Fraud can remain undiscovered for long periods of time, with insider fraud averaging out on 18 months. On top, fraud numbers are often understated in fear of reputation impact on one side, and some victims not even realizing they have been defrauded on the other. One of the things for companies to be aware of are so-called ‘black swan events’: incidents that come as a complete surprise to the affected organization and that can have a huge impact, such as major financial or reputation-related damage to a company. In the worst-case scenario, this can lead to delisting from the stock exchange and even bankruptcy.
An additional challenge is that fraud can take a variety of forms that can differ from sector to sector. In the blog entry that I wrote for Risk & Compliance, I have included a visual overview of these various forms which will immediately illustrate this complexity.
To make things even more complex, an entire range of different channels are now being combined in sophisticated fraud schemes. For example, bankcard details are stolen online, leading to fake cards being used in ATMs to withdraw funds from bank accounts that can sometimes run into millions of euros, or a distributed denial of service attack (DDOS) may be simulated on a website to divert attention away from an attempt to break into the organization’s internal systems.
A fragmented approach leads to weak defense
All of this makes it particularly difficult for companies and governments to fight fraud. Organizations frequently use a fragmented approach when trying to prevent and fight various forms of fraud. Each department and support service (HR, finance, audit, etc.) has its own approach and systems. There is no enterprise-wide view, which makes it easier for fraudsters to discover weaknesses in the defenses and exploit them.
And to make everything even more complicated, today’s methods and processes to fight and address fraud are already out of date tomorrow. Is it all a lost cause then? Fortunately not: there is still a lot you can do to arm yourselves. You will find out more in my next blog post.