Companies worldwide are taking computer crime seriously; in fact, according to PricewaterhouseCoopers, (PwC) the demand for expertise help is outstripping supply.
Speaking at a press briefing this week, Graham Henley, a senior manager in PwC's fraud and investigations practice, said the global demand for computer crime investigation is greater than the skills available.
Corporates are engaging the likes of PwC to investigate crimes including website impersonation, credit card fraud, software piracy, trademark and copyright violations, electronic-stalking, corporate data theft (typically committed by disgruntled employees), web defamation (usually committed by protest groups), and virus writing, he said.
Companies are seeking solace increasingly less from the Federal Police, instead investing in IT-savvy corporate fraud investigators, Henley said. "The police have lost a lot of talent to the private sector."
According to Henley, in 1998 global internet crime increased by 600 per cent.
Software piracy through internet downloads was the most common form of cyber theft, costing corporates $2 billion globally in profit loss, he estimated.
Speaking from experience, Henley added that PwC has undertaken approximately 1000 computer crime investigations. Most of these were for top clients Microsoft Australia and Sony PlayStation, and focused on anti-piracy efforts.
Computer fraud, notably credit card fraud, cost Australian businesses anywhere from $4 billion to $14 billion a year, he estimated.
Employee privacy is not a viable defence for hampering corporate investigations, Henley said. All PCs in workplaces are "fair game", he said. PwC merely needed executive approval from a company before conducting multi-PC investigations.
"Computer forensics" is not all smooth-sailing, as some corporates liked to believe, Henley added. According to PwC, the biggest legislative hurdles businesses face in convicting cyber criminals are lack of physical evidence, difficulty in proving intent, the rise of "high-end" hackers employing sophisticated fraud technology (used to fake IP addresses, for instance), and jurisdictional problems.
Henley regards current computer crime legislation as "prescriptive" and inflexible, failing to address all areas of internet crime. He also joked that the courts needed a crash course in IT lingo.
PwC investigators also agreed that IT managers posed a "huge problem" to computer forensics by taking cyber-crime matters into their own hands. More and more are assuming responsibility to save face within the company; to guard their company from bad publicity; or to prevent a drop in share price, Henley said.