36
|Cyber Fraud | |Cyber Forensic& Investigation| |Fraud Risk Management| |Cyber Fraud | |Cyber Forensic& Investigation| |Fraud Risk Management| WAR AGAINST CYBER FRAUD. BANKOLE BOLAJI JAMES Cisco Cyber Security Expert: CCSE Certified Ethical Hacker: CEH MCSA,MCSE,MCP,MCITP,MCTS Cisco Certified Network Associate :CCNA Cyber Forensic and Security Expert Email :[email protected]

Cyber Fraud and Risk Management By Bolaji Bankole

Embed Size (px)

Citation preview

Page 1: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

WAR AGAINST CYBER FRAUD.

BANKOLE BOLAJI JAMES Cisco Cyber Security Expert: CCSE

Certified Ethical Hacker: CEH MCSA,MCSE,MCP,MCITP,MCTS

Cisco Certified Network Associate :CCNA Cyber Forensic and Security Expert

Email :[email protected]

Page 2: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

MOTIVATION ------------------------------------ The fact that the existence of cyber attacker’s in the world and the risk and damage they are almost certain cause for any country or organization brings great concerns for organizations and nations.

------------------------------------ The fact that this automatically poses some serious economic and

national security challenges of the 21st century.

------------------------------------ The fact that it is almost impossible for any country or organizations

not to have cyber attackers both from inside or within because of disgruntled employees, thieves and unintentional incidence.

------------------------------------ The fact that it is almost not impossible organizations or nations never

to experience organized attacks from terrorists, hacktivists, nations state and criminal actors.

Page 3: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

ABSTRACT ------------------------------------

Internet crime is crime committed on the Internet, using the Internet and by means of the Internet.

------------------------------------ Computer crime is a general term that embraces such crimes as phishing, credit card frauds, bank robbery, illegal downloading,

industrial espionage, child pornography, kidnapping children via chat rooms, scams, cyber terrorism, creation and/or distribution of viruses, Spam and so on. All such crimes are computer related and facilitated

crimes.

------------------------------------ Major cyber-attacks: By 2025, will a major cyber-attack have caused widespread harm to a nation’s security and capacity to defend itself and its people? (By “widespread harm,” we mean significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars.

------------------------------------

Page 4: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Cyber space ------------------------------------ Cyberspace is "the notional environment in which communication over

computer networks occurs."

------------------------------------ Cyberspace is a domain characterized by the use of electronics and the

electromagnetic spectrum to store, modify, and exchange data via networked systems and associated physical infrastructures

------------------------------------ Cyberspace: the online world of computer networks and the Internet cyberspace in a sentence.

------------------------------------ THE CYBER SPACE IS AN INVETIBLE WAR SPACE/BATTLE SPACE FOR INTERNET USERS, IT IS THE BATTLE FIELD FOR THE SURVIVAL OF THE FITTEST WITH THE

PROBABILITY THAT AN ATTACKER WILL STRIKE IS 1 OR ZERO. - Bolaji Bankole

------------------------------------

Page 5: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Existence of Cybercrime in the world today has made it Imperative to have more Cyber Forensic and Cyber Security Expert as Internet

Business Grow In all nations of the world and within organizations.

INTRODUCTION

The Internet has become so integral to economic and national life that government, business, and individual users are targets for ever-more

Frequent and threatening attacks.

Cybercrime is a fast-growing area of crime. More and more criminals are exploiting the speed, convenience and anonymity of the Internet to

commit a diverse range of criminal activities that know no borders, either physical or virtual, cause serious harm and pose very real threats

to victims worldwide.

Fraud and corruption

Page 6: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

It is an unfortunate truth that fraud exists in every country and in every industry, Fraud and corruption is an ongoing risk for most organizations. Fraud results in financial loss, impairs brand reputation and goodwill, alienates valued customers and suppliers and diminishes market confidence and trust. Increasingly, organizations are taking a proactive approach to prevent fraud and corruption, and mitigate its consequences.

What is Fraud ? a person or thing intended to deceive others, typically by unjustifiably

claiming or being credited with accomplishments or qualities.

Cyber Fraud Refers to any type of deliberate deception for unfair or unlawful gain that occurs online. The most common form is online credit card theft.

Cyberfraud also refers to data break-ins, identity theft, and

cyberbullying, all of which are seriously damaging.

Page 7: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Internet fraud has been an increasing concern for civilians and law-enforcement agencies. Because tracking hackers is difficult and

catching Internet frauds is even more challenging, the best protection is to avoid fraud attempts.

--Bolaji Bankole.

“Businesses must develop policies, employ and empower professional and expert to enforce the business policies as one of the ways to

prevent fraud. Rather than hope to cure its consequences.” --Bolaji Bankole.

Inevitable Facts about Cyber Attack The threat of cyber fraud can seem difficult to combat, as the software used by fraudsters can be extremely complex. However, it is important to remember that most cyber fraud attacks depend heavily on human interactions – fraudsters have long identified that the easiest way to breach an organization’s defenses is to target its people, not its systems.

Crime committed through computers or the internet is more prevalent today than ever before. As our lives become more wireless and everything takes to the cloud, computers have become a criminal's most powerful tool.

Page 8: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Many of us have heard the words virus, spyware, malware, and hacking; but what does it really mean in our everyday life? Consider how much private information you submit, view, or save on your computer on a monthly basis. Criminals can use hacks and codes to break into laptops, personal computers, corporate servers, and wireless devices. Hackers can steal anything from intellectual property from corporations to your personal information right off your computer at home (even if you think you have deleted it). It is most certain that Cyber fraud will happen because the Cyber space is populated with faceless people over an endless and borderless network with different cultural background, people with different intention. Within Organization Fraud risk management should be top priority on agenda of many organizations. It is of great Importance that organizations have Information Security team in house with seasoned experience and hands on skill to combat and respond promptly to attacks and security Incidences.

Page 9: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Types of Fraud Fraud is prevalent within organizations and remains a serious and costly problem for virtually every type of organization in every part of the world. The risks of fraud may only be increasing, as we see growing globalization, more competitive markets, rapid developments in technology, and periods of economic difficulty

COMPUTER AND INTERNET FRAUD

ASSET ISAPPROPRIATION: CASH RECEIPTS

ASSET ISAPPROPRIATION: FRAUDULENT DISBURSEMENTS

ASSET ISAPPROPRIATION: INVENTORY AND OTHER ASSETS

BRIBERY AND CORRUPTION CHECK AND CREDIT CARD

FRAUD CONSUMER FRAUD CONTRACT AND

PROCUREMENT FRAUD FINANCIAL INSTITUTION

FRAUD

FINANCIAL TRANSACTIONS AND FRAUD SCHEMES

FINANCIAL TRANSACTIONS AND FRAUD SCHEMES

FINANCIAL TRANSACTIONS AND FRAUD SCHEMES

FINANCIAL TRANSACTIONS AND FRAUD SCHEMES

HEALTH CARE FRAUD INSURANCE FRAUD THEFT OF INTELLECTUAL

PROPERTY BANKRUPTCY (INSOLVENCY)

FRAUD SECURITIES FRAUD MONEY LAUNDERING TAX FRAUD

Page 10: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Types of Cyber Fraud Social engineering is the method by which fraudsters aim to trick people into breaking normal security procedures. Fraudsters are usually looking for the victim to give up sensitive information, such as bank login details, or for them to enable malicious software to be installed onto their device. They may also trick the victim into carrying out a fraudulent payment themselves. Fraudsters in social engineering cases often have thorough knowledge of the company to enable them to build trust with the victim. They may be aware of regular payments that are due, or of the structure of teams within your company, enabling them to impersonate internal employees.

The most common forms of social engineering for business customers are:

• Invoice fraud • Phishing • Vishing

• Smishing.

Page 11: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Invoice fraud Invoice fraud involves a fraudster posing as someone else to notify you that supplier payment details have changed.They provide alternative payment details in order to defraud you. The fraudster could be claiming to be from your company’s genuine supplier, or even to be a member of your own company. Funds are often quickly transferred so recovering money from fraudulent accounts can be extremely difficult. Invoice fraudsters are often aware of the relationships between companies and their suppliers, and will know the details of when regular payments are due. This knowledge enables them to convincingly pose as suppliers. The fraud may only be discovered when the legitimate supplier follows up on non-payments. Fraudulent letters and emails sent to companies are often well-written, meaning the fraud is difficult to spot without strong operating processes and controls in place.

Page 12: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Email addresses are also easy to spoof, or in the case of malware-infected PCs, criminals can access genuine email addresses. As a result, you could be receiving a message that seems to come from your boss authorizing account detail changes or a payment, but which is actually coming from a fraudster. The process of changing the bank details of someone you are paying should always be treated with caution.

Protecting your business against invoice fraud • Make your staff aware of this threat • Check notifications and invoices received carefully to see if the document looks like a counterfeit • Check that the email address the message comes from does not look odd, such as by ending in ‘.org’ when it should end ‘.com’ • Always call your supplier, using contact details you have on file (not those supplied in the message – that will be the fraudster) to confirm any changes before effecting them. Ensure that you validate the exact bank detail changes you should be making, in full • Consider setting up single points of contact with the companies you pay regularly • Consider adopting dual control procedures for any changes in payment information

Page 13: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

• Use leveraging technology that ensures invoices are matched with purchase orders, flagging any rogue invoices • Regularly conduct audits on your accounts.

Case study A company in the property sector was required to pay their supplier over £102,000 at the end of the month. Not long before the payment was due, they received a message advising of a change of account details. The payment was duly made to the new account as instructed. A week later, the genuine supplier called to ask why they had not received their funds.As a week had passed, there was now only £300 left in the account used by the fraudsters – the rest had been withdrawn and spent. Consequently, the company’s bank were unable to offer any assistance in recovering the funds. Protecting your business against invoice fraud

Invoice fraud can be devastating for a businesses. It is to important that business owners develop, Implement and

enforce a strict business policy towards payment as this will help employees to spot the signs of an attempt whenever a funny change request comes up regarding payment . This should require checking the changes with the company concerned by contacting them directly through existing

contacts, as well as require a manager to check and sign off the changes.”

Page 14: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Phishing Phishing involves a fraudster, posing as a legitimate source, sending emails or letters that aim to trick people into divulging sensitive information or transferring money into other accounts. The emails typically contain a link to a fake website which will request that you enter financial information. Alternatively, emails may contain a form to fill in and return to the sender. Equally, the email may be designed to contain and deliver malware via an attachment or a link. If the link is clicked or the attachment opened, the criminal will be able to gain access to your system The fraudster will attempt to create a sense of trust but also urgency. They may ask you to hang up and call them back, to confirm their identity. Remember that unless both parties have ended the call,it is possible for a fraudster to keep the line open

Page 15: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

from their end, remaining ready to continue their impersonation when they receive the call from you. To ensure that the call has really been terminated, use a different phone to ring back on, wait five minutes before making the call, or call someone else you know before ringing back. If you are going to ring them back, use a number from an official website – not one provided to you by the caller. Caller IDs or numbers on display are relatively easy to change or spoof. Fraudsters have been known to convince people a call is genuine by getting them to cross-check the incoming call number with the official number of the bank.

Smishing Smishing is where a fraudster targets an employee via text, in order to convince them to reveal sensitive financial information, or transfer money into other accounts. As with vishing, details can be spoofed, so it can seem as if the texts are coming from a legitimate source

Page 16: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Protecting your business against phishing, vishing and smishing • Be cautious of how much information you reveal about your company via social media platforms • Do not assume a caller is genuine because they know information about you or your company – fraudsters are skilled in collecting enough information to sound convincing • Do not open emails that you suspect could be spam • Never enter any personal or security information on a site accessed through a link in an email • Never open attachments from senders you are unsure of • Be cautious of callers who attempt to gain information from you – ‘I want to check a payment you made today’, rather than, ‘I want to check a payment for £5,000 you made today in favour of XYZ Limited’. The former may be trying to get you to divulge information that can be used against you later • If you are suspicious, terminate the call

Page 17: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

• When ringing back to verify the contact, use your usual contact number, not one provided in the suspect correspondence • On sites that require you to input sensitive information, look for ‘https’ in the website address – the ‘s’ stands for ‘secure’ • Ensure there is a padlock symbol in the URL address bar – this shows that your connection is secure • Remember that your bank may ask you for some information, but will never ask for your full password or PIN, provide you with details to make a payment, or request that you grant them access to your systems or PC • Familiarize yourself with what your bank will and won’t ask you if they wish to verify payments.

Case study XYZ Limited had recently engaged with a new public relations company, who suggested that XYZ

Limited should present a more public face to their clients. As a result, XYZ Limited put information about their business and their senior people onto their

client facing internet site, including the company structure

Page 18: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

and senior managers’ biographies. The company’s senior management also wrote blogs about their travels and activities within the business.

Shortly afterwards, the accounts team at XYZ Limited started to receive calls from their CEO. The CEO stated that he was travelling in Europe and that the firm had

become involved in litigation with a supplier and, while it was unlikely, an adverse court outcome may require them to make an urgent payment.

The calls continued over a number of days, during which time the CEO provided more information

about himself and expanded on the litigation issue. On around day five, the CEO called again and advised that the verdict had gone against XYZ Limited.

He stated that a late payment to the court would result in an increased fine. Payment details were provided to the accounts team and the payment was made, for

the sum of £250,000.

It was later revealed that the payment was fraudulent – the caller was not the CEO and the information about the CEO and his whereabouts had been

taken from the internet. A few telephone calls cost XYZ Limited £250,000.

Page 19: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Malware ‘Malware’, short for ‘malicious software’, is used by criminals to disrupt computer operations and

access confidential information. Malware can be installed into your computer through clicking a link in an email, opening an attachment to an email,or by

downloading software from a malicious source.

Trojans Trojan programs are a type of malware that enter your computer on the back of other software.

They act as back doors to the computer, granting a fraudster remote access. Once inside your device, a Trojan can give a

stranger access to your personal details by taking screenshots or capturing keystrokes. When logging into online banking websites, an unexpected screen might appear, delaying you or asking you to repeatedly input data. While you are delayed by these, a fraudster could be setting up another payment elsewhere, waiting for you to unwittingly authorize it by inputting your PIN.

Trojans are hard to detect as they remain passive when not in use. Firewalls and anti-virus software help to defend against trojans, but can’t guarantee your protection. You should always be

Page 20: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

cautious of ‘pop-ups’ on your screen requesting that you put your card into the reader, input your PIN, or allow a download.

Ransomware Ransomware enables a fraudster to gain control of your system in order to encrypt your files,

demanding a fee to unlock them. Without the decryption code, it is very unlikely that you will be able to access your files again. Though in many cases, the criminals will

restore files when the ransom is paid, there is no guarantee this will be the case. Hackers have been known to share

stolen private customer information free of charge on the web, in order to punish a company for not paying their proposed

ransom.

Protecting your business against malware Device security

• Keep your firewalls and security software updated • Install the latest updates for your internet browser and operating system • Only download files and software from trustworthy sources

Page 21: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

• Be cautious of emails which ask you to follow a website link or open an attachment • Run regular security scans on your devices • Ensure you keep your important files backed up, stored off your network • If your computer does get infected, disconnect from the network straight away and seek professional assistance.

Online banking • If you have a smart card, never leave it in the reader connected to your computer • If possible, select dual approval for making transactions, using two separate machines for setting up this authorization • Be wary about pop-ups for PIN sentry resets when logging into online banking (your PIN sentry will never need Updating or resetting) • Never remake payments to alternative account details if asked to do so • Never enter your PIN in order to allow a download • Never re-enter your PIN at login or while making a payment

Page 22: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

• If you notice anything unusual on your online banking screens, abandon your banking session and report at once.

Case study A member of staff at an SME opened an email and clicked on a link that contained malware. The malware infected the computer system and encrypted all files so that no access could be gained by members of staff. The criminals contacted the company, giving them 24 hours to pay £2,000 in bit coin to unlock their system. The company had not backed up their files, so was particularly vulnerable. They had no knowledge of bit coin or how to source it, so had to employ a computer consultant at short notice to help them make the payment. Once the bit coin was obtained, the payment was sent to the criminals who then provided them access to their system.

Developing and enforcing backup policy is one good ways to reduce minimize complete lost of data and vital information to malware attack, with frequent backups stored up at securely in a

separate system or place.” --Bolaji Bankole

Page 23: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

“Malware is usually effective because it targets vulnerabilities in systems which have not been

updated. This reveals the critical and essential need of an Antivirus software to be in Installed on all computers systems& devises with Internet acess,

Patch management is also very important as this helps to install latest security updates. --Bolaji Bankole

Network attacks As workforces have become more mobile, employees no longer always work on a single trusted network, making security more difficult Emails are the main communication method for most companies, yet it is often forgotten how unsecure the communications are. An email can be thought of like a postcard – it can be read as it moves across networks. It is therefore important that sensitive information is only sent over encrypted networks. Secure Sockets Layer (SSL) is the standard security technology for establishing an encrypted link between a web server and a browser.

Page 24: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Man-in-the-Middle Attack There are various different types of network attack, but all require the exploitation of an unsecured network. Where the network is not encrypted, an unknown third party may intercept communications that are being sent. In a ‘Man-in-the-Middle Attack’, the attacker intercepts the network and watches the transactions between the two parties. They are then able to steal sensitive information, such as account passwords, banking details, or customer data. A common example of a Man-in-the-Middle Attack is ‘active eavesdropping’. This is when the attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. The attacker must be able to intercept all relevant messages passing between the two victims and inject new ones Distributed Denial of Service Attack Protecting your business against network attacks A Distributed Denial of Service Attack (DDoS attack) is

Page 25: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

when a hacker tries to bombard a website with traffic from multiple sources, causing the site to become overwhelmed and crash. Attackers create a network of infected computers known as botnets by sending and spreading malware through websites, emails and social media. Once the malware has been distributed it allows the hacker to launch an attack remotely, sometimes using a botnet of over a million different users, without their knowledge. There are places on the Dark Web where it is possible buy and sell botnets or individual DDoS attacks. For a small fee, a fraudster can disrupt an organization’s online operations, causing them to lose out on sales and suffer from damage to their reputation.

PROTECTING YOUR BUSINESS AGAINST NETWORK ATTACKS • Use a Virtual Private Network (VPN) for remote access. VPNs add privacy and security to public networks and are used by corporations to protect sensitive data

Page 26: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

• In the absence of a VPN, avoid unknown public Wi-Fi sources and only use trusted secure connections • On sites that require you to input sensitive information, look for ‘https’ at the beginning of the website URL – the ‘s’ stands for ‘secure’ • Ensure there is a padlock symbol in the URL address bar - this shows that your connection is secure • Configure routers to halt more simple attacks by stopping invalid IP addresses • Use intrusion-detection systems (IDS) which can provide some protection against valid protocols being used against you in an attack • Invest in DDoS mitigation appliances which can help to block illegitimate traffic to your website • Consider buying excess bandwidth that can handle spikes in demand. Alternatively, use an outsourced provider where you can buy services on demand, such as burstable circuits that provide more bandwidth when you require it.

Page 27: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

The Impact of cyber fraud attacks Falling victim to a cyber fraud attack can result in major financial losses, while data breaches can severely damage customers’ trust in a company. Fraudsters can easily monetize stolen information

by selling it on online, and the impact of this on businesses’ reputations can be severe.

Individuals have been given increased anonymity as internet and email-based transactions have become the norm in business. Fraud more than ever may cover many different jurisdictions, with victims, beneficiaries and fraudsters potentially located in different countries.

This makes it difficult to investigate fraud and, crucially, very hard to recover funds. For this reason, businesses must look to prevent fraud, rather than hope to cure

its consequences.

Page 28: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Team of Expert Organization needs

Information Security engineer Cyber Forensic and Information Security expert

Network Security Engineer Penetration Tester

Computer forensics investigation Cellular forensics investigator

Computer security investigation Computer crime investigation

Page 29: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Fraud Risk

Risks can come from various sources including uncertainty in financial markets, threats from project failures (at any phase in design,

development, production, or sustainment life-cycles), legal liabilities, credit risk, accidents, natural causes and disasters, deliberate attack

from an adversary, or events of uncertain or unpredictable root-cause.

There are two types of events i.e. negative events can be classified as risks while positive events are classified as opportunities.

The vulnerability that an organization faces from individuals capable of combining all three elements of the fraud triangle is fraud risk.

aud risk can come from sources both internal and external to the organization.

inherent risks.

residual risks.

make residual risks significantly smaller than inherent risks.

Page 30: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Fraud Risk Mitigation Assessment of fraud and economic crime risks of an organization as part of risk management, in teaming with internal audit, and on behalf of shareholders and/or management (governance);

Review of fraud risk management processes and whether the internal controls effectively cover fraud risks;

Implementation support/fraud deterrence (i.e. data analytics, fraud awareness training, etc.).

Investigation Services Corporate fraud investigations on behalf of shareholders, management, lawyers, etc.;

Investigations of allegations related to corruption, asset misappropriation;

Regulatory investigations such as anti-money laundering, US Foreign Corrupt Practices Act (FCPA), UK Bribery Act, competition and antitrust;

Forensic support to internal audit teams (planning and execution).

Page 31: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Forensic Technology Solutions

Identification of sources of digital evidence and capture of forensically-sound images from various sources of data;

Preservation of the captured image or data via enforcement of strict chain of custody rules in order to maintain the evidentiary value and admissibility of evidence in a Court of Law;

Recovery of possible deleted or corrupted data and data fragments;

Analysis and transformation of data into information;

Reporting of facts and opinions about data, including expert witness testimony, wherever required.

Risk Management Risk management is the continuing process to identify, analyze, evaluate, and treat loss exposures and monitor risk control and

financial resources to mitigate the adverse effects of loss.

Enterprise Risk Management, expands the province of risk

management to define risk as anything that can prevent the company from achieving its objectives.

Page 32: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Although accidental losses are unforeseen and unplanned, there are methods which can make events more predictable. The more

predictable an event, the less risk is involved since the occurrence can prevented or mitigated; or, at minimum, expenses can be estimated and budgeted. It is this process to make loss more predictable that is at the

core of insurance programs.

The key to an economical and efficient risk program is control over the risk management functions with assurance that actions performed are

desirable, necessary, and effective to reduce the overall cost of operational risk.

A risk management program is formulated and evaluated around the

cost of risk.

The cost of Risk is comprised of:

Retained Losses - Deductibles, Retention or Exclusions

Net Insurance Proceeds Cost for Loss Control Activities Claim Management Expense

Page 33: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

Administrative Cost to Manage the Program The benefits of a risk program should result in overall savings to the corporate entity when evaluating these components in the aggregate. Any one specific category may show an increase or decrease in cost

when considered individually or by division in a specific time frame.

Risk Control Techniques Avoidance of activities which cause loss. Reduction of the frequency of loss - risk prevention. Reduction of the severity of loss - risk reduction. Contractual transfer of responsibility for loss occurrence.

This a must have for all both as an organization and as nations.(in business) the forecasting and evaluation of financial risks together with

the identification of procedures to avoid or minimize their impact.

Despite the serious risk that fraud presents to business, many organizations still do not have formal systems and procedures in place to prevent, detect and respond to fraud. Yet, most research shows that organizations which actively manage their fraud risk reap benefits in

terms of reducing the negative impact of fraud.

Page 34: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

FRAUD RISK MANAGEMENT PROGRAMME

Conclusion

Opportunities for cyber-attacks are sure to grow in the coming years, with McAfee’s predictions forecasting a vast increase in cyber usage Being stringent about cybersecurity can fall by the wayside when running a business – the return on investment is difficult to quantify, as success lies in the avoidance of

Page 35: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

loss. Ensuring that your company has good cyber hygiene will help to keep you safe from fraudsters. Keep your software updated Investing in up-to-date cyber defense software is imperative to protecting your business from the financial and reputational consequences of cyber fraud. You should also ensure that your internet browsers are updated to the most recent versions. Testing your own controls to Ensure they are operating as appropriate will also enable you to identify system weaknesses before fraudsters get to exploit them. Always ensure that important files are backed up to a removable hard drive disk or to the cloud. Your people are a weakness and a defense raising awareness of fraud within your company is key to its prevention. Ensuring that employees who can authorize payments are aware of potential threats will lessen your chances of a cyber-fraud attack succeeding. It is important to create a culture in your company where Employees are encouraged to report fraud threats, so they do not feel they need to hide a breach they may have been

Page 36: Cyber Fraud and Risk Management  By Bolaji Bankole

|Cyber Fraud | |Cyber Forensic& Investigation|

|Fraud Risk Management|

This document is developed for educational purposes in other to help bring to mind current threats and types of Cyber Fraud and cyber-attack, Proffer ways to mitigate and manage such attacks ,Inspire someone to develop proactive approach to combat cyber fraud with proven solutions and services that protect systems, networks, and mobile devices for business and personal use around the world and create awareness about the risk of neglecting and under estimating cyber-attacks and cyber fraud while this in turn will give everyone the confidence to live and work safely and securely in the digital world.