates trust because it represents a shared record of the truth. Data that everyone can believe in will help power other new technologies that dramatically increase efficiency, transparency and confidence.
* Internet of Things (IoT): IoT is moving towards more intelligent devices not just monitoring but also performing actions such as in the mining industry using technology not only to monitor air quality but perform actions based on what is detected.
* 3D printing: where the organisation’s IP and schematics become critical to their business rather than their ability to manufacture.
* Virtual Reality: For example, simulating a disaster with employees wearing VR glasses to train them how to react in a real disaster.
* Robotics: there are huge advances in the building of robots including the material used with hydraulics being replaced with synthetic materials which look and feel like human tissue making it difficult to differentiate between robot and human in physical form factor.
* Drone Technology: Essentially, a drone is a flying, land or water robot that can be remotely controlled or fly autonomously through software-controlled flight / route plans in their embedded systems, working in conjunction with onboard sensors and GPS. From surveillance to distribution, the uses for such technology are endless.
Businesses will and are starting to use a combination of these transformative technologies to fast track their businesses. These technologies introduce a whole new set of risks which arguably businesses are not prepared for and don’t have a handle on.
In summary, the convergence and timing of the following events, if not managed effectively, may contribute to a ‘perfect storm’ and destroy an organisation:
* Covid-19 which has triggered a changing work pattern with many people working from home or a hybrid of office and home. The defined perimeter of an organisation is expanding and opening up additional vulnerabilities. According to Junaid, on average attackers sit on a network for 60-130 days without being detected. Far more work needs to be done in terms of detective controls and to detect attackers and remove them from networks and systems as soon as possible.
* Transformative technologies introduce a whole new set of risks which are not fully understood by organisations who are already rolling out these new technologies. This shouldn’t stop the adoption of these technologies, however organisations need to ensure that the risks are appropriately understood and treated ahead of being implemented.
* Cyber-criminal operations which are becoming far more sophisticated and are starting to be run like large-scale corporates with specialised divisions including outsourced channel partners to drive the large-scale distribution of malware for example. Don’t forget that these organisations have budgets and profit targets and spend all day every day finding ways to infiltrate your systems, hold you ransom and/or leak your data and/or steal your IP.
Questions that assurance providers should consider:
* What are we doing as risk and assurance providers to identify, understand and get on top of new risks associated with these new transformative technologies?
* What are we doing to demonstrate to our management and board (governing body) that cyber risk is not just an IT problem for IT to fix but is a serious business risk and is everyone’s concern?
* What are we doing to ensure that we add value and are seen as a trusted advisor in the strategy setting of our organisation? As per principle 4 of King IV: on strategy, performance and reporting: The governing body should appreciate that the organisation’s core purpose, its risk and opportunities, strategy, business model, performance and sustainable development are all inseparable elements of the value creation process.