Virtualization Technology News and Information
Article
RSS
International Fraud Awareness Week 2024 - Cybersecurity Experts Chime In

international-fraud-awareness-week 

International Fraud Awareness Week is being observed November 17-23, 2024. It serves as a crucial initiative aimed at raising awareness about the pervasive issue of fraud that affects individuals, businesses, and governments worldwide. This week-long campaign brings together organizations, government agencies, and individuals to collectively address the challenges posed by fraudulent activities, ranging from financial scams to cybercrimes. The overarching goal is to foster a global community that is well-informed, vigilant, and equipped to identify, prevent, and combat fraudulent practices.

As part of this initiative, industry experts contribute their insights to the ongoing dialogue surrounding fraud prevention. Commentaries from these experts provide valuable perspectives on the evolving nature of fraud, emerging threats, and innovative strategies to safeguard against deceptive practices. The collective expertise of these professionals plays a pivotal role in shaping a comprehensive understanding of the challenges posed by fraud in the contemporary landscape.

In a world increasingly interconnected by technology and global financial systems, the significance of International Fraud Awareness Week cannot be overstated. By fostering collaboration and knowledge-sharing among industry experts, this initiative plays a vital role in fortifying the defenses against fraud and promoting a safer, more secure environment for individuals and organizations alike. As we navigate the complexities of the modern era, the collective efforts during this awareness week underscore the importance of remaining vigilant and proactive in the ongoing battle against fraud.

++

Patrick Harding, Chief Architect at Ping Identity

"As our world becomes increasingly digital, fraud continues to grow at an alarming rate. Companies and individuals risk losing millions and cybercriminals are only becoming more adept. With AI, it's easier than ever for them to create fake identities, send phishing emails, forge identity documents, and even impersonate individuals with tools like voice cloning and deepfakes. In fact, 36% of people have experienced identity fraud, with financial fraud (18%), account takeover (9%), and impersonation (8%) being the most common.

These attacks are becoming harder to detect, even with cybersecurity measures. This International Fraud Awareness Week, both businesses and individuals must stay one step ahead by using robust solutions with built-in prevention, detection, and real-time threat response. By focusing on identity risks and remaining vigilant, we can spot fraud earlier and stop cyber criminals before the damage has already been done."

++

Kaarel Kotkas, Founder & CEO at Veriff

"More than nine-in-ten teens use the internet daily, and they comprise a large part of the online population. While online, they are regularly exposed to fraud - nearly three-quarters (70%) of Gen Z reported encountering fraud at least once in the last 12 months. This International Fraud Awareness Week, we should focus on protecting vulnerable groups like minors from the dangers of online fraud. 

While youngsters may seem extremely tech-savvy, their limited experience often makes them more vulnerable to fraudulent and criminal activity online. They don't always have enough skills to know when they're being scammed, or if the content they are exposed to is AI-generated. 

Some online platforms are taking steps towards self-regulation, and some ongoing regulatory conversations are already starting to pressure businesses and big tech platforms, such as Apple and Meta, to prioritize the protection of minors over engagement growth. Implementing more comprehensive protocols and identity verification tools not just for compliance checks but for actual fraud prevention is critical to ensure that online environments are safe for users of any age. The imperative for online companies is to be proactive in protecting their users, and this is something that many consumers expect already today."

++

Carla Roncato, VP of Identity at WatchGuard

"While external risks such as cyber scams, ransomware, and identity theft are frequently headline news, insider risks can be difficult to detect and equally damaging for organizations.  Insider risks can be intentional, such as data theft or sabotage by disgruntled employees, or unintentional, accidental data leaks or policy violations. 

Employees, contractors, and suppliers with insider access can compromise or bypass information security controls to let in bad actors for profit, exploit privileges in financial and procurement systems to conduct fraud for financial gain and enact (intentional or unintentional) exfiltration of customer data and intellectual property to sell across dark web data marketplaces. 

An insider risk management program could focus on the following areas:  

  • Creating company policy guidelines with clear, established definitions of acceptable use of company resources, data handling, and consequences for violations.
  • Establishing least-privilege, role-based access controls to ensure employees only have the minimum access to least the information necessary for their job functions,
  • Utilizing monitoring and detection capabilities such as user activity monitoring of unusual behavior that could indicate a potential insider threat and behavioral analytics using machine learning to identify patterns that deviate from baselines and norms.
  • Developing an incident response plan with specific steps to take when an insider threat is detected along with the ability to conduct forensic investigations to understand the scope and impact of an incident.
  • Fostering a culture that promotes transparency and trust where employees are comfortable reporting suspicious activities alongside training that provides a clear understanding of the potential consequences of insider fraud and risk activities."

++

Jordan Avnaim, Chief Information Security Officer at Entrust

"Identity fraud is a threat that permeates all sectors, from banking to real estate to healthcare. As businesses continue scaling their digital-first services, secure identity verification is more important than ever to battle escalating cyber threats.

Organizations looking to successfully implement strong identity verification tactics should seek to build fraud prevention into the entire customer lifecycle. By combining biometric checks and document validation, organizations can adopt a layered approach, enabling businesses to dial fraud prevention measures up or down as needed to balance the level of friction with the level of risk an individual poses. 

AI is poised to significantly enhance fraud prevention efforts by utilizing advanced micro-model architectures to detect specific fraud markers more effectively than traditional methods. By automating these processes, businesses can better identify leading threats like document fraud and counter the increasing  sophistication of fraudulent activities."

++

Will LaSala, Field CTO, OneSpan 

"As we observe Fraud Awareness Week, it's crucial to recognize the growing threat to sensitive transactions-such as wire transfers, those involving personal data, or transactions with elevated privileges. With billions lost to online payment fraud last year, cybercriminals continue to exploit weaknesses in the software supporting these transactions. Fraud tactics are also becoming more sophisticated, with AI being increasingly used to carry out highly personalized attacks, including the creation of realistic forged documents. Unfortunately, many countries still lack the necessary security features to detect these types of fraud, making this a global issue that demands urgent attention.

In addition to AI-driven threats, traditional attack methods like account takeover, phishing, and smishing, along with social engineering techniques, continue to pose significant risks. While FIDO2 adoption is a step forward for strengthening authentication and combating fraud, many implementations still struggle with successful real-world applications. Organizations must ensure that attackers cannot bypass FIDO2 by exploiting weaknesses in areas like insecure user workflows or account recovery-or they risk undermining the very security enhancements they are trying to implement. To outpace fraud in 2024 and beyond, we must remain proactive in addressing our threat landscape and implement comprehensive security measures-across logins, transactions, and documents-to better protect against current and emerging risks."

++

Raffael Marty, EVP and General Manager, Cybersecurity, ConnectWise

"Cyberattacks are on the rise. As an example, in 2023, ransomware attacks rose 94% for SMBs compared to the prior year. Threat groups are also expanding their use of malware and fraud related activities, oftentimes by phishing users and impersonating sites that have a good reputation and appear trustworthy. Fraud-related cyberattacks pose a prevalent risk to businesses and individuals, leading to costly and time-consuming consequences.

To combat this growing issue, MSPs can adopt stricter cybersecurity measures such as solid security controls, advanced threat detection, real-time monitoring, and incident response. Additionally, businesses must establish strong baseline security measures and maintain visibility and control over their security practices. This International Fraud Awareness Week is a reminder that MSPs must proactively approach security postures by educating their customers about the top fraud risks while providing the insights they need to stay one step ahead of cybercriminals."

++

Bala Kumar, CPTO at Jumio

"International Fraud Awareness Week arrives at a critical time. With AI tools becoming widely accessible, fraudsters are now leveraging generative AI to create synthetic identities, deepfakes, and advanced fraud tactics that bypass traditional security measures. Legacy tools like multi-factor authentication (MFA) are no longer sufficient; businesses need AI-powered defenses to accurately verify identities and detect digital manipulation. Biometric verification and liveness detection have become essential, allowing businesses to detect and stop sophisticated fraud before it escalates.

This week shares a valuable message about the need for proactive, adaptive fraud prevention. As fraud tactics evolve, businesses must harness the latest technologies to stay secure, using AI to counter AI-enabled threats. Educating consumers on the dangers of digital fraud is also crucial to building a more resilient digital ecosystem. International Fraud Awareness Week serves as a reminder that combating fraud today requires innovative, forward-looking strategies that empower organizations and individuals to navigate the digital landscape securely and with confidence."

++

Randolph Barr, CISO, Cequence Security

"Fraud Awareness Week arrives at a crucial time as retailers and shoppers brace for an increase in cyber threats targeting sensitive data and causing significant disruption. Fraud continues to cost companies, governments, and individuals billions of dollars each year, making proactive security measures more important than ever. 

The combination of reduced staffing and a surge in online activity driven by seasonal sales and promotions creates an ideal environment for cybercriminals to exploit vulnerabilities. Without robust bot and API protection, retailers face the very real risk of substantial financial losses, customer trust erosion, and reputational damage. 

In today's digital-first retail environment, APIs are essential for powering seamless customer experiences, from payment processing and inventory management to personalized shopping journeys. However, these same APIs also present a vulnerable attack surface. If left unsecured, they can become an entry point for fraudsters to infiltrate systems and steal sensitive data. 

Furthermore, the introduction of AI into retail services can expand the attack surface, introducing new vulnerabilities that attackers can exploit. As AI becomes more integrated into retail operations, from personalized shopping experiences to inventory and supply chain management, the risks associated with securing these systems multiply.

Recent data from the Labor Day sales gives us a glimpse of the threats ahead. Cequence observed a staggering 79% increase in blocked bot traffic compared to last year, underscoring the growing sophistication of cybercriminals. This surge highlights the urgent need for retailers to adopt proactive security measures to safeguard not only their websites but also their APIs and overall digital infrastructure."

++

Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity

"Fraud Awareness Week should serve as a stark reminder for businesses and consumers to remain vigilant. Fraud is an ongoing challenge for organisations - as the breadth, quantity and quality of cyber attacks continue to escalate.  For the first time since 2017, there has been a steep rise in infection rates for both business and consumer devices this year. OpenText Cybersecurity Threat Perspective 2024 report observed growth in infection rates in North America, Europe, Africa and Australasia from 2022 to 2023.

As cybercriminals evolve, there are a myriad of techniques available at their disposal, the most effective and pervasive of these are the various flavours of phishing attacks, but these are often just the first stage of a broad scheme designed to rapidly extract funds from a target.  Other key tactics and techniques include business email compromise (BEC) attacks - which in general are the most profitable of all attack types.  BEC attacks continue to grow, and are now even being boosted by the use of deepfake and other AI-powered technologies to greatly increase success rates.

Online marketplaces and e-commerce are of course far from immune to abuse, and attacks against these continue to grow and evolve, including fraudulent listings, payment scams, counterfeit goods, account takeovers and fraudulent chargebacks.

For businesses, the most important approach to defend against these fraudulent attacks is to spread awareness within the organisation, to upskill and empower all workers to identify attacks at the earliest possible stage.  Beyond this, it is critical that inbound communications are thoroughly screened before being presented to users, be they emails, SMS, or even old school postal and fax communications - all of these are open to abuse, and users must increasingly expect to be socially engineered by phone calls, voicemails and even video calls.

For consumers, baseline precautions for all to follow are: keep your systems up to date with the latest patches and OS versions and use unique, secure passwords which have been generated within a password manager. Additionally, when possible, switch to passkey or token-based authentication instead of passwords, and always enable multi-factor authentication!"

##

Published Monday, November 18, 2024 7:36 AM by David Marshall
Filed under: ,
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Calendar
<November 2024>
SuMoTuWeThFrSa
272829303112
3456789
10111213141516
17181920212223
24252627282930
1234567