Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
B e ing a Pa p e r
Pr e s e n ted a t t h e :
1 0 th A N N U A L A C F E A F R IC A F R A U D C O N F ER EN C E & EXH IB IT ION ;
B e tw een 1 8 th - 2 0 th Se p t e mb e r 2 0 1 7 ,
A t t h e Sa n d t o n C o n ve n t io n C e n t r e,
# 1 6 1 M a u d e St , Sa n d t o n , J o h a n n e s b ur g, 2 1 9 6 , So u t h A f r ic a.
1
Presentation Flow
1. Introduction 9. Legal Framework for Cybercrime
2. What does the ‘TERM’, CYBER Mean? Investigations……..It’s all about providing the Law
Enforcement, with the Legal Tools to Prevent, Control
3. Cybercrime Defined - What is Investigate, and Prosecute Cybercrime Offenses!
Cybercrime? 10. Cybercrime Investigation - Tools
4. CyberCrime - Types and Categories 11. CyberCrime Investigation - Techniques
5. Cybercrime Investigation Process 12. Cybercrime Investigation - Reporting Findings
6. Cybercrime Risks 13. General Guidelines to a CyberCrime
7. Steps in a Typical Cybercrime Investigation Report
Investigation Assignment…..It’s all about 14. Conclusions
tracking bad guys on the NET!
8. Challenges in Cybercrime Investigation
Foreign Collaborations in Cybercrime
Investigations - The Need, the Focus,
on International Cybercrimes
Practice, teach, prevent, detect and deterrent fraud in SA
2
Introduction
A good understanding of the flow for a typical cybercrime investigation process, is VERY
important! This is because it provides an abstract reference framework that is
independent of any particular technology or organisational environment; OR ANY
STATE!
Thus, this presentation focuses on, amongst others:
The description of CyberCrime. Its processes, identifying issues ranging from Tools,
Techniques in carrying out a credible CyberCrime Investigation; to Reporting the Findings of
such investigation; in an acceptable manner, that a Court (of competent jurisdiction); will be
satisfied and comfortable at reaching her verdict!
The different steps, from the detection and / or reporting of an incident, to conducting a
Cybercrime investigation exercise, through to the final stage of reporting the findings of such
investigation.
Identify potential (and / or real) digital evidence(s), and how to obtain these different kinds of digital
evidence, from different devices and platforms - (e.g. emails, social media, IP addresses, etc).
Cybercrime investigations has been tagged………..beyond Forensics; TRUST, but
VERIFY!!............from evidence to verdict!
Net Crime - The term, ‘Net-crime’, is used to describe, the Criminal use and exploitation of
the ‘International Network’ (a.k.a. the Internet).
Cybercrime, may also be referred to as: Computer Crime.
Practice, teach, prevent, detect and deterrent fraud in SA
3
Cybercrime is generally defined as: “ALL the Criminal activities, carried out by
means of Computers, Networks or Hardware device(s); using the International
Network (the Internet), and technology. It includes, ALL available media
technology (including those to come, when they come); of Communication.
The Computer or Device (or Technology); may be:
1. The agent of a Crime,
2. The facilitator of a Crime, and / or;
3. The target of a Crime.
What is Cybercrime?....Contd.
The Warwickshire Police, Newbold Road, Rugby CV21 2DH, United Kingdom, defines
Cybercrime as:
“An offence should be flagged as cyber-enabled where the reporting officer believes that
on the balance of probability, the offence was committed, in full, or in part, through a
computer, computer network or other computer-enabled device.”
The United States Department of Justice (DOJ), [(i.e. The Federal Executive Department of the U.S.
Government, responsible for the enforcement of the law and administration of justice in the United States,
equivalent to the justice or interior ministries of other countries]; divides Cybercrime into three (3)
categories:
1. Crimes in which the computing device is the target, e.g. to gain unauthorised access to the
network, or;
2. Crimes in which the computer is used as a weapon, e.g. the launching of a Denial-of-Service
(DoS) attack, and / or;
3. Crimes in which the computer is used as an accessory to a crime, e.g. using a computer to store
illegally-obtained data, and / or information.
Practice, teach, prevent, detect and deterrent fraud in SA
6
Cybercrime Defined…..Contd.
The Council of Europe Convention (CoE) on Cybercrime, to which the United States of America is a
signatory, defines Cybercrime as:
“A wide range of malicious activities including the illegal interception of data, information,
system interferences that compromise network integrity and availability, and copyright
infringements.”
Other forms of cybercrime include; illegal gambling, the sale of illegal items like weapons, drugs or
counterfeit goods, as well as the solicitation, production, possession or distribution of child
pornography, creating viruses on other computers or posting confidential business information on the
Internet.
Term “CyberCrime” has also been defined (in the penal law): “as a set of malicious acts that are
committed against information systems or that make use of information and communication
technologies”.
Cybercrime criminal activity occurs in a virtual setting.
1. Offenders - Unknown - Cybercrime offenders can be anywhere in the world, they are largely
anonymous to the victim; Persons who have access to ways of uploading viruses via the internet
and are able to hack into other people’s computers, tablets and mobile phones.
2. Victims - Anyone can be a victim of a cybercrime, whether they are aware of it or not. It is also
known that not many victims of a cybercrime will know that they have fallen victim to this type of
offence.
Cybercrime, not only affects individuals, but the business world too!
3. Location - Anywhere, Could be ANYWHERE!
CRIMES of Digital ‘Nature’ are NOW on the INCREASE! This is expected to continue into the
foreseeable future!
Organizations and Individuals alike, ‘ill-equipped’ to handle this situation, must be having adequate
security policies, measures; coupled with a variety of technical and non-technical controls in place,
to avert it’s impact on their business and private lives……referred to as: The Myths of Cybercrime
Cybercrime Risks
Advancing technology and the exponential growth of online business has brought about new Risks
and vulnerabilities to businesses, with NEW and varied high-profile cases of cybercrime -
Hacktivism and Data Breaches.
This can range from anywhere in-between losing confidential data - Sales and business, to
increased scrutiny from regulators, financial penalties, reputational damage, and the falling
value of shares, [No one is safe]!
Cyber-attacks can be brutal, fierce and fatal for insured businesses.
3. Consider Outside Jurisdiction - Contacting appropriate authorities outside of your jurisdiction to handling the
case, where the suspect is outside of our jurisdiction
4. Conduct Computer Forensics - Seizing the suspect’s Digital devices e.g. computers and hard drives, hand-held
devices; which are then used by computer forensic specialists to conduct a forensic examination
4. Bit by Bit - A ‘Little Bit’ at a time does it! - In commencing a Cybercrime investigation, it is
highly advisable to confiscate all Digital appliances at the disposal of the suspect e.g.
Computer(s), Hand-held devices, various hard drives available; then detail the computer forensic
specialists, whom would have been included, when constituting the 2CIT, due to the specialised
nature of the dictates of a typical Cybercrime investigation.
5. Conduct the Cybercrime Investigation
With the information available at this stage, the investigator can now commence his assignment,
by going through the rigours of checking and noting the logical sequence of events, leading
to the committing of the offence(s) of cybercrime.
6. Write the Cybercrime Investigation report
- WHO has jurisdiction; e.g. when the victim is in South Africa, but the victim’s servers are
located in Zimbabwe, and the ‘Bad Guy’ is in yet a third location, say in North Korea? Who
has jurisdiction?
Practice, teach, prevent, detect and deterrent fraud in SA
20
Challenges…..Contd.
- Oftentimes it comes down to what makes the most sense for evidence collection and
prosecutorial support. However, it is not often that these hackers are taken to court, due to
the lengthy and doggy issues of determining Jurisdiction for “the Court” to have a competent
‘Jurisdiction’!
- Stopping cyberattack, minimizing losses and fortifying computer systems from the next attack is
a more common outcome.
Cyber cases also bring unique challenges to the courtroom, as:
a) Digital evidence might be overseas;
b) Hackers may delete or encrypt evidence, and;
c) Lawyers need technical expertise to make a Jury or Judge understand the complex evidence
and processes; as those can take years and years, and often remain a top secret.
It is extremely hard to fight back, where you do not know for sure who carried out the attack and why, as
attribution in cyber (crime) is extremely difficult, and criminals realize that too soon.
Practice, teach, prevent, detect and deterrent fraud in SA
21
Challenges…..Contd.
3. Enhancing Recruitment - Hiring officers with the technical expertise needed for these complex
issues.
4. Hidden agenda - Why Cybercrime is So Hard to Investigate
a) Organised Crime Syndicate - These Guys operate as an organised crime syndicate
organizations - They are usually focused on stealing their victims personal information,
including identity theft, which they use to commit economic, financial and other crimes and
scams;
b) They are “hacktivists”, or hackers that breach systems to make a moral or political
statement. Sometimes, they are a hybrid (combination) of these criminal groups, and could
be hired by foreign governments - (archetypes); to steal intellectual secrets (including
warfare propriety inventions....and many a time, they are untouchable. That can be the
most frustrating thing about cyber warfare for both victims and investigators alike.
Challenges…..Contd.
The International Network (the Internet); is a ‘dangerous place’ to be! - [An olden days’ adage]. The
internet has no KNOWN GOVERNANCE STRUCTURE, nor any REGULATORY MECHANISMS,
CONTROLS and GUIDELINES on its usage! It is a GLOBAL COMMUNICATIONS SYSTEM (GCS)
and quite often, investigative trails, leads to other parts of the world where the cybercriminal could be
residing e.g. leads to Russia, North Korea, Australia and / or other parts of Africa e.t.c; and this has the
potential of Compounding and complicating such investigation, due to cross-border legal issues;
though it does not make it impossible!
Given these known and / or perceived multiplicity of judicial provisions, below are some of the steps
being taken to address these issues:
Foreign Collaborations….Contd.
- addressing multiplicity of judicial provisions
1. Bilateral Cooperation - Ensure that Bilateral cooperation between two or more states (countries)
that have common interests, are in place; e.g. the US/China Cyber Working Group
2. Regional Cooperation - Cooperation among states in a Region; e.g. ASEAN Regional Forum;
3. International Cooperation - International Cooperation, include:
a) Cooperation through International Organisations e.g. UN GGE
b) Conventions, Treaties or Laws e.g. Convention on Cybercrime
a) Balancing Privacy and Public Safety - Privacy is a basic human right! “No one shall be
subjected to arbitrary interference with his privacy, family, home or correspondence...” - Art. XII,
Universal Declaration of Human Rights
Investigation Tools…..Contd.
Closely associated, are computer forensics, which is a very important aspect of any
Cybercrime investigation, as it relates to CORE Computing, Networking and Internet-based
digital data relationships, flows and manipulations; etc.
These Technology-based forensic tools, can also be further classified into:
a) Disk and data capture tools f) e-Mail analysis tools
b) File viewers g) Mobile devices analysis tools
c) File analysis tools h) Mac OS analysis tools
d) Registry analysis tools i) Network forensics tools
e) Internet analysis tools
j) Database forensics tools.
Practice, teach, prevent, detect and deterrent fraud in SA
28
Investigation Tools…..Contd.
These tools are used extensively in:
A). Data retrieval, B). Data Interrogation, and C). Data Investigation.
A. On Data Retrieval
a) Internet-based data retrieval tool - This involves finding first the internet protocol (IP)
addresses in the investigation. An IP address consists of numbers and letters; and that
series is attached to any data moving through the internet. In order to retrieve an IP
address from some Internet Service Providers (ISP), you will need to subpoena, warrant, or
court order on the ISP Company, for such information.
An IP address, contains:
Who owns and operates the Network address, Geolocation,
Associated domain name / computer name, e-Mail addresses, and;
Local service provider identifier.
NOTE that: The timeframe that ISPs retain data from subscribers varies, therefore the investigation team must move quickly. As
the investigator, you can make a formal request to the ISP requesting they preserve the data in question while a subpoena,
warrant, or court order is made requiring the records. Even with this letter, ISPs are not legally obligated to preserve the data
for law enforcement.
Investigation Tools…..Contd.
b) Device-based data retrieval tool
In a device-based data retrieval, a copy of the
original data is needed prior to investigating its
contents. Having a copy of the original data prevents
the contamination of the evidence.
Cell phones and other wireless devices should be
examined in an isolated environment where it
cannot connect to networks, internet, or other
systems:
i. If possible, place the device in a faraday bag
prior to turning on and examining the device. If a
faraday bag is not accessible,
ii. Turn the device into airplane mode - This will
prevent any reception or remote communication.
Investigation Tools…..Contd.
Who uses Faraday Bags?
1) The Military, and the Intelligence agencies use Faraday bags to prevent unwanted applications
being invoked remotely or data altered after devices are seized.
2) Law Enforcement organisations also use Faraday bags, to maintain a secure chain-of-custody
from point of seizure-to-examination.
3) Forensic Investigators use the ‘Lab Edition’ Faraday bags during analysis of exhibits and view
results directly from the mobile exhibit’s screen. (This ensures that the exhibit cannot be
remotely wiped or accessed by anyone other than the examiner).
4) Corporate Clients use Faraday bags to safeguard their phones, laptops and tablets during
sensitive meetings, in transit or in situations where their electronic devices might be vulnerable
to interception.
Practice, teach, prevent, detect and deterrent fraud in SA
31
Investigation Tools…..Contd.
B. Data Interrogation………Getting the right answer!
Data Interrogation is the art and act of making sense of
numbers, by breaking up data into its core elements and
attributes. f) Identify / Acquire additional resources to complete
Mostly carried out by Data analysts (i.e. Number Crunchers), project or add value if required
most often in the accounting and / or investigative fields, uses
analytical methodologies in making a sense of the Numbers, g) Consider the advantages of data entry or data mining
using standard Statistical Package for the Social Sciences methodologies of acquiring data
(SPSS), techniques - SPSS Stands for - Statistical Package for the h) Prepare data for analysis (cleaning or scrubbing data)
Social Sciences
i) Establish occurrence of trends and / or patterns if
During a Cyber Investigation exercise, at the data analysis stage, such pertain to required outcomes
these analysts:
j) Extract useful indicators pertaining to the desired
a) Plan and implement data project requirements in conjunction with deliverables
stakeholders;
k) Compare findings to relevant trends and / or patterns
b) Assign and allocate resources and responsibilities;
l) Report conclusions to stakeholder in an
c) Oversee the acquisition of valuable data understandable manner
d) Ensure / consider the viability of data for intended deliverables m) Present key findings recommendations to
stakeholders
e) Use common sense approaches to ensure tactical advantage
Investigation Tools…..Contd.
C. Data Investigation
In conducting a data investigation, the investigator will need to install a lock on the copy
(Photocopy) made of the original data. ALL data manipulation, will then be done on this data-copy,
without making any permanent changes. Identify the make and model of the device, then select a
suitable extraction software that will be best suited to analyse the data.
As soon as the data has been removed, the device should be sent to your evidence department, as
the device might contain; traces of attributes e.g. DNA, fingerprints, and/or other evidence handlers.
The software system will also assist the investigator in providing information such as:
• Time stamps,
• Images,
• Text documents,
• GPS locations, and
• Other encrypted data, etc.
Practice, teach, prevent, detect and deterrent fraud in SA
33
Writing the report of an investigation, is absolutely crucial, as this is the only way to convey the
accomplishment of the Cybercrime investigation assignment, to the appointing authority.
Cyber Crime Investigation Report has NO FORMULAR, NOR TEMPLATE; BUT, General Guidelines.
Consequently, it is advised, and advisable that your cybercrime report, will follow the general
guidelines, enumerated below:
1. Starting your report - Start your Cybercrime Investigation report on day 1 i.e. from the very
FIRST DAY…….DO NOT PROCASTINATE
(Start your report before you even begin your examination)!!!!!!
Reporting Findings…….Contd.
2. CYBERCRIME Report Structure:
Since there is generally NO strict format for our Cybercrime Report, you may wish to consider
adapting the following Structure:
A. General Structure:
Barring a standard corporate policy guideline on reporting structure, your report should follow the
generally used format, as detailed below:
Reporting Findings…….Contd.
B. Report Structure - SECTIONS
Generally, attention to details is a very crucial ingredient in our reporting.
1. Purpose of Report
2. Background
3. Scope
4. Method of Investigation
Practice, teach, prevent, detect and deterrent fraud in SA
39
Reporting Findings…….Contd.
C. Report Structure - Contents (Details)
Ensure a Clear CYBER Investigation Policy, is in e) Skills and Techniques;
place!
f) Level of investigation required linked
to severity;
Such Cyber Investigation Policy, will be produced in
conjunction with company Staff, and expected to g) Preserving Evidence;
capture the following: h) Conducting the Investigation;
a) Purpose of the Investigation; i) Investigation Process;
b) Scope of the Investigation (to avoid Scope creep); j) Making Recommendations and
c) Management Responsibilities; Reporting;
d) Employee Responsibilities; k) Communication of learning.
Having identified the Cybercrime Report Structure, Sections etc, it is now time to “FILL-IN” the ‘GAPS’
In all of these, efforts must be made, in detailing your report; with the use of:
Reporting Findings…….Contd.
Detailed below are some frequently used structured sections:
Section 1: The Title Page - This can include information such as the case name, date, investigator
name, and contact information.
Section 2: Table of Contents (ToC) - ToC can be of great help to the reader, to follow the report,
enhancing understanding.
Section 3: Executive Summary - Allows the reader to get the high level view of important findings
without having to delve into specifics.
Section 4: Objectives - This section is especially important to include. Other information to include
would be search terms requested by the client.
Section 5: Evidence Analysed - This should include serial numbers, hash values (MD5, SHA,
etc.), and custodian information, if known. If pictures were taken at the scene, you may want to
include them here.
Practice, teach, prevent, detect and deterrent fraud in SA
43
Reporting Findings…….Contd.
Section 6: Steps Taken - Be detailed. Remember, your results should be reproducible. Include
software and hardware used. Do not forget to include version numbers, etc.
Section 7: Listing of Relevant Findings - You can further break this section up depending on the
length of your report. Subcategories will depend on the purpose of the exam, but can include things
like: Documents of Interest; Internet Activity; Software of Note; USB Devices, etc.
Section 8: Timeline - Some reports will benefit from a concise timeline of important events. A good
graphic can go a long way in helping to communicate this information.
Section 9: Conclusion - Highlight the important issues. This often comes in the form of a
numbered list of concise findings.
Section 9b: Signature - Include a signature section that can be printed out and signed.
Reporting Findings…….Contd.
Section 10: Exhibits - HINT: Typically reserve exhibits ‘A’ and ‘B’ for:
i. Your comprehensive Curriculum Vitae, and;
ii. The Chain-of-Custody documentations; simply hyperlinking them, when you refer to them in the
main report.
An Old adage in the principle of writing an effective report, is to follow a clear and logical structure.
That way, will assist us in writing a clear, concise, pain-free, persuasive reports.
Cybercrime reports, are read and taken to be and mean the facts-of-the-matter, since you would
have had all the facts [(or at least all the facts you are going to (or supposed to), have)], as to:
Reporting Findings…….Contd.
a) Timeline and the Sequence of Events - Always have at the back of your mind, the timing for the
submission of your report (Subject to the investigation going ‘Cold’)
b) Complexity - On the other hand, the investigation may be quite complex and intricate to
comprehend, and elucidate appropriate evidence(s), to back up your findings and
recommendations. In such a circumstance, consider achieving the exercise in the cold-file,
pending when, and IF, a new evidence emerges.
Reporting Findings…….Contd.
1. The Aims & Objectives of the Cybercrime Investigation - Explain to the users of the report,
what you have ‘attempted’ to achieve in the investigation; e.g. “This investigation has been
designed to get to the suspects of the incident (Mention the Occurred incident); and the
root and remote causes of the reported incidence at our Gauteng Central Office; and we
hope this will achieve the purpose”;
2. Describe the reported Incident
Describe concisely and as precisely as possible, what happened, starting with the initial incident
statement, ensure to include the:
a) ‘WHO’ - Who are the potential suspects?
b) ‘WHAT’ - What crimes were committed?
c) ‘WHEN’ - When were the crimes committed?
d) ‘WHAT’ - What types of evidence (Physical, Digital, e-Evidence, Manual or a hybrid; is / are
involved and there to collect?
Practice, teach, prevent, detect and deterrent fraud in SA
47
Reporting Findings…….Contd.
e) ‘WHERE’ - Where might such physical and digital evidence be located, within the gamut of the
technologies in use in the organisation, as at the time the incident occurred?
f) ‘HOW’ - How can the evidence be preserved and maintained for court proceedings?
g) ‘WHERE’ *- Were these crimes limited to a specific Jurisdiction, e.g. the US or South Africa or
anywhere else?
h) ‘DOES’ * - Does any of the evidence need to be photographed / preserved immediately? etc.
* NOTE - Items a) to f) above, are relevant to Forensic Investigation); while g) and h); are
SPECIFIC to Cybercrime Investigation…………..i.e. Beyond FORENSICS!!
Practice, teach, prevent, detect and deterrent fraud in SA
48
Reporting Findings…….Contd.
3. Methods of Investigation
Mention must be made of the Tools, and Techniques adopted in conducting the Cybercrime
investigations. Also, describe your investigation team, especially in the biography:
a) Who is on the team;
b) Their relevant professional and any other qualifications;
c) The position held (in the TEAM), and;
d) Any other thing about each of them.
Reporting Findings…….Contd.
4. Findings
This section sets out CLEARLY, your findings!
Ensure that such findings are well sort-out in a logical SEQUENTIAL manner.
A suggested outline is described below:
a) Organisation, Control and Responsibility on the findings, should be clearly described;
b) The timing, Sequence flow and History of the incident, must be clearly enumerated;
c) State the people and their involvement in as clear and logical sequence as possible;
d) Mention similar events (If any) that has semblance to the incident under consideration;
e) Identify any environmental effects the incident may have on the organisation;
f) Enumerate the impact of any technology, equipment, processes and procedures; that might have
aided the occurrence of such incident.
Practice, teach, prevent, detect and deterrent fraud in SA
50
Reporting Findings…….Contd.
D. The Main Report Section
Writing-to-Persuade - The first thing to remember is that when you are writing a CyberCrime
Investigation Report, you are trying to persuade someone to do something.
The ultimate Objective, is to get the authority (The Board), to action the recommendations i.e.
findings in your report - to put your recommendations into practice!
NOTE that before the Board (or your reader, or respondent) can do that, they have to be
persuaded, with understanding your report.
KEEP YOUR LANGUAGE SIMPLE AND STRAIGHTFORWARD.
Reporting Findings…….Contd.
The Main Report Section…Contd.
Therefore, write the report as you would say it, it’s that simple.
i. Follow these few simple component steps:
1. Keep it short and simple (The ‘KISS’ Principle!) - Use very short and simple understandable
explanatory notes;
2. Avoid using professional Jargons and terms - Remember, not everyone reading your report
will be an expert in this field; they most likely, may not know these jargons. This does not
presuppose that professional jargons are wrong; they are specialised, for the intended audience,
who are Non-specialists, in this field; if by chance it is unavoidable, reference an appendix where
it will be explicitly explained, to a lay man.
3. Always use active pronouns - This is intended to keep your report active, e.g. do not say, “We
discovered XJames stole the Money”; but say, “XJames stole the money.” The first is a “passive
voice” and the second is an “active voice”. The active voice emphasizes the performer (or agent)
of the action. In Cybercrime reports, always emphasize the ‘Active Voice’, and be sure that your
evidence, will back it up adequately.
Practice, teach, prevent, detect and deterrent fraud in SA
52
Reporting Findings…….Contd.
4. Get A Second Opinion. (As in a Peer review, from the team members and or outside the
team). Get team members or someone outside your investigation team (preferably from an
industry practitioner), to read through, and proffer constructive suggestions.
Reporting Findings…….Contd.
E. Recommendations
Here, address not only the root, nor remote causes of the incident; but also all the individual
contributory causes noticed and observed in course of accomplishing the investigative
assignment.
F. The USE of Appendices in a Cybercrime Investigation Report
An Appendix - An Appendix, is the section at the end of any report, that contains information that
is too detailed for the text of the report itself, and, would "burden the reader", or be
"distracting," or "inappropriate".
Largely information that is not quite essential to explain your findings, BUT:
a) Supports the analysis in the report (especially repetitive or lengthy information);
b) Validates your conclusions or pursues a related point.
These are the items to be shown in an appendix or appendices section.
Practice, teach, prevent, detect and deterrent fraud in SA
54
Also, excerpts from this supporting information (i.e. part of the data set) will be placed in the
body of the report sometimes, but the complete set of information (i.e. all of the data-set), will be
included in the appendix.
That’s all there is to it!!!
Follow this structure, as it is capable of eliminating much of the drudgery associated with reading
unorganised reports.
Conclusions
Countries must have laws that allow law enforcement to compel disclosure of evidence of
crime. Law makers must consider many factors when deciding what is appropriate for
them. Models from other jurisdictions can assist countries in designing appropriate laws.
Cybercrime poses important challenges to the Global Order on criminal justice systems.
Various International establishments, have, and are making concrete efforts in the
repression and suppression of cybercrime activities, by introducing ‘NEW’ Tools and
Techniques (including SKILLS and ABILITIES), for investigation of Crimes that are Cyber-
in-Nature! There are clear indications for the harmonization of diverse approaches, to
Cybercrime investigation, across national definitions, borders, frontiers and cross-border
legal issues, on several computer-related offences.
Cyberliability insurance, as a precaution to managing Cyber Risks, is becoming harder to
secure and more expensive!
Practice, teach, prevent, detect and deterrent fraud in SA
56
Conclusions….Contd.
Companies which have experienced data breach incidents in the past may find it especially harder to
purchase a policy. Companies with bad data protection reputation will have to pay higher premiums
for Cyberliability insurance.
Cyberliability insurance cover, may not prevent a company from going out of business or restore its
lost image and credibility, but it can certainly put customers and regulators at ease while covering
some of the data breach costs.
The damage caused by data breach incidents, may be harder to reverse in some cases.
Cyberliability insurance cover, is used to reduce the inflicted pain, following a data breach and it
certainly cannot solve all the challenges that arise from a data breach!
Parting Shot
GOOD LUCK!
&