The world is more interconnected today than ever before with digitization and data sharing in businesses. These technological advancements can become a double-edged sword for not only Swiss companies but also all companies operating in a global ecosystem. Today, fraud has also assumed a digital avatar, especially because of the ever increasing activities of cybercriminals – and these fraudsters tend to be one-step ahead of the game! They are typically tech savvy; have tremendous inclination and drive to break into security systems and breach firewalls for financial gain and reputational damage.
Key cybercrime scenarios
Recently, the Swiss business landscape has seen an exponential number of frauds in which cybercrime is evolving, and fraudsters are incorporating social engineering into their methods to gain unauthorized access to privileged and confidential information. In the last two years, the Swiss market has faced numerous cyber-incidents that have been a combination of these two attacks. It has been reported that incidents such as these crippled the IT systems of large international banks, retail outlets and other corporates, with potential losses running into millions. Thus, cybercrime and social engineering have quickly become one of the fastest growing areas of concern for all stakeholders – corporates, the Government and consumers at large. While some businesses have adopted innovative, technology-led models to combat evolving risks, Swiss companies have significant ground left to cover as many still lack consistent cyber security strategies.
Switzerland has also witnessed several cyber-incidents in the recent months where the cybercriminals attempted to defraud companies using new tactics that involved the impersonation of bank employees, management or even vendors. In all these three cybercrime scenarios, the victims were contacted over a phone call by the fraudsters to gather sensitive information and the perpetrators used social engineering techniques to gain access to accounts, passwords, and other sensitive information. Fraudulent bank accounts were created beforehand, which were then used to distribute and conceal the stolen money. In many cases, the funds were apparently transferred within few hours of the fraud taking place, with a high chance that very little would ever be recovered.
Getting ahead of cybercrime
While cybercrime cannot be completely eliminated, companies can take a number of proactive steps to mitigate potential threats. Brainstorming strategies to mitigate these cyber-incidents through a robust response mechanism is crucial. Some proactive steps to fight cybercrime and other forms of digital fraud include:
- Discussing scenarios, especially those involving large transactions with key personnel, including specific red flags (request for secrecy, use of alternative contact number and email account)
- Tightening controls over payment procedures, particularly consider arrangements when key personnel are on leave
- Enhancing controls for payments made to overseas bank accounts
- Institutionalizing pre-determined processes and procedures which remain sacrosanct for all employees, at all times and to report any concerns
- Reviewing individuals that have access to the information required to perpetrate social engineering fraud. This would include taking into account what is available on the company website, current and potential suppliers and shared service centres, for instance
- Checking whether IT systems have been breached to gather information on the company and the behaviour of its personnel and identify and remediate any weaknesses
- Conducting an internal cyber-threat assessment, to identify past or current activities, which might indicate an ongoing cyber-attack
The above steps can turn out to be a robust armour for Swiss organizations’ battle against cyber-attacks.
For further, more detailed information, please see EY Switzerland’s Fraud Newsletter.