Technology Banker

Switch to desktop Register Login

04-10-2012

Computer Forensics: An essential part of compliance strategy for African Banks

Security breaches and cybercrimes are real threats to the banking industry

Early this month local firm, Wolfpack Information Risk released its South African Cyber Threat Barometer 2012/13 report and it revealed that South Africa alone incurred R2.65 billion losses for the period of January 2011 to August 2012 in cyber-crimes.  This report highlights the importance of IT security as an integral part of a bank’s compliance strategy.

Computer forensic is an emerging process in the field of IT security. Although it is not very new, many businesses still do not comprehend its value and view it as a highly specialised field that is rarely used. However, banks can benefit from knowing more about computer forensic and how it can improve the bank’s IT risk management procedure.

What is involved in computer forensic?

Computer forensic is part of an incident response process. It is not about preventing security breaches. Instead, it is about keeping the scene of crime secure, and collecting and analysing digital evidence about how the security breach happened. This can be performed by the law enforcement cybercrime team, when an organisation reports a computer security breach.  Otherwise, it can also be carried out by an independent consulting company specialising in the field. Using computer forensic does not need complicated IT infrastructure. All an organisation needs is a software designed to discover and save the detailed information of what happened during a security breach.

Do banks need to have a formal forensic investigation for every security breach?

There is no straightforward answer to this question. The decision to have a detailed analysis of the breach should not be left to one person alone, but should be discussed within the organisation. Not all security breaches are serious, but an organisation will not know this until it has conducted a thorough investigation. But regardless of whether the breach is minor or serious, the organisation must know what have been compromised, how the incident happened and how it can be prevented, to ensure that the security breach does not happen again.

Additionally, if an organisation decides to use computer forensic as part of its security compliance strategy, it should not be tapped as, and when the organisation feels it necessary, but a process has to be put in place, detailing when a computer forensic expert needs to be called in.

Types of breaches or cases that may require a computer forensics inquiry:

·      SQL injection by attackers to an organisation’s web application to extract sensitive information

·      Break-ins into unsecured wireless network and accessing the internal network

·      Copying sensitive information to an external hard drive by a member of staff, with the purpose of taking it off-site and sharing it with a third-party

·      Lost or stolen device with unencrypted data

 

Not all security breaches are evident, and it is imperative that banks must ensure that the absence of incident response procedure will not leave a gap in its security risk management and compliance policy.

 

By Our Staff Reporter