Last week, I attended a cyber risk workshop offered by the local chapter of the Institute of Internal Auditors. One of the presenter’s slides listed data breaches that occurred so far in 2017, including Equifax, the Securities and Exchange Commission, and Home Depot. It’s pretty scary, especially when you think about what the cyber criminals are after – your money.
Fraud has existed for a long, long time. Technology gives criminals new opportunities to perpetrate bigger frauds more quickly than ever before. Organizations fight back by adding more technology skills to their fraud prevention and investigation teams. According to the Association of Certified Fraud Examiners’ (ACFE’s) In-house Fraud Investigation Teams: 2017 Benchmarking Report, building forensics and cybersecurity expertise is a big focus.
Of the nearly 1,500 anti-fraud professionals who responded to the global survey:
- 43% say their organization is seeking or expecting to add expertise in digital forensics to its fraud investigation team.
- 36% say their fraud team has cybersecurity skills, while 37% are looking to add those skills.
- Only 16% teams investigate data breach incidents frequently and 27% investigate them occasionally, indicating a possible lack of expertise.
Responding organizations cited that their fraud investigations were related to:
- Employee embezzlement (40%)
- Frauds committed by customers (40%)
- Frauds committed by vendors or contractors (32%)
- Human resources issues (30%)
IT security professionals often think that their organizations have the controls needed to prevent cyber threats that can lead to fraud. That is not enough! Everyone connected to your systems needs to understand and follow security practices and know why they are important.
Clarify your organization’s fraud controls and each person’s role to protect data and funds by:
- Documenting responsibilities for security and secure work practices. Security is part of everyone’s job.
- Training everyone about security and why it is important. People tend to follow procedures that they understand.
- Implement incident detection to locate and shut down attacks that can become data breaches.
Fighting fraud requires that organizations ensure they have adequate technology skills on their fraud prevention and investigation teams. Recent reports – as well as recent events — tell us that many organizations still need to beef up their cyber teams to protect our money from fraud.