This Fraud Awareness Week it’s more important than ever to safeguard business operations against cyber-attacks. What should organisations be prioritising? Industry experts explore their top considerations that businesses should be focusing on to prevent this below.
Pekka Riipinen, Director of Cyber Security Global Services, Crayon
“There is no company or industry, indifferent to the size or the nature of its business operations, that can be complacent and think that fraud and cybersecurity does not touch them in any way. Companies must therefore recognise their accountability when it comes to security and the data they store, particularly when security breaches often include their customer data. To achieve this on a high level, organisations must have personnel that are asking questions such as ‘how secure are we?’ and are dedicated to owning security procedures in their entirety.
As it is impossible for any business to have perfect security, it is then critical to ensure organisations are asking ‘what can we do to improve our cybersecurity status’ and to consider cybersecurity and protection against fraud as a rolling process as opposed to an end result.
Where I have seen fraud prevention procedures be most effective is when professionals treat cybersecurity as an integral part of the business, and as a practice that defines the quality of your product and company output. A fundamental way to improve fraud prevention features is to do it constantly and incrementally. It’s also essential that in this process that trying to achieve a “perfect” level of cybersecurity should not be the enemy of good, as there’s no such thing as perfection, especially in cybersecurity.
Although there have been many positive developments in fraud prevention over the past couple of years, one of the things I still see organisations fail to recognise, particularly in the emergence of ransomware, is that cybersecurity threats have also been democratised.
There has been an increased amount of innovation around how fraudsters can monetise cyber threats, and how the perpetrators can benefit from compromising data or services. The problem that this brings about is a wide range of targets becoming attacked like organisations who operate critical infrastructure for example, hospitals, schools, NGOs etc. Attackers are losing any sense of self-preservation and morality meaning that we, as experts, have to be increasingly vigilant in protecting our organisations and customers.”
Brett Beranek, Vice-President & General Manager, Security & Biometrics, Nuance
“Fraud Awareness Week acts as yet another reminder to both businesses and consumers that cybersecurity solutions and fraud prevention tools are no longer optional, especially in our current climate. With a reported 36% increase in fraud crimes last year – and more than 420,000 offences recorded – action needs to be taken as a matter of urgency.
Traditional authentication methods – such as PINs and passwords – are archaic and no longer fit for purpose. Passwords are being sold on the dark web, exploited for fraudulent activity and have even cost unfortunate individuals vast sums of money in terms of forgotten passwords to safeguard cryptocurrencies. It is high time that they are confined to the history books.
This will enable modern technologies – such as biometrics – to be more widely deployed in order to robustly safeguard customers. Biometrics can authenticate individuals immediately based on their unique characteristics – taking away the need to remember PINs, passwords and other knowledge-based credentials prone to being exploited by fraudsters and providing peace of mind, as well as security, for end-users.”
James Walker, CEO, Rightly
“This Fraud Awareness Week, businesses need to realise that consumers have the right to be in control of their own data and should have the ability to know exactly who has it and how it’s being used. This is with good reason, considering the increasing number of data breaches and growing potential for fraudulent activity if personal data falls into the wrong hands. That said, rather than battle with their customers, businesses should be strategic in their approach to data collection and educate consumers on the mutual benefits of sharing their relevant data.
From a customer’s perspective, the exchange of “good data” can save time, money, and removes the hassle and frustration that can come from interacting with online services, with existing data helping to deliver personalised services. Equally, by facilitating this, businesses can increase conversation rates by creating hyper-personalised experiences- be it better deals or geo-specific offers – in turn reducing customer efforts and frustration.
A mutually beneficial exchange works for both customers and businesses. However, given how valuable personal data has become, businesses must be strict with their use of such data and must not sell it onto data brokers, or any company that collects and sells customer data, which then puts customers at risk.”
Chase Buckle, VP of Trends, GWI
“In the UK, 72% of people are either extremely or somewhat concerned about cybersecurity, according to GWI Zeitgeist data. Whilst it’s encouraging to see that generally, people are taking online safety more seriously, there’s room for growth and education – more needs to be done to make sure people are safe online.
Studies have found that millions of Brits are still at risk of attack by using easy-to guess passwords on their private accounts. The most common passwords still include pets names, football teams, ‘123456’ and even ‘password’. Our data shows 80% of UK internet users still aren’t using a password manager. On a global scale, only 23% of internet users consider using private browsing and only 18% use VPNs to keep safe online.
Given there are very few aspects of our lives that are not online to some degree, and we store significant amounts of personal data in our email, cloud drives and social media, users need to be proactive when it comes to protecting this information”.
Ian Hirst, Partner, Cyber Threat Intelligence, Gemserv
“With increasing rates of cybercrime across the UK, we’ve seen a rise in ‘typosquatting’, a form of fraudulent social engineering that takes advantage of well-crafted misspellings to lure users into clicking malicious links or navigating to dangerous URLs. Fraudsters entrap users with well-crafted phishing emails containing links, or by registering domain names that are minor misspellings of popular websites, in the hope that they divulge personal information such as credit card or bank details. For example, a consumer may want to purchase something from example.com, however accidentally navigates to exannple.com, which a cybercriminal owns.
A typosquatting domain becomes dangerous when unsuspecting users start visiting the site. These sites may be landing pages containing advertising or adult content, which generate high revenue streams for the owners, or fake marketplaces made to look like a real counterpart, which aim to steal sensitive payment data. Unfortunately, users falling foul to these sites lead to innocent people losing precious savings. Businesses are also heavily affected by typosquatting, not least because every stolen visitor is potentially a lost customer.
Organisations must find an efficient way to deal with this threat, however manually detecting fraudulent websites and removing them from the web is time-consuming and resource heavy. Detecting and preventing typosquatting effectively now requires technological solutions and automation, such as advanced threat intelligence. Systems now exist that monitor all permutations of a specific domain name and identifies and reports malicious sites. By investing in technologies that improve threat intelligence, businesses can continuously monitor for new fraudulent domains to prevent cybercriminals from impersonating their brand and defrauding unsuspecting customers.”
Ramsés Gallego, International Chief Technology Officer, Micro Focus
“Over the last year, we’ve all been through a wave of rapid digital transformation which, for understandable reasons, has been more tactical than strategic. This approach was necessary for business continuity, but the cybersecurity and cyber-fraud risks have been significant.
The pandemic created an existential threat to organisations which demanded immediate solutions –from rolling out new devices to facilitate the mass move to remote working to implementing new applications to keep business and customer services running. All of these additional devices, applications, users and data mean that there is a bigger attack surface than ever for hackers. This means, we’ll all have to take a fresh, strategic look at our technology and find ways to solidify the benefits of this digitalisation while mitigating risk levels.
From a cybersecurity and fraud perspective, this means creating and rolling out a strategy to boost cyber resiliency. In practice, advanced analytics tools and frameworks should be deployed to help teams identify potential fraud, emerging threat vectors and attack patterns. Established security concepts should also be evaluated through a critical lens. Traditional perimeter-based approaches are no longer holding up, so factoring in endpoint management, data encryption and multi-factor authentication is crucial for safeguarding sensitive information regardless of where it‘s stored.
This Fraud Awareness Week, we must recognise that these are still difficult times and, indeed, no organisation has the luxury of pausing operations to identify and fix potential issues in their IT environment. By balancing running and transforming the business, organisations can bridge existing and emerging technology, while simultaneously mitigating risks and navigating the constantly changing threat landscape.”
John Smith, EMEA CTO, Veracode
“According to the Office of National Statistics (ONS), cyber fraud in the UK increased by 89% (to 1.6 million offences) compared with 2020, driven by an increase in unauthorised access to personal information (hacking) offences.
With developers being responsible for developing, coding, installing, and maintaining software systems across the organisation, it is important that businesses prioritise developer education to help improve their resilience and reduce exposure to cybersecurity risks.
However, this will only be tackling the surface level of the problem. To go a layer deeper, organisations need to put cybersecurity at the heart of their business rather than in a separate silo.
As an industry, we need to look at new ways to collaborate and tackle the cybersecurity skills gap. Rather than focusing on gatekeeping roles, we need more companies willing to hire and train up employees in the security roles where technical skills are required. The emergence of new vulnerabilities every day means the attack surface is only growing, and with the tightening of software security regulations by the government, now is the time to make cybersecurity education a priority.
This Fraud Awareness Week, we challenge businesses to consider not only the day-to-day practices of their employees but what they are doing at a ground level to ensure developers have the required skills to counter the ever-growing and existential threat of hackers.”
David G. Hydorn, VP, Security Strategy, OpenText
“With the increase in remote working, emerging technologies and interconnected devices, cybercrime and fraud continue to rise in scale and complexity. This means that businesses should be hyper-focused on cybersecurity and information protection this International Fraud Awareness Week, as prevention is always better than a cure. This requires taking proactive steps to improve cybersecurity hygiene and ensure data protection by embracing the right procedures and technological capabilities to protect an organisation for the long term. In fact, by making processes and information more secure, businesses can not only improve their cyber hygiene, they can also build business resilience and customer trust.
Organisations need an effective information management and cyber resilience strategy so they can defend against fraud and other forms of cybercrime while continuing to do ‘business as usual’ successfully. This includes having the right technological tools for managing, protecting and securing an organisation’s most valuable assets – its data, finances, systems and people – and safeguarding its ability to operate, no matter where employees are located. This mitigates risks and ensures business continuity. Ultimately, a more strategic way of thinking enables a business to expect the unexpected.”
