Insight

Fraud in the age of cybersecurity

By:
Jack Halstead
insight featured image
The digital revolution, with its promises of efficiency and connectivity, has inadvertently given rise to cyber fraud – an invisible threat that can infiltrate the core of an organisation.
Contents

The business world utilises technology as an integral part of its operations, and increasingly we are seeing more sophisticated criminals emerging to exploit vulnerabilities in our digital systems, putting organisations at risk like never before.

Through Grant Thornton’s experience in both preventative and reactive technology-based frauds, the following cyber frauds have been identified as the most serious threat to Australian organisations, both large and small:

  • Business Email Compromises (BEC): A particularly prevalent cybercrime where criminals target organisations or individual employees, with the aim of deceiving them to release funds or confidential information. BECs can take various forms in organisations, such as payment diversion, posing as an Executive employee, phishing attacks, and M365 compromises. Payment diversion is the most common type of BEC, where attackers send fraudulent invoices to businesses with instructions to transfer money to a Threat Actor account.
  • Ransomware fraud: Often referred to simply as 'ransomware,' is a type of malicious software (malware) that encrypts an organisation’s network, demanding a ransom payment from the victim in exchange for the decryption key. It is a form of cybercrime in which the attackers seek to extort money from individuals or organisations by denying them access to their own data or systems.
  • Phishing Attacks and Scams: In a similar vein to BECs, phishing attacks involve fraudulent emails, websites, or messages that appear legitimate but are designed by attackers to deceive individuals into revealing sensitive information such as login credentials, credit card details, or personal information.

How you can protect your organisation

When it comes to cyber fraud, prevention is better than cure. Organisations must implement a suite of effective and fit for purpose controls for both the organisation’s own controls, and those controls maintained by related third parties to assist. Ensuring the effectiveness of these controls will assist in the prevention of your organisation falling victim to cybercrime. 

Some essential measures include:

  • Implementing engaging and frequent staff education and training on how to identify and respond to BECs, phishing and scam attempts, and ransomware signs;
  • Adopting strong email security protocols for onsite and cloud infrastructure; and
  • Conducting regular audits to assess the design and effectiveness of organisational processes and controls.

What to do if you believe your organisation has been a victim of cybercrime 

If you suspect your organisation has fallen victim to cybercrime, it is critical you take immediate action to minimise the damage and attempt to recover any losses. You should engage an incident response plan, which will include procedures for isolating affected systems, notifying stakeholders, and preserving evidence for investigations. 

We’re here to help

Grant Thornton’s Cyber Defence Centre can assist throughout this process, and help you become aware of the evolving threat landscape, develop effective strategies to mitigate risk, and investigate any active compromises.

Learn more about how our Cyber resilience services can help you
Visit our Cyber resilience page
Learn more about how our Cyber resilience services can help you