By Rob Starr, Big4.com Content Manager
Over one third of American organizations have been victimized by an economic crime in the last 24 months and over half of those are expecting a breach from cyberspace in the same time frame, according to PwC’s Global Economic Crime Survey 2016 US Results.
While the survey has a few focus areas like the continuing problem of money laundering and the need for better methods to detect economic crime in both developed and emerging markets, cybercrime vaulted to second place after a steady climb in the survey results since 2011. Reinforcing this outcome is the finding that a full 57% of respondents reported these incidents came from external sources as opposed to internal ones at 29 percent.
“That number is entirely driven by the cybercrime element,” Didier Lavion, Principal – Forensic Services at PwC told us recently. “It’s clear the perpetrator is coming in from the outside and trying to access systems on the inside.”
Traditional Hacking Techniques
He goes on to say that while the more traditional hacking techniques are a major driver of the increasing statistics, a majority of the positive responses about external threats center around phishing scams.
“This is what allows these criminals to get into systems much more easily than with a generic hack,” he says, adding these cybercriminals often try to deduce what a reasonable email request would look like to gain entry. Often, they go so far as to mimic the structural elements to make the forgery look like it’s legitimate and coming from within the company.
And unfortunately, the research reflects efforts like these are paying off. Presently, these online
intrusions and others like them affect over half of the companies (54%) reporting any kind of economic crime. Lavion also says that while more than half of the respondents (52%) don’t think government agencies at the federal levels have the resources to adequately deal with economic crime, there have been initiatives from certain organizations to deal with the cyber variety.
“Some of the defenses that companies are putting together involve hiring outside cyber consultants to create those mimicked emails and testing whether people are actually opening them and responding to them.”
The statistics resulting in this type of exercise can be extremely helpful for companies to see if their education and training on cyber threat is effective.
With the percentage of respondents reporting cyber-attacks rising 14% since the 2011 survey, companies are now becoming more aware of the fact they are being victimized by this type of crime. The level of awareness also translates into a growing number of organizations (just over half) with an active cyber incident response plan.
We conclude our talk with Lavion on an ominous note.
“The U.S. is a very attractive target,” he says. “The combination of lucrative objectives, such as financial services companies and banks, the fact there’s a lot of money being moved around in real estate and the concentration of affluence in the major cities means that hackers are going to focus there even more.”