Tag Archives: KPMG

KPMG’s David Ferbrache wins Personality of the Year category at 2018 Cyber Security Awards

David Ferbrache, chief technology officer in KPMG’s cyber security practice, has won the Personality of the Year accolade at the Cyber Security Awards 2018. The ceremony was held in central London on Thursday 21 June.

Commenting on his achievement, Ferbrache informed Risk Xtra: “This award is a testimony to all of the great people that I’ve worked with, and particularly those at KPMG. Cyber security has been my passion for over 30 years now, and I have thoroughly enjoyed making a difference along the way.”

DavidFerbracheKPMG

David Ferbrache of KPMG

Congratulating Ferbrache, Bernard Brown (vice-chair at KPMG UK) said: “This is a fantastic accolade for David as the competition was tough this year. He’s a hardworking individual who most definitely deserves the award. David has a great reputation in the industry, having worked in cyber security and technology risk for over 30 years. This award is a testament to the great service that David has given to the industry.”

The Cyber Security Awards were established in 2014 to reward the best individuals, teams and companies within the cyber security industry. Excellence and innovation are core themes running throughout all categories.

Advertisements

Leave a comment

Filed under Risk Xtra, Uncategorized

KPMG on cyber crime in 2015: ‘This time it’s personal’

‘This time it’s personal’ will be the motto of 2015 as cyber criminals are predicted to become more selective in the way that they target victims.

According to Stephen Bonner, a partner in KPMG’s cyber security practice, the next 12 months will see criminals move away from mass spear-fishing tactics in favour of highly-targeted ‘campaigns’ based on the data trail people leave in their online lives.

“Over the past year, the Internet of Things took its first tentative steps into the mainstream,” said Bonner, “but consumers’ willingness to adopt the latest trend has come at a price. Their desire to be seen has overtaken their desire to be secure, meaning that we can expect organised crime to find new ways in which to make money in our increasingly digitised society.”

Bonner continued: “It’s possible that our willingness to share and shop online will let criminals become more selective about who they target. They will not need to maintain the current ‘hit and hope’ approach of spear phishing, instead only attacking specific users and computers based on the data these give away about their owners.”

According to Bonner, the result will be a business world in which cyber protection matures and where Governments come together to improve ways in which confidential data is secured.

The next 12 months will see criminals move away from mass spear-fishing tactics in favour of highly targeted ‘campaigns’ based on the data trail people leave in their online lives

The next 12 months will see criminals move away from mass spear-fishing tactics in favour of highly targeted ‘campaigns’ based on the data trail people leave in their online lives

“2014 may have been a year in which hardly any time went by without news of a cyber attack,” asserted Bonner, “and the next 12 months will be no different. This time, however, third party assurance will become a burgeoning industry as firms seek to protect themselves against lawsuits for loss of data or revenue. As part of this, my hope is that EU Governments will reach agreement on data protection legislation in a post-Snowden world and implement a data breach disclosure regime.”

In conclusion, Bonner explained: “Ultimately, cyber defence will be akin to a game of whack-a-mole with more emphasis on spotting attacks, more sharing of intelligence in near real-time and enhanced efforts by companies and Governments to counter and disrupt cyber attacks as quickly as they can. However, to win the game a change in mindset is needed, with security teams necessarily having to reinvent themselves by engaging with the business to really understand its priorities and justify the budget, in turn ensuring that their efforts are focused on defending key business assets while being seen as an enabler for doing business in the digital world.”

Leave a comment

Filed under Risk UK News

How can retailers avoid false alarms this Christmas?

During the festive season it’s vital that retailers protect themselves against increasing cases of theft while ensuring their customer base has an enjoyable shopping experience without the inconvenience of false alarms. Brian Sims offers some top tips to ensure it’s only the Sleigh Bells that are ringing this Christmas.

Shopper traffic in the UK increases by nearly 100% between the first Saturday in November and the last couple of days before Christmas. In the same period, retailers are expected to lose an estimated £1 billion as a result of shoplifting, dishonest employees and vendor or distribution losses.

False security alarms are not only frustrating and embarrassing for consumers, but also waste valuable employee time. For retailers to protect consumers and employees from possible inconvenience, every alarm must be treated as if it’s for real. Here are some handy tips to guard against false alarms and help ensure a positive shopper experience:

Test your Electronic Article Surveillance antennas
Store employees should first ensure all antennas and security equipment are working correctly. These tests should ideally be carried out each day before the store opens.

Check your deactivation systems
One of the most frequent causes of deactivation failures for retailers often occurs because the unit isn’t plugged in correctly, or because it has been unplugged accidentally. Store employees need to make sure that all deactivation systems are plugged in and functioning as they should.

Modern deactivation systems are designed to integrate seamlessly into Point of Sale procedures, ensuring the effortless deactivation of security tags when plugged in and fully operational.

Deactivate at Point of Sale
A major cause of false alarms is tags that haven’t been correctly removed from the merchandise at the Point of Sale. Hard tags and labels need to be correctly deactivated and/or removed at the Point of Sale to avoid causing the consumer an inconvenience or delay on leaving the store.

Today’s deactivation products are designed to easily integrate at the Point of Sale, with newer solutions now offering increasingly improved detection capabilities and range. This ensures a rapid checkout for your customer and worry-free deactivation every time – no matter what the size or position of the Electronic Article Surveillance (EAS) label used.

False alarms can present a huge headache for retailers

False alarms can present a huge headache for retailers

Watch out for tag pollution
Tag pollution from other stores does happen. This occurs when non-deactivated tags from other retail outlets are carried out of store by consumers, in turn causing unwanted alarms. As a result, these alarms decrease the effectiveness and integrity of installed EAS systems.

Ensure your employees are correctly trained on tag pollution as per your Head Office policies.

Be aware of metallic articles
Tagged and/or metallic articles found in the vicinity of the EAS system, such as holiday decorations and displays, can cause interference. Taking more time to consider the layout and positioning of certain types of merchandise can also reduce the frequency of false alarms.

Ensure tag applications are correct
An EAS label or hard tag not applied in the right place could pose problems for retailers during deactivation. For example, EAS labels should be positioned close to the barcode so employees don’t need to scan the merchandise twice.

By ensuring all products are universally tagged and the position of security labels is uniform, retailers can then enjoy reduced false alarms.

In addition, by streamlining product tagging (or tagging products at the point of manufacture, ie source tagging) and integrating deactivation at the checkout or when a scanner is used at the Point of Sale, retailers may prevent false alarms and keep merchandise protected without placing a significant burden on store employees.

Provide training
The effectiveness of any EAS system is largely based on how colleagues interface with it. Training for new staff and refresher sessions with existing members of the team will help keep false alarms to a minimum.

Keep a log of alarms
Keeping a log of all alarm activations will help to trace false alarms and identify whether they’re being caused by staff members or a system error.

By reducing false alarms and ensuring that EAS systems can effectively prevent theft, retailers can keep products on their shelves during the holiday season and ensure customer satisfaction and reputation is safeguarded.

Fraudsters rely on festive cheer to fleece employers

As the festive season moves into full swing, KPMG’s Priya Giuliani has warned that ‘the threat from within’ is the ghost of Christmas present.

Giuliani argues that, with many businesses in a relaxed mood, employees intent on committing fraud will try to take advantage of opportunities where the usual ‘safety checks’ are relaxed, and either attempt to remove stock or simply get away with misappropriating assets.

A partner in KPMG’s Forensic Risk Consulting practice, Giuliani explained: “Money can be tight at this time of year with higher than usual spending leading to additional pressures on employees. Combine this with a time of year when targets and bonuses are assessed and it’s easy to see how employees might be tempted to falsify sales or overstate performance so they look like they’re hitting their targets.”

Giuliani added: “For many businesses, the lead-up to Christmas also represents a boost in demand. Many companies turn to temporary staff for support, but in the rush to improve customer service they may not adequately vet the new recruits. With many regular staff taking time off, the resulting lack of supervision also provides a rise in opportunities for the fraudster.”

Also, Giulani said: “We’ve also seen a marked rise in payment diversion fraud, where fake requests are made to change supplier’s bank details so that funds are diverted into the fraudster’s own bank account. Our analysis shows that cases range in value from just over £30,000 lost by one business in a single transaction to a total of £5 million extracted from another. In almost all the cases we’ve seen, fraudsters appear to be making use of openly declared business relationships.”

In conclusion, the KPMG analyst stated: “It’s particularly worrying that fraudsters often rationalise their behaviour. They may believe that they’re only ‘borrowing’ the money from their employer to tide them over an expensive Christmas, but the fact is that their actions might have serious repercussions when it comes to an organisation’s financial stability. It’s something that cannot be ignored because, if it is, any business falling victim to fraud is more likely to be a ghost to Christmas future.”

Leave a comment

Filed under Risk UK News

True financial cost of IT failures to businesses revealed in KPMG report

A new report by KPMG, entitled: ‘The Technology Risk Radar’, tracks the major technology incidents faced by businesses and public sector bodies and reveals the cost of IT failures over the last 12 months.

Organisations are struggling to stay on top of costly technology risks. The report finds that, on average, employers had to pay an unplanned £410,000 for each technology-related problem they faced. The report also reveals that an average of 776,000 individuals have been affected – and around 4 million bank and credit card accounts compromised – by each IT failure.

Incidents caused by ‘avoidable’ problems such as software coding errors or failed IT changes accounted for over 50% of the IT incidents reported over the past year. Of these, 7.3% of reported events were the fault of human error – a figure which shows that basic investments in training are being ignored at the employers’ cost.

Further, while data loss-related incidents continued to be a major problem for all industries, a significant number of those (16%) were unintentional.

‘The Technology Risk Radar’ reveals that customer-facing organisations are quickly realising the true cost of systems failures if they’re left unchecked. For instance, a utility company faced a £10 million fine when technical glitches during the transfer to a new billing system meant customers did not receive bills for months and were then sent inaccurate payment demands or refused prompt refunds when errors were eventually acknowledged.

Organisations are struggling to stay on top of costly technology risks

Organisations are struggling to stay on top of costly technology risks

Detrimental to business relationships

Commenting on the findings of ‘The Technology Risk Radar’ report, Jon Dowie – partner in KPMG’s Technology Risk practice – said: “Technology is no longer a function within a business which operates largely in isolation. Rather, it’s at the heart of everything a company does. When it goes wrong, it affects an organisation’s bottom line, its relationship with customers and its wider reputation.”

Dowie added: “Investment in technology will continue to rise as businesses embrace digital and other opportunities, but this needs to be matched by investments in assessing, managing and monitoring the associated risks. At a time when even our regulators have shown themselves to be vulnerable to technology risk, absolutely no-one can afford to be complacent.”

With financial services under enormous pressure to maintain highly secure technology infrastructure, KPMG predicts IT complexity will continue to be the single biggest risk to financial services organisations in the coming year. This is closely followed by ineffective governance, risk and non-compliance with regulations. Security risks – such as cyber crime and unauthorised access – are rated fifth.

Dowie concluded: “With ever greater complexity in IT systems, not to mention the challenge of implementing IT transformational change, companies are running to stand still in managing their IT risks. The cost of failure is all too clear. It’s crucial for both public and private sector organisations to understand the risks associated with IT and how they can be managed, mitigated and avoided.”

Leave a comment

Filed under Risk UK News

UK public fears advance of Internet-enabled devices amid security concerns

According to the latest KPMG survey, UK consumers fear that technology is overtaking their lives, with many increasingly concerned about the pace of change they face. The study results also highlight apparent discomfort with the greater surveillance of everyday life and a cynicism about the need for connected devices.

KPMG surveyed over 1,600 consumers across the UK to identify attitudes towards the ‘Internet of Things’/’Internet of Everything’ – the term used to describe devices which ‘speak’ to each other over the Internet. The company aimed to gauge consumers’ views around intrusiveness, security and the value of connected devices.

More than half (58%) of the respondents resent the idea that computers seem to run their lives “wherever they go” while 70% suggest that, with the marketplace flooded by inter-connected devices, it’s too easy for things to go wrong.

The survey goes on to reveal that UK consumers are hankering after a return to ‘simple’ technology. For example, many of those who took part in the study (54% of respondents, in fact) mainly want their phone only to make calls. The majority believe that more advanced Internet-based products such as smart fridges are not as necessary.

UK consumers fear that technology is overtaking their lives, with many increasingly concerned about the pace of change they face

UK consumers fear that technology is overtaking their lives, with many increasingly concerned about the pace of change they face

However, respondents were quick to recognise that inter-connected devices can bring benefits, with 48% of interviewees welcoming the idea that smart meters can save energy and money. Four-in-ten also suggest that health monitors which issue warnings about impending illness are a good idea, and 46% want to use security systems to remotely monitor their property while they’re away from home.

Rise of the machine

Wil Rockall, director in KPMG’s cyber security practice, commented: “It’s clear that consumers are struggling with a desire to use connected devices as a route towards an easier life and remain wary of the rise of the machine. They still support innovation, recognising that in the right environment having the latest technology is key. Nearly 60% acknowledge that technology makes us more effective at our job.”

Asked why they are cynical about the advance of the Internet of Things, respondents questioned how it’s possible to keep personal information private, with 56% of those polled concerned about a ‘Big Brother’ effect occurring as a result of these products and the pace at which they are being produced and implemented.

In a work environment, more than one-third (36%) of respondents suggested employers are monitoring their every action.

Mark Thompson, a senior manager in KPMG’s cyber security practice, added: “Security and privacy are high on the list of worries for the consumer, with 62% of respondents to our survey believing that there’s insufficient concern about it. The fact remains that, where once an Englishman’s home was considered to be his castle, the advent of the Internet of Things means that fortress walls can be breached more easily. There are also so many opportunities for the latest technologies to provide value and enhance our lives, but we’re failing to take advantage of them. We will continue in that vein until such time consumers can be convinced that always-connected devices are both safe and worthwhile.”

Leave a comment

Filed under Risk UK News

KPMG acquires certain assets of cyber security firm Qubera Solutions

KPMG LLP (US) and KPMG LLP (UK) have acquired certain assets of Qubera Solutions, a leading privately-held cyber security firm that provides identity and access management services to Fortune 500 and Global 2000 companies.

The transaction strengthens the KPMG network’s security transformation capabilities in several service areas, including Cloud Identity Federation, Identity as a Service (IDaaS), Identity Governance and Identity and Access Management (IAM) solutions implementation.

Additionally, the acquisition of certain assets of Qubera Solutions elevates KPMG LLP (US) to become a top deployment partner for SailPoint, the leader in the 2013 Gartner Identity Governance and Administration Magic Quadrant.

“As threats from cyber criminals grow in scale, so companies are facing a tsunami of new legislative, organisational and regulatory requirements they must meet in order to ensure they’re managing and protecting their critical information appropriately,” said John Veihmeyer, global chairman of KPMG and chairman and CEO of KPMG in the US.

“These threats inevitably force companies to re-examine their potential vulnerabilities and seek counsel from experienced global providers. This is where KPMG’s Identity and Access Management solutions teams fit in, working across a multitude of industries to assist clients in conceptualising, designing, implementing, measuring and improving their information security programs.”

Malcolm Marshall: KPMG's global and UK head of information protection and business resilience

Malcolm Marshall: KPMG’s global and UK head of information protection and business resilience

IAM services have become integral to maintaining sustainable operations across many industries, among them financial services, healthcare and life sciences, technology, telecommunications, energy, consumer and retail as well as higher education.

Qubera’s experienced IAM analysis team and deep relationships with leading industry vendors will complement the KPMG network’s global Information Protection and Business Resilience platform, in turn strengthening the firm’s ability to help clients safeguard valuable information.

Building, delivering and supporting technology services

The Qubera management team has extensive experience of building, delivering and supporting technology services for leading organisations worldwide, while its consultants are among the most highly regarded in their specialities.

In addition, the company’s services portfolio leverages leading technical expertise and strategic partnerships to deliver effective results in the areas of enterprise business solutions, portal and content management and service-oriented architecture.

“We’re excited to join KPMG’s efforts in providing clients with the secure information access solutions that can serve as a foundation for their growth and sustainability,” said Prasad Jayaraman, CEO of Qubera Solutions. “Access to the KPMG network’s deep well of resources and diverse set of advisory capabilities will help bolster our ability to provide clients with an unparalleled level of service.”

Mike Nolan – global partner-in-charge for KPMG’s Risk Consulting Services – added: “The ability to provide leading information protection solutions such as identity and access governance, directory services, cloud governance, authentication and authorisation as well as application security services supports KPMG’s mission to help clients align their risk appetite with ongoing business goals.”

Malcolm Marshall, KPMG’s global and UK head of information protection and business resilience, stated that the deal results in continuous growth in capabilities and resources across the local market.

“Our acquisition of certain assets of Qubera means that KPMG is adding exceptional technology talent in the form of individuals able to address increasing client demand for robust identity and access solutions,” said Marshall. “We can stay on pace in becoming a world-leading cyber security practice.”

*Financial terms of the agreement will not be disclosed

Leave a comment

Filed under Risk UK News

Face of fraud changes as conmen rely on innocence of youth

KPMG’s latest Fraud Barometer states that fraud cases totalling £317 million were recorded in the first half of 2014. The figure represents a 39% drop compared to the same period last year, but the number of frauds has remained constant.

The latest cases also suggest organisations have failed to spot a ‘changing of the guard’ as the profile of fraudsters shifts from rogue senior executives to younger individuals funding extravagant lifestyles.

Analysis of the cases going through British Crown Courts since the start of 2014 shows that frauds committed by those aged 26-35 were valued at just over £62 million – an increase of 285% on the first half of 2013. At the same time, frauds committed by those aged 46 and over fell by 72% to £88 million.

The data shows that one scam, masterminded by two 26 year-olds, revolved around the hijacking of mobile phone accounts. The two individuals began by creating a fake company that purchased lists containing customer details on the pretence of marketing directly to them. They then assigned victims’ phone numbers to SIM cards in their possession by calling the network provider and posing as the account holder.

Having transferred numbers to new SIMs, the fraudsters repeatedly dialled premium rate lines only for the real customer to be billed for any calls made. Bills totalling £2.8 million were amassed, and the crimes only discovered when customers complained that handsets could not make or receive calls.

Another case involved a 30 year-old man who convinced his victims to invest in vintage wine, which they believed would increase in value. More than 400 people were conned into handing over sums ranging from £20,000 to £2 million, yet their funds were used to purchase a Lamborghini and a five-bedroom house with a swimming pool.

Hitesh Patel: UK forensic partner at KPMG

Hitesh Patel: UK forensic partner at KPMG

Hitesh Patel, UK forensic partner at KPMG, commented: “Where once it was the jaded executive who relied on unquestioned seniority and authority to get away with dipping their hands in the till, now it seems we are witnessing a changing of the guard. Today’s fraudster is younger and every bit as much at ease with using technology and data as they are selling promises. They rely on the assumption of the innocence of youth, whereas the reality is that many of these fraudsters are nothing more than a wolf in lamb’s clothing. It’s important for UK organisations to recognise that youth doesn’t always equal innocence, as a confident and tech ‘savvy’ generation comes through, adept at circumnavigating conventional controls and remaining under the radar.”

Values increasing with confidence

The latest figures also show that, for the first six months of 2014, the average case value was £2 million – a fall of 43% compared to that recorded between January and July 2013 (£3.5 million).

On the face of it, this sounds like good news, but history shows that fraudsters tend to start with smaller schemes to test the system, with fraud value then increasing as their confidence grows if they’re not caught.

The latest data shows, for example, that the increase in volume in the £1 million-£10 million bracket was driven by a significant increase in insider fraud, with the number of employee-perpetrated frauds in this value range increasing more than ten-fold.

One Case Study showing the trend for insider activity – and the youthful nature of conmen – revolved around a 24 year-old bank clerk who attached a device to a computer within the branch at which he worked. The device allowed fictional deposits worth £1.1 million to be made into 15 customer accounts, which were then withdrawn by the customers and a colleague – all of whom had been colluding with the ring-leader.

“Super cases are conspicuous by their absence,” continued Patel. “Instead, we are witnessing the rise of comparatively small value crimes as fraudsters try to get away with theft by hoping smaller scale activities can accumulate as they go unnoticed over time. The truth is that these crimes still leave victims in their wake. A business will ignore such occurrences at its peril. Complacency and the ‘It won’t happen to me’ syndrome should not be allowed to creep in to peoples’ mindset as the battle to combat white collar crime goes on.”

If it’s too good to be true, it probably is…

The latest KPMG Fraud Barometer suggests that private investors are the biggest victims of fraud, with 48% of fraud losses resulting from the false promise of a return on investment.

The latest data also highlights a growth in the number of individual investor victims, with losses of £153 million (up from £74 million for the same period last year).

Fraud cases totalling £317 million were recorded in the first half of 2014, according to KPMG’s latest Fraud Barometer

Fraud cases totalling £317 million were recorded in the first half of 2014, according to KPMG’s latest Fraud Barometer

One case involved a crooked financial adviser dubbed the ‘Wolf of Old Hall Street’ who bought a fleet of supercars, invested in a racehorse and sponsored two Premier League football clubs with the proceeds of his con artistry. His scam involved the creation of a bogus investment fund for which he persuaded investors to hand over large cash sums which he simply spent. One victim was so convinced that he parted with £3.7 million, none of which has been recovered.

Patel concluded: “The economy may be improving but the pressure to see a return on investment remains acute. Investors searching for extraordinary returns are likely to remain vulnerable to conmen promising much and delivering little. It’s a sad fact, but the truth remains that if something sounds too good to be true then it probably is.”

Leave a comment

Filed under Uncategorized