The convergence of fraud and cyber, now requires a combined, strategic approach to reducing risk and combating crime. In the latest in our thought leadership series, we hear from Gadhia Consultants about their specialist research into how the nation might best approach a streamlined approach to address this.
Authors, Commander Stephen Head (Retd.) and Mike Peckham, Gadhia Consultants.
Today, evidence has shown that fraud is the number one crime type that we will all encounter. We have all received texts, emails and calls from fraudsters and we probably know someone who has been defrauded. It is a problem that has grown through the pandemic as people, alone at home, often on insecure devices have been targeted by criminals. It is a crime that can reach us, and our loved ones, wherever we are, at any time of the day and it is getting worse.
In a recent interview Graeme Biggar, the Director General of the National Economic Crime Centre (NECC), said that we are losing the battle against criminal gangs. Our recent research with the Royal United Services Institute ‘The UK’s Response to Cyber Fraud’ identified both the industrialisation of cyber fraud and ‘silent stealing’ – high volume/low volume theft that goes undetected and unreported. The report goes on to recommend a strategic ‘whole system approach’ to combatting cyber fraud, bringing together the expertise and resource of Government, policing, NGOs and business to turn this overwhelming tide of crime. But the question remains – what specifically can business do?
In our follow up White Paper we identified three practical actions for business to combat cyber fraud. This included changing the narrative about how we combat cyber fraud; reorganising internally to align operations to fight the shifting profile of cyber fraud and, finally to work closer with law enforcement. By doing this we feel we can make a measurable impact in the fight against cyber fraud.
Changing the narrative about fighting cyber fraud means showcasing successes. The media over emphasises criminal activity, whilst underrepresenting business successes. Businesses need to actively look for successful stories in which employees have stopped or prevented a fraud, helped a victim, prosecuted a cyber-criminal or recovered stolen funds. Business and law enforcement must not be shy about harnessing the power of social media to highlight success and share best practice. A simple first step is to connect those involved in fighting cyber fraud by using a consistent social media hashtag #combatcyberfraud which we have identified as a way to help facilitate the sharing and celebration of success and best practice. This new hashtag should become a simple and effective way to connect disparate campaigns and activities; to share best practice; tell and retell success stories and start to change the narrative about how we are winning against cyber criminals.
This new hashtag #combatcyberfraud should become a simple and effective way to connect disparate campaigns and activities; to share best practice; tell and retell success stories and start to change the narrative about how we are winning against cyber criminals.
Cyber fraudsters don’t think in departments, functions or silos. They are organised around a single idea – how can we steal your data and your money. In contrast business is still organised in a series of tribes that can, sometimes, fight each other, more than the common enemy. We encourage and actively support organisations to align existing departments and functions such as cyber security, fraud and financial crime and all those involved in fighting fraud under a single joint ‘Economic Crime’ function with a united leadership, a single strategic vision to protect customers and supported by a consistent and aligned set of measures. Without this alignment organisations run the risk of being perfectly organised to fight yesterday’s battle.
Without this alignment organisations run the risk of being perfectly organised to fight yesterday’s battle.
The NECC estimate that fewer than 20% of incidents of fraud are actually reported, frequently because victims don’t believe that criminals will be caught and prosecuted. As a minimum, we ask businesses to identify and build a relationship with their local law enforcement lead for fraud. By developing effective working relationships during times of stability, it means that these relationships are available for mutual support in times of crisis. BRIM’s recent work with NPCC and the Home Office and establishment of a network of Cyber Resilience Centres (CRCs) are exemplars of how to close the gap between law enforcement and business. As regional Centres across England and Wales, they can understand your needs, provide access to leading edge thinking and current best practice in cyber resilience. We would strongly urge businesses, of all sizes, to become active members of their local CRC.
We would strongly urge businesses, of all sizes, to become active members of their local CRC.
The true face of cyber-crime is not a faceless teenager in a darkened room but a sophisticated organised criminal gang preying on vulnerable people of all ages. We believe it is critical that we educate everyone about the risks of fraud and how to stay safe online, however, the research has clearly shown us how important it is that businesses change how they think about, and organise themselves, to fight cyber-fraud. If you are thinking strategically about how to better fight cyber fraud we would be delighted to share our insights and work with you to make this a practical reality.
Want to know more about Gadhia Consultants?
Gadhia Consultants are an experienced team of cyber security, fraud and financial crime and security professionals that bring expertise to board level education and reviewing, audit and advising on how to better fight economic crime. You can visit their website here.