Ignoring fraud training as the foundation of your cyber security strategy is like counting on Google to educate your kids. Technology is a critical tool in the fight, but without well educated users, guided by knowledgeable teachers, the tools are a waste of your money.
Thanks to President Obama’s state-of-the-union plug for increased cyber security, the Chinese hacking of the New York Times and Wall Street Journal, and the hacking of a prominent celebrities, America is waking up to the tangible value of virtual data. Awareness is definitely the first step, but it is only the tip of the privacy iceberg. Just as in the age before the internet, the only thing keeping employees from selling secrets or participating in fraudulent activity are the human controls that discourage the practice. But it’s all the more hair-raising to think of the amount of digital secrets an employee has access to at any given time. The new tale of a Reuters journalist gone cyber-rogue adds a chilling wrinkle to the perils of protecting the data that keeps corporate profits ticking.
Insider fraud struck again yesterday, this time resulting in charges being filed by the U.S. Securities and Exchange Commission (SEC).
According to the SEC, a former executive in the Stamford, Connecticut offices of a New York-based broker-dealer deceived clients when selling them mortgage-backed securities (MBS). He allegedly told them that his firm paid more for the MBS than it actually did, or made up a fictional seller and arranged supposed trades, when in reality he was selling out of his company’s own inventory at higher prices to bank a better profit.
In the SEC filing, the former exec was said to have swindled his clients and brought in nearly $3 million in additional profits. While the duplicitous activity went unnoticed for a time, his star rose within the company and so did his bonuses.
Is there a chance that someone could be stealing your most profitable business secrets? Competitive intelligence isn’t new, but it certainly has gotten easier with the introduction of ubiquitous high resolution cameras (smartphones), miniature storage devices that hold massive amounts of data (USB drives) and advanced tools of human manipulation (social networking).
Dyson, the British engineering firm behind the popular bagless vacuum cleaners and Airblade hand dryers, accused their German counterpart, Bosch, of planting a mole, or corporate spy, inside their headquarters for two years to steal vital research and development information. Bosch has denied any wrongdoing and refuses to return the technology or intellectual property. In an odd twist, Bosch hasn’t publicly denied planting an inside spy to siphon competitive intelligence from their rival.
In a world of highly competitive and rapid technological advancements, this sort of news brings to mind three crucial questions for businesses wanting to protect their intellectual property:
Every dollar counts, now more than ever, as the government searches for ways to wisely spend our money. It’s dismaying to learn that an audit report from the Treasury Inspector General for Tax Administration (TIGTA) has found that the impact of identity theft on tax administration is significantly greater than the amount the IRS detects and prevents. Even worse, the “IRS uses little of the data from identity theft cases…to detect and prevent future tax refund fraud” according to Mike Godfrey, Tax-News.
The IRS is detecting far fewer fake tax returns than are actually falsely filed. 938,700 were detected in 2011. On the other hand, TIGTA identified 1.5M additional undetected tax returns in 2011 with potentially fraudulent tax refunds totaling in excess of $5.2B.
The study predicted that the IRS stands to lose $21B in revenue over the next 5 years with new fraud controls, or $26B without the new controls.
Fraud Training Expert John Sileo has appeared recently on 60 Minutes, Anderson Cooper, Fox Business, Fox & Friends and in Newsweek and USA Today. He speaks around the world on the dark art of deception (identity theft, social engineering, fraud detection, manipulation defense, data breach, social media privacy) and the powerful use of trust. His satisfied clients include the Pentagon, FDIC, Pfizer, FTC, Blue Cross, among hundreds of others. Learn more about protecting your bottom line by training your organization on proactive fraud detection. Watch John perform a humorous but effective fraud training in front of an audience of thousands.
In the first part of this article series, we discussed why it is so important to protect your business data, including the first two steps in the protection process. Once you have resolved the underlying human issues behind data theft, the remaining five steps will help you begin protecting the technological weaknesses common to many businesses.
Businesses often make social engineering (or fraud) training boring! And that’s bad for your bottom line, because no one ends up remembering how to protect your organization against threats like data theft, corporate espionage or social networking exposure.
Too often, fraud and social engineering workshops cover just the concepts that define fraud rather than the feelings that signal it’s actually in process at the moment. The key to training your executives, employees and even customers on fraud is to let them experience what it feels like to be conned. In other words, they need to actually be socially engineered (manipulated into giving away their own private information) several times throughout the training so that they begin to reflexively sense fraud as it is happening. Like learning to throw a ball, there is no substitute for doing it for yourself. Fraud detection is similar; it takes actually doing it (or having it done to you) to fully understand the warning signs. Anything less will leave your audience yawning and uneducated.
During a recent 60 Minutes interview, I was asked off camera to name the Achilles’ heel of an entire country’s data security perspective; what exactly were the country’s greatest weaknesses. The country happened to be New Zealand, a forward-thinking nation smart enough to take preventative steps to avoid the identity theft problems we face in the States. The question was revealing, as was the metaphor they applied to the discussion.
Achilles, an ancient Greek superhero — half human, half god — was in the business of war. His only human quality (and therefore his only exploitable weakness) was his heel, which when pierced by a Trojan arrow brought Achilles to the ground, defeated. From this Greek myth, the Achilles’ Heel has come to symbolize a deadly weakness in spite of overall strength; a weakness that can potentially lead to downfall. As I formulated my thoughts in regard to New Zealand, I realized that the same weaknesses are almost universal — applying equally well to nations, corporations and individuals.