What You Should Know About the COMB Data Leak

What You Should Know About the COMB Data Leak

In February 2021, an enormous compilation of breached user data was posted on a popular online hacking forum. Known as the Compilation of Many Breaches (COMB), the data leak is believed to be the largest compilation of its kind. The COMB data leak is so big, in fact, that it could include the data of 70% of internet users worldwide.

Read More

What the Marriott Data Breach Means for Individuals, the U.S. and Companies Worldwide

What the Marriott Data Breach Means for Individuals, the U.S. and Companies Worldwide

The business sector tops the Identity Theft Resource Center’s industry facing the most data breaches for the sixth consecutive month. This time, it’s because of the massive Marriott International and Starwood Hotels and Resorts data breach that affected more than 500 million customers.

Read More

Not If, But When: How to Monitor and Manage Your Cyber Risk

Not If, But When: How to Monitor and Manage Your Cyber Risk

Buoyed by news and social media coverage of online threats and cyberattacks, cybersecurity is all the rage today. Indeed, whether we’re talking about the recent Iranian online assault on worldwide universities or the cyberattack on the city of Atlanta (which shut down Wi-Fi at the world’s busiest airport), cybersecurity is constantly and rightfully in the spotlight.

Read More

RSA’s Quarterly Fraud Report Finds Decrease in Cyberfraud

RSA’s Quarterly Fraud Report Finds Decrease in Cyberfraud

Perhaps the most encouraging and notable piece of RSA’s most recent quarterly report comes in the form of an overall decrease in cyberfraud. The total amount of cyberfraud attacks observed from January 1, 2018 to March 31, 2018, represented a decrease not only from the previous quarter (16.2%) but also from the same quarter of 2017 (8.6%).

Read More

Insider Fraud: Preventing a Catastrophic Event

bruce-dubinsky_177x209.jpg

GUEST BLOGGER

Bruce Dubinsky, CFE, MsT, CPA, CVA
Managing Director, Duff & Phelps, LLC

It’s no surprise that companies have fraud on their mind these days. As of May, a Verizon report revealed that 6 million data breaches in businesses worldwide had already occurred in 2016. In response, steps have been taken by organizations to protect themselves from outside hacker threats — but this might not be enough. Unbeknownst to many, the bigger danger to these companies and their customers’ data arises from those who are trusted the most: 50 percent of all security incidents are caused by people inside an organization. According to the 2016 ACFE Report to the Nations on Occupational Fraud and Abuse, a typical organization loses an estimated 5 percent of revenue a year as a result of fraud.

The onset of International Fraud Awareness Week, November 13-19, provides a compelling opportunity to discuss the dangers and prevention methods of insider fraud.

We can start with the understanding that learning that your company’s confidential data was stolen, not by a hacker, but by an employee, is a catastrophic scenario that no organization wants to face. Although sometimes these data breaches are unintentional — perpetrated by careless employees — in most circumstances, they are the result of malicious intent. Oftentimes, personally identifiable information (PII) is stolen to be sold on the black market or used to receive social security benefits, open new credit card accounts or to apply for insurance benefits.

The ACFE report finds that a perpetrators’ level of authority is directly related to the magnitude of the fraud, as the losses incurred from the scheme by an owner or executive (about $703,000) are more than four times the median loss by managers (about $173,000) and nearly 11 times as much as the loss caused by rank-and-file employees (about $65,000).

Companies can combat insider fraud by developing safety measures that emphasize a team approach, through which all areas of the organization or agency work together to identify threats and prevent them from escalating into significant losses. The Report to the Nations found that when organizations adopt and encourage an “if you see something, say something” approach, they can mitigate losses by up to 54 percent. In addition, insider fraud can be detected up to 50 percent faster.

Consistent with this approach, the most common detection method in the ACFE study was from employee tips (39.1 percent of cases). Organizations that had reporting hotlines were also much more likely to detect fraud through these tips than organizations without a reporting outlet (47.3 percent compared to 28.2 percent, respectively). Additionally, when fraud was uncovered through methods such as surveillance and monitoring or account reconciliation, the loss duration of schemes was lower than when the schemes were detected through passive methods, such as notification by police or by accidental discovery. Many agencies also had success with professionally-manned hotlines for whistleblowers.

There are valuable resources available to help your company take the necessary steps to prevent insider fraud. The LexisNexis® Fraud Defense Network, of which I am a board member, provides resources such as the Identity Fraud Protection Playbook and technology for cross-industry fraud prevention. Take the quiz to see how your fraud prevention efforts measure up to the competition and collect valuable insights on preparing for this significant threat.

You can find more free resources to spread fraud awareness, like social media badges, infographics and videos, at FraudWeek.com.