Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec

Rethinking security policies to combat fraud.

InfoSecurity Europe : 03 April, 2008  (Technical Article)
Tim Best of Logica explains the rise in IT related fraud, how this affects businesses and what can be done about it.
Corporate crime poses a real and substantial threat to the stability of any business. Fraud and theft involving everything from intellectual property to inventory, from cybercrime to corruption, are multi-billion pound problems. All organisations are susceptible and taking the right precautions to prevent crimes is crucial. Risk does not distinguish between geography and size of a company, or between industry and scope. The risk is real, worrisome and ubiquitous.
Some of these fraud violations are down to the increasing sophistication of the criminals perpetrating the attacks but, in many instances, systems are compromised in ways that simply should not be possible. Aside from the damage done to an organisation's brand, an increasingly strict legislative framework in some areas — laws such as Sarbanes-Oxley, UK Fraud Bill — should have left no-one in doubt as to the importance of getting security right.

Yet despite the message being driven home by governments, consumer groups and industry bodies that IT security is paramount; fraud levels this year will continue to rise as we witness a worrying number of serious breaches.

When people think of fraud, they tend to focus on the external threat but the bottom line is that the most dangerous threat comes from within the organisation. Employee-related risk is a moving target. For example, the fragmentation of corporate systems makes it difficult to keep control of confidential data resulting in leakage - an issue exacerbated by the availability of portable storage, such as USB sticks and MP3 players. As new generations of technology offer new ways of working, they also create new security and ultimately fraud headaches.

The single most important factor for any business in exerting tighter controls and reducing the risk of fraud is visibility. For starters, Access rights as a method of internal control is key to any security strategy in preventing fraud. The concept of least-privilege should only allow employees to do what their role requires and no more. We're not advocating a Big Brother state - the goal is to understand and manage the real risks rather than trying to create jobs or undermine the rights of employees. Ultimately reducing the risks associated with their own staff is as much about procedure and policy as it is about technology.

Secondly, organisations need to confirm that only the right individual is accessing the relevant information. Banks in particular are faced with this issue and the rise in fraud has led to a significant and stable increase in the acceptance and deployment of two-factor authentication ((2FA)) methods as banks seek to elevate the real and perceived security of their online services. Protecting their organisation from the financial fallout of fraud is one consideration; success in the lucrative Internet banking arena depends on how safe customers feel when using online banking services and those working outside the enterprise walls also need to have secure access.

Thirdly, non repudiation of documents can and should be addressed through the use of digital signatures, which can also deliver the ability to check that the document has not been altered in any way since being signed. This is essential to preventing various types of fraud including revenue diversion frauds, procurement frauds and payment frauds.

Whilst more and more organisations are recognising that fraud and security issues are not 'grudge spend' but rather an investment, there needs to be a shift in perception that fraud and related security solutions are not simply technology implementations but rather a catalyst for business change and revenue growth.
But technology is not the only problem here. Business tensions underpin the struggle for security. On the one hand, organisations need to reduce fraud, but on the other hand, a competitive sector such as banking requires them to make transactions and company interactions to run smoothly for customers. As the drive for customer convenience continues, the challenges surrounding banking security and the need to compromise the security involved will increase.

Fraud is an ongoing business and security concern - not just ethically but to the bottom line. We will see more innovative ways to commit fraud and security breaches. Enterprises therefore need to match this hunger, innovation and enthusiasm with appropriate rigour in their own security policies and architectures.

LogicaCMG is exhibiting at Infosecurity Europe 2008, Europe's number one dedicated Information security event. Now in its 13th year, the show continues to provide an unrivalled education programme, new products & services, over 300 exhibitors and 11,700 visitors from every segment of the industry. Held on the 22nd - 24th April 2008 in the Grand Hall, Olympia, this is a must attend event for all professionals involved in Information Security.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo