Government has created a task team to ensure that a theft such as the one perpetrated at Postbank over the new year is not repeated.
The team, which will be led by KPMG, will investigate the state of the Postbank’s internal systems and processes. Communications minister, Dina Pule has also seconded her acting CFO Sam Vilakazi and DG Maboko Rosey Sekese to this team.
This comes after hackers accessed the bank’s IT systems, made fictitious deposits in mule accounts and raised the ATM withdrawal limits on those accounts. The frenzy of withdrawals that took place netted the crooks some R42 million.
“They have to make sure that they look at the review of the systems so that we don’t experience this again, and to try and see if there are challenges in terms of our systems,” Pule says.
Minister Pule made it clear that the KPMG-led team is not investigating the crime itself. They will however work closely with the SAPS which is handling the crime. “[SAPS] has promised us [that] they are very close to arresting the perpetrators,” she says.
In her first address to the media since her appointment three months ago, the minister added that cybercrime threats are a “global curse” accompanying the advance of technology.
“Working with the Justice and Crime Prevention cluster departments we have made progress towards the development of the National Cybersecurity Policy Framework for SA,” she said. It will be presented to cabinet by March.
This is not a moment too soon. In an address to Trade & Industry’s parliamentary portfolio committee last week, Basie von Solms, director of the University of Johannesburg’s Centre for Excellence for Cyber Security lamented the fact that the Cybersecurity policy framework had not been completed.
The draft policy was completed in 2010. It is sad that after two years the policy has not been finalised, he told the assembled members of parliament. SA lacks an overarching policy to protect the security of SA’s interconnected computer network, he added, according to ITWeb.
Without a cyber policing unit with strong compliance inspectors, cyber crime and cyber terrorism would just increase. The Postbank heist is just one example of the lack of Parliamentary oversight on cyber security in SA, he said.
But cybercrime is not just government’s problem. It is a ‘mega’ problem affecting organisations around the world, according to Mark Eardley, a consultant to the biometric security industry.
He estimates that in SA, public and private organisations are losing up to R150bn a year through crimes very similar to the one seen at Postbank.
“IT security relies on a password and a pin and sometimes a smartcard. This is the biggest flaw in IT security because it does not identify a user.” The IT security industry, he says, needs to address this.
In comparison to other government departments, the Postbank loss was quite small. Eardley lists other cases where criminals – either inside the organisation or outside it – used a password and user ID to divert funds.
For instance the Department of Water Affairs lost R2.84m due to password-based fraud last June; the KZN MEC for Finance said last year that 25 fraud cases during 2010 resulted in the theft of R769m from the provincial government.
In March 2010 criminals stole passwords and diverted funds from the Social Security Agency; while the Mpumalanga education department lost R5.5m in October 2009 and Blue IQ’s CEO was linked to R450 000 in fraudulent payments, claiming password theft in September 2009.
Eardley adds that these types of crimes are just part of a greater cyber-crime problem. “The real damage comes from the theft of corporate secrets.”
Last year the UK government said of the cybercrime losses reported – in the order of £27bn in 2010 – about 60% of those losses were caused from the theft of corporate secrets.
The crime has not deterred Postbank from its objective of becoming a fully fledged bank. The Postbank board will be finalised by March and the bank should receive its banking license in 2013.
Officials are in consultation with National Treasury on the investment, borrowing and lending policies of the bank.
“We are working to ensure that Postbank is registered as a fully fledged bank that will provide affordable and accessible financial services and products to the unbanked and under-banked population in our country,” Pule said on Tuesday.