Businesses tend to underestimate the risk of fraud they face. And yet, cybercriminals are more active than ever!
• Also read: The number of cyberattacks for ransom is exploding
A March 2022 MNP survey of company executives and owners found that 80% of respondents rated their company’s risk of financial fraud as low or moderate.
Only 20% perceive it as high. These numbers are in stark contrast to reality when we know that on average 5-6% of a company’s annual revenue can be swallowed up by fraud.
Also, one in four people will be hit by this plague sooner or later, twice rather than once, suggesting that even after an initial attack, they failed to take security measures.
find mistakes
Corey Bloom, FCPA, CFE, Partner and Eastern Canada Leader, Investigations and Forensic at MNP, says the situation has only gotten worse with the pandemic.
“Cyber criminals take advantage of the situation when you go through periods of change because it allows them to find vulnerabilities and exploit them. For example, there were a lot of redundancies and therefore certain control processes were no longer applied,” she explains.
Therefore, emergency teleworking introduced has created potential security vulnerabilities. The digital signature also carries the risk of false signatures or contracts signed by the wrong person,” said Simon Gaudreau, CPA Examiner, CFE, Director, Investigations and Forensic Accounting at MNP.
“Acquisitions and everything related to the reorganization of a company are also among the risky changes in terms of cyber security,” he says.
The human factor
Businesses generally believe that fraud can only come from technology. But they’re wrong, says Simon Marchand, CFE, vice president, products and risks at GeoComply. In fact, he emphasizes that the human factor is often neglected, although it tends to dominate.
In other words, employees are often the weak link, either through negligence or ignorance of the risks, or because they are going through a difficult financial time and may be susceptible to corruption attempts orchestrated by scammers.
Even long-standing employees can be a door opener.
In addition, according to the Report to the Nations published by the Association of Certified Fraud Examiners (ACFE) in 2022, especially for SMEs, there is a correlation between the number of years of experience and the risk level of financial losses related to fraud.
“There is no magic recipe for employee surveillance. Instead, we need to raise awareness and establish best practices,” notes Simon Marchand. He adds that setting up a whistleblower phone line is also very effective.
“Two-thirds of internal fraud or risky practices are detected through this type of conduit,” he says.