The Independent Commission Against Corruption (ICAC), established in 1988 to protect public interest and prevent corruption in the NSW public sector, has released its first report on current trends, risks and strategies. The Corruption and Integrity in the NSW Public Sector: An Assessment of Current Trends and Events report collates nearly 30 years of observations and reports on issues such as the blurring of lines between sectors, poorly managed organisational changes, the impact of technology and the prevalence of cybercrime.
Breaking Down the Report
The ICAC is responsible for receiving and investigating reports of corruption and misconduct by government departments, public offices, public bodies, government contractors and grant recipients. Using this information, the report identifies and explores the “emerging trends, hotspots, case studies and notable practices that have been brought to ICAC’s attention”.
The Honourable Peter Hall QC, Chief Commissioner of ICAC, emphasised that while NSW’s levels of corruption are low by global standards, “there can be no room for complacency…if systemic and operational weaknesses are not addressed, corruption can take hold and cause significant damage to an agency’s finances, productivity and reputation”.
The report deals with a variety of notable trends, including the blurring of lines between public, private and not-for-profit sectors and the relationship between corruption and organisational change. Interestingly, two particular observations emerged, indicating once again their widespread impact and omnipotence in our world today: technology and cybercrime.
Firstly, the ICAC report recognised an increase in corruption related to the procurement, delivery and monitoring of ICT products. Secondly, and more importantly, the report also emphasized that technological developments have actually made it more difficult for corrupt individuals to succeed.
The report also outlined a number of positive trends related to ICT. These include:
- The reduced reliance on paper-based systems that makes it harder for individuals to conceal evidence and trails of corruption;
- The use of advanced data analytic techniques that are capable of utilising self-learning algorithms and artificial intelligence to spot misconduct within enormous volumes of data. This technology makes it more cost and time effective to analyse data, allowing organisations to rely on technology rather than humans to identify anomalies and potential corruptions;
- Technology has developed to reduce human error and remove the need for human judgement. For example, ICT products can enforce delegations of authority, monitor inventory, establish identity, track the physical location of people and goods, review job applications, detect plagiarism and more;
- Social media can often provide a thorough image of a person’s behaviour, history, associations, interests and habits. At the least, this information can be used to identify undisclosed conflicts of interests and inappropriate associations.
The report expanded further on the impact of social media and access to the internet in general. The Commission highlighted the fact that technology has helped people speak up, making it increasingly easy and acceptable to broadcast anonymous complaints, insider information or opinions about individuals or agencies. The ever-expanding platform of the internet has in many ways become a whistleblower’s paradise and sanctuary.
The report also notes the ubiquity of technology that allows ordinary citizens to capture information and behaviour and then share it with a large number of people. While some websites enable people to review their experiences, and others allow employees to write anonymous critiques of their workplace, others sites such as India’s I Paid a Bribe aggregate and publish details about misconduct. The website alone has over 170,000 reports of bribes, and others like it are popping up around the world.
The report explains that “under the right conditions, technology can be used to generate rapid shifts in public sentiment about acts of misconduct”. From the Commission’s perspective, the clear message is that “employees, suppliers, stakeholders and citizens now have a large number of ways to voice their concerns” thanks to technology.
The report also explored the rapid increase and impact of cybercrime. In 2016-17, the Australian Cybercrime Online Reporting Network (ACORN) received 874 reports of cybercrime, representing a total estimated loss of $20 million – more than double that of the previous year.
More and more, cybercrime is being recognised for the epidemic it is. The NSW Minister of Finance, Services and Property stated in August 2017 that “cyber risk and security has emerged as one of the most high-profile, borderless and rapidly evolving risks facing Governments across the globe”. In 2016, the Australian Government’s Cyber Security Review found that cybercrime had cost the economy up to $1 billion in direct costs alone.
Based on data from the Australian Cyber Security Centre, the most common form of cybercrime includes spearphishing attacks that trick people into paying false invoices, theft of confidential information (including identity theft) and ransomware or distributed denial of service attacks.
Victoria’s Independent Anti-Corruption Commission explained that while most public sector bodies hold information or commodities that are attractive to threat actors, some are more vulnerable than others. For example, bodies with access to law enforcement information or identity and credit card details, and other regulatory bodies that oversee industries – such as construction, planning, development, prostitution, gaming, and liquor – may be at an even greater risk from cybercrime.
The ICAC recognises that public sector agencies have been increasingly victimised by cybercrime. The Australian Competition and Consumer Commission reported that in 2017 scammers stole nearly $4.7 million from Australian businesses – this was a 23% increase from the previous year.
The ICAC have listed several common mistakes when it comes to corruption. Of note, they emphasized that the protection measures for whistleblowers are often lacking within an organisation. This is pertinent when it comes to cybersecurity, as time is often critical when it comes to detecting and responding to breaches. However, if employees are too scared to raise the alarm on their own actions or the actions of their superiors or fellow co-workers, then attackers will continue to exploit this.
It was also noted that many organisations assume that when the Commission elects not to investigate a matter, no further action is needed. Unfortunately, the Commission has limited resources and can only investigate a small number of reported matters, regardless of the merit of cases. This means it is essential for organisations to undertake their own investigations, act proactively to root out the source of their vulnerabilities or corruption and assess their options for prevention.
The ICAC report has once again brought to light the increasing intricacy of technology and cybersecurity, highlighting how tightly woven both are into the fabric of everyday life, business operations and government. Technology growth is undoubtedly positive, having enabled unprecedented innovation, expanded the platform for individuals to speak up and for businesses to operation more efficiently. But technology also has the ability to cripple an organisation if used insecurely or corruptly. This is why ICT policies and cybersecurity can never be taken for granted and should be considered an investment into the longevity of a business.