Companies worldwide are taking computer crime seriously. In fact, according to PricewaterhouseCoopers (PwC), the demand for expertise help is outstripping supply.
Speaking at a press briefing last week, Graham Henley, a senior manager in PwC's fraud and investigations practice, said the global demand for computer crime investigation is greater than the skills available.
Corporates are engaging the likes of PwC to investigate crimes including Web site impersonation, credit card fraud, software piracy, trademark and copyright violations, electronic stalking, corporate data theft (typically committed by disgruntled employees), Web defamation (usually committed by protest groups), and virus writing, he said.
Companies are seeking solace increasingly less from the Federal Police, instead investing in IT-savvy corporate fraud investigators, according to Henley.
"The police have lost a lot of talent to the private sector," he said.
According to Henley, in 1998 global Internet crime increased by 600 per cent.
Software piracy through Internet downloads was the most common form of cyber theft, costing corporates $2 billion globally in profit loss, he estimated.
Speaking from experience, Henley added that PwC has undertaken approximately 1000 computer crime investigations. Most of these were for top clients Microsoft Australia and Sony PlayStation, and focused on anti-piracy efforts.
Computer fraud, notably credit card fraud, cost local businesses anywhere from $4 billion to $14 billion a year, he estimated.
Employee privacy is not a viable defense for hampering corporate investigations, Henley said. All PCs in workplaces are "fair game". PwC merely needed executive approval from a company before conducting multi-PC investigations.
"Computer forensics" is not all smooth sailing, as some corporates liked to believe, Henley added. According to PwC, the biggest legislative hurdles businesses face in convicting cybercriminals are lack of physical evidence, difficulty in proving intent, the rise of "high-end" hackers employing sophisticated fraud technology -- used to fake Internet protocol (IP) addresses, for instance -- and jurisdictional problems.
Henley regards current computer crime legislation as "prescriptive" and inflexible, failing to address all areas of Internet crime. He also joked that the courts needed a crash course in IT lingo.
PwC investigators also agreed that IT managers posed a "huge problem" to computer forensics by taking cybercrime matters into their own hands.
More and more are assuming responsibility to save face within the company; to guard their company from bad publicity; or to prevent a drop in share price, Henley said.