The lockdowns caused by the pandemic forced many businesses to shift their focus online to attract much-needed new revenue. Unfortunately, this shift to online has also attracted the attention of hackers, increasing the risk of exposure to cybercrime.
The rapid and dramatic shift to digital last year meant many organizations didn’t have the time or expertise to put in place proper online security systems and protocols. Cybersecurity risks were further amplified with many employees and suppliers working for the first time on less secure networks at home.
The combination of more online activity and more skillful cybercriminals is a rising threat to organizations, says Enzo Carlucci, the new National Forensic and Investigative Accounting Services Leader at KPMG in Canada.
“The reliance on digital platforms and cloud computing has put more sensitive data within the reach of cybercriminals, who are becoming increasingly more adept at accessing or hacking into ‘secure’ customer databases to steal identities,” he says.
A recent poll by the Association of Certified Fraud Examiners (ACFE) found that incidents of ransomware, identity theft, payment fraud, and other cyber incursions are as prevalent as ever, with 85 per cent of respondents saying they’ve seen an increase since the pandemic.
Online fraud ranges from email scams and phishing (attempts to obtain data by impersonating a person or business) and malware (software that intentionally damages a computer or network) to ransomware attacks (where cybercriminals hold data or digital systems hostage in exchange for money), identity fraud (using another person’s ID) and synthetic identity theft (using both real and fake information to create a new identity).
According to the Canadian Anti-Fraud Centre (CAFC), Canadians lost $107.2 million to fraud in 2020, $62.6 million of which was related to online fraud. That’s up from $103.9 million lost to fraud in 2019, nearly $59 million of which was online. There were more victims of identity fraud last year than any other type of fraud, with 16,970 victims, compared to nearly 6,700 victims of extortion, the CAFC said. The figures could also be significantly higher, as the CAFC estimates that Canadians only report 5 per cent of actual fraud cases.
Online fraud is about more than financial losses. “Falling victim to payment fraud, data theft, or any manner of cyber attack poses threats to an organization’s operations and its reputation,” says Mr. Carlucci.
A KPMG in Canada cybersecurity poll last year showed 90 per cent of Canadians are wary about sharing their personal or financial information with an organization that’s had a cyberattack or data breach and 84 per cent would take their business elsewhere.
More business owners are turning to fraud and cybersecurity specialists to help them adopt best practices and create fraud prevention programs “to try to outmaneuver potential cyber attackers,” says Stéphan Drolet, a Forensic Partner and KPMG’s Business Unit Leader for Advisory in Quebec.
Organizations must thoroughly review their online systems and identify areas where cybercriminals could potentially break through. The reviews should also be ongoing, Mr. Drolet says, to give business owners the comfort longer term that their systems are secure.
They also need to raise awareness with employees and suppliers around how the operation can be impacted by fraud and provide ongoing strategy, training, and resources to ensure everyone knows how to detect and respond to it, he says. Possible red flags include suspicious email, unusual online behaviour, or an attempt to solicit sensitive information.
“Organizations should treat fraud prevention as a living, breathing program,” Mr. Drolet says. “Cyber threats are here to stay, so follow the trends, know the red flags and keep on top of best practices.”
As organizations continue to move online, they must do so in a way that stays one step ahead by investing in the people, technologies, and best-practice strategies that will drive safe and secure digital transactions.
SOURCE KPMG LLP