Risk management as a profession is not a new reality but is still to emerge in all its different aspects on Malta. The Malta Association of Risk Management (MARM), has been established by risk management professionals with various years of experience in different sectors of the economy. It aims to provide a forum for discussions and awareness raising. Among its initiatives was a seminar on cybercrime, over which association president Simon Grima, shares his views. Annaliza Borg writes.
Cybercrime is one of the fastest growing and innovative areas of crime. More and more criminals are exploiting the speed, convenience and anonymity that modern technologies offer for committing a diverse range of criminal activities.
Statistics by the KPMG Data Loss Barometer (2012) showed that 18.5m people in 82 countries around the world have been affected by computer theft and 75% of data loss incidents in retail and 96% of data loss incidents in media were attributed to hacking.
The study’s main findings show that hacking is the number one data loss threat and in the last two years, there has been a jump of 40% in the number of publicly disclosed data loss incidents.
Given the development of cyber crime in recent years, the European Commission has designed a coordinated policy in close cooperation with EU countries and the other EU institutions. The Commission Communication ‘Towards a general policy on the fight against cyber crime’, sets out the main elements of this policy: increased law enforcement cooperation, public-private partnerships and international cooperation.
In February, the Commission adopted a Communication on Cyber security strategy which outlines the EU's vision on how to enhance security in cyberspace and sets out the actions required.
Dr Grima referred to a question asked by Antonio Ghio during his presentation at the MARM event on Cybercrime, last Monday– “is cybercrime just Old Crimes in New Bottles”? This quote implies that technology only gives the criminal a new range of techniques. The resulting harm is the same as before. This is true for cybercrimes such as hacking, cracking, denial of service attacks, malware, hacktivism, online child pornography, and online extortion to mention a few.
So how do we defend ourselves against what we are building around us, around our lives, around our wired and wireless networks? What form does cybercrime take in the global scenario?
Be it an attack against computer data and systems, identity theft, the distribution and dissemination of images and videos of child sexual abuse, internet auction fraud, the penetration of online financial services, as well as the deployment of viruses, botnets, and various email scams such as phishing (fake bank websites to solicit passwords enabling access to victims' bank accounts), cybercrime is rampant. The internet is also being used by terrorists for recruitment of their followers and for the incitement and encouragement of radicalisation.
During the same seminar, Wouter Stol, from the Open University of the Netherlands and NHL University of Applied Sciences pointed out that last year cyber crime became the top crime in the Netherlands, superseding bicycle theft, which for long was the number one traditional crime. He pointed out that bank robberies in the Netherlands dropped from 570 in 1992, to four in 2012, because money is now continuously transferred online. Cyber criminals therefore target individuals and it can take decades for society to learn how to control the effects of online technology. In reality, cyber crime is an umbrella concept that refers to crime in which technology plays a crucial role.
“One day, all crimes will be committed using online technology,” Dr Stol noted.
Statistics given by Home Affairs and National Security Minister Manuel Mallia, show that in Malta, almost 80% of households have internet access. The police cybercrime unit registered 576 complaints - the most common crimes being computer misuse, such as hacking, and fraud. This amounts to an increase of 200 cases from the previous year.
Last year, the cybercrime unit collected 4,339 items to be analysed and documented. Moreover, investigations are, by time, becoming even more difficult for police.
Giving an estimate on the cost of cybercrime globally, Dr Grima highlighted this transgresses geopolitical borders. The global nature of the internet is allowing criminals to easily commit almost any illegal activity anywhere in the world, posing a serious threat to national and international security. Cybercrime is no longer being committed by individuals or small groups of people.
There is now an emerging trend with traditional organised crime syndicates and criminally-minded technology professionals working together and pooling their resources and expertise. In 2007 and 2008 the cost of cybercrime worldwide was estimated at approximately €6.13 billion (US$8 billion). As for corporate cyber espionage, cyber criminals have stolen intellectual property from businesses worldwide worth up to US$1 trillion.
It is not the inexperienced internet users but professionals who spend hours on the internet who are mostly targeted by cybercriminals. However, no one can be complacent and in order to prevent falling prey to cybercrime, it is essential that we are prepared to adapt our domestic controls to cover crimes carried out in cyberspace and to address security vulnerabilities related to information technology infrastructure such as power plants, electricity grids, information systems and the computer systems of central and local government as well as those financial institutions both in the public and private sector.
Dr Grima highlighted that we need to stay in front of current and emerging trends and to gather and share information and intelligence with public and private sector partners worldwide.
Discussing the setting up of the risk management association, he explained that MARM was established when a number of individuals, who became the association’s founding members, felt that the Maltese market needs a formal representative body and came together with the aim to promote, advance and encourage the knowledge of, and the use of risk management within the private and public sectors in the Maltese islands.
The risk management association represents the interests of risk practitioners in the private and public sectors in the Maltese islands with the mission of supporting excellence through developing, establishing and promoting best practice in risk management in the private and public sectors.
The association is open to all those who manage risk in Malta and is a member of the Federation of European Risk Management Associations (FERMA).
Being all-comprising, MARM attracts council representatives from various business sectors including financial services, gaming, aviation, safety and security. Members also come from the manufacturing, retail, hospitality and health industries as well as the public sector.
The association has also teamed up with bodies such as the Open Compliance and Ethics Group (OCEG) and is holding discussions with other international risk management organisations. The association has an educational and research representation and also carries out advisory work.
While awareness-raising is its primary objective in the short term, in the future the committee would like to see MARM grow into an open forum that represents the professional needs, requirements and industry standards of the various disciplines mentioned, including behavioral risk management and cybercrime. The plan is to continue to organize further forums to investigate areas such as business continuity management; health and safety; security; corporate social responsibility; environmental; intellectual property; project management; and waste management to name a few and any other areas requested by risk managers.
The association feels the need to ensure that the knowledge, skills, techniques, methodologies and tools it has become as widespread as possible without devaluing their intrinsic worth. Risk management is a pro-active function and involves all within the firm on a micro level and the global economy on a macro level, not just the risk manager.
The target is therefore to communicate the function and profession to all who may be involved in the economy.
Simon Grima is a lecturer in the Banking and Finance Department of the University of Malta and carries out consultancy work on risk management in the financial services industry. He has previously held posts within the financial markets and internal audit department at BOV, the securities unit of the Malta Financial Services Authority (MFSA), headed the internal audit, risk management, compliance and legal department at Global Capital Plc and the internal audit at the Malta Information Technology Agency (MITA). His qualifications include a B.Com (Hons) (Melit.), M.Sc. (Lond), M.Sc(BCU) and a Ph.D (Melit.), Researching Risk Management and Derivatives.