Ahead of International Fraud Awareness Week (13-19th November), which brings together anti-fraud professionals and communities to discuss how far reaching the effects of fraud can be and how to mitigate the risks, IT security experts Wyatt, Managing Director, and John Cassey, Director at Protiviti, a global consultancy firm commented below.
John Cassey, Director at Protiviti:
“Fraud risk management can only be effective if those responsible for identifying fraud scenarios have a full understanding of the criminal mind.”
“Organisations should have effective controls that are commensurate to potential fraud risks, regularly reviewed and updated as the company evolves and new risks are identified. The most effective control, however, is with the employees themselves. There should be a shared understanding of acceptable behaviours and that all employees are responsible for preventing and identifying wrongdoing. Promoting a positive message and rewarding high standards can be more effective in encouraging a harmonious corporate culture than a negative campaign focussed on the consequences of wrongdoing.”
“Employees should also be provided with adequate training to understand how both external and internal fraud could impact the business and the warning signs, including cyber-crime and phishing attacks.”
Jonathan Wyatt, Managing Director at Protiviti:
“The majority of information security programmes have now become cyber security programmes and are very heavily weighted towards managing the unsophisticated outsider threat. This might in many cases be the common, irritating threat, however the most significant security breaches and frauds often involve insiders, either as willing or unwitting participants (e.g. as a result of a phishing attack). In reality, most of the largest frauds have actually be initiated by an insider. However, many are not publicised as organisations choose to manage the incidents internally.”
“Organisations should, therefore, spend much more time focusing on insiders, and looking at privileged access and data loss prevention (DLP) in particular. Certifying privileged access on use and enforcing segregation of duties through workflow at a transaction level are also key and can help significantly. The use of emerging technologies that leverage data analytics and artificial intelligence to identify changes in behaviour (behavioural analytics) of employees can greatly improve control and help organisations manage cost.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.