Perception of the risk posed by global business fraud may be on the wane, but actual risk remains widespread, according to results of the Annual Global Fraud Survey from business security consulting firm Kroll Advisory Solutions. Companies engaging in outsourcing, particularly outsourcing involving offshore providers and/or IT, should pay attention to the findings of the survey of 839 global business executives.
Survey results actually show some decline in the occurrence of global business fraud during 2012, with 61% of respondents reporting being victimized by fraud during the year, down from 75% in 2011. However, more than one in five (21%) respondents reported data theft during 2012, and fraud is still a constant danger. Let’s look at a few specific areas that should interest companies involved in ITO.
The Enemy Within
Survey data indicates that two-thirds of firms reporting fraud during 2012 were victimized by a crime involving a key internal participant, up from 60% reporting internal fraud involvement during 2011. Kroll advises this reflects both increased ease of internal access to sensitive corporate data and systems (no doubt partially a result of the BYOD trend that extends corporate networks to employee-owned devices that may have little or no company oversight) and excessive focus on external threats.
In 2013, companies need to create firm BYOD policies that carefully regulate how employees gain access to corporate networks and also invest in solutions that allow tiered access to internal systems.
Data Theft Grows
The same new technologies that make sensitive and valuable data to transmit and store also makes it easier to steal and resell. Thirty percent of survey respondents say they are most vulnerable to data theft, citing complexity of IT systems as a major problem. Companies need to invest in solutions and expertise that simplify the management and protection of important data, whether those solutions and expertise are maintained in-house, on a managed/outsourced basis, or some combination thereof.
All too often, companies that have not yet been victimized by a major fraud event, or have been victimized in the past but taken steps to prevent reoccurrence, become complacent and assume the risk is gone. Failure to remain vigilant almost guarantees a fraud incident at some point in the future. Fraud is often committed by highly sophisticated organized crime networks or even nation-states that employ the most advanced computer technologies and skilled personnel to gain unauthorized access to corporate networks, data and other assets. Security measures that are adequate today may not be adequate tomorrow.
The criminals are constantly refining their systems and techniques – you must, as well. 2013 is shaping up to be a year of economic recovery and growth where businesses will have the opportunity to make up more of the ground they lost in the economic crisis of 2008-10. Actively preventing fraud, rather than having to waste valuable time and resources reacting to it, is a key step in ensuring your organization has a truly happy and prosperous New Year.