One advantage of running a small boutique consultancy is I get to steer the business activity towards subjects I personally find interesting. Over my career, I have always been fascinated with frauds and that is where my focus normally lies. It’s that magic like performance for me that has a very similar feeling to the showmanship of great magicians.When you watch a magic show, almost against freewill you are drawn into a belief. Temporarily logic is suspended and you go with the flow. It starts to feel fun and the magician starts to interact directly with our inner child.Sadly in fraud when this magic show starts to air, peoples lives are ruined. The first recorded instance of financial fraud was around 300BC, a greek merchant named Hegestratos insured his ship and later that year attempted to sink it whilst selling the cargo and pocketing the loaned money. The whole event ended badly as his passengers weren’t as bent as him and he drowned at sea.Now, I can only speculate but I am sure if the risks were similar today, if that one phishing email could result in angry mobs and public drownings, then we would see a decline in cyber crime. But in reality this is far from the truth, in fact I think how we are as a nation in 2016 is supportive of the whole fraud industry. Whilst this sounds a little extreme, the evidence seems to support my views.The Office of National Statistics published findings last year detailing the ever rising numbers of frauds – they were up from the previous years numbers of course, but around this time they decided to grab the bull by the horns and rethink the now 30 year old survey for fraud. Already encompassing the new methods for data collection we now have some more realistic categories, as seen below:Code 101 – Confidence fraud – with lossCode 102 – Attempted confidence Fraud – with no lossCode 103 – Unauthorised access to bank/credit accounts – with lossCode 104 – Unauthorised access to bank/credit accounts – no lossCode 105 – Unauthorised access to personal information – with lossCode 106 – Unauthorised access to personal information – no lossCode 107 – Attempted access to bank/personal informationCode 108 – Computer virusCode 109 – Fraud falling outside the survey’s coverageThe survey now estimates 3.8 Million fraud victims and 2.1 Million Computer misuse victims in the UK. Thats more like it, you can see fraud is alive and healthy and it’s going digital.So back to my original point – We are nurturing fraudsters and hackers. If this simply isn’t true, why are they thriving? What ever we are doing in our little petri-dish of a society we are not drowning these malicious clusters and it seems all the variables are in fact perfect for their growth.Individuals and businesses alike are skipping merrily through the streets as these criminals watch on from the back alleys, carefully focused on their continual technological developments and your wealth. For me this is the forefront of social engineering. It’s so much more than fraud, it’s advanced so much in such a short space of time that the previously unthinkable is now possible. When you combine cyber crime skills with the banter and tactful patter of a fraudster you have forged a key to the city. You are able to bridge the gap. You can step out from dark alleys and mingle with the corporates in the street. I’m not saying we need to chuck that new AV subscription in the bin or cease attempting to try, but we need to look at the whole two competing industries a little bit less subjectively.Security & Crime are intrinsically linked. We need to take our defences for a spin and learn from every method we can about these two fascinating fields. We need to make the changes that will see a decline in these fraud statistics and I really don’t think a new policy or security program is going to cut it.Security Training, IT User education and empowerment, Public awareness! – If we had to vote on a solution these would be mine.
About the Author: Richard De Vere has worked with a wide range of organizations at risk of attack. These include banks and other financial services organizations, multinationals and football clubs. He is the founder of The Antisocial Engineer Ltd.Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.