Editorial | Cybercriminals trolling
The vulnerability of members of the public to cyberattack was aptly demonstrated this week by one of the country’s major commercial banks.
The National Commercial Bank (NCB) publicly warned its customers against responding to a fictitious e-mail seeking to get personal information. It is known as phishing, whereby criminals send out e-mails purportedly coming from an institution, but it is really designed to trick customers into giving out account details, passwords, or a personal information number (PIN). This fake e-mail followed hard on the heels of an announcement by NCB that it was doing an upgrade of its system over this weekend.
Cybercrime is on the rise. The average annual economic cost of cybercrime globally has been estimated at US$1 trillion. Here in Jamaica, the most recent figures indicate that more than US$100 million was lost due to cybercrime in 2017. These crimes not only contribute to huge losses, they also create disruptions and lead to the deterioration of confidence in our institutions.
While criminals have become more savvy, potential targets and entry points have expanded with every new application, offering a greater field from which criminals can plunder. These are not bank robbers of yore who were immortalised in literature and film. Today, the bank continues to be a target because that is where lots of money is to be found, but technology has made digital bank heists easier and less risky.
Banks and financial institutions also have something else that makes them top targets for hackers: valuable customer data. It means that every person with an ATM card, a credit card, or who conducts Internet/mobile banking could become a potential target. The fact that many of these activities can be conducted any time of night or day and from multiple point-of-sale terminals, increases the opportunities for cybercriminals to breach systems and launch their attacks. Their activities include data theft, identity theft, financial fraud, as well as scamming.
This has forced banks and financial institutions to invest in safety-net systems to protect their customers. For even as institutions are encouraging customers to employ online services and avoid joining long bank lines, the criminals are exploiting the vulnerabilities in web applications. Financial institutions, and ultimately, customers, suffer substantial losses due to the sophisticated methods of these criminals.
FALSE SENSE OF SECURITY
There is heavy suspicion that some unscrupulous bank employees may be in collusion with the criminals. However, the public rarely hears of any of them being arrested and brought before the courts. There should be transparency in how the institutions deal with criminals, and we find it incredulous that even in the face of mounting cybercrime, there is no appreciable increase in the number of arrests. This may result in persons having a false sense of security that all is well in the cyber world.
We appreciate that successful prosecution of any crime, including cybercrime, depends on the quality of evidence gathered. Also, in the case of cybercrimes, digital forensic evidence has to be carefully garnered, and there is some doubt whether the requisite investment has been made in this area to respond to the clear and present threats.
The Communication Forensic and Cyber Unit within the portfolio of the Jamaica Constabulary Force’s Organised Crime Investigation Division, is reporting that it has solved 30 per cent of the cases it has investigated. Customers want to be assured that their financial institution has made the necessary investment to protect their interest, especially with the country moving to become a cashless society.
Many of the persons who use banking services are older folk who may not be au fait with modern technology. Institutions should, therefore, consider introducing cyber-education in a big way to its customers as one way of raising cyber-awareness so that they can do their own due diligence and protect themselves as much as possible.