http://www.moneylife.in/article/the-threat-of-increasing-cyber-risks/40639.html?utm_source=PoweRelayEDM&utm_medium=Email&utm_content=Subscriber%2320149&utm_campaign=Daily%20newsletter%2027%20Feb%202015
Hyderabad City Police commissioner in a press conference recently revealed that the city police registered 21,035 cyber crime cases in 2014 as against 19,011 in 2013 and 18,744 in 2012. A near ten per cent rise in just two years is a cause for alarm. The rise is attributed to the large scale use of technology and mobile phones.
Hyderabad City Police commissioner in a press conference recently revealed that the city police registered 21,035 cyber crime cases in 2014 as against 19,011 in 2013 and 18,744 in 2012. A near ten per cent rise in just two years is a cause for alarm. The rise is attributed to the large scale use of technology and mobile phones.
Social
media contributed significantly with the uploading of fake woman profiles,
online payment frauds, blackmailing, hacking, skimming, identity theft and data
theft etc. The police are trying to use technology again to track and trace the
criminals. Global trends are no different although it cannot be a solace.
According
to Internetlivstats, 2014 of the UN Population Division, around 40% of the
population in the world today has internet facility compared to just one
percent in 1995. The number of internet users has increased tenfold from 1999
to 2013.
The first billion was reached in 2005: the second billion in 2010, the third billion in 2014. In 2014, nearly 75% (2.1 billion) of all internet users in the world (2.8 billion) live in the top 20 countries. The remaining 25% (0.7 billion) is distributed among the other 178 countries, each representing less than 1% of total users. With 17.5% of share of world’s population, India has internet penetration of near 20% compared to 46% in China and 86% in the US with their share in world’s population at 19.19% and 4.45% respectively. This would mean that the impact of any cyber attack would be felt more in India and China than the rest of the world though the volume of resources affected could be large in the countries like the US, Germany, Japan and the USSR in the immediate future.
The first billion was reached in 2005: the second billion in 2010, the third billion in 2014. In 2014, nearly 75% (2.1 billion) of all internet users in the world (2.8 billion) live in the top 20 countries. The remaining 25% (0.7 billion) is distributed among the other 178 countries, each representing less than 1% of total users. With 17.5% of share of world’s population, India has internet penetration of near 20% compared to 46% in China and 86% in the US with their share in world’s population at 19.19% and 4.45% respectively. This would mean that the impact of any cyber attack would be felt more in India and China than the rest of the world though the volume of resources affected could be large in the countries like the US, Germany, Japan and the USSR in the immediate future.
Javelin’s
“2014 Identity Fraud Report” provides a comprehensive analysis of fraud trends
in the context of a changing technological and regulatory environment in order
to inform consumers, financial institutions and businesses on the most
effective means of fraud prevention, detection and resolution. Although the
Survey covers only the US, the findings are of consequence to Europe and Asia
and in particular India where population using internet and mobile technologies
for finance are exponentially increasing.
In
2013, 13.1 million consumers suffered identity fraud – the second highest level
on record. Existing
card fraud (ECF) became increasingly popular with criminals, contributing to
the near record number of identity fraud victims. Password habits, mobile device
usage, and social networking on identity fraud reflect the highest incidences
with data collection on a longitudinal updates from 2005 to 2013.
Identity
frauds were found to be on the increase (Nancy Ozawa, 2014) and these frauds
occurred mostly on the transactions through eBay, PayPal and Amazon with the
stolen information to make purchases, which are more than just credit card
fraud.
“Identity
fraud is defined as the unauthorized use of another person’s personal
information to achieve illicit financial gain. Identity fraud can range from
simply using a stolen payment card account, to making a fraudulent purchase, to
taking control of existing accounts or opening new accounts, including mobile
phone or utility services.”[1]
The study found that the number of
identity fraud incidents increased by 0.5mn consumers over the year 2012 while
the dollar amount stolen decreased to $18bn indicating more alertness on the
part of the financial institutions. Account takeover frauds accounted for 28%
of all identity fraud. Data breaches are noticed to be the biggest risk factor
here.
American
Bankers’ Association in a recent report quoted Kaspersky Lab, a computer
security firm mentioning that a hacker group has stolen as much as $1 billion
from banks and other financial companies worldwide since 2013 in an
"unprecedented cyber-robbery." The gang targeted as many as 100
banks, e-payment systems, cash dispensers like the ATMs and other financial
institutions in 30 countries including the U.S, China and European nations,
stealing as much as $10 million in each raid. The criminals detected by
Kaspersky infected bank employees' computers with Carbanak malware, which then
spread to internal networks and enabled video surveillance of staff. That let
fraudsters mimic employee activity to transfer and steal money, according to
Kaspersky, which said it has been working with Interpol, Europol and other
authorities to uncover the plot.
While
many American banks quickly denied the impact on their institutions, even
spokesperson for the U.S. Federal Bureau of Investigation in Washington, Paul
Bresson, declined to comment on the revelations in the Report. Dough Johnson,
senior Vice President of payments and cyber security policy at the ABA said
that he has high degree of confidence that the US Banks aren’t somehow denying
the Report.
The
ABA caution is worth taking note of, for the Indian banks because of the
increasing penetration of internet banking through different instruments and
routes on one side and penetration with Aadhar card ID for the more vulnerable
groups in the Jandhan products and wholly networked payments and settlement
solutions:
“U.S.
banks ought to take a close look at three things, he said: the way the
attackers break into companies (using spear phishing and Carbanak malware); the
surveillance and spying they did once they got inside the bank, as well as
privilege escalation and the ability to take over legitimate accounts; and
their ability to manipulate balances in e-payment and online banking systems.”[2]
Preventive
measures should also include: keeping personal data private, opt-in-two-factor
authentication wherever it is offered, and saying ‘no’ to Social Security
Number (SSN) authentication. Detection measures required that consumers should
work in partnership with institutions on identity theft prevention. Aadhar is
moving into the social security number status and that worried me.
Resolution
involves taking any data breach seriously and to report the problems
immediately. Banks should also shed the hypocrisy of always holding defense to
whatever they did and take an objective view of breaches to data. Regulatory
oversight is also highly critical. The mute question is; does the regulator
view these global developments in coordination with the cyber investigation
teams of Government of India? If data and files in physical form were stolen,
and computer data in defense department also had no exception are banks in
India away from them? Public should be made aware of the precautions in a more
penetrative manner.
[1]
Javelin Strategy & Research, Pleasanton,
a department of Greenwich Associates CA, USA, February 2014.
No comments:
Post a Comment