PracticePeople In PracticeE-business: Convicting the cybercriminals

E-business: Convicting the cybercriminals

UK companies are so intent on getting their e-commerce sites back online after a security breach that they risk tampering with the scene of a crime and ruining any chance of prosecution.

The main concern of any company suffering a hack attack should be to identify the source of the breach and determine whether it is an internal or external problem, according to KPMG’s 2001 global e-fraud survey.

‘The immediate resolution of the problem by the internal system administrators and IT personnel will often compromise the integrity of the data, thus causing the evidence of the breach to be corrupted. As a result, the likelihood of the company to be in a position to recover assets or pursue legal action will be more difficult or impossible,’ the report says.

Alex Plavsic, fraud investigations partner at KPMG, advised that companies should work with a professional computer forensic team, as the police will give only limited assistance in building up evidence of a break-in.

‘Companies have to go to the police with an open-and-shut case. Therefore, the institution has to do most of the legwork,’ he said.

Taking legal action
Around 83% of the companies that suffered security attacks admitted they had not taken any legal action. This was put down to a lack of legislation, lack of evidence and out-of-court settlements. More than 1,250 chief executives and chief information officers in the largest public and private companies in 12 countries, including the UK and US, took part.

Only 9% of companies admitted to a breach in their e-commerce operations in the past 12 months, but the UK had the second highest number of incidents behind India. Fewer than 35% reported having security audits on their e-commerce systems. And it seems users have got their priorities all wrong when it comes to security. More than 50% said hackers were the main threat to internet systems, but fraud investigators and security consultants disagree.

Internal breaches
‘Often, breaches are internal in collusion with external parties. That is where the greatest threat lies. The problem is most organisations don’t like to think that their own people are ripping them off, but they need to table the risks and address them,’ said Plavsic.

The survey showed more than half the companies that had suffered an attack on their systems in the past year were able to identify the perpetrator.

Not changing default passwords from out-of-the-box security products and a lack of internal controls are two common problems, according to Paul Williams, partner and member of the ethical hacking team at Andersen.

‘We go into companies and find default passwords have not been changed. Any hacker will try these first.

‘When a system is being developed, many people are given wide access to it. But when the system goes live, no-one remembers to cancel those access rights,’ he said.

Legal action was not always taken when breaches occurred because of inadequate laws and a lack of evidence, according to the survey. A recent DTI survey found 60% of UK organisations suffered a security breach in the past two years and more than 40% came from internal sources, such as operator or user error.

According to the DTI survey, 62% of companies had transactional e-commerce systems, with almost two-thirds of those being business-to-business. The financial services sector made up 15% of respondents, followed by manufacturing, retail and then government institutions.

  • Andy McCue writes for Computing

Related Articles

Is inefficiency stealing your time and money?

Accounting Firms Is inefficiency stealing your time and money?

4m Emma Smith, Managing Editor
CIMA elects new president

Institutes CIMA elects new president

4m Emma Smith, Managing Editor
Transparent currency trade: How to achieve costs visibility

Governance Transparent currency trade: How to achieve costs visibility

4m Emma Smith, Managing Editor
Magma Group announces merger, partner promotions

Accounting Firms Magma Group announces merger, partner promotions

8m Emma Smith, Managing Editor
MHA MacIntyre Hudson advises on management buy-out

Accounting Firms MHA MacIntyre Hudson advises on management buy-out

8m Emma Smith, Managing Editor
Introduction to KPMG UK’s new leadership team

Accounting Firms Introduction to KPMG UK’s new leadership team

5m Emma Smith, Managing Editor
EY appoints head of UK Infrastructure Asset Intelligence practice

Accounting Firms EY appoints head of UK Infrastructure Asset Intelligence practice

6m Emma Smith, Managing Editor
FRP Advisory expands operation with new office, partner appointments

Accounting Firms FRP Advisory expands operation with new office, partner appointments

8m Emma Smith, Managing Editor