Tag Archives: Identity Fraud

Social engineering “a top cause of cyber incidents” finds Cyber Resilience Report

Research commissioned by Crises Control from the Business Continuity Institute for its annual Cyber Resilience Report 2016 confirms much of what we already suspected about the changing nature of the cyber threat and the way that cyber criminals have found new ways to defeat corporate perimeter security.

66% of respondents to the survey reported that their companies had been affected by at least one cyber security incident over the last 12 months. The costs of these incidents varied greatly, with 73% reporting total costs over the year of less than €50,000, but 6% reporting annual costs of more than €500,000.

The increased difficulty of breaching perimeter security and the increased human resources available to cyber criminals has combined to produce a new point of attack. This is focused on the weakest link in the corporate security chain, which is now human beings rather than technology.

The term ‘social engineering’ describes this attack vector, which relies heavily on human interaction and often involves tricking people into breaking normal security procedures. The BCI research shows clearly that phishing (ie obtaining sensitive data through false representation) and social engineering is now the single top cause of cyber disruption, with over 60% of companies reporting being hit by such an incident over the past 12 months.

A further 37% were hit by spear phishing (ie phishing through identity fraud).

BCICyber

The research has also confirmed that, to effectively counter this threat, companies now need behavioural threat detection provided by a cyber security network monitoring solution. These plug-in devices monitor your network for signs of suspicious insider activity and failed attempts to hack into the system.

They can also provide invaluable intelligence to be acted upon proactively to nip a successful hack or insider threat in the bud.

Traditional anti-virus monitoring software is no longer enough. The BCI research shows that 72% of companies have this software in place, but only 26% of real cyber security incidents were actually discovered through this route. Much worse, 18% of incidents came to attention through an external source such as a customer, a supplier or the impact on a public website.

Network monitoring solutions are much more effective than anti-virus software in terms of alerting companies to a cyber breach, with 63% of businesses having network monitoring software in place and 42% of cyber incidents being brought to attention through the work of the IT Department to whom such systems report.

The scale of the cyber threat can feel overwhelming at times, but educating your own employees about the nature of the threat and then putting in place the right solutions can go a long way towards mitigating the social engineering threat and significantly enhancing your corporate cyber resilience.

The message is simple… Act now before it’s too late.

Advertisements

Leave a comment

Filed under Risk UK News

Criminals target UK’s youth as cases of identity fraud increase

Cifas, the UK’s leading fraud prevention service, has released new figures showing a 52% rise in young identity fraud victims in the UK. In 2015, just under 24,000 (23,959) people aged 30 and under were victims of identity fraud. This is up from 15,766 in 2014, and more than double the 11,000 victims in this age bracket in 2010.

The figures have been published on the same day as a new short film, entitled ‘Data to Go’, is launched online to raise awareness of this type of fraud. Shot in a London coffee shop in March this year, the film uses hidden cameras to capture baffled reactions from people caught in a stunt where their personal data, all found on public websites, is revealed to them live on a coffee cup.

Identity fraud happens when a fraudster pretends to be an innocent individual to buy a product or take out a loan in their name. Often, victims don’t even realise that they’ve been targeted until a bill arrives for something they didn’t buy or they experience problems with their credit rating.

IdentityTheftNew

To carry out this kind of fraud successfully, fraudsters usually have access to their victim’s personal information such as name, date of birth, address, their bank details and information on who they hold accounts with. Fraudsters gain such detail in a variety of ways, including through hacking and data loss, as well as using social media to put the pieces of someone’s identity together. 86% of all identity frauds in 2015 were perpetrated online.

People of all ages can be at risk of identity fraud, but with growing numbers of young people falling victim, Cifas is calling for better education around fraud and financial crime.

Fraudsters are opportunists

Simon Dukes, CEO of Cifas, said: “Fraudsters are opportunists. As banks and lenders have become more adept at detecting false identities, so the fraudsters have instead focused on stealing and using genuine people’s details. Society, Government and industry all have a role to play in preventing fraud. However, our concern is that the lack of awareness about identity fraud is making it even easier for fraudsters to obtain the information they need.”

Dukes continued: “The likes of Facebook, Twitter, LinkedIn and other online platforms are much more than just social media sites – they’re now a hunting ground for identity thieves. We’re urging people to check their privacy settings today and think twice about what information they share. Social media is fantastic, and the way we live our lives online gives us huge opportunities. Taking a few simple steps will help us to enjoy the benefits while reducing the risks. To a fraudster, the information we put online is a goldmine.”

IdentityTheftSign

Commander Chris Greany, the City of London Police’s national co-ordinator for economic crime, added: “We’ve known for some time that identity fraud has become the engine that drives much of today’s criminality, and so it’s vitally important that people keep their personal information safe and secure. In the fight against fraud, education is key and it’s great that Cifas and its members are taking identity fraud seriously and working together to raise awareness of how the issue is now increasingly affecting young people through the launch of this film.”

As part of the campaign, Cifas commissioned a survey with Britain Thinks to find out more about 18-24 year olds’ attitudes towards personal data and identity fraud. The survey found that young people are alarmingly unaware that they’re at risk:

  • Only 34% of 18-24 year olds say they learned about online security when they were at school
  • 50% of the 18-24 year olds surveyed believe they would never fall for an online scam (compared to the national average of 37%)
  • Only 57% of 18-24 year olds report thinking about how secure their personal details are online (compared to 73% for the population as a whole)

They’re also less likely to install anti-virus software on their mobile phone than the national average (27% compared to 37%).

Organisations such as the City of London Police, Action Fraud, Get Safe Online, Her Majesty’s Government’s Cyber Streetwise campaign, Financial Fraud Action UK and Cifas members including Coventry Building Society, BT and Secure Trust Bank are all supporting the campaign and sharing the new film across their social media networks.

Cifas is also appealing to youth organisations, schools and universities to share the film so it reaches as many young people as possible.

Leave a comment

Filed under Risk UK News, Uncategorized

Unisys Security Index Survey: ‘Britons place greater trust in banks to protect personal data than they do the NHS or central Government’

The latest Unisys survey shows a nation divided on the question of personal data protection ahead of NHS’ Care.data launch. The survey reveals lower levels of trust in many private sector organisations and that financial institutions are most trusted with personal data by members of the UK public. 15% of UK respondents to the survey do not trust any organisation with their personal information.

UK citizens place greater trust in banks and financial institutions to protect their personal data than they do the National Health Service (NHS) and central Government. This is a key finding of the annual global Unisys Security Index survey, the results of which are announced today.

The findings may raise concerns for the UK Government ahead of the launch this Autumn of Care.data, the NHS’ national health database.

The most recent Unisys Security Index asked UK respondents to select three types of organisation they most trust with their personal data from a list including financial institutions, the NHS, employers, central Government, private companies and service providers.

The largest percentage (53%) of respondents selected financial institutions. The NHS was the second most trusted of the organisations listed, and cited by 50% of respondents.

Among the lesser trusted organisations cited by the UK respondents are employers (44%), central Government (31%) and private companies (23%). Service organisations such as broadband, TV or telephone providers are seen as trustworthy by only 16% of those surveyed.

A significant 15% of the population said they do not trust any of the listed organisations with their data.

The UK Government has much work to do in reassuring the public of its data security measures before the delayed roll-out of the Care.data NHS database this autumn

The UK Government has much work to do in reassuring the public of its data security measures before the delayed roll-out of the Care.data NHS database this autumn

In addition, the Index revealed varying levels of trust in the NHS from different generations, with only 44% of UK respondents over 50 reporting that they trust the NHS with their personal data, in contrast to 555 of 18-49 year olds.

The proposed roll-out of Care.data, designed to hold NHS patients’ digital medical records for the care and health services, was delayed earlier this year due to public confusion over the initiative.

Work to be done on reassurance

Dr Gerhard Knecht, head of global security services and compliance at Unisys Enterprise Services, commented: “The NHS has work to do in reassuring a large part of the population that it can safely handle their personal data. We believe the Government must focus on educating the public on how their data will be treated and what security measures will be taken before its second attempt to launch the programme.”

Only 27.7& of UK respondents over the age of 65 listed central Government as one of their most trusted organisations compared to 39% of 25-34 year olds.

Dr Knecht added: “Despite widespread acknowledgement that the current Government has favoured older generations with its policies, the coalition clearly has more work to do in convincing old people of the benefits of its Digital Strategy, which was introduced well over two years ago in the 2012 budget.”

Sceptical North versus Trusting South

The research also reveals how Northerners are less trusting than Southerners when it comes to personal data, with 7% more respondents from the North claiming they don’t trust any of the organisations listed in the survey.

This divide is particularly apparent in their respective views on private companies, with just 20% of Northerners placing trust in them compared to 29% of Southerners.

Concerns over identity and financial protection

The Unisys Security Index results also show Brits are more worried about personal security than financial, Internet or national security threats.

More than half of respondents harbour concerns over identity theft and misuse of personal information. Financial security is the second greatest area of concern, with just under half (48%) of those surveyed expressing serious concern about other people obtaining and using their credit or debit card details.

The overall Unisys Security Index for Britain has dropped considerably from 2013, with a significant drop in the National Security Index score contributing the most to this decline. The National security index score for the UK has dropped 48 points, in fact, from 130 in 2013 to just 82 in 2014.

Despite 2013 being widely acknowledged as a bumper year for data breaches, less than a third (30%) of Brits surveyed are seriously concerned about computer security in relation to viruses or spam.

About the Unisys Security Index

Lieberman Research Group conducted the survey in Latin America, Europe, Malaysia and the USA. Newspoll conducted the research in Australia and New Zealand.

The Unisys Security Index surveys nearly 11,000 people in 12 countries: Australia, Brazil, Colombia, France, Germany, Malaysia, Mexico, the Netherlands, New Zealand, Spain, the United Kingdom and the United States.

For more information visit: http://www.unisyssecurityindex.com

Leave a comment

Filed under IFSECGlobal.com News

IBM launches new software and consulting services to help organisations tackle $3.5 trillion lost annually to fraud and financial crime

IBM has introduced new software and services to help organisations use Big Data and Analytics to address the $3.5 trillion lost each year to fraud and financial crimes. Through sophisticated business expertise and analytics, organisations can adopt an holistic approach to address the financial losses caused by fraud while at the same time protecting the value of their brands.

As part of today’s news, IBM has launched its ‘Smarter Counter Fraud’ initiative, drawing on the expertise and innovation from more than 500 fraud consulting experts, 290 fraud-related research patents and $24 billion invested in IBM’s Big Data and Analytics software and services capabilities since 2005.

The initiative actively extends IBM’s leadership in Big Data and analytics and Cloud to help public and private organisations prevent, identify and investigate fraudulent activities.

Today’s announcement comes at a time when a new generation of criminals are using digital channels – such as mobile devices, social networks and cloud platforms – to probe for weaknesses and vulnerabilities.

The pace of this threat continues to accelerate. Identity fraud impacted more than 12 million individuals in 2012, resulting in the theft of nearly $21 billion. Each day, the US healthcare industry loses $650 million due to fraudulent claims and payments.

IBM's Counter Fraud Infographic

IBM’s Counter Fraud Infographic

Holistic approaches to countering fraud

To address these complexities, IBM is delivering new software that allows organisations to gain better visibility and take a more proactive, holistic approach to countering fraud. This includes the ability to aggregate Big Data across a variety of internal and external sources – including mobile, social and online – and apply sophisticated analytics that continuously monitor for fraudulent indicators.

The new offerings feature advanced analytics that understand non-obvious relationships and co-occurences between entities, new enhanced visualisation technologies that can identify and connect fraudulent patterns closer to point of operation and machine learning to help prevent future occurrences based on previous attacks and behaviors.

Leading analysts estimate that market demand for fraud and risk solutions is quickly accelerating. According to Gartner*, 25% of large global companies will have adopted Big Data analytics for at least one security or fraud detection use case, up from 8% today, and will achieve a positive return on investment within the first six months of implementation by 2016.

IDC estimates that the market for financial crime solutions alone will be nearly $4.7 billion in 2014, with a 5.5% CAGR over the 2014-2017 forecast period**.

Adapting to emerging threats

“With today’s news, IBM is applying many of the same tactics, techniques and procedures used by the intelligence and law enforcement communities to help commercial organisations take a holistic view of this growing and pervasive threat,” said Robert Griffin, vice-president of IBM Counter Fraud Solutions.

“These technologies allow line of business leaders to quickly adapt to emerging threats across the entire organisation. Our new initiative puts Big Data and analytics into the hands of those tasked with defending their organisations from financial losses, protecting the brand and delivering exceptional customer service.”

IBM is unique in its ability to combine market-leading software, services and research capabilities to address the full spectrum of fraud and financial crimes – from tax evasion, money laundering and cyber attacks to threats from inside the organisation. For example, the new offerings can detect cross-channel mobile fraud and prevent cyber crime enablers like phishing scams. They can enable an insurance company to review thousands of claims in real-time to flag potentially fraudulent activity while processing legitimate claims faster, or help a global bank more accurately detect and investigate money laundering activities to meet regulatory compliance.

Details of the new software and services

IBM’s new counter fraud portfolio builds on the company’s unmatched R&D investments and the recent acquisitions of Cognos, i2, SPSS, Q1 Labs, Trusteer and SoftLayer.

The new software and services include:

Counter Fraud Management Software
A single offering that brings together IBM’s Big Data and analytics capabilities to help organisations aggregate data from external and internal sources and apply sophisticated analytics to prevent, identify and investigate suspicious activity.

It includes analytics that understand non-obvious relationships between entities, visualisation technology that identifies larger patterns of fraud and machine learning to help prevent future occurrence based on previous attacks.

To enhance these capabilities as new threats emerge, IBM has also launched a new counter fraud intelligence task force – IBM Red Cell – that will work in tandem with the IBM X-Force unit to continuously research trends, develop strategies and deliver enhancements to the software and services R&D Team.

Counter fraud service offerings
Industry-aligned services that combine IBM’s consulting, software and technology expertise to help clients improve their counter fraud programs, including:

· Outcome-based Accelerators: Evaluate an organisation’s counter fraud capabilities and provide rapid prototyping to demonstrate business value for enterprise-wide protection.

· Target Operating Model: Design organisational constructs, operational governance and technology architecture to better detect to fraud and respond and investigate exposures.

· Scale and Manage: Fast implementation of strategies and technological dimensions to customise and run counter fraud programs tailored for each client.

Fraud discovery assets
A portfolio of customisable, research-developed assets that use analytics to discover fraud, waste, abuse and errors in data intensive industries and functions. These assets analyse an organisation’s internal data to measure behaviour and then compare the results within specific peer groups to identify anomalies that indicate suspicious activity.

Based on the results, an investigation recommendation is made.

The assets are available across industries for enterprise-wide discovery. The fraud discovery assets will be available in the cloud, enabled by IBM SoftLayer, with focus on the following areas:

· Medical Fraud: Discovers fraud during provider, beneficiary and internal employee profiling using IBM’s Fraud Asset Management System (FAMS).

· Insurance Claim Fraud: Enables insurers to detect suspicious activity for claims submitted by vendors, brokers and individuals using IBM’s Loss Analysis and Warning System (LAWS).

· Public Tax Fraud: Empowers Governments to address tax gaps by uncovering tax evasion activities and filing inaccuracies using IBM’s Tax and Audit Compliance System (TACS).

· Occupational Fraud: Helps organisations discover fraud for accounts payable, travel and expense claims and other fraud committed by employees.

Counter fraud as a service
IBM will offer four levels of counter fraud capabilities as a service – including Hosting, Application Management, Behaviour Modelling and Scoring and Analytics and Referral Generation – that use a subscription-based model to give clients flexible choices that match their business needs and technical requirements.

IBM’s Counter Fraud Center of Competency gives clients global access to expertise including fraud industry experts, advanced analytic capabilities and technical implementation services.

London Borough of Camden: Case Study

IBM has a long history of working with hundreds of counter fraud clients such as the London Borough of Camden in the UK, which is using IBM Big Data and Analytics technology to streamline processes, improve services, reduce tax fraud and increase revenue.

Working with IBM, Camden has been able to create a ‘Residents’ Index’, in turn uniting information from multiple services to create a single, consistent view of all resident data (including the services they’re accessing).

“Information we once considered unobtainable is now within our grasp,” said Hilary Simpson, head of ICT business partnering at the London Borough of Camden. “We have identified at least a dozen specific examples where a Residents’ Index based on IBM Big Data and Analytics technology can help us. We have estimated that the solution could help to cut single person council tax discount fraud by 5%, potentially delivering major savings for our borough.”

For more information about IBM’s Smarter Counter Fraud initiative, visit: http://www.ibm.com/smartercounterfraud

Follow the conversation on Twitter at #counterfraud

Notes

*Source: Gartner Report ‘Reality Check on Big Data Analytics for Cyber Security and Fraud’ (January 2014)

**Source: IDC Financial Insights ‘Pivot Table: Worldwide IT Spending 2013–2017 — Worldwide Risk IT Spending Guide, 1H13, Doc # FIN240400’ (March 2013)

Leave a comment

Filed under IFSECGlobal.com News