The credit crunch will drive some IT workers to use their skills to steal credit-card data using phishing attacks, and abuse their privileged corporate computer access to sell off valuable financial and intellectual information, forensic experts have warned.
Both PricewaterhouseCoopers (PwC) and security vendor Finjan are forecasting that the recession will fuel a significant rise in insider fraud and cybercrime in 2009.
A PwC forensic expert claimed the financial-services sector is already investigating a rising number of staff frauds, while Finjan cited evidence of a trend in 2008 for unemployed IT staff in Eastern Europe and Asia to use crimeware toolkits to launch phishing attacks and seed malware to steal financial details.
Neil Ysart, senior manager of forensic services at PwC, said: "People from the financial sector are all saying the same thing: there is a rise in internal investigations as everyone has seen a rise in suspected fraudulent activity."
"There are certain types of fraud where an understanding of technology would make it easier to circumvent controls and IT staff have the knowledge to do that — for example, the theft of data at telcos," Ysart said.
"There was a range of very well-documented frauds that took place during the recession in the early 1990s and it does not take a great deal of insight to realize we will see an increase at a time like this," he said.
Forensic specialists at PwC are advising businesses to mount extra checks on areas where staff will be most tempted to defraud the company, such as expenses, access to sensitive customer data or massaging performance figures to win a bonus. Of the use of crimeware, Finjan's report states: "Having the large number of layoffs of IT professionals all around the world, especially in the USA, we expect a rising number of people willing to 'give it a try' and to get stolen credit-card numbers, online-banking accounts and corporate data that they can use to generate income."
A recent report by security vendor McAfee also found there is a risk that cybercrime may further slow the speed of UK economic recovery, a sentiment echoed by the joint architect of the UK's Police Central e-Crime Unit, Charlie McMurdie.