With tech-enabled fraud on the rise in Ireland, businesses must carefully assess and manage potential risks, writes Sara McAllister
Ireland is a hub for data storage and technology organisations and, as such, we are at the fore of innovation and transformation.
There is a flipside, however. As this industry grows and technology evolves, so too do risks associated with fraud.
Businesses and organisations in Ireland have become a greater target for fraudulent activity by criminals looking to exploit vast amounts of data created, shared and uploaded every single second.
The challenge now is how best to identify, monitor and manage this risk.
The National Risk Assessment 2023, published by the Irish government earlier this year, points to Ireland being especially vulnerable due to the scale of technological infrastructure developed here.
Its exploitation by bad actors could cause significant disruption.
A rise in the volume of fraudulent attacks carried out in Ireland speaks to the appetite of those looking to exploit weaknesses in infrastructure, industry or organisations.
With this heightened focus on Ireland, business and organisational leaders here may find themselves under pressure to assess, manage and prepare for risks attached to operations, both in-house and outsourced.
Artificial intelligence
As new technologies come on stream, the focus on risk reduction will need to move at a faster pace.
Advances in artificial intelligence (AI) have helped scale businesses via real-time automation, but this technology comes with its own risks. Ultimately, it is a double-edged sword.
On the one hand, AI has been a game-changer in areas like audit and forensics, allowing businesses to deploy ‘needle in a haystack’ algorithms to identify anomalies and exposures. This is one of the reasons we are seeing an improvement in the detection of fraudulent activity.
On the other hand, AI has allowed bad actors to identify new opportunities to carry out fraudulent attacks, penetrating weaknesses in the new and novel AI technology businesses are learning to use.
Hybrid and remote work
Most businesses have introduced remote and hybrid working processes in recent years, and many will continue to review these policies in line with changing business needs.
A key consideration in this context is the risk associated with social engineering threats, which rely on human error and can be much more difficult to detect than other fraud-related risks.
Where employees work remotely, evidence suggests they are less likely to consider the legitimacy of communications they receive by email, for example, and may be more inclined to respond to fraudulent requests that appear to have been sent by colleagues or superiors within their organisation, creating vulnerabilities across entire business networks as a result.
Security training and awareness is the first line of defence against social engineering, yet many organisations fail to sufficiently consider the risks associated with employees working on-site and remotely.
Fraud trends
Several other trends are raising concern for businesses, too, beyond AI and hybrid working.
Synthetic identity theft uses legitimate and fabricated information to exploit vulnerabilities and remains problematic for businesses as it is increasingly difficult to detect.
Account takeover fraud remains prevalent and, as the number of personal online and social media accounts increase, so too do attacks by criminals attempting to gain access to personal data or bank details, often through stolen information.
Crypto currency fraud, albeit less mainstream, also fundamentally exploits technology control weaknesses to attempt to steal coins, such as Binance Smart Chain, Ethereum and Bitcoin.
Necessary risk assessment
The heightened risk landscape is part of a changing cybersecurity picture where digital technology is constantly being attacked and weaknesses are identified and accessed by criminals to exploit data and information for their own gain.
Fraud risk must always be a key factor for consideration when managing shared infrastructure, data breaches, preventing unauthorised access and engaging with third-party providers, among others.
Industry and political stakeholders are acutely aware of the challenges in this space. Without the proper risk assessment, governance and control mechanisms in place, any single attempt at fraud could potentially put a business at the centre of a perfect storm with a highly damaging aftermath.
Sara McAllister is Partner and Head of Business Risk Services at Grant Thornton