Digital crimes
I received a call from the manager of my favorite bank that my account has been compromised. Following a long holiday weekend and into that week when I was informed, someone apparently withdrew from my account through automated teller machines (ATMs) in a couple of locations. The total of those spurious withdrawals already totaled P350,000 before my account was suspended. That went on unnoticed from my end, maybe because my wife went on a holiday without me. So while she was away, no one really checked the balances of our accounts. No problem with my trusted bank, though, that spotted the scrupulously withdrawn amounts and credited them back to our account.
It has gotten more high-tech, I was informally informed. Before, there were hidden surveillance cameras installed by high-tech thieves that watch over your fingers press your secret PIN. These “techie” thieves can also mess up with the wiring at the back of the machine where they can put some kind of a chip to capture information. So I was advised that the best and most secured machines to withdraw from are those located at the banks, where the back side of the machine is tucked inside the bank.
Incidents such as what I described above may not be on a grand scale because those crimes require physical effort to do so; that is, the “techie” thieves must physically go to the machine and tamper with that machine while the mall security guard is not looking or is taking a leak.
In a real cybercrime, the stakes are much higher, such as in the popular case known as the Carbanak attack. In this incident, a group of Russian hackers passed through banks’ IT securities and infiltrated email systems. Acting as staff members online, they were able to enter into transactions that funneled customer deposits and bank money into fake accounts. According to reports, banks in China, UK and the US were hit. They were also able to create a program that makes ATMs in various countries dispense money automatically at periodic intervals. Reported financial loss to the banks aggregated 650 million pounds.
Other industries such as those in manufacturing, retail, transportation, communication and entertainment and media are all fair game. In 2014, a movie giant in the US was to release a comedy film about an assassination attempt on the supreme leader of a communist country. A teaser was released a month before the scheduled movie premiere. As it was considered degrading to the “dear” leader, supporters (or potentially that government itself) successfully hacked the company website. The hackers released stolen data about the company’s employees and their families, information about salaries of executives and copies of unreleased films. Confidential emails of producers making derogatory statements about big Hollywood stars were also released. The company blinked, the movie premiere did not push through, public apologies were made and the film was largely released only through DVD.
In the very recent Global Economic Crime Survey 2016 report issued by PwC, on top of the list of most reported economic crimes is still “asset misappropriation” or theft using oldfashioned schemes. Economic crimes have gone much digital and cybercrime now ranks number two on the list.
The survey indicates rising financial and collateral damage from economic crimes. Respondents said, however, that the financial loss from an economic crime is just a small component. Even the collateral damage of business disruption, investigation and prevention costs and legal fees are considered to have short-term impact. The long-term effect, however, is on company reputation. The biggest damage though, believe it or not, is on employee morale. And this impacts on productivity and retention. Indeed, the real cost to a company of a high-profile cybercrime is difficult to estimate, as in the case of the current high-profile money laundering case involving a local bank.
Cyberthreat has become quite complex, and the technology that made everything exponentially easier for business is the same tool that makes breaches against the company’s most treasured assets remarkably worse. The threat will continue to rise as all of us become more dependent on the Internet and all things digital.
The most popular basketball coach of the country in the ‘70s said that the best defense is a good offense. This mentality, if applied in business, can now be the cause of downfall of a company. Spending on defense against cybercrime and on structures that minimize damage from cybercrime is proving just as important as spending on new products to augment revenue.
One of the key lessons in the PwC survey is that companies must be prepared to allocate resources to strategic preparation that can make the company ready when the threat becomes reality. The board of directors must now earnestly request information about the company’s readiness against cybercrime and if plans exist, whether these plans are carried out.
While many economic crimes are now perpetrated from outside company premises, much of it still happens because of people from the inside. Current events in the country remind us that the best laid controls can be overridden, and the most imposing legislation cannot command fear from humans if they are lured by unbelievable financial gain and suffer from a lack of “moderation of greed”.
Alexander B. Cabrera is the chairman and senior partner of Isla Lipana & Co./PwC Philippines. He also chairs the Educated Marginalized Entrepreneurs Resource Generation (EMERGE) program of the Management Association of the Philippines (MAP). Email your comments and questions to
aseasyasABC@ph.pwc.com. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.