Combating the evolving threat of fraud

May 2018 Editor's Choice, Security Services & Risk Management

It is impossible to pin an exact number on how much fraud costs the South African economy, but analysis of leading research reports on the subject puts it easily in the billions of rands per year. According to a February 2018 report by PWC, the proportion of South African organisations that have experienced economic crime now stands at a shocking 77%.

Fraud risk today is faced by companies from internal, external, regulatory and reputational avenues, and while senior management is taking centre stage as a growing threat from within, the report also revealed that fraud committed by consumers ranked as the second most reported economic crime over the 24-month period studied.

Although the sources and methods of committing fraud are ever-changing, human nature tells us that people have probably been committing fraud against each other ever since mankind started trading goods. A man who knows all too well that the weakest link in this chain is the human one, is Garth de Klerk, CEO of the South African Insurance Crime Bureau (SAICB). “Fraud is a contact sport,” he says, “and although fraudsters are always developing more high-tech approaches, the vulnerability of individuals to be corrupted remains at the core of the problem.”

While acts like burning down one’s own building to claim on the insurance money will always be one type of approach (what de Klerk euphemistically refers to as ‘fraud light’), the bigger issue is large-scale fraud perpetrated by criminal syndicates. These syndicates target an individual, or individuals, within an organisation with promises of generous sums of money and/or threats to coerce them into helping to infiltrate the organisation’s internal systems. After taking the first bribe, the insider becomes even easier for the syndicate to control by threatening to expose their previous crime.

De Klerk says it is vital that businesses implement best-practice approaches like segregation of duties, and that they have internal controls in place which are thoroughly documented, implemented and enforced. “Not only should these principles be rigorously applied, they should be prominently advertised internally to serve as a deterrent,” he adds.

If an employee suspects fraud is taking place within their organisation, de Klerk advises they should approach the relevant management structure with their suspicions, and they can take confidence from the fact that laws are in place to protect the rights of whistle blowers. “Once notified, a company must report the fraud to the SAPS to initiate an investigation into the matter,” he continues. “It is essential for companies to take decisive action so that they are seen clearly to be hard on fraud – a zero-tolerance policy is the most effective strategy.”

This zero-tolerance policy is paying dividends in the insurance sector in particular, thanks to the efforts of the non-profit SAICB. The bureau has had a number of high-profile insurance companies join its ranks as members over the last few months, as they are embracing the benefits of a centralised approach that allows them to recognise commonalities across the different members’ operations.

On the subject of emerging and future threats, de Klerk warns that criminal syndicates are becoming smarter in everything they do. For example, as they are becoming more cyber-savvy, so-called spear phishing attacks on C-suite executives are becoming more commonplace and more sophisticated. “What is more, these syndicates are growing increasingly smart about understanding the law and how to manipulate it to their own ends,” he warns.

The cyber threat is real

According to Nobuhle Nkosi, head of financial lines Africa at Allianz Global Corporate & Speciality (AGCS), “Last year was another record-breaker for data breaches. In 2017, the Equifax breach leaked the personal information of approximately 143 million individuals (44% of the US population). The NSA leak of multiple exploits was widely used by popular ransomware. And in 2016, 57 million Uber accounts were released from a data breach.”

Nkosi refers to the results of the 2018 SonicWall cyber threat report released in March, which highlighted the fact that with WannaCry, Petya and Bad Rabbit all becoming headline news in 2017, ransomware was a hot topic for the second year in a row. “SonicWall Capture Labs threat researchers found that while attackers didn’t push the same volume as they did in 2016, the number of variants jumped considerably,” she states.

SonicWall Capture Labs detected 184 million ransomware attacks in 2017 compared to 638 million in 2016, however there was also a corresponding 101,2% increase in new ransomware variants – a key indicator that attack strategies are shifting. While ransomware volume took a substantial dip, other malware attacks jumped significantly in 2017. All told, SonicWall logged 9,32 billion attacks – an 18,4% increase over 2016.

Threats to watch out for in 2018

“As digitalisation together with smart factories increase across grids, machines, public networks and other facilities, cyber incidents may disrupt many industries. New vulnerabilities are arising in which cyber criminals could exploit the increase in interconnectivity. Whether accidental or planned, the end result of these incidents is business interruption. Businesses across all sectors may be impacted,” Nkosi portends.

As the SonicWall cyber threat report puts it, data breaches and cyberattacks are no longer back-of-mind concerns. To the modern executive, they represent the number one risk to business, brand, operations and financials – so much so that the premier insurance sector is very considerate of cyberattacks.

While the Meltdown and Spectre vulnerabilities were first disclosed to the public in early 2018, the processor vulnerabilities were actually discovered last year. In fact, Intel notified Chinese technology companies of the vulnerability before alerting the US government. SonicWall adds that threat actors and cybercriminals are already leveraging memory as an attack vector. “Since these memory-based attacks are using proprietary encryption methods that can’t be decrypted, organisations must quickly detect, capture and track these attacks once they’re exposed in memory - usually in fewer than 100 nanoseconds. Chip-based attacks will be at the forefront of the cyber arms race for some time to come,” the company predicts.

The Internet of Things (IoT) was also a big target, demonstrated by the new IoT Reaper botnet that borrows code from 2016’s first IoT open-source botnet, Mirai. The SonicWall report expects that IoT devices will be in the crosshairs in 2018, as ‘smart’ hardware is not updated regularly and is often physically located in unknown or hard-to-reach places.

Mitigating the risks

Nkosi explains that a way for companies to mitigate against cyber risk is to employ a chief information security officer (CISO) or equivalent to implement a comprehensive information security management system (ISMS). “Although it is costly and time consuming, it is necessary not just for the information security but also for the long-term health of the business,” she says.

She further makes reference to the 2017 cost of cybercrime study conducted by Accenture, which found that by taking the following three steps, organisations can further improve the effectiveness of their cybersecurity efforts to fend off and reduce the impact of cybercrime:

1. Invest in security intelligence and advanced access management, and yet recognise the need to innovate to stay ahead of the hackers.

2. Organisations should not rely on compliance alone to enhance their security profile but undertake extreme pressure testing to

identify vulnerabilities more rigorously than even the most highly motivated attacker.

3. Balance spend on new technologies, specifically analytics and artificial intelligence, to enhance programme effectiveness and scale value.

The Accenture study further concluded that “Organisations need to recognise that spending alone does not always equate to value. Beyond prevention and remediation, if security fails, companies face unexpected costs from not being able to run their businesses efficiently to compete in the digital economy. Knowing which assets must be protected, and what the consequences will be for the business if protection fails, requires an intelligent security strategy that builds resilience from the inside out and an industry-specific strategy that protects the entire value chain. As this research shows, making wise security investments can help to make a difference.”



Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Background checks: risk levels and compliance
iFacts Access Control & Identity Management Security Services & Risk Management
Conducting background checks is a vital step in the hiring process for employers or when engaging service providers; however, it is crucial to understand the legal framework and regulations governing these checks.

Read more...
From the Editor's desk: Apathy is a cybercriminal
Technews Publishing News & Events
      Welcome to SMART Security Solutions’ first print publication of the year, the SMART Access & Identity Handbook 2025. This year’s print issue is smaller than usual, so we include some articles in the ...

Read more...
Federated identity orchestration
Technews Publishing SMART Security Solutions Editor's Choice Access Control & Identity Management Security Services & Risk Management AI & Data Analytics
Understanding exactly who resides at the end of a digital device is key, and simple identity number verification by the Department of Home Affairs is no longer a viable solution on its own.

Read more...
Managing identities for 20 years
Ideco Biometrics Technews Publishing SMART Security Solutions Access Control & Identity Management Integrated Solutions IoT & Automation
Many companies are now more aware of the risks associated with unauthorised access to locations and sensitive data and are investing in advanced identity authentication technologies to mitigate these threats.

Read more...
Balancing security and ease-of-use
Technews Publishing SMART Security Solutions Access Control & Identity Management Security Services & Risk Management
Fraud incidents have financial repercussions and erode consumer trust, leading businesses to become more aware, though this awareness does not necessarily translate into confidence in their identity authentication processes.

Read more...
Identity and authentication
Technews Publishing SMART Security Solutions Access Control & Identity Management Information Security Security Services & Risk Management
Identity authentication is a crucial aspect of both physical security and cybersecurity. SMART Security Solutions obtained insights into the topic and the latest developments from three companies.

Read more...
Integration and IoT made easy
Technews Publishing SMART Security Solutions Access Control & Identity Management
The security industry is built on silos, be it surveillance, access control, alarms and others, but integration has become a critical issue in recent years. SMART Security Solutions speaks to Integr8 Systems about its local hardware and software.

Read more...
Mobile credentials taking off
Technews Publishing SMART Security Solutions Paxton Secutel Technologies Access Control & Identity Management
Mobile smartphone access is becoming more common, with use cases ranging from Bluetooth, NFC (Near-Field Communication), or QR codes to manage secure access to commercial and personal locations.

Read more...
SMARTpod talks to Armata’s Richard Frost
Technews Publishing SMART Security Solutions Videos
SMARTpod, the podcast by SMART Security Solutions, recently spoke to Richard Frost from Armata about the company's new 'all-in-one' cybersecurity bundle designed to relieve cyber stress in the SMB market.

Read more...
Boost revenue streams for MNOS
News & Events Security Services & Risk Management Financial (Industry)
ReveNet has introduced its new solution, designed to safeguard and potentially boost revenue streams in an increasingly challenging landscape for MNOS. The new platform combines advanced analytics and is built on trust, transparency, and sustainability principles.

Read more...