Global IT systems are now even more vulnerable
The effects of COVID-19 on businesses and global supply chains are being felt around the world. Aside from the economic impact, there have also been illegal and legal consequences, with an increase in cybercrime and business fraud, as cybercriminals try to take advantage of these uncertain times.
To remain resilient in these difficult times, businesses will need to be prudent and ensure that they have a well-planned strategy for minimizing disruption, its impact on revenue and unstable share prices. Otherwise, this could generate another wave of corporate wrongdoings, which in turn will have a greater effect on shareholder value and revenue.
According to the latest figures from the KPMG Fraud Barometer, the average value of each fraud case over the past three years has reached $1.8 million. The most common types of fraud are categorized as accounting, followed by fraudulent loans and investment scams, most of which are perpetrated or facilitated using technology.
In this shifting global financial landscape, where organizations are shrinking, volumes of digital payments are increasing and payments are being processed in seconds, fraudsters are creatively finding new ways to steal from businesses and their clients.
Therefore, it is now more important than ever for businesses to be able to tackle internal and external threats such as fraud and cybercrime and structure their response and resources allocation to mitigate these risks.
Searching for weaknesses
There is already evidence that cybercriminals are jumping onto the COVID-19 pandemic, by defrauding businesses and individuals of their money, or stealing personal identifiable information. One method is by disseminating real-time, precise statistics about global infection rates tied to the COVID-19 pandemic.
The first such case was discovered by Reason Labs, when at the start of March, they identified that threat actors were spreading malware disguised as a COVID-19 map within the website “coronavirus(dot)space”.
Their analysis identified the malware was able to steal credentials such as usernames, passwords, credit card numbers and other sensitive information that is stored in users’ browsers.
Infecting systems
Last month, members of cybercrime forums began selling a digital COVID-19 infection kit that uses the interactive map as part of malware deployment. According to US authorities, the exploit kit will cost a buyer between $200 and $700 and is used to load a fully working operational map of COVID-19 infected areas, with supporting data. Users will believe that it is a genuine map, and open it, in the bargain causing the malware to compromise the computer.
The first defense against such acts is to be vigilant. If you suspect the email received is from an unknown source, then verify the web address, check for misspellings, do not download attachments, never click on embedded links, do not provide any personal identifiable information and do not reply to it.
In order to design, implement, and evaluate financial crime risk mitigation controls, management must first fully understand such risks through a step-by-step process of risk assessment that helps identify both the quantitative and qualitative aspects of organizational integrity breakdowns.
Counter responses
A number of risk assessment measures can include targeted transaction reviews and the use of data analytics. The benefit of data analytics is that a large percentage of targeted data can be analyzed within a predetermined timeframe to identify irregularities for further investigation.
Another central prevention and detection capability is the implementation of an anonymous reporting scheme such as a whistleblowing hotline for staff to report suspicions of fraudulent behavior. Preferably, this should be independent and offer 24/7 access.
Other steps that should be considered to minimize the threat are reviewing your cyber insurance policy and ensuring you have adequate coverage should you be the victim of a cybercrime.
Incident Response procedures and processes need to be implemented or reviewed if you have them. These will put in place a framework of how and by whom incidents of fraud, cybercrime and corruption, should be handled, and supported by clear reporting lines, both internal and external.
COVID-19 will transform the way organizations conduct business. At a time when financial implications are at the forefront, businesses should not lose sight of potential secondary dangers that this pandemic poses.
Especially with regard to increased reliance on financial and IT infrastructures, both of which need to have the appropriate risk assessments carried out, and the right defenses in place.
- Paul Wright is Associate Director - Forensics, KPMG Lower Gulf.