The global risk landscape has undergone a sea change over the last few decades. For businesses, the risks emanating from fraud can not only threaten the very existence of the organization but continue to increase in quantum and complexity. There has also been a considerable shift in the type of fraud perpetrated, from larceny and forgery earlier to more sophisticated digital and cyber frauds. This highlights that while the modus operandi has evolved, the motives largely remain the same. Perpetrators continue to be driven by greed, taking shortcuts for success and personal gratification.
Understanding the Fraud Diamond theory
Initially, fraudsters would look at exploiting the situation at hand, identify opportunities and convert it into reality. The Fraud Diamond Theory explains the four elements that prompts an unethical or fraudulent activity. It comprises –
In addition to the above, there are several other behavioural aspects or red flags as well that can be observed and considered to spot a fraudster within an organization. For instance, sudden change to a lavish lifestyle (foreign trips or high value gadgets) that is not commensurate with the employee’s compensation, financial or legal issues, unusually close or personal association with key vendors or customers, refusal to take a vacation or personal leaves and working on weekends or holidays without adequate reason or justification. Thus, insider threat continues to be a predicament for most organizations.
The Association of Certified Fraud Examiners’ report titled, “Global Study on Occupational Fraud and Abuse” highlights that fraud is usually committed by employees aged 30 to 50 years. This is because the primary motive for fraud among employees is monetary gain, whereas for older employees, it is ideological, psychological and personal motive. Younger employees under age of 25 years tend to commit less fraud because they do not shoulder many responsibilities or are not involved in the decision making process. It is also observed that employees in the 50 to 60 age group are also less prone to commit fraud as they have reached a certain level in their professional life and would not want to jeopardize their reputation in the society.
The new frontier – cyber frauds
In this transformative age, digital opportunities can pave the way for rapid organizational growth. Technological evolution also brings forth a slew of vulnerabilities that can be exploited by external hackers or cyber criminals. While organizations are looking to take measures to tackle internal threats, they also need to focus on mitigating external threats such as cybercrime. Cyber threats rule out erstwhile fraud theory and organizations are undergoing losses at the hands of unknown hackers.
A recent EY survey on cybercrime highlighted that unknown hackers continue to rank the highest when it comes to conducting cyber-attacks within an organization. The survey titled, “Responding to cybercrime incidents in India” stated that 32% Indian respondents believe unknown hackers are behind cybercrime, followed by employees at 19%. It is extremely difficult to find a strong motivation behind incidents as cyber criminals have evolved by breaching into confidential customer data, committing wire transfer fraud or releasing malware in systems.
Recent trends show instances of ransomware attacks wherein cybercriminals are locking down computers and insisting on a ransom to unlock/ return confidential data or information, which is paid in the form of bank transfers through proxy servers and cryptocurrencies. Exploiting gaps in software vulnerabilities, using compromised credentials or stolen devices containing data and attacking authentication protocols are some other methods that perpetrators have been adopting in exchange for monetary benefits. Cyber-attacks may also take place as a result of placement of sensitive data indexed by search engines.
An organization’s confidential and sensitive information is its critical asset. An unintentional error in configuration or designing in the systems could result in failure of adopting security protocols to safeguard data. This may lead to hackers exploiting system vulnerabilities, resulting in reputational loss.
Fraud has and will continue to evolve with time. For organizations, identifying, monitoring and taking corrective action against internal as well as external threats will be instrumental to deal with insidious risks.