Just how many counts of fraud attacks occurred in the first quarter of 2018? These results from ThreatMetrix uncovered some alarmingly high numbers.
Here’s what was going on just during those three months:
- 9 billion first transactions
- 210 million attacks
- 1 billion bot attacks
Those numbers represent a 62% increase over 2017, with the level of threats only rising. The main industries taking the hit? E-commerce and financial services. Though in truth, no industry is safe.
“Cybercrime is now an industry unto itself; and its lifeblood is data. Data is, unfortunately, becoming easier to steal and monetize for cybercriminals,” the report states.
There are three items these attacks typically target, ThreatMetrix continues. They include:
- Personal data
Particularly on mobile devices. In fact, the attacks on mobile accounts grew 150% since the start of 2017. An even more alarming number when you consider the growth of mobile users for all industries.
Take banking, for example. According to a 2018 Fed survey, 43% of all mobile phone users with bank accounts used mobile banking in the previous 12 months, which is up from 22% in 2011. No wonder cybersecurity attacks increasingly focus on mobile devices.
Your Data at Stake
Mobile banking isn’t the only thing at stake, however. Several other companies have experienced these fraudulent cyberattacks as well. This summer, Dixons Carphone admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records, making it the biggest breach for a UK company to date.
The breach, which had actually begun a year prior to the company’s announcement of the incident, contributed to lowered stock prices and declining consumer trust in a company that previously received fines for hacks as recently as 2015.
BBC News writes:
“But the UK Information Commissioner’s Office (ICO), which fined Carphone Warehouse £400,000 for the 2015 breach, will now be looking very closely at this latest failing of the merged companies.”
The only potential saving-grace for Dixons Carphones? At the time of the breach, the GDPR fines, which would have been significantly higher for the company, were not yet in effect.
What remains to be seen? Whether or not consumers will be able to regain trust in a company that’s now had two major data breaches in just a few short years.
Protect Your Company, Protect Your Consumers
In this age where risks to consumers (and the companies that service them) are increasing at an unprecedented rate, there’s only one approach to take in response – that of proactive self-defense.
How? By making sure that, whatever industry you find yourself in, your top priority is protecting your customers, your employees and your entire institution from threat.
“The need for cybersecurity continues to increase as technology advances. Over the past few years, a number of major corporations have fallen victim to hackers due to seemingly minor oversights and a failure to properly manage vulnerabilities,” Enlightened Digital writes.
Yet cyberattacks aren’t the only culprits for global fraud. As tempting as it is to think the failure of machines and data security is what’s truly to blame, it’s the people behind the fraud who are the real problems.
Fraud often has a human face behind it. It’s correcting it from the source that poses the real challenge for companies trying to mitigate fraud risk.
The Face of Fraud and Its Impact on Reputation
While perpetrators of fraud run rampant across industries, regulators are on the lookout for them now more than ever. And these regulators aren’t afraid to take action.
Besides, scandals make “great” news. So if the regulators don’t bust you, chances are the journalists will. Now that’s one PR crisis that’s hard to bounce back from.
Was Young involved? Was he not involved? Did it occur during or after his tenure as owner? That’s the real question.
But when it comes to reputation (and the impact of your reputation on consumer choices) sometimes the “real question” doesn’t really matter. What matters is public perception. In fact, 70-80% of market value comes from intangible assets, Harvard Business Review writes, including:
- Brand equity
- Intellectual Capital
And if companies only respond after a crisis, not before, there’s only so much they can do to clean up the damage.
“Most companies, however, do an inadequate job of managing their reputations in general and their risks to their reputations in particular. They tend to focus their energies on handling the threats to their reputations that have already surfaced. This is not risk management; it is crisis management – a reactive approach whose purpose is to limit the damage,” the article continues.
So how can companies be more proactive to cutting out fraud and protecting their systems, customers and reputation (and ultimately their bottom line)? The trick is to cut the problem off at its roots.
Cutting Fraud off at the Roots
In many cases, the greatest risk posed to an organization is found in the form of its own employees. While mitigating employee risk can’t protect against external threats, it can cut down on incidents of noncompliance internally by up to about 60%. And your efforts can result in significant culpability score reductions with regulatory bodies if anything ever did happen.
“Employee fraud can take place in many ways, but by far the most common involves accounting, accounts payable, and payroll functions. In order to commit fraud, it helps to have access to money and accounts. Employees who submit expenses reports are also prime sources of fraud, especially if your internal controls are weak.” – Towne Bank
One recent example of employee fraud involves a medical device maker’s CEO, who was accused of siphoning money to purchase a personal residence and cover other personal expenses. The CEO’s activities cost the company several millions of dollars, and that was before the legal fees necessary to bring the case against him.
Since people represent the biggest risk to any organization, in terms of both fraud and cybersecurity attacks, it’s important to address the people first.
How? The first step is to generate awareness.
“So let’s start with the basics. Train your employees so they understand company policies and procedures. Make sure they know and follow all rules and guidelines. And make sure they understand the repercussions of committing a fraud – up to and including criminal prosecution,” Towne Bank continues.
Some suggestions? Create policies and procedures that train employees on:
- What fraud means and what it specifically looks like in your business
- How to recognize fraud – both internal and external
- How employees can help protect their personal and company data (and systems) from cybersecurity threats
- The common types of fraud that occur in your industry
- Details about how and where to report cases of fraud, suspected cybersecurity weaknesses/breaches, etc.
The next important step to foster a culture of compliance that’s anti-fraud and secure is to create a clear structure for reporting and a clear procedure for handling reported cases, including internal investigations, remediation, etc.
The final step, generally speaking? You should be able to measure the effectiveness of your policies and training programs. Measuring the effectiveness should not only include tracking who read what policy, but should also measure employee understanding of policies through questionnaires and examinations, as well as their attestations to adhere to these policies.
That way, if, a fraud breach or breach of security does occur, your company is protected, and the people behind the breach can’t hide behind the words “I didn’t know any better” anymore.
These steps can seem like a daunting list, especially when you consider that fraud and cybersecurity only just a small piece of mitigating your company’s overall risk. However, this is where technology can really help offload some of the burden, while simultaneously providing valuable reporting metrics for regulators.
By implementing a simple, automated, easy-to-use tool to handle all the time-consuming manual steps in this process, you can automate much of your risk mitigation, and keep tabs on any potential problem employees.
The benefits of automating certain controls and functions to ensure compliance against fraud?
- Enforce approval channels to deepen internal checks and balances and reduce risk of oversight
- Automatically generate audit trails to hold individuals accountable for their actions and decisions
- Improve and automate business processes to reduce manual errors that lead to noncompliance and save time
- Build an ethical and defensible compliance program that proves internal compliance to external regulators
- Reduce the potential for reputational damage from breaches
- Mitigate your risk through early assessments and automated reporting
To paraphrase Deloitte Advisory Principal Mark Pearson:
Although it might be hard to believe that the source of…fraud could come from inside a company, outside forces aren’t always to blame. Employees often leverage transactions involving vendors and third parties to their own benefit…
Looking for more on risk and compliance? Here are a few resources you might enjoy: