GRC, cybersecurity intersection for curbing cybercrimes menace

The word cyber and its relative dot.com are probably the most frequently used lexica of the modern era. In the information age, the rapid development of computers, telecommunications and other technologies has led to the progression of new forms of trans-national crimes known as “cybercrimes”.

Cybercrimes have virtually no boundaries and may affect every country in the world. They may be defined as “any crime with the help of computer and telecommunication technology”, with the purpose of influencing the functioning of computer or the computer systems.

According to Wikipedia,  Cybercrimes are “offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (networks including chat rooms, emails, notice boards and groups) and mobile phones (Bluetooth/SMS/MMS)”.

On 28 November 2019, it was widely reported that Nigeria lost N250 billion to cybercrime in 2018; that number has been increasing over time. Ghana also lost $77milion the same year.

Prof. Umar Garba Danbatta, executive vice chairman of the Nigerian Communications Commission, was quoted in June 2019 to have said that Nigerian banks were helpless in curbing cybercrime which is now growing ubiquitous in the country.

Worldwide cybercrime costs an estimated $600 billion USD a year. That’s up from $500 billion USD in 2014, the last time security vendor McAfee and think tank the Center for Strategic and International Studies released a similar study. The new estimate amounts to 0.8 percent of global GDP, up from 0.7 percent in 2014.

The extent of loss involved worldwide of cybercrimes is tremendous as it is estimated that about 500 million people who use the Internet can be affected by the emergence of cybercrimes.

The possible underlying factors linked to increases in cybercrime are shown in the figure below: dissociative anonymity, criminal social learning, etc.

At the same time, among the reasons for the growth in the cost of cybercrime are:

• Cybercriminals are embracing new attack technologies;

• Many new Internet users come from countries with weak cybersecurity;

• Online crime is becoming easier through cybercrime-as-a-service and other business schemes; and

• Cybercriminals are becoming more financially sophisticated, making it easier to monetize their exploits.

Recently, cybercriminals have been demonstrating that their activities are becoming more about financial gains and recognition, rather than revenge. Although this was always a motivation [after all, one of the easiest ways to make money is to get hold of personal records and sell them on the dark web] we’re now seeing a notable increase of attacks for this purpose.

Cybercrimes are a very serious threat for the times to come and pose one of the most difficult challenges before the law enforcement machinery. Most cybercrimes do not involve violence but rather greed, pride, or play on some character weakness of the victims.

Cybercrime involves using computers and Internet by individuals to commit crime. They can be classified as cyberterrorism;Cyberextortion; cyberwarfare; computer as a target; computer as a tool; obscene or offensive content; online harassment; drug trafficking.

Identification theft, fraudulent online transfers, payment-card frauds, network assaults, denial-of-service attacks by malicious networks of computers (botnets), ransomware, cyberbullying, trolling and online child pornography are  all common forms of Cybercrimes..

They show that nothing is safe on the internet – apart from criminals, it seems. It is incredibly difficult to protect computers, networks and the internet from vandals, pranksters, criminals, terrorists, rogue governments and government-protected agents because networks are too widely used, too complex, too fragmented and too vulnerable to coding mistakes, ignorance and complacency, and too open to be defended.

It’s no misrepresentation: any organization can become a victim of cybercrime. Smart organizations are putting more in cyber security.

A well-planned GRC strategy supported with a GRC platform enables several benefits in the fight against cybercrimes: Improved Decision Making, Higher Quality Information, increased accountability, Increased Collaboration, Enhanced Organizational Culture, Increased Efficiency, Increased Agility, Increased Visibility, Protected Reputation, Better Resource Allocation, Reduced Costs with Optimal Investment Decisions, Reduced Fragmentation within Organization and Preserved Institutional Memory.

Cyber Security is one of the main domains of GRC and Chief Information Security Officers [CISOs] are often the biggest champions of GRC Implementations worldwide.

GRC utilizes approaching security activities in a mature way and enhances the likelihood of achieving security objectives by aligning processes that support each other in the greater context of the security organization.

GRC also enables a company to foster a security organization that is well-coordinated and integrated. If applied well, GRC forms three basic pillars of organizational control to support effective Information Security Management System [ISMS].

However, when it comes to cybersecurity, issues arise if it is expected that the same level of security data and log traffic required by security analysts will also properly serve the needs of managers and risk owners.

These issues can become worse if the focus is one of compliance to a particular standard at a particular point in time.

GRC cybersecurity within the ISMS is like any other risk– it needs to be proactively managed. This means identifying, understanding and managing that risk more effectively for all stakeholders. If we are to improve our operational attitude, we need to consider GRC cybersecurity tools as enablers.

Where applied to cybersecurity, GRC can deliver significant benefits especially when we consider the challenge of monitoring data creation and movement at speeds and scales that would have been unthinkable just a few years ago.

GRC cybersecurity can bond the Information security management system into the organization at all levels, so the relevance of any change in the technological status is known for both its security and business impact.

Business stakeholders need security GRC information and feedback to be translated into a language they can understand and a form that they can act upon. Since cybersecurity is such an important factor in governance there are many different areas where GRC and cybersecurity intersect.

Data Privacy: This is one of the main drivers in increasing the importance of GRC in cybersecurity. Over the past few years, there have been extensive regulations and new strategies applied all over the world for data privacy.

Risk:  The link between cybersecurity and risk should not be ignored. Cybersecurity risks are an important factor in the overall risk exposure of the organization. Any organization that does not have sophisticated data security measures in place will not be able to manage risk.

The New Approach:  Organizations need a better approach when it comes to cybersecurity. One solution is to understand the importance of GRC knowledge for people in charge of cybersecurity. Cybersecurity personnel in the financial industry are required to know the legal and regulatory requirements of their organizations, and the same approach needs to extend to other industries as well.

A GRC cybersecurity platform is important for organizations that are only now bringing together cybersecurity and GRC. The platform will make the transition into the new model smoother and will also aid employees.

Cybersecurity GRC makes the whole business process more secure. Antivirus software and firewalls can catch the viruses and attacks that are coming in through vulnerabilities in the IT infrastructure; GRC can eliminate these vulnerabilities completely.