Business Risk Services

The changing face of fraud risk

Sara McAllister
By:
insight featured image
The changing face of fraud risk means businesses have to be on guard more now than ever.

Ireland is a leader in how we develop, roll-out and manage digital technology. A hub for data storage and tech-savvy organisations, Ireland and Irish businesses across many industries are at the fore of innovation and transformation. The flip-side of this, however, is that as industry grows and technology advances, so too does the risk associated with fraudulent activity.

Businesses and organisations here have become a greater target for fraudulent activity by criminals looking to exploit the vast amounts of data that is created, shared and uploaded every second of the day. The challenge now is how to identify, monitor and manage that risk.

The national risk assessment published by the Irish Government earlier this year also points to Ireland as being vulnerable due to the scale of technological infrastructure developed here that, if exploited by bad actors, would cause significant disruption.

Increases in the volume of fraudulent attacks carried out here recently, speak to the appetite from many looking to exploit any vulnerabilities in infrastructure, in industry, and in organisations. With this heightened focus on Ireland, many business and organisational leaders will find themselves under pressure to assess, manage and prepare for such risks attached to operations both in house and outsourced.

As new technologies come on-stream, the focus on risk reduction will need to move at a faster pace. Advances in artificial intelligence (AI) have helped scale businesses via real-time automation, but AI technology does not come without its own risks and ultimately, it is a double-edged sword. On the one hand, AI has been a gamechanger in areas like audit and forensics, allowing businesses to deploy ‘needle-in-a-haystack’ algorithms to identify anomalies and exposures. It is undoubtedly one of the reasons we are seeing more fraudulent activity being detected.

On the other hand, it has allowed bad actors to identify new weaknesses and opportunities to carry out fraudulent attacks, both harnessing new AI advances for their own gain, and also penetrating weaknesses in novel AI technology deployed by businesses.

And as AI creates new challenges, there are more familiar priorities lingering that also need to be considered when carrying out a risk assessment. In recent years, most businesses will have introduced remote and hybrid working processes and many will continue to review these policies in line with changing business needs. A key consideration in this context is the risk associated with social engineering threats which rely on human error and can be much more difficult to detect than other fraud risks.

Where employees work remotely, evidence suggests they are less likely to consider the legitimacy of communications they receive by email, for example, and may be more inclined to respond to fraudulent requests that appear to have been sent by colleagues or superiors within their organisation, creating vulnerabilities across entire business networks as a result. Security training and awareness is the first line of defence against social engineering, yet many organisations fail to sufficiently consider the risks associated with employees working on-site and remotely.

There are a number of other trends that are raising concern for businesses too beyond AI and hybrid working. Synthetic identity theft uses both legitimate and fabricated information to exploit vulnerabilities and remains problematic for businesses as it is increasingly difficult to detect.

Account takeover fraud remains prevalent, and as the number of personal online and social media accounts increases, so too have the attacks from criminals attempting to gain access to personal data, bank details etc., often through stolen information.

Crypto currency frauds albeit less mainstream also fundamentally exploit technology control weaknesses in attempt to steal coins such as Binance Smart Chain (BSC), Ethereum (ETH), and Bitcoin (BTC).

The heightened risk landscape is part of a changing cybersecurity picture where digital technology is being constantly attacked and, where weaknesses are identified, accessed by criminals to exploit data and information for their own gain. Fraud risk must always be a key factor for consideration when managing shared infrastructure, data breaches, preventing unauthorised access, and engaging with third-party providers, among others.

Industry and political stakeholders are acutely aware of the challenges in this space; without the proper risk assessment and governance, and risk and control mechanisms in place any one or more of the aforementioned fraud risks could potentially see businesses and organisations at the centre of a perfect storm, the aftermath for which could prove extremely difficult to remedy or reconcile. 

Learn more about how our Business Risk Services solutions can help you
Learn more about how our Business Risk Services solutions can help you
Visit our Business Risk Services page