Sadly, 2018 was yet another difficult year for protecting online businesses against fraud. It cost the economy a whopping $4.2 Trillion, continuing an upward trend. Cyber challenges exist in many forms, some of which an individual or business can control and others over which they have limited, if any, control. Cyber challenges can also be a result of internal or external conditions or both. First and foremost, it is important to consider that technology itself poses a challenge for an individual or business because of its nature of frequent changes and advancements. Therefore, users are not always familiar with the changes and do not recognize the vulnerabilities that can inherently exist until the occurrence of a cybercrime. Some cyber challenges can be controlled through cybersecurity and safeguards such as encryption and two-factor authentication; however, like all aspects of fraud, these security measures are inherently most effective when they are implemented prior to the occurrence of any intrusion.
Phishing is the perfect example of a potential cybercrime that presents challenges. Although this intrusion is the result of an external condition (that is, someone sending an email that is not legitimate), the response to the receipt of that email is the internal condition that affects the ultimate result—providing the perpetrator with sensitive data. Consider an employee receiving a phishing email. If the employee does not recognize that an email is suspicious, he or she may, for example, provide a key password to the intruder. If that occurs, there are two likely scenarios: (a) if the business has weak cyber protection, it may fall victim to the perpetrator; or (b) if the business has two-factor authentication, the perpetrator will not be able to gain access to any business records; this potential cyberattack will be thwarted.
Simply put, two-factor authentication (also known as “2FA”) adds a second level of authentication to an account that requires any type of login. If one only needs to enter a username and a password, that is considered single-factor authentication. A 2FA login requires users to have two types of login credentials before accessing an account. For example, a username and password are required when using Microsoft SharePoint. However, using 2FA, Microsoft has an authenticator app for a martphone. The authenticator app requires users to approve access from the app. Under this 2FA, even if someone obtains a user’s name and password via a phishing email, the user still maintains access control because of the authenticator app.
Although the traditional concepts of the fraud triangle and the red flags of fraud may still be relevant in some context to white-collar crime, the challenges of cybercrime go beyond these parameters. Those who commit cybercrime often are from another country, and they are unknown to the victim. The idea of someone stealing information solely because of personal or business pressure and rationalizing it under the banner of the fraud triangle may not apply in the world of cybercrime. Traditional fraud prevention methods are not going to prevent the attacks on business for competitive intelligence gathering or denial of service. But the stakes could be much higher than the risk of an internal theft. Loss of trade secrets, theft of proprietary information and loss of reputation and goodwill are far greater.
We present to you, our “Top 10 Fraud and Breach Protection Solution Providers - 2019.”