A shiver must have gone down the back of many a CIO when TK Maxx publicly admitted to a massive security breach of its computer system in January 2007. How fraudsters escaped with at least 45.7 million payment card details over a 16-month period, despite complying with the Payment Card Industry (PCI) Data Security Standards, could prove to be an interesting story.
More recently, a £30m fraud using cloned bankcards at fuel stations has been linked to the Tamil Tigers in Thailand.
“Anyone, anywhere in the world, can commit cyberfraud. The threat is real and it is increasing,” says Graham Johnson, Group CIO at Premier Farnell, a FTSE-250 company that markets and distributes a range of over 400,000 electronic, maintenance, repair and operations products and specialist services throughout Europe, North America and Asia Pacific.
“People don’t like talking about cyberfraud but they need to be aware of it,” says Johnson.
Circumventing systems
Johnson believes the trend for fraudsters will be to try and circumvent systems, in the same way as they are doing with credit card controls.
“It reflects the inter-connected world we live in,” he says. “Systems have to be sufficiently robust and protected in ways that, five or six years ago, we would never have had to worry about. Today’s CIO needs to be aware of denial of service attacks and web hackers when building a system.”
Andrew Clark, partner in charge of forensic technology solutions at international accounting and consulting firm, PricewaterhouseCoopers (PwC), takes a pragmatic view. The only sure way to have no fraud, he says, is to have no business. In the last two years the number of cases handled by his team has tripled. In 1999, forensic technology was part of one person’s job spec at PwC, now Clark heads a department of 30 people in the UK.
UK crime wave
PwC’s 2005 Economic Crime Survey – 3,634 interviews in 34 countries – revealed that UK companies reported some of the highest levels of economic crime in the world, 55 per cent compared to an average of 45 per cent of businesses worldwide. This is partly due to the UK’s stringent level of self-scrutiny.
More than half the UK companies surveyed had been victims over the previous two years – up four per cent since PwC’s 2003 survey. Though not all of Enron proportions, more than one third of companies experienced a large number of incidents of financial misrepresentation – 35 per cent, up from 12 per cent in 2003. The fraud most widely reported was asset misappropriation, at 76 per cent.
“We find businesses are not very aware of their intellectual property assets,” says Clark. “These are the sorts of things you can secure relatively easily.”
At the 2007 e-Crime Congress hosted in London by Websense, a survey of 105 international security professionals reported a 15 per cent increase from 2006 of internal threats such as data leakage, through malicious intent or by accident.
Internal threats topped the poll at 59 per cent. Nearly 80 per cent of delegates thought legislation should be in place to curb data leakage and to ensure greater transparency in the event of an information breach; 15 per cent said that most companies had experienced some form of data leak in the last 12 months.
Another 2007 poll by Websense, of 100 UK employees, highlights the problem of confidential data, indicating that 65 per cent of employees had sent potentially confidential information to insecure personal webmail accounts so they could work from home, while 46 per cent admitted to allowing friends and family to use their company laptops.
At one end of the scale, the team might investigate an anti-corruption review involving between 20 to 30 countries; at the other, it addresses issues of individual accounting abuse.
“All our surveys show that economic crime is on the rise,” says Clark. “Often the opportunity just presents itself and there is an individual who will take risks. We hear many companies say that they never thought it would happen to them.”
Registration is free, and gives you full access to our extensive white paper library, case studies & analysis, downloads & speciality areas, and more.
White-collar crime
Economic crime has two main forms; asset misappropriation – the stealing of money, securities and information, including intellectual property; and financial misreporting – the dressing up of financial statements.
The broad external threat, Clark believes, is from a cadre of semi-organised criminals who deliberately target white-collar crime, which is seen as a high-reward, low-risk activity. “White-collar crime is not a top policing issue, not enough people are prosecuted and sentenced,” he says.
The enemy within
Second is the internal threat – economic fraud committed by people within the organisation. “These are the things that can bring an organisation to its knees,” says Clark. “WorldCom is a good example.”
One fraud scenario occurs when management presses for better results and pushes the local subsidiaries for fictitious information, says Clark. Another is driven by the need for getting results at the top of the organisation.
Be the first to comment on this article!