Norton: Cybercrime cost $110 billion last year

The yearly Norton Cybercrime report (.pdf) analyses how cybercrime affects consumers, and how emerging technology — including mobile and cloud computing — impacts security. As mobile technology and bring your own device (BYOD) schemes insinuate themselves into the corporate sphere — blending personal and professional communication — businesses need to take note.

This year’s release comprises of over 13,000 participants across 24 countries, aged 18-64, and says that U.S. consumers lost $20.7 billion last year after falling prey to cybercrime including attacks, malware and phishing. Globally, the rate rose to $110 billion in direct financial loss.

An estimated 71 million people in the United States became cybercrime victims last year. According to the report, 1.5 million people are impacted every day across the world — close to 18 people per second. The highest numbers of cybercrime victims were found in Russia (92 percent), China (84 percent) and South Africa (80 percent).

Globally, each victim accounted for an average of $197 in financial loss. In the United States, this increased to $290.

According to the report, an estimated 556 million adults across the world have first-hand experience of cybercrime — more than the entire population of the European Union. This equates to nearly half of all adults online (46 percent), a slight rise from the 2011 figure of 45 percent.

There has been an increase in cybercrime which takes advantage of social networks and mobile technology. 21 percent have fallen prey to social or mobile crime. Specifically within social networking, the report found that 15 percent of users have had their account infiltrated, and 1 in 10 have been victims of fake links or scams.

75 percent of participants believed that cybercriminals were gearing more towards social networks, but less than half (44 percent) used security software to help protect them against these kinds of attacks. In addition, only half (49 percent) used privacy settings effectively to control the information they share.

Norton Internet Safety Advocate Marian Merritt said:

“Cybercriminals are changing their tactics to target fast-growing mobile platforms and social networks where consumers are less aware of security risks. This mirrors what we saw in this year’s Symantec Internet Security Threat Report which reported nearly twice the mobile vulnerabilities in 2011 from the year before.”

Although most Internet users take basic steps to protect themselves, 40 percent do not use complex passwords, and over a third aren’t fussed about typing sensitive information into an unsecure site. When accessing email, 44 percent use unsecure, public Wi-Fi — and 40 percent do not recognize how malware has evolved to subtly compromise a system, placing personal and corporate information at risk. In addition, 55 percent of participants are unsure if their systems are currently clean.

When using public connections, 67 percent access email, 63 percent use social networking and 24 percent access their bank account, according to the report.

The study found that email accounts are often a target for cybercriminals to try and access personal and corporate information. 27 percent of adults have been notified to change their email due to an account being compromised — and when 42 percent store work-related correspondence and documents on these accounts, businesses need to be aware that this could be a security risk.  Adam Palmer, Norton Lead Cybersecurity Advisor says:

“Personal email accounts often contain the keys to your online kingdom. Not only can criminals gain access to everything in your inbox, they can also reset your passwords for any other online site you may use by clicking the ‘forgot your password’ link, intercepting those emails and effectively locking you out of your own accounts.”

Victims were most likely to be Millienials (75 percent) in comparison to Baby Boomers (56 percent), potentially due to their more frequent use of online services. Businesses should take away the potential damage that a lack of security acumen can cause, as personal devices and mobile storage of company information becomes firmly entrenched in corporate culture.

Source :


Cyber-policing vs IT Security Awareness

In December the Postbank lost R42 million to hackers. Afterwards experts called for a new cyber policing strategy. After 20 years on the Internet I did not know we had a cyber policing strategy in place. During 1997-2003 I worked for major Internet Service Providers and three banks running their IT Security. If South Africa has a national cybercrime strategy, it’s time we know more about it.

Professor Basie von Solms, from University of Johannesburg, warned parliament against internet fraud like the Postbank loss over the 2011 festive season. While I was direct of Computer Society South Africa, I was engaged with Prof von Solms and found him honest and direct. He said, while SA Police Service had highly skilled cyber specialists, there were not enough of them. There was no overarching policy to protect the security of SA’s interconnected computer networks.

Von Solms said a draft cyber security strategy was circulated in 2010 by the government but nothing further had been heard of it. Without a cyber policing unit with compliance inspectors, cyber crime and cyber terrorism would just increase. Most countries had a computer security incident response team that tracked global trends in cyber crime and virus attacks to spread awareness and propose measures to address them.

“We are allowing citizens to use the internet more and more but are not protecting them.” This reads like something from 1984 or Brave New World professor. Citizens needs education on safe use on the Internet. No amount of laws will stop stupidity.

He believed Parliament had an obligation to conduct oversight of the cyber security of government departments and other state entities. The failure to exercise this oversight was partly to blame, he said, for the debacle at the Postbank as no check had been made of its computer security system.

According to the annual Norton Cybercrime report, South Africa ranked #3 in the world. They estimate consumers lost close to $20.7 billion after falling prey to cybercrime including attacks, malware and phishing. The highest numbers of cybercrime victims were found in Russia (92 percent), China (84 percent) and South Africa (80 percent).

To reduce your risk we recommend the following:

  1. Study Internet Security Awareness Basics from Gideon Rasmussen
  2. Ensure your HR department talks to your IT department once a month about IT Security issues
  3. Ensure you make your staff, teachers and students (in school or university) sign an Internet usage policy.

For information on our new Internet Security Awareness workshop, contact our national office.