Rising fraud – the impact of the global pandemic
The pandemic has seen rising cases of fraud globally, with increased activity across most industry sectors using both conventional methods and rapid growth in digital fraud. Direct government intervention in national economies has pumped money into local initiatives which fraudsters have exploited for their own ends; for example the UK Treasury recently announced estimated fraud losses exceeding £4 billion.
With economic pressures businesses have suffered both external and internal changes which can leave them vulnerable to exploitation. Indeed, ongoing disruptions and economic uncertainly can lead to desperate actions to maintain earnings as well as enabling fraudsters to prey on weakened systems and controls.
Fraud may also enable money laundering, terrorist financing activity and can wreak havoc on organization's reputations beyond the direct impact on stakeholders. Business leaders should be diligent in prevention and detection. Learn how the fraud landscape is evolving and how to stay on top of it.
Fraud and cybercrime continues to rise
The Aviva Fraud Report noted, “one in eight people have been the victim of a financial scam which related to coronavirus” and increasingly, financial scams occur online. High-profile cyberattacks populate headlines, from the Colonial Pipeline hack in the United States, to the attack that crashed Amazon web services (AWS) servers and also the attack on SolarWinds in December 2020 that may have infiltrated 18,000 of its customer networks. Trend Micro reported a “47% year-on-year increase” in email threats, malicious files and malicious URLs. It said, “the banking industry was disproportionately affected, experiencing a 1,318% year-on-year increase in ransomware attacks in the first half of 2021.”
The United Kingdom Crown Prosecution Service (CPS) estimated that 86% of reported fraud is now cyber-related. According to TransUnion, “across industries, the rate of suspected digital fraud attempts rose 16.5% globally when comparing Q2 2021 to Q2 2020.” The most significant increases in the first part of 2021 were in the gaming, travel and leisure industries. However, the rate of suspected online financial service fraud attempts also rose 18.8% globally.
Along with highly organised advanced persistent threat (APT) activity, criminals have targeted decentralised finance (DeFi) which is based on blockchain technology like cryptocurrencies . The crypto risk management firm, Elliptic found that DeFi investment fraud and theft losses totalled $10.5 billion by November 2021, “up from $1.5 billion in 2020.” While the attraction of DeFi channels and crypto currencies may lie in the fact they do not rely on traditional finance infrastructure, this is also their greatest risk since they often lie outside the protection of financial regulatory frameworks that exist worldwide. This risk requires heightened due diligence for businesses undertaking transactions using such technology as the consequences of becoming a victim can be dire.
It should be expected that fraud attempts around DeFi are more likely to be focused on luring victims into scams supposedly offering DeFi “currency” to settle transactions or as an investment where such currency does not in fact exist. Victims may part with property, or pay using traditional banking or real crypto currencies.
Beyond the complexity of blockchain currencies, cybercrime is often a generic term covering both sophisticated exploitation of technology to infiltrate business, or exploit software weaknesses, and the more general misuse of the world wide web to offer fake business opportunities. In March 2021 Statista estimated over 45% of global email traffic was spam messages – the most common way in which fraudsters use emails to target potential victims daily. This worrying statistic means all businesses have to ensure they have robust preventative processes in place to protect their IT systems and check on transactions, especially those with new suppliers, customers and altered bank accounts.
Fraudsters target business vulnerabilities – now isn’t the time to be complacent
Fraud can be orchestrated internally, externally or both. Over the past couple of years, many businesses have experienced financial difficulties. Consequently, they may have reduced staff, increased workloads or hired less experienced employees to fill gaps. Other budget cuts may include internal audit and compliance resources, further weakening internal controls and increasing opportunities for criminal actors.
The higher use of virtual private networks (VPNs) and reliance on third-party cloud software also create weaknesses. Trend Micro reported that ransomware attacks have evolved to use APT-like victim targeting, triple distributed denial of service (DDoS) and data exfiltration more frequently. Attackers are also keeping stolen data for longer periods of time, before threatening to leak it to extort more money. Ransomware attacks threaten all businesses, although perpetrators tend to target larger organisations which should be able to pay the highest ransom – just to stay open. These attacks are typically initiated within spam emails containing malware which can take over control of IT systems very rapidly. Constant vigilance and staff training on spotting such fake messages is vital to avoid the risks.
Employees may act on their own or with external parties to create and pay fictitious vendors or ghost staff and then improperly record cash, or disguise “losses” through accounts manipulation. Where an employee is acting with an outside party pretending to be a genuine supplier, significant losses may be suffered before it comes to light. In many cases, business owners are blindsided when an independent audit then identifies fraudulent activity or examples of employees failing to follow security measures. Ensuring checks in a business’ procurement process are followed and proper segregation of duties in paying for goods or services is essential to mitigate these risks and to increase the chances of spotting it early and limiting or preventing fraud losses.
Opportunistic fraudsters also exploit situations. As companies have incorporated new software into their work environment, many lacked the proper security framework, leaving an opening for fraudsters. This has recently been highlighted in the December 2021 announcement of serious security weaknesses in Log4j, an essential building block of many software systems which has caused urgent action across the globe and the impact of such failing still remains to be seen.
Prevention and protection: a layered defence system
According to our HLB Cybersecurity Report 2021, 82% of surveyed IT professionals changed their cybersecurity protocols. However, the changes may not be enough to combat the rise of sophisticated threats and repeated fraud attempts. The cyber threat landscape is evolving, persistent and varied. As such, organisations must break down data silos and review how recent changes affect their security.
Business leaders should take a proactive approach with anti-fraud and cybercrime measures by implementing a multi-layer program. Prevention, detection and protection measures must cover all infrastructure, including endpoints, emails, servers, cloud workloads and networks. In addition, companies should increase visibility into third parties and complex international supply chains. Customers, agents, suppliers and distributors raise bribery and corruption risks.
A successful anti-bribery, corruption and fraud program requires leaders to:
- Complete an enterprise-wide risk assessment
- Use proactive data analytics to identify internal and external issues
- Develop a solid internal corporate culture
- Implement a robust control framework and maintain proper data governance
- Educate employees and contractors on current social engineering tactics
- Use virtual patching techniques for remote endpoints
- Tailor whistleblowing procedures to each region
However, organisations also benefit from forensic and investigation services. Independent evaluations can uncover failures or inconsistencies with internal policies, regulations or laws. Trained specialists, like HLB’s expert advisors, assess your corporate environment and help you take steps to prevent and detect nefarious activities. When used in combination with a robust, multi-layered anti-fraud and cybercrime program, business leaders gain deeper insights into potential issues and act quickly to safeguard against wrongdoing.
Take a proactive approach to combat fraud
Fraudsters aren’t backing down from cyber fraud, and COVID-19 disruptions continue to affect organisations, supply chains, customers, and employees. The last thing any business leader wants is costly litigation that threatens their company’s financials and reputation.
Learn how our advisors can help protect your brand and improve your business resilience.