We know it’s kind of scary going to the ATM late at night after you’ve emptied the wallet at your local pub. Most of us prefer just swiping the card and not having to worry about carrying any cash around on our persons, that is far safer and means we don’t have to venture too far.

But is it really far safer? What do we know about the people fighting the scourge of cybercrime, trying to stay one step ahead of these skelms? Here’s an interesting piece sent in by a reader, looking at cybercrime from an angle we don’t hear covered very often.

Digital forensics & the hacker: Redefining the fraud frontier

Cybercrime. The weight of this word grows ever heavier, especially for the South African business and consumer. According to the PriceWaterhouseCooper 2014 Global Economic Crime Survey, a staggering 69% of the South African respondents stated that they had been a victim over the past 24 months. Phishing, smishing, identity theft and credit card fraud continue to dominate the landscape and this high level of crime is a serious threat to governments, businesses and individuals.

The figures don’t improve when looked at through the cybercrime statistics recently posted by the South African Banking Risk Information Centre – South Africans lose in excess of R2.2 billion to internet fraud and phishing attacks annually. The online arena seems fraught with hidden traps for the unwary traveller; however, it is not an unprotected landscape where online shoppers are left to roam nervously. Organisations such as PayU and Foregenix have developed solutions that wrap private data in layers of security to ensure that businesses and consumers can remain confident while they shop and pay.

PayU has partnered with Foregenix, who specialises in cyber solutions that help organisations take control of their sensitive data and are one of only 18 worldwide who specialise in digital payment forensics.

“Our job is to help businesses to protect and control their sensitive data and to protect them from fraud,” says Andrew Henwood, CEO of Foregenix. “We are often called into environments where they have been hacked or breached as hackers search for credit card data to monetise on the black market. Right now we have around 30 forensics cases where we are working with customers that have been breached. People need to become more aware that these hacks are happening and that they need to protect their sensitive data.”

Henwood warns that while it is easy for anyone to whip up a new website or shopping portal, it isn’t a simple matter to protect the sensitive data that’s stored, transmitted or processed on it.

“It is very unlikely that security is considered before that environment is launched, which is very unfortunate,” he adds. “You don’t build a house and then bring in the structural engineer. What’s happening regularly online is that businesses are only considering security at the last minute or when it’s too late. The result is that there are data compromises and hacks littering the media almost daily. This is why it is crucial to partner with organisations that understand security from the get-go.”

Digital forensics and penetration testing steps into the world of the hacker, takes on their mantle and examines how they operate, what they do and when they do it. Teams of ethical hackers, or white hats, are used by organisations such as Foregenix to detect hacks, examine breaches and track the fraud to its source. It’s fighting fire with fire and it’s an exciting and dynamic niche. It is also invaluable for organisations that want to ensure that their systems are strong enough to withstand an attack.

“We have a team of white hats who go in and hit an environment from top to bottom,” says Henwood. “They do social engineering, sending malware that looks like innocent email and other tactics to try and see how far they can get into an environment, just as a malicious hacker would.”

“Think of it as the fire drill for your business, and I’m sure you’d far rather we identify issues within a managed framework than by the bad guys on Christmas day…and yes, this has happened many times as hackers work 24/7/365” concludes Henwood. “We also recommend that companies practice what to do in the event of a breach. We’ve arrived in a space where a customer has been hacked and everyone is running around with no clear strategy in place – nobody knows what to do or who is supposed to do it, in handling things like legal, PR, disaster recovery or continuity responsibility.”

The terms that travel the security circuit, such as penetration testing and digital forensics, need to become standard practice for the modern organisation – and not just once a year or at audit or assessment time – to ensure their security and that of their customers. PayU has had a grip on this fact from the start and has forged its alliance with Foregenix to ensure that its private data and their customer’s data remains that way, private.

Mustapha Zaouini, PayU MEA, CEO believes that such alliances are crucial; particularly while the security industry is in transition. “Innovation in security is at an interesting point, with a number of major roll outs pending, specifically as e-commerce gains momentum. The likes of EMV card adoption that’s underway in the US and the move away from SSL to TLS may shake things up on a mass scale. This adds to the challenge of perfecting the usability and security mix,” says Zaouini.

Digital forensics & Penetration Testing may well be the CSI of the future, but the threat that it seeks to combat is definitely one that sits here today. Security is a hot topic however it may be that lack of media repetition is why people are not paying as much attention as they should. From the individual to the enterprise it is essential that security awareness be at the forefront of all online interactions, or else. Really.

Thanks Chad