Basil Jarrett and Patrick Linton | Fraud in the cyber era
Recent developments in the world of banking and finance have sent shock waves across Jamaica, raising in some quarters, fears that the island’s financial sector and institutions are not as safe as we thought. But before you start rushing to tuck this month’s pay cheque underneath your mattress or in the back of the freezer, it is important to recognise that banks have been fairly proactive in implementing a number of security measures to help safeguard their customers and clients.
It is important to recognise, too, that financial crimes such as fraud, embezzlement and money laundering are nothing new, despite the eye-watering figures involved in these recent high-profile cases. Certainly, the technology that is available today has made it easier for large sums of money to be moved around illegally, but so, too, has been the ability to detect it. Typically, today when someone is arrested for fraud, there is usually a related cyber offence twinned with it. This is because criminals have increasingly used cyber to enable and facilitate financial crimes.
CYBERCRIMES VS CYBER-ENABLED CRIMES
Let’s be clear, however, that not every case of fraud is a cybercrime. In its strictest form, the term ‘cybercrime’ refers to the broad range of illegal activities, such as malware attacks, hacking, and identity theft, committed through cyberspace by utilising information and communications technologies (ICT). A cyber-enabled crime, however, is a traditional crime, such as theft, sexual harassment, murder, money laundering, corruption and fraud, that can be committed without the use of an online platform, but is enabled and enhanced through the use of the medium.
In recent years, there has been an increase in both cybercrimes and cyber-enabled crimes due to the exponential growth and evolution of online technologies. Today, there are more users and more devices connected to the Internet than at any other time in history, raising the opportunities, therefore, for criminals and other threat actors to exploit the vulnerability of users and of the technologies themselves.
Last year, the estimated cost of cybercrimes globally was US$8.4 trillion as cyberattacks become more sophisticated and more frequent. Industries such as healthcare, education, infrastructure and very importantly, the financial sector, are some of the most heavily targeted victims. These attacks are costly, not only in terms of the monies lost, but also the reputational damage to companies and individuals as a result. In the coming years, as the technologies – both hardware and software – and the sheer number of persons online increase, it is expected that the opportunities for these threats to be exploited will also be increased.
Jamaica, being a part of a global, interconnected village, is not immune. The question, therefore, is what do we need to be doing to help guard against these ever-expanding threats?
At the national level, some critical steps have already been, and are being taken in an effort to invest in and build out our cyber-response capabilities and to conduct regular and routine vulnerability assessments on critical national infrastructure. Law-enforcement bodies with specific responsibility for cybersecurity have already established partnerships with international counterparts in the US, Canada, the UK and the Caribbean region, in order to share knowledge, experience and best practices, andto also facilitate cross-border and multi-jurisdictional investigations. The recent announcement of the FBI’s involvement in the current investigations at SSL is a key example of this.
We also have pending legislative amendments to laws related to computer-enabled fraud or forgery, as well as those extending the ‘Power to Seize Articles for Evidence’. There’s also a push being made to widen the categories of protected computers under various laws. This is being done within the context of a national effort to improve and standardise existing capabilities in cyber forensics, cyber-threat analysis and malware analysis, in line with international standards and best practice.
At the institutional or personal level, it may seem obvious, but it cannot be overstated that perhaps the first thing to do is to increase the public’s awareness of, and appreciation for, the real material threats posed by the use and abuse of the technologies. Whether nationally, institutionally or personally, there is an urgent need for education on cybersecurity and how to practise good cyber hygiene. Think of it as handwashing, mask wearing and sanitising for computers. Related to this is an urgent need to expand the knowledge and capability base of ICT professionals to now include training and expertise in cybersecurity threats, protocols and response. This implies, therefore, a commensurate increase in resource allocation towards cyber, as it is as costly as it is important, to stay abreast of developments in cybersecurity tools and resources.
But not all safeguards are that budget-intensive. There are numerous low-hanging fruits for the average individual to pick from that will greatly enhance their own cybersecurity profile. Simple measures such as multifactor authentication, a fancy term used to describe the use of two or more verification factors to gain access to an app, online account or email, must become standard operating procedure for all of us, as must the use of stronger passwords and passcodes. Companies must create and enforce more stringent cybersecurity policies in the workplace, such as mandating routine software updates and frequent cyber awareness training for employees.
Yes, these measures can be a bit inconvenient. But it certainly beats waiting in line to file a claim that money in your bank account or under your bed is missing.
Special Agent Major Basil Jarrett is a communications strategist and director of communications at the Major Organised Crime and Anti-Corruption Agency (MOCA). Special Agent Patrick Linton is a cyber-forensics expert and MOCA’s head of cyber investigations and risk management.Email feedback to firstname.lastname@example.org.