Miguel Hernandez y Lopez is a Cyber Security Engineering Manager and member of the Office of the CTO at Check Point Software Technologies. Miguel has over 20 years of experience in the cyber security field. He was a member of the Honeynet Project, an international non-profit organization (501c3) dedicated to the investigation of the most recent computer attacks, and the development of OpenSource security tools to learn about how hackers behave. He is co-author of the Security Compendium ´Cyber Security and Global Information Assurance: Threat Analysis and Response Solutions´ sponsored by the U.S. Air Force Academy, USA (ISBN: 978-1-60566-326-5). Miguel holds a Master of Science of Technology from Universidad de Buenos Aires.
In honor of International Fraud Awareness Week, here at Cyber Talk, we’re joining the global effort to increase insight and education around fraud prevention.
Every year, organizations lose trillions of dollars to fraud, largely because they don’t understand the tactics that fraudsters employ or what kinds of prevention strategies to implement.
In this interview, explore what’s happening in the world of cyber fraud and how you can support more effective fraud-fighting initiatives. Let’s dive in:
What types of business fraud are you seeing at the moment?
There are several types of business fraud trending currently:
1. Cyber fraud. Cyber attacks are on the rise. Cyber criminals are using techniques such as phishing, malware or ransomware to steal sensitive information or disrupt business operations.
2. Internal fraud. This involves fraudulent activity by staff members within a business, including theft, falsification of documents or embezzlement.
3. Invoice fraud. This involves fake invoices being sent to a company in the hope they’ll pay fake charges without noticing.
4. CEO fraud. This is where fraudsters pose as a CEO of a company or another senior executive to trick an employee into transferring funds or sharing sensitive information.
5. Return fraud. This is particularly prevalent in the retail sector, where customers abuse the return policy for financial gain.
6. Payroll fraud. This can occur when employees manipulate the payroll system to receive more compensation than they’re due.
It’s essential for businesses to constantly update their security measures, educate employees about potential scams and implement strong internal controls to prevent fraud.
Fraud is expensive. Could you speak to the cost of fraud for businesses?
Absolutely. The cost of fraud can be substantial for businesses both financially and reputationally.
There are direct financial losses, which could soar into the millions, depending on the scale of the business and the fraud.
There are also investigation and recovery costs. Post-fraud, a business needs to conduct investigations and try to recover lost funds. These processes can be time-consuming and costly.
Beyond that, there are legal costs. Depending on the severity of the fraud, legal costs can be significant. If the company suffered a large loss, it may choose to prosecute the fraudulent party, increasing expenses.
Also, there are regulatory fines. In some cases, especially those involving data breaches, a business may encounter hefty fines from regulatory bodies for failing to protect sensitive information.
Further, a company may experience reputational damage. Although not directly financial, damage to a company’s reputation can result in loss of customers, decreased sales, and a drop in stock prices, all of which indirectly contribute to overall financial loss.
Lastly, after a fraud incident, companies may see increased insurance premiums.
According to the Association of Certified Fraud Examiners Occupational Fraud 2022, in A Report to the Nations, organizations lose approximately five percent of revenue to fraud each year, with the average loss per case totaling more than $1.78 million.
In your opinion, what impact could generative AI have on the future of business fraud? (What impact has it already had, if any?)
Generative AI could play a significant role, both positively and negatively, when it comes to business fraud.
In terms of fraud prevention and detection, AI can process enormous volumes of data, identify patterns, and detect anomalies more quickly and accurately than human analysts. Using sophisticated algorithms and machine learning methodologies, generative AI can identify potential fraudulent activities before they become damaging.
On the other hand, misuse of generative AI could potentially increase sophisticated fraud scenarios.
For example, think about deepfakes, in which generative AI can create hyper-realistic audio, video, or text that’s virtually indistinguishable from real content. Unscrupulous individuals can use these ‘deepfakes’ for scams, to create false identities, or spread disinformation that harms businesses.
While generative AI provides tools and capabilities that businesses can leverage for fraud prevention, generative AI also requires enhancement in security measures to prevent misuse. Aid from regulatory bodies, education, and a solid legal framework will be necessary to ensure that generative AI’s impact remains positive.
What types of technology solutions or tools would you recommend for fraud detection and prevention?
I would recommend cyber security solutions that have gained popularity due to their effectiveness in addressing modern technological challenges. These solutions are considered robust because they focus on enhancing security posture in a dynamic and evolving threat landscape.
For instance, when you are using Check Point to secure your business, you gain accurate prevention against the most advanced attacks through the power of ThreatCloud AI.
ThreatCloud AI, the brain behind all of Check Point’s products, combines the latest AI technologies with big data threat intelligence to prevent the most advanced attacks while reducing false positives, keeping a business safe and productive.
Why are these solutions and strategies considered advantageous for fraud prevention?
In terms of what Check Point offers…
Integrated security architecture. Check Point provides a comprehensive and integrated security architecture. Solutions often include multiple layers of security, covering areas such as firewall, intrusion prevention, antivirus, anti-malware, VPN, and more. Having an integrated approach can simplify management and improve overall security effectiveness.
Threat Intelligence and Research. Check Point invests heavily in threat intelligence and research. The company’s researchers actively analyze emerging threats, vulnerabilities, and attack patterns. This commitment to staying ahead of the threat landscape allows Check Point to provide timely updates and protection against new and evolving cyber threats.
Advanced threat prevention. Check Point is known for its advanced threat prevention capabilities. The solutions include technologies such as sandboxing, threat emulation, and threat extraction to detect and prevent sophisticated threats, including zero-day attacks and advanced persistent threats.
Cloud security. As organizations increasingly move their infrastructure and applications to the cloud, Check Point has expanded its offerings to include robust cloud security solutions. This includes protection for cloud workloads, applications, and data, as well as integration with major cloud service providers.
Network security. Check Point has a long history and a strong reputation in the field of network security. The company’s firewall solutions are widely used for securing network perimeters and enforcing security policies. Check Point’s expertise in network security is valuable for organizations with complex network architectures.
User-friendly management interface. Check Point products often feature user-friendly management interfaces that make it easier for security administrators to configure and monitor security policies. This can be important for organizations that want a solution that is both powerful and accessible for their security teams.
Scalability. Check Point solutions are designed to scale with the growth of an organization. Whether an organization is small or enterprise-level, Check Point’s products can often be tailored to meet the specific needs and scale of the environment.
Is there any other advice that you have for organizations?
I think that user awareness is crucial for fraud prevention – and for the following reasons:
Human factor. Often, human error or ignorance enables fraud. By enhancing user awareness, you help build the first, and sometimes most robust, line of defense against fraud.
Phishing attacks. In an age where cyber threats, like phishing, can lead to significant security risks, users who are aware of these threats aren’t as likely to fall for them as their peers.
Early detection. Aware users can identify suspicious activity, anomalies or changes in systems or transactions which may indicate a potential threat or fraud. They can escalate this early, enabling faster response and mitigation.
Mitigating insider threats. Employees who understand the signs of fraud are better equipped to spot and report possible internal threats.
Regulatory compliance. User awareness helps organizations stay in compliance with regulations that often require user training and awareness as a part of their requirements.
Culture of security. Training users around cyber security awareness creates a culture of security within the organization where every member, not just the IT or security team, has a role in preventing fraud.
In essence, users who are well-informed about fraud risks, ways to identify and respond to fraud, and the potential impact, add a valuable layer of protection for the organization.
For more insights from Miguel Hernandez y Lopez, please see CyberTalk.org’s past coverage. Lastly, to receive timely cyber security insights and cutting-edge analyses, please sign up for the cybertalk.org newsletter.