Corporate crime poses a real and substantial threat to the stability of any business. Fraud and theft involving everything from intellectual property to inventory, from cybercrime to corruption, are multi-billion pound problems. All organisations are susceptible and taking the right precautions to prevent crimes is crucial. Risk does not distinguish between geography and size of a company, or between industry and scope. The risk is real, worrisome and ubiquitous.
Some of these fraud violations are down to the increasing sophistication of the criminals perpetrating the attacks but, in many instances, systems are compromised in ways that simply should not be possible. Aside from the damage done to an organisation's brand, an increasingly strict legislative framework in some areas - laws such as Sarbanes-Oxley, UK Fraud Bill - should have left no one in doubt as to the importance of getting security right.
Yet despite the message being driven home by governments, consumer groups and industry bodies that IT security is paramount, fraud levels this year will continue to rise as we witness a worrying number of serious breaches.
When people think of fraud, they tend to focus on the external threat, but the bottom line is that the most dangerous threat comes from within the organisation. Employee-related risk is a moving target. For example, the fragmentation of corporate systems makes it difficult to keep control of confidential data resulting in leakage - an issue exacerbated by the availability of portable storage, such as USB sticks and MP3 players. As new generations of technology offer new ways of working, they also create new security and ultimately fraud headaches.
The single most important factor for any business in exerting tighter controls and reducing the risk of fraud is visibility. For starters, access rights as a method of internal control is key to any security strategy in preventing fraud. The concept of least-privilege should only allow employees to do what their role requires and no more. We are not advocating a Big Brother state - the goal is to understand and manage the real risks rather than trying to create jobs or undermine the rights of employees. Ultimately reducing the risks associated with their own staff is as much about procedure and policy as it is about technology.
Secondly, organisations need to confirm that only the right individual is accessing the relevant information. Banks in particular are faced with this issue and the rise in fraud has led to a significant and stable increase in the acceptance and deployment of two-factor authentication methods as banks seek to elevate the real and perceived security of their online services. Protecting their organisation from the financial fallout of fraud is one consideration success in the lucrative internet banking arena depends on how safe customers feel when using online banking services and those working outside the enterprise walls also need to have secure access.
Thirdly, non repudiation of documents can and should be addressed through the use of digital signatures, which can also deliver the ability to check that the document has not been altered in any way since being signed. This is essential to preventing various types of fraud including revenue diversion frauds, procurement frauds and payment frauds.
Although more and more organisations are recognising that fraud and security issues are not "grudge spend" but rather an investment, there needs to be a shift in perception that fraud and related security systems are not simply technology implementations but rather a catalyst for business change and revenue growth.
But technology is not the only problem here. Business tensions underpin the struggle for security. On the one hand, organisations need to reduce fraud, but on the other hand, a competitive sector such as banking requires them to make transactions and company interactions to run smoothly for customers. As the drive for customer convenience continues, the challenges surrounding banking security and the need to compromise the security involved will increase.
Fraud is an ongoing business and security concern - not just ethically but to the bottom line. We will see more innovative ways to commit fraud and security breaches. Enterprises, therefore, need to match this hunger, innovation and enthusiasm with appropriate rigour in their own security policies and architectures.