FRAUD, ASSET TRACING AND RECOVERY: INTERNATIONAL CHALLENGES
CD: How would you characterise the nature and scale of fraudulent activity afflicting the business world? What are some of the defining trends you are seeing?
Gouveia: Three defining trends relate to cyber fraud – phishing, invoice fraud and ransomware. Phishing, and its variants such as ‘vishing’, demand that firms have a strict process in place which enables employees to easily verify that contacts are genuine. Invoice fraud can be prevented by avoiding companies’ reliance on inbound requests to change payment details, no matter how legitimate or familiar they appear to be. And certainly, ransomware attacks continue unabated and pose enormous costs to organisations across different regions and industries. Of note is the increasing prevalence of attackers who threaten to publicly disclose data if the attacked business does not pay the ransom. Therefore, previous efforts to reduce the impact of a ransomware attack by backing up critical data will no longer be adequate protection. Ransomware is best prevented by avoiding phishing and limiting remote network connections, as well as making sure that protection software is installed, applications are kept up to date and data backups are tested.
Blaksley: The prevalence of fraud within businesses, expressed either as a percentage of turnover or the proportion of bad actors among the workforce, has stayed broadly consistent through the ages. What changes is the methodology and, on a basis partially synchronised with the economic cycle, the extent to which it is noticed or prosecuted. The basics have not really changed – greed, hubris, complacency and a lack of checks and controls remain the principal drivers. Supplier fraud, inventory fraud and payroll fraud, and their variants, remain the primary channels.
Apr-Jun 2020 issue
S-RM
Kobre & Kim