Cybersecurity more of a threat than Brexit

In a survey by Barclaycard earlier this year, it was discovered that small-to-medium enterprises are more afraid of cybercrime than of Brexit. 

That comes as no surprise, really. At this stage, Brexit is little more than an amorphous fog of political uncertainty, where all we really know is that ‘Brexit means Brexit’ and negotiations appear to be difficult. Cybersecurity and financial fraud, on the other hand, feels like it comes with more tangible consequences that hang over the heads of organisations every single day.  Financial fraud is a constantly changing and growing threat that has clear, concrete and very bad consequences for companies that lack proper protection.  

Some findings, however, call into question the ability (or the willingness) of organisations to take action against the security threats they face.   

Take, for example, the latest UK Business Barometer which cited the need for greater security as the main driver of change in the payments industry for the next 12 months. It makes perfect sense. Global fraud incidents cost an average of £2.6 million and have the ability to destroy a company’s reputation.  There should be no bigger priority than protecting against those threats. 

Fear of cybersecurity breaches seems to be eclipsing any efforts to address them, however, as evidenced by additional findings in the Business Barometer Survey… 

  • 56% of respondents named external cyber fraud as a concern, up from 37% in 2016 
  • 31% cited concern about internal payment fraud, a 138% increase from the previous year 
  • 60% of financial decision makers surveyed admitted that they didn’t even know if they had been impacted by fraud or not 

Think about that for a moment.   

It’s clear that for the most part, organisations are simply not doing enough to secure their payments and data. 

In fairness, there are a variety of reasons to explain this, namely the fact that boards have shown a marked disinterest in getting involved with issues surrounding cybersecurity and financial fraud threats, generally leaving it as an issue for IT, Finance or Audit departments to wrestle with. It’s an unfortunate case of misdirected priorities, especially when Gartner’s Report, which looks at fraud's functional detection and protection architecture, stresses quite the opposite, stating that “one of the biggest assists an organisation can unwittingly provide a fraudster gang is to fail to align and engage across all channels.”    

Additionally, security and potential payment fraud is often overshadowed by other concerns that more directly impact a company’s ability to achieve strategic objectives.  When you add this lack of top-level support to a backdrop that includes a historic lack of funding for such initiatives, it’s not much of a surprise that companies haven’t made much headway in effectively battling cybersecurity and financial fraud threats. 

What companies need to understand, however, is that addressing security challenges and protecting payments is simple to achieve if you address it in the right way. 

‘Well what is the right way?’ I hear you ask.  Is it educating my teams? Tightening our processes? Using more or better technology? The truth is that it’s not an ‘either / or’ situation.  None of these three key elements should be favoured over another. Whether it’s external or internal fraud you’re attempting to keep at bay, it’s about ensuring that every potential loophole is closed and the opportunity to manipulate data is removed. 

By combining the right mix of technology, a stringent process and a culture of diligence, you can instil a much more holistic and proactive approach:  

Pro-active processes:  Identify gaps and areas of weakness. Restrictions need to be built into your payment systems that ensure checks are made at each stage of the payment process. This encourages consistency of control and reduces the likelihood of false payments, helping to quickly identify anomalies before they result in financial losses. 

Pro-active people:  Educate your teams. Your people need the right training to be able to recognise, react to and report on anomalous activity. They need to know when to perform the right checks and how to effectively validate the legitimacy of payments. 

Pro-active technology:  Protect your payments. With the right security solutions, you can automatically defend your payment systems from threats, improve the monitoring of payments, set-up triggers, and develop alerts to suspicious activity. 

Whilst you’re probably well equipped to address processes and people, the technology element can be trickier.  I don’t mean to suggest that small-to-medium enterprises should simply add more security solutions into their technology stack. Some companies already have plenty of software at play – sometimes even too much. What’s needed is the right technology mix. 

Because security vulnerabilities occur at all different points within the network, companies need to make sure that not only are they using all of the right solutions at each point of vulnerability, but that they’re all layered together effectively to provide the highest levels of protection. That means crafting a comprehensive security strategy that takes into account every single detail from perimeter security to multi-factor authentication. This requires real-time transaction monitoring and, in some instances, tying it to monitoring user behaviour. All of this can all be used to proactively detect fraud and stop payments before they leave the building. Waiting for day-end reports, month end reconciliations or annual audits is far too late – at that point, there’s zero chance of recouping the money. 

It’s challenging enough to run a business, but bearing the burden of having to effectively protect against fraud can seem like an impossible task, second only to the horror of having to deal with the aftermath of a financial fraud incident. Technology used smartly, can eliminate those challenges, enabling companies to focus on the core aspects of their business.   

So when it comes to Brexit and financial crime, these two topics are no longer about whether it will hit your organisation, but more likely when.  That means the time to secure your payments is now, and without delay.  

James Richardson, Head of Market Development, Risk & Fraud, Bottomline Technologies 

Image Credit: Den Rise / Shutterstock