London, UK, 10 May, 2005 - Following the recent publication of figures from the National Hi-Tech Crime Unit (NHTCU) revealing that cybercrime is costing UK businesses Â£2.4bn a year, specialist fraud consultancy Detica has warned that poorly designed procedures within companies and irresponsible customer behaviour are frequently to blame rather than inadequacies in the technology.
David Porter, Head of Security and Risk at Detica comments: "In addition to technological solutions, companies will often throw extra security processes at the problem. But with security, more, paradoxically, can often be less. The more people who witness a road accident, the less likely one of them will call an ambulance. Similarly, the more people making additional security checks, the less thorough each person will be, each assuming others will spot the problem. And the greater number of safety checks you put in, the more risks people will take - just like seatbelts make people drive faster. Itâs all a question of careful, balanced design and not underestimating the potential for human fallibility."
Organisations also need to get much better at educating customers about cybercrime and involving them in the first line of defence. Porter continues: "Haste, ignorance, fear and greed are the weak spots that fraudsters are ready to exploit. Customers need to guard their personal details closely and think before blindly clicking on e-mail or website links or downloading attachments. They should also be cautious about disclosing too many identity details on websites aimed at forming or reuniting social contacts as this can hand identity fraudsters what they need on a plate."
It is also important for companies to address the issue of proving their correct identity when communicating with customers by telephone or e-mail for marketing purposes. Porter concludes: "Too often the onus is on customers to prove to the company they are who they say they are - rather than the other way around. In light of scams such as phishing, and domain name server hijacking, where fraudsters set up bogus web pages to extract confidential details from customers, there now needs to be greater emphasis on companies proving their identity - it is no longer a one-way process."