Tag Archives: KPMG

KPMG’s David Ferbrache wins Personality of the Year category at 2018 Cyber Security Awards

David Ferbrache, chief technology officer in KPMG’s cyber security practice, has won the Personality of the Year accolade at the Cyber Security Awards 2018. The ceremony was held in central London on Thursday 21 June.

Commenting on his achievement, Ferbrache informed Risk Xtra: “This award is a testimony to all of the great people that I’ve worked with, and particularly those at KPMG. Cyber security has been my passion for over 30 years now, and I have thoroughly enjoyed making a difference along the way.”


David Ferbrache of KPMG

Congratulating Ferbrache, Bernard Brown (vice-chair at KPMG UK) said: “This is a fantastic accolade for David as the competition was tough this year. He’s a hardworking individual who most definitely deserves the award. David has a great reputation in the industry, having worked in cyber security and technology risk for over 30 years. This award is a testament to the great service that David has given to the industry.”

The Cyber Security Awards were established in 2014 to reward the best individuals, teams and companies within the cyber security industry. Excellence and innovation are core themes running throughout all categories.

Leave a comment

Filed under Risk Xtra, Uncategorized

KPMG on cyber crime in 2015: ‘This time it’s personal’

‘This time it’s personal’ will be the motto of 2015 as cyber criminals are predicted to become more selective in the way that they target victims.

According to Stephen Bonner, a partner in KPMG’s cyber security practice, the next 12 months will see criminals move away from mass spear-fishing tactics in favour of highly-targeted ‘campaigns’ based on the data trail people leave in their online lives.

“Over the past year, the Internet of Things took its first tentative steps into the mainstream,” said Bonner, “but consumers’ willingness to adopt the latest trend has come at a price. Their desire to be seen has overtaken their desire to be secure, meaning that we can expect organised crime to find new ways in which to make money in our increasingly digitised society.”

Bonner continued: “It’s possible that our willingness to share and shop online will let criminals become more selective about who they target. They will not need to maintain the current ‘hit and hope’ approach of spear phishing, instead only attacking specific users and computers based on the data these give away about their owners.”

According to Bonner, the result will be a business world in which cyber protection matures and where Governments come together to improve ways in which confidential data is secured.

The next 12 months will see criminals move away from mass spear-fishing tactics in favour of highly targeted ‘campaigns’ based on the data trail people leave in their online lives

The next 12 months will see criminals move away from mass spear-fishing tactics in favour of highly targeted ‘campaigns’ based on the data trail people leave in their online lives

“2014 may have been a year in which hardly any time went by without news of a cyber attack,” asserted Bonner, “and the next 12 months will be no different. This time, however, third party assurance will become a burgeoning industry as firms seek to protect themselves against lawsuits for loss of data or revenue. As part of this, my hope is that EU Governments will reach agreement on data protection legislation in a post-Snowden world and implement a data breach disclosure regime.”

In conclusion, Bonner explained: “Ultimately, cyber defence will be akin to a game of whack-a-mole with more emphasis on spotting attacks, more sharing of intelligence in near real-time and enhanced efforts by companies and Governments to counter and disrupt cyber attacks as quickly as they can. However, to win the game a change in mindset is needed, with security teams necessarily having to reinvent themselves by engaging with the business to really understand its priorities and justify the budget, in turn ensuring that their efforts are focused on defending key business assets while being seen as an enabler for doing business in the digital world.”

Leave a comment

Filed under Risk UK News

How can retailers avoid false alarms this Christmas?

During the festive season it’s vital that retailers protect themselves against increasing cases of theft while ensuring their customer base has an enjoyable shopping experience without the inconvenience of false alarms. Brian Sims offers some top tips to ensure it’s only the Sleigh Bells that are ringing this Christmas.

Shopper traffic in the UK increases by nearly 100% between the first Saturday in November and the last couple of days before Christmas. In the same period, retailers are expected to lose an estimated £1 billion as a result of shoplifting, dishonest employees and vendor or distribution losses.

False security alarms are not only frustrating and embarrassing for consumers, but also waste valuable employee time. For retailers to protect consumers and employees from possible inconvenience, every alarm must be treated as if it’s for real. Here are some handy tips to guard against false alarms and help ensure a positive shopper experience:

Test your Electronic Article Surveillance antennas
Store employees should first ensure all antennas and security equipment are working correctly. These tests should ideally be carried out each day before the store opens.

Check your deactivation systems
One of the most frequent causes of deactivation failures for retailers often occurs because the unit isn’t plugged in correctly, or because it has been unplugged accidentally. Store employees need to make sure that all deactivation systems are plugged in and functioning as they should.

Modern deactivation systems are designed to integrate seamlessly into Point of Sale procedures, ensuring the effortless deactivation of security tags when plugged in and fully operational.

Deactivate at Point of Sale
A major cause of false alarms is tags that haven’t been correctly removed from the merchandise at the Point of Sale. Hard tags and labels need to be correctly deactivated and/or removed at the Point of Sale to avoid causing the consumer an inconvenience or delay on leaving the store.

Today’s deactivation products are designed to easily integrate at the Point of Sale, with newer solutions now offering increasingly improved detection capabilities and range. This ensures a rapid checkout for your customer and worry-free deactivation every time – no matter what the size or position of the Electronic Article Surveillance (EAS) label used.

False alarms can present a huge headache for retailers

False alarms can present a huge headache for retailers

Watch out for tag pollution
Tag pollution from other stores does happen. This occurs when non-deactivated tags from other retail outlets are carried out of store by consumers, in turn causing unwanted alarms. As a result, these alarms decrease the effectiveness and integrity of installed EAS systems.

Ensure your employees are correctly trained on tag pollution as per your Head Office policies.

Be aware of metallic articles
Tagged and/or metallic articles found in the vicinity of the EAS system, such as holiday decorations and displays, can cause interference. Taking more time to consider the layout and positioning of certain types of merchandise can also reduce the frequency of false alarms.

Ensure tag applications are correct
An EAS label or hard tag not applied in the right place could pose problems for retailers during deactivation. For example, EAS labels should be positioned close to the barcode so employees don’t need to scan the merchandise twice.

By ensuring all products are universally tagged and the position of security labels is uniform, retailers can then enjoy reduced false alarms.

In addition, by streamlining product tagging (or tagging products at the point of manufacture, ie source tagging) and integrating deactivation at the checkout or when a scanner is used at the Point of Sale, retailers may prevent false alarms and keep merchandise protected without placing a significant burden on store employees.

Provide training
The effectiveness of any EAS system is largely based on how colleagues interface with it. Training for new staff and refresher sessions with existing members of the team will help keep false alarms to a minimum.

Keep a log of alarms
Keeping a log of all alarm activations will help to trace false alarms and identify whether they’re being caused by staff members or a system error.

By reducing false alarms and ensuring that EAS systems can effectively prevent theft, retailers can keep products on their shelves during the holiday season and ensure customer satisfaction and reputation is safeguarded.

Fraudsters rely on festive cheer to fleece employers

As the festive season moves into full swing, KPMG’s Priya Giuliani has warned that ‘the threat from within’ is the ghost of Christmas present.

Giuliani argues that, with many businesses in a relaxed mood, employees intent on committing fraud will try to take advantage of opportunities where the usual ‘safety checks’ are relaxed, and either attempt to remove stock or simply get away with misappropriating assets.

A partner in KPMG’s Forensic Risk Consulting practice, Giuliani explained: “Money can be tight at this time of year with higher than usual spending leading to additional pressures on employees. Combine this with a time of year when targets and bonuses are assessed and it’s easy to see how employees might be tempted to falsify sales or overstate performance so they look like they’re hitting their targets.”

Giuliani added: “For many businesses, the lead-up to Christmas also represents a boost in demand. Many companies turn to temporary staff for support, but in the rush to improve customer service they may not adequately vet the new recruits. With many regular staff taking time off, the resulting lack of supervision also provides a rise in opportunities for the fraudster.”

Also, Giulani said: “We’ve also seen a marked rise in payment diversion fraud, where fake requests are made to change supplier’s bank details so that funds are diverted into the fraudster’s own bank account. Our analysis shows that cases range in value from just over £30,000 lost by one business in a single transaction to a total of £5 million extracted from another. In almost all the cases we’ve seen, fraudsters appear to be making use of openly declared business relationships.”

In conclusion, the KPMG analyst stated: “It’s particularly worrying that fraudsters often rationalise their behaviour. They may believe that they’re only ‘borrowing’ the money from their employer to tide them over an expensive Christmas, but the fact is that their actions might have serious repercussions when it comes to an organisation’s financial stability. It’s something that cannot be ignored because, if it is, any business falling victim to fraud is more likely to be a ghost to Christmas future.”

Leave a comment

Filed under Risk UK News

True financial cost of IT failures to businesses revealed in KPMG report

A new report by KPMG, entitled: ‘The Technology Risk Radar’, tracks the major technology incidents faced by businesses and public sector bodies and reveals the cost of IT failures over the last 12 months.

Organisations are struggling to stay on top of costly technology risks. The report finds that, on average, employers had to pay an unplanned £410,000 for each technology-related problem they faced. The report also reveals that an average of 776,000 individuals have been affected – and around 4 million bank and credit card accounts compromised – by each IT failure.

Incidents caused by ‘avoidable’ problems such as software coding errors or failed IT changes accounted for over 50% of the IT incidents reported over the past year. Of these, 7.3% of reported events were the fault of human error – a figure which shows that basic investments in training are being ignored at the employers’ cost.

Further, while data loss-related incidents continued to be a major problem for all industries, a significant number of those (16%) were unintentional.

‘The Technology Risk Radar’ reveals that customer-facing organisations are quickly realising the true cost of systems failures if they’re left unchecked. For instance, a utility company faced a £10 million fine when technical glitches during the transfer to a new billing system meant customers did not receive bills for months and were then sent inaccurate payment demands or refused prompt refunds when errors were eventually acknowledged.

Organisations are struggling to stay on top of costly technology risks

Organisations are struggling to stay on top of costly technology risks

Detrimental to business relationships

Commenting on the findings of ‘The Technology Risk Radar’ report, Jon Dowie – partner in KPMG’s Technology Risk practice – said: “Technology is no longer a function within a business which operates largely in isolation. Rather, it’s at the heart of everything a company does. When it goes wrong, it affects an organisation’s bottom line, its relationship with customers and its wider reputation.”

Dowie added: “Investment in technology will continue to rise as businesses embrace digital and other opportunities, but this needs to be matched by investments in assessing, managing and monitoring the associated risks. At a time when even our regulators have shown themselves to be vulnerable to technology risk, absolutely no-one can afford to be complacent.”

With financial services under enormous pressure to maintain highly secure technology infrastructure, KPMG predicts IT complexity will continue to be the single biggest risk to financial services organisations in the coming year. This is closely followed by ineffective governance, risk and non-compliance with regulations. Security risks – such as cyber crime and unauthorised access – are rated fifth.

Dowie concluded: “With ever greater complexity in IT systems, not to mention the challenge of implementing IT transformational change, companies are running to stand still in managing their IT risks. The cost of failure is all too clear. It’s crucial for both public and private sector organisations to understand the risks associated with IT and how they can be managed, mitigated and avoided.”

Leave a comment

Filed under Risk UK News

UK public fears advance of Internet-enabled devices amid security concerns

According to the latest KPMG survey, UK consumers fear that technology is overtaking their lives, with many increasingly concerned about the pace of change they face. The study results also highlight apparent discomfort with the greater surveillance of everyday life and a cynicism about the need for connected devices.

KPMG surveyed over 1,600 consumers across the UK to identify attitudes towards the ‘Internet of Things’/’Internet of Everything’ – the term used to describe devices which ‘speak’ to each other over the Internet. The company aimed to gauge consumers’ views around intrusiveness, security and the value of connected devices.

More than half (58%) of the respondents resent the idea that computers seem to run their lives “wherever they go” while 70% suggest that, with the marketplace flooded by inter-connected devices, it’s too easy for things to go wrong.

The survey goes on to reveal that UK consumers are hankering after a return to ‘simple’ technology. For example, many of those who took part in the study (54% of respondents, in fact) mainly want their phone only to make calls. The majority believe that more advanced Internet-based products such as smart fridges are not as necessary.

UK consumers fear that technology is overtaking their lives, with many increasingly concerned about the pace of change they face

UK consumers fear that technology is overtaking their lives, with many increasingly concerned about the pace of change they face

However, respondents were quick to recognise that inter-connected devices can bring benefits, with 48% of interviewees welcoming the idea that smart meters can save energy and money. Four-in-ten also suggest that health monitors which issue warnings about impending illness are a good idea, and 46% want to use security systems to remotely monitor their property while they’re away from home.

Rise of the machine

Wil Rockall, director in KPMG’s cyber security practice, commented: “It’s clear that consumers are struggling with a desire to use connected devices as a route towards an easier life and remain wary of the rise of the machine. They still support innovation, recognising that in the right environment having the latest technology is key. Nearly 60% acknowledge that technology makes us more effective at our job.”

Asked why they are cynical about the advance of the Internet of Things, respondents questioned how it’s possible to keep personal information private, with 56% of those polled concerned about a ‘Big Brother’ effect occurring as a result of these products and the pace at which they are being produced and implemented.

In a work environment, more than one-third (36%) of respondents suggested employers are monitoring their every action.

Mark Thompson, a senior manager in KPMG’s cyber security practice, added: “Security and privacy are high on the list of worries for the consumer, with 62% of respondents to our survey believing that there’s insufficient concern about it. The fact remains that, where once an Englishman’s home was considered to be his castle, the advent of the Internet of Things means that fortress walls can be breached more easily. There are also so many opportunities for the latest technologies to provide value and enhance our lives, but we’re failing to take advantage of them. We will continue in that vein until such time consumers can be convinced that always-connected devices are both safe and worthwhile.”

Leave a comment

Filed under Risk UK News

KPMG acquires certain assets of cyber security firm Qubera Solutions

KPMG LLP (US) and KPMG LLP (UK) have acquired certain assets of Qubera Solutions, a leading privately-held cyber security firm that provides identity and access management services to Fortune 500 and Global 2000 companies.

The transaction strengthens the KPMG network’s security transformation capabilities in several service areas, including Cloud Identity Federation, Identity as a Service (IDaaS), Identity Governance and Identity and Access Management (IAM) solutions implementation.

Additionally, the acquisition of certain assets of Qubera Solutions elevates KPMG LLP (US) to become a top deployment partner for SailPoint, the leader in the 2013 Gartner Identity Governance and Administration Magic Quadrant.

“As threats from cyber criminals grow in scale, so companies are facing a tsunami of new legislative, organisational and regulatory requirements they must meet in order to ensure they’re managing and protecting their critical information appropriately,” said John Veihmeyer, global chairman of KPMG and chairman and CEO of KPMG in the US.

“These threats inevitably force companies to re-examine their potential vulnerabilities and seek counsel from experienced global providers. This is where KPMG’s Identity and Access Management solutions teams fit in, working across a multitude of industries to assist clients in conceptualising, designing, implementing, measuring and improving their information security programs.”

Malcolm Marshall: KPMG's global and UK head of information protection and business resilience

Malcolm Marshall: KPMG’s global and UK head of information protection and business resilience

IAM services have become integral to maintaining sustainable operations across many industries, among them financial services, healthcare and life sciences, technology, telecommunications, energy, consumer and retail as well as higher education.

Qubera’s experienced IAM analysis team and deep relationships with leading industry vendors will complement the KPMG network’s global Information Protection and Business Resilience platform, in turn strengthening the firm’s ability to help clients safeguard valuable information.

Building, delivering and supporting technology services

The Qubera management team has extensive experience of building, delivering and supporting technology services for leading organisations worldwide, while its consultants are among the most highly regarded in their specialities.

In addition, the company’s services portfolio leverages leading technical expertise and strategic partnerships to deliver effective results in the areas of enterprise business solutions, portal and content management and service-oriented architecture.

“We’re excited to join KPMG’s efforts in providing clients with the secure information access solutions that can serve as a foundation for their growth and sustainability,” said Prasad Jayaraman, CEO of Qubera Solutions. “Access to the KPMG network’s deep well of resources and diverse set of advisory capabilities will help bolster our ability to provide clients with an unparalleled level of service.”

Mike Nolan – global partner-in-charge for KPMG’s Risk Consulting Services – added: “The ability to provide leading information protection solutions such as identity and access governance, directory services, cloud governance, authentication and authorisation as well as application security services supports KPMG’s mission to help clients align their risk appetite with ongoing business goals.”

Malcolm Marshall, KPMG’s global and UK head of information protection and business resilience, stated that the deal results in continuous growth in capabilities and resources across the local market.

“Our acquisition of certain assets of Qubera means that KPMG is adding exceptional technology talent in the form of individuals able to address increasing client demand for robust identity and access solutions,” said Marshall. “We can stay on pace in becoming a world-leading cyber security practice.”

*Financial terms of the agreement will not be disclosed

Leave a comment

Filed under Risk UK News

Face of fraud changes as conmen rely on innocence of youth

KPMG’s latest Fraud Barometer states that fraud cases totalling £317 million were recorded in the first half of 2014. The figure represents a 39% drop compared to the same period last year, but the number of frauds has remained constant.

The latest cases also suggest organisations have failed to spot a ‘changing of the guard’ as the profile of fraudsters shifts from rogue senior executives to younger individuals funding extravagant lifestyles.

Analysis of the cases going through British Crown Courts since the start of 2014 shows that frauds committed by those aged 26-35 were valued at just over £62 million – an increase of 285% on the first half of 2013. At the same time, frauds committed by those aged 46 and over fell by 72% to £88 million.

The data shows that one scam, masterminded by two 26 year-olds, revolved around the hijacking of mobile phone accounts. The two individuals began by creating a fake company that purchased lists containing customer details on the pretence of marketing directly to them. They then assigned victims’ phone numbers to SIM cards in their possession by calling the network provider and posing as the account holder.

Having transferred numbers to new SIMs, the fraudsters repeatedly dialled premium rate lines only for the real customer to be billed for any calls made. Bills totalling £2.8 million were amassed, and the crimes only discovered when customers complained that handsets could not make or receive calls.

Another case involved a 30 year-old man who convinced his victims to invest in vintage wine, which they believed would increase in value. More than 400 people were conned into handing over sums ranging from £20,000 to £2 million, yet their funds were used to purchase a Lamborghini and a five-bedroom house with a swimming pool.

Hitesh Patel: UK forensic partner at KPMG

Hitesh Patel: UK forensic partner at KPMG

Hitesh Patel, UK forensic partner at KPMG, commented: “Where once it was the jaded executive who relied on unquestioned seniority and authority to get away with dipping their hands in the till, now it seems we are witnessing a changing of the guard. Today’s fraudster is younger and every bit as much at ease with using technology and data as they are selling promises. They rely on the assumption of the innocence of youth, whereas the reality is that many of these fraudsters are nothing more than a wolf in lamb’s clothing. It’s important for UK organisations to recognise that youth doesn’t always equal innocence, as a confident and tech ‘savvy’ generation comes through, adept at circumnavigating conventional controls and remaining under the radar.”

Values increasing with confidence

The latest figures also show that, for the first six months of 2014, the average case value was £2 million – a fall of 43% compared to that recorded between January and July 2013 (£3.5 million).

On the face of it, this sounds like good news, but history shows that fraudsters tend to start with smaller schemes to test the system, with fraud value then increasing as their confidence grows if they’re not caught.

The latest data shows, for example, that the increase in volume in the £1 million-£10 million bracket was driven by a significant increase in insider fraud, with the number of employee-perpetrated frauds in this value range increasing more than ten-fold.

One Case Study showing the trend for insider activity – and the youthful nature of conmen – revolved around a 24 year-old bank clerk who attached a device to a computer within the branch at which he worked. The device allowed fictional deposits worth £1.1 million to be made into 15 customer accounts, which were then withdrawn by the customers and a colleague – all of whom had been colluding with the ring-leader.

“Super cases are conspicuous by their absence,” continued Patel. “Instead, we are witnessing the rise of comparatively small value crimes as fraudsters try to get away with theft by hoping smaller scale activities can accumulate as they go unnoticed over time. The truth is that these crimes still leave victims in their wake. A business will ignore such occurrences at its peril. Complacency and the ‘It won’t happen to me’ syndrome should not be allowed to creep in to peoples’ mindset as the battle to combat white collar crime goes on.”

If it’s too good to be true, it probably is…

The latest KPMG Fraud Barometer suggests that private investors are the biggest victims of fraud, with 48% of fraud losses resulting from the false promise of a return on investment.

The latest data also highlights a growth in the number of individual investor victims, with losses of £153 million (up from £74 million for the same period last year).

Fraud cases totalling £317 million were recorded in the first half of 2014, according to KPMG’s latest Fraud Barometer

Fraud cases totalling £317 million were recorded in the first half of 2014, according to KPMG’s latest Fraud Barometer

One case involved a crooked financial adviser dubbed the ‘Wolf of Old Hall Street’ who bought a fleet of supercars, invested in a racehorse and sponsored two Premier League football clubs with the proceeds of his con artistry. His scam involved the creation of a bogus investment fund for which he persuaded investors to hand over large cash sums which he simply spent. One victim was so convinced that he parted with £3.7 million, none of which has been recovered.

Patel concluded: “The economy may be improving but the pressure to see a return on investment remains acute. Investors searching for extraordinary returns are likely to remain vulnerable to conmen promising much and delivering little. It’s a sad fact, but the truth remains that if something sounds too good to be true then it probably is.”

Leave a comment

Filed under Uncategorized

“International tensions heighten cyber security risks” warns KPMG

Malcolm Marshall – UK and global lead in KPMG’s cyber security practice – has commented on the impact that international political disputes can have on organisations’ ability to conduct ‘business as usual’.

“While attention is focused on the search for resolutions in the ‘corridors of power’,” stated Marshall, “businesses need to be ready to defend themselves, as the cyber space in which they operate increasingly becomes the new battleground.”

Marshall continued: “Businesses are so focused on cyber attacks by organised criminals that it’s easy for them to ignore the possibility of being targeted by groups wanting to make a political point, possibly even with backing from a hostile Government.”

He went on to comment: “Over the past five years, the international business community has seen a number of incidents where websites have been hacked so that political messages can be uploaded where they will receive widespread exposure. The Syrian Electronic Army is just one example among many. ‘Hacktivists’ are certainly more active during periods of international tension, but the next step is the one that businesses should be wary of.”

Malcolm Marshall of KPMG

Malcolm Marshall of KPMG

KPMG’s cyber leader explained: “Cyber attacks are becoming part of international conflict, and it seems that probing cyber attacks are likely to be the first element in the hostile phase of future conflicts. The well-worn phrase about who has their ‘finger on the button’ has taken on a new meaning. This is something that banks, financial institutions and global businesses need to consider. After all, the ability to disrupt electronic trade, divert funds or overload IT systems so that transactions cannot be completed may have an effect that stretches far beyond the geographies where disputes are raging.”

In conclusion, Marshall said: “This doesn’t mean organisations should panic and ‘bunker down’. What it does mean is that, just as scenarios are planned to help in dealing with major physical security breaches, so organisations need to put plans in place that recognise we now operate in a world without cyber borders. If businesses can successfully build these defences and take proactive steps to protect themselves, they will reduce the chances of inadvertently becoming embroiled in a wider dispute.”

Vehicles should be ‘Secure by Design’ when it comes to cyber security

Maintaining the cyber security theme, Wil Rockall – director of information protection within KPMG’s cyber security practice – has voiced his opinions on news that security experts have developed technology that would keep automobiles safe from cyber attacks.

“As the automotive industry increases the level of technology used in new vehicles,” said Rockall, “the nature of the threats faced also increases, particularly in the form of cyber attacks. These attacks could potentially allow cyber criminals to penetrate in-car systems, either using physical interaction or by seizing control through attacks over the Internet.”

Typically, a connected car network has over 50 potential access points for a cyber attacker, and this will only increase as the level of technology integrated within cars escalates.

“Three years ago, criminals sought access to vehicles by stealing the keys,” asserted Rockall, “but today three-quarters of cars stolen in London are stolen without them, principally through electronic methods.‎ It’s important that cyber attacks don’t become physical ones because manufacturers are unable or unwilling to design-in security.”

Rockall believes the automotive industry needs to invest in creating systems that are securely built and well-tested, with capabilities that can be improved as threats evolve and vulnerabilities are discovered.

The public must be able to trust the new systems put in place, suggests Rockall, and be confident that when operating their vehicles a ‘crash’ isn’t going to be caused by cyber attackers.

“Simply introducing a car ‘security product’ isn’t a strong enough defence,” urged Rockall, “and neither is it a wise strategic direction of travel for the industry. We should look towards making vehicles ‘Secure by Design’. This will provide security measures aimed at preventing vulnerabilities from being ‘attackable’ rather than accepting flaws in design and masking them with a third party conventional security product.”

Leave a comment

Filed under Uncategorized

Going beyond law: businesses demand cyber expertise from legal teams

A rising level of threats to business, and increasing numbers of regulatory requirements, are combining to ensure in-house General Counsel are no longer focused solely on company legal matters. Instead, a new report from KPMG reveals that in-house lawyers’ work is dominated by commercial decision-making as Boardrooms seek validation of their business and operational plans.

The ‘Over the Horizon’ report, which is based on a series of in-depth interviews with General Counsel, reveals that senior in-house lawyers have adopted six new core functional responsibilities in addition to their role as legal advisers. Chief among these is a focus on cyber security, as concerns rise about the risk of data breaches brought about by human error and intentional sabotage.

Malcolm Marshall, global head of cyber security at KPMG, states: “In the last five years we’ve seen cyber security move from the back room to the Boardroom and, in extreme cases, the court room. Against this sort of backdrop, few people will be surprised to see it come in as the fastest-growing risk for General Counsel. That’s why in-house legal teams should have a seat at the table providing advice about the policies and vigilance required to tackle cyber risks for business.”

A rising level of threats to business, and increasing numbers of regulatory requirements, are combining to ensure in-house General Counsel are no longer focused solely on company legal matters

A rising level of threats to business, and increasing numbers of regulatory requirements, are combining to ensure in-house General Counsel are no longer focused solely on company legal matters

Expectations placed on General Counsel

In addition to the new focus on cyber security, the report highlights that General Counsel are now expected to manage:

• enterprise risks (such as geo-political events or technological failures)
• a rising tide of regulation as the ‘new regulatory norm’ increases global compliance demands
• corporate liability for the conduct of third parties
• execution of contracts (in addition to long-held expectations around the negotiation and drafting of contracts)
• flexible approaches to dispute resolution rather than an outright reliance on negotiation

KPMG’s analysis goes on to reveal that there is a growing demand for in-house lawyers to conduct due diligence of suppliers, customers and other business parties as corruption through the supply chain is tackled through increasingly tough legislative and judicial actions.

According to the report, senior executives are also turning to their legal teams in recognition that their professional training ensures General Counsel can ‘take on complex issues, distil them and arrive at a sensible conclusion’ (with many respondents indicating that their lawyers are more likely to find solutions to common business problems than colleagues in other business departments).

David Eastwood (global head of contract compliance at KPMG) comments: “As General Counsel roles become weightier, so lawyers are making themselves indispensable as managers of risk and complexity. General Counsel who navigate this well will see their stock rise significantly. The challenge for General Counsel, of course, is that as their stock rises so do the expectations.”

Eastwood continued: “It means the pressure is on for General Counsel to demonstrate the right blend of legal and business ‘savviness’. Those that grasp this opportunity will shape the long-term development of their organisations.”

Leave a comment

Filed under IFSECGlobal.com News

Traditional ‘low tech’ fraudsters make hay as organisations focus on ‘high tech’ attacks

KPMG’s bi-annual Fraud Barometer has shown a high volume of fraud cases prosecuted in the past year, but at much lower value levels than recorded in previous years (the average case value this year being £2.9 million compared with £6.1 million over the last five years).

The report also shows that, while fraudsters are at the cutting edge of technology – attacking banks in the virtual world, for example – some have reverted to ‘paper and pen’ as organisations focus their security efforts on technology-driven defences.

Hitesh Patel, UK Forensic Partner at KPMG, commented: “It’s certainly the case that we have seen fraudsters using very clever high tech frauds to attack banks, businesses and local authorities, but we’ve also seen some of the biggest frauds in more low tech scams. As old forms of transactions, such as cheques, are phased out, so organisations are focusing on developing sophisticated lines of defence. Yet, rather than putting criminals off, many fraudsters are ignoring the challenge of triumphing over technology in favour of using simpler methods of deception.”

‘Old-fashioned’ habits die hard

The data shows that con artists still rely on ‘old technology’ to perpetrate fraud, with a number of schemes in 2013 based on counterfeit cheques.

In one strikingly simple case a local Government employee processed cheques for legitimate payees using disappearing ink. She secured the signatures of senior management for cheques reaching a total value of £162,000 and waited for the ‘payee’ details to disappear before substituting them with her own name.

In a case worth £20 million a businessman paid a series of worthless company cheques into an account based in the UK. He – and the gang involved – succeeded in transferring three-quarters of the funds into a foreign account before suspicions were raised and the account was frozen.

Another case involved a conman who attempted to buy £1 million of cars by visiting dealerships on six occasions, paying by cheque for an Aston Martin, Maserati, Ferraris and a Bentley. The man was caught when the cheques bounced and one of the dealerships visited his home to reclaim the vehicles.

Hitesh Patel of KPMG

Hitesh Patel of KPMG

Fraudsters’ determination to focus on the so-called ‘old-fashioned’ scams and avoid elaborate methods of deception is also evident through a resurgence of cases involving tax rebates, loans and mis-selling.

Combined, these three forms of fraud totalled more than £343 million – up from £41 million in the previous 12 months. This trend shows that, although the motivation to deceive comes in a variety of forms, many criminals are still prepared to rely on the traditional conman artistry of making financial gain through misplaced trust, attacking people’s vulnerabilities and sensibilities.

Virtual world becoming a home to fraudsters

Meanwhile, there were cases where banks and businesses were attacked online, with fraudsters using computers, turning to robotics and malware in an attempt to avoid detection.

One example involved eight people arrested in connection with a £1.3 million theft by a gang who took control of a bank’s branch computer system. They had placed a ‘keyboard video mouse’ and 3G router on one of the computers inside the branch when one of the fraudsters posed as an engineer, saying he was there to fix computers.

The ‘fix’ enabled the gang to control computers remotely using code and surveillance to find holes in organisational cyber defences and transfer money into different bank accounts.

In another case, fraudsters posted fake adverts for work at Harrods on a website as part of a £1 million scam to trick desperate job hunters out of their savings.

The con involved writing ‘Trojan’ malware which was hidden in job application pack downloads posted on the free website Gumtree. Once embedded on computers, the software copied bank log on and security details of those seeking work before forwarding them on to the criminals who netted in excess of £1 million.

Bribery and corruption on the radar

Despite organisations seeing a decline in internal cases of fraud, the latest KPMG Fraud Barometer highlights the first prosecutions under the UK’s Anti Bribery and Corruption legislation.

In a case adding £23 million to the total figure in this year’s Fraud Barometer and relating to the purchase of 6,000 hectares of land in Cambodia bought through senior military officials based in the country, three senior executives have been charged with making and accepting a financial advantage in breach of the Bribery Act.

As well as focusing on how they were able to purchase the land, the case examined whether the company missold bio-fuel investment products after the authorities were alerted to the possibility they were providing false information to clients.

“The pressure to compete lies at the heart of attempts to bribe and corrupt,” said Hitesh Patel, “and the old adage of every person having their price is now much more likely to trigger criminal repercussions.”

Continuing this theme, Patel concluded: “The UK has seen its first corporate prosecution under the new anti-bribery legislation. With it being widely known that other cases are in development, fraudsters may begin to fear the ramifications of being caught. If guilty verdicts are returned and heavy punitive measures imposed, perhaps we will start to see people thinking twice before attempting to corrupt others in the pursuit of unfair advantage.”

Leave a comment

Filed under IFSECGlobal.com News