Opinion: Corporate IT - you can help fight cyber crime

Though combating cyber crime is no doubt a matter for international law-makers, it's also something that the IT department in organisations large and small can play a role in. Mark Kobayashi-Hillary explains.

Economic and cyber crime have come of age in a digital society where we now entrust our identity and finances on a daily basis to organisations across the world. Once considered to be a victimless nuisance and glossed over or relegated to the latter pages of the business press, it has come to the fore in recent years with high-profile prosecutions and a post-7/7 focus on terrorist financing.

IT teams might ask how their day-to-day responsibilities are connected to crime fighting. Economic crime is perceived to be more in the realm of gangland villains or crooked CEOs such as Bernard Ebbers, architect of the largest corporate fraud in US history and sentenced to 25 years of porridge last July.

But consider the key areas where economic crime impacts the UK economy: embezzlement, cheque fraud and money laundering along with employee-perpetrated crimes such as bribery, corruption and procurement fraud. Access to the heart of a corporate information system is usually the key to criminal success, so the IT team is crucial in this war on economic crime.

In addition, offshore outsourcing of IT services is a key area where organisations can inadvertently create weak leaks in their internal security structures. A reporter for The Sun newspaper recently found it was possible to purchase personal data on 1,000 British consumers from a call centre employee in India. A fortnight after the story appeared, a reporter for ABC News in Australia bought personal data on Australian citizens from an Indian call centre employee.

In response, the Indian National Association of Software and Service Companies (Nasscom) leapt to the defence of the Business Process Outsourcing (BPO) industry with a whirlwind of media statements explaining how The Sun had blown the story out of all proportion. NASSCOM made a point of reminding British consumers that our own Financial Services Authority recently stated that many Indian BPO services are more secure than those provided within the UK.

The scale of economic crime and its cost to organisations in the UK is now vast. According to survey data from business adviser and accounting experts RSM Robson Rhodes, UK businesses lost more than £40bn last year because of this form of crime - equivalent to £100m per day - and the problem is getting worse. Data and identity theft are clearly the major areas where a problem can arise, as highlighted by the sting operation in The Sun. It's critical to ensure that any offshore operation is compliant with information security standards such as BS7799. Internal security procedures based on these standards will include details of computer security, ability to store and copy data, and building access controls.

RSM Robson Rhodes believe UK companies lost £32bn in 2003 through acts such as fraud, embezzlement, corruption and money laundering - and spent a further £8bn seeking to combat the problem.

The true cost of economic crime in the UK could be even higher as these figures highlight only known losses to businesses. There's also, for instance, the potential damage to a trusted corporate brand when the organisation admits it's been the victim of cyber crime.

One type of cyber crime that is increasingly receiving attention from law enforcement agencies is the counterfeiting of IT products. This industry has spread beyond the realm of the back-bedroom software pirate to the large-scale production of counterfeit hardware, complete with familiar brands. The professional services group KPMG recently reported that one in 10 IT products sold worldwide is counterfeit, costing global technology companies as much as £55bn in lost revenue annually - with China singled out as the primary source of counterfeit hardware.

To tackle the problem, the Specialist Crime Directorate of the Metropolitan Police and the Commonwealth Business Council have created a formal partnership where law-enforcement experts from across the 53-nation Commonwealth region will work on connecting the corporate victims of economic crime with international government policy makers. The Scotland Yard economic crime working group addresses cyber crime, data and identity theft, counterfeiting and intellectual property rights, and money laundering.

This partnership marks a significant change in the way the Metropolitan police addresses cyber crime. The initiative is well-timed. At the silicon.com CIO Forum last week, the financial services panel gave a resounding 'could do more' view on the current efforts of law enforcement agencies. Speaking on the panel, Mitchel Lenson of Deutsche Bank rued the fact that there is "no single world law" so it's nearly impossible when affected by economic crime to pursue the perpetrators if they live in another country.

Scotland Yard is now strongly of the view that this kind of crime must be tackled from a global perspective, and that doing so requires partnerships between various international stakeholders, allowing a wider intelligence picture. The Commonwealth Business Council, of which I am the technology research director, is ideally placed to facilitate effective private sector engagement with governments across the Commonwealth, and beyond.

The global spread of economic crime has been enabled by the same factors that allow us to work globally: cheaper telecommunications and the internet. The law enforcement agencies are taking the threat seriously and directing resource at the problem but the IT teams at the coal face of every organisation need to be more vigilant.

Mark Kobayashi-Hillary is the technology research director of the Commonwealth Business Council and author of 'Outsourcing to India: The Offshore Advantage' (Springer 2004, 2005), 'Beyond BPO: Outsourcing and the Global Services Revolution' (BCS 2006) and 'The International Political Economy of Offshoring and Development' (Palgrave 2006).