Rampant corruption in South Africa is fuelling the problem of cyber-crime – so said experienced digital forensic scientist Jason Jordaan, head of the Special Investigating Unit's forensic laboratory. He was delivering a keynote speech at the ninth ITWeb Security Summit, taking place in Johannesburg, on Wednesday.
"We may have done well in building high walls to keep out criminals from our organisations but the human element poses the biggest problem. It weakens the entire security infrastructure," said Jordaan. "Corruption in South Africa is a disturbing fact and it is really, really bad."
He noted that Transparency International, a global corruption watchdog, ranks South Africa as one of the countries with high levels of corruption. So corruption is being used extensively to facilitate cyber-crime in South Africa, as the traditional organised crime syndicates are now targeting the cyber-space.
Jordaan defined corruption as the agreement between the corruptor and the corruptee, for the benefit of one or both. "The simple truth is that everybody has a price, but not every price is corruption," he said, referring to benefits, threats against the person's family, and other factors.
"In South Africa, we do not yet have sophisticated hackings, but it is the corrupt insiders who facilitate this even if we have sophisticated firewalls."
Corruption-fuelled cyber-crime has resulted in insiders giving cyber-criminals access to critical information, as these insiders can easily bypass the security systems that organisations would have put in place, Jordaan noted. There is no need for them to use specialised hacking tools, he said, and because corruption is a silent crime, it's harder to detect.
Mitigating the risks of corruption-driven cyber-crime
Jordaan also pointed out that cyber-criminals can now easily find their targets within organisations by profiling them through social networks, like LinkedIn, where employees post their professional information.
He cited a case study of a recent breach of a critical state financial system, in which a systems administrator was bribed R10 000 to install key-loggers to steal government user credentials and give criminals access to the financial system. Over R11-million was stolen in around three days. "This case is still in progress, but the upshot of it is – this guy sold his soul for R10 000."
In order to mitigate the risks against corruption-fuelled cyber-crime, Jordaan urged organisations to know their people. "In South Africa, we tend to always focus on work and then forget about the people with whom we work."
He is of the view that making employees happy can assist in reducing corruption-fuelled cyber-crime. "An employee who is happy is less likely to be tempted into corrupt activities."
Instilling a strong culture of ethics throughout the organisation will also be useful in mitigating the risks, Jordaan concluded.