Cyber Security News / Leadership & Management Column

Understanding and Mitigating Financial Asset Risk

How is Cybercrime the new Wild West of Theft?

The type and range of risks affecting financial assets are enormous. From the days of Jesse James and Bonnie & Clyde to the North Hollywood shootout (the violent confrontation between two heavily armed and armored bank robbers and officers of the Los Angeles Police Department in February, 1997), banks have always been a target of those after fast cash. When the notorious bank robber Willie Sutton was asked why he robbed banks, his short and direct response was…“Because that’s where the money is!”    

SEC body
 

 

In reality, according to the FBI, the number of bank robberies has declined dramatically, with the average bank robbery today typically only netting around $2,500 in cash.

We mustn’t forget to also mention the long list of charlatans that have splashed across our history. Characters like Charles Ponzi, whose name has become synonymous with a whole range of pyramid schemes, always seem to be on the hunt for unsuspecting or greed-inspired victims. The now infamous multi-billion dollar Ponzi scheme by Bernie Madoff focused on the full range of scammer targets. 

Obviously, the financial industry is particularly wrought with risk to financial assets.  Earlier we mentioned the average take in a bank robbery only being around $2,500, which is a drop in the bucket compared to the virtually risk-free cyber-based expropriation of cash from bank and credit card accounts of businesses of all sizes, as well as from those of unsuspecting individuals. While bank accounts of individuals are covered for fraudulent activity, business bank accounts are not afforded such protection. Many a small business has evaporated overnight due to devastating bank fraud which was committed against them.  

A report issued by Symantec in 2011 opined that cybercrime nets more than the combined sales of marijuana, heroin and cocaine.  The report stated that more than one million people per day were affected by cybercrime at an estimated loss of more than $338 billion annually. One company recently discovered that its IT systems and networks had been penetrated and the associated exfiltration had gone undetected for four and one half years, despite the exemplary cyber safeguards they had deployed.

Insiders, however, are responsible for the vast majority of financial schemes that companies face today. Fraud, embezzlement, collusion, falsification of records, bribery and kick-back schemes have historically always been a part of life far back into history. However, greed is not always at the heart of all financial asset risk. Desperate senior executives sometimes also take extreme chances with a company’s financial assets. Occasionally they succeed, but the majority of the time they do not. Take Fred Smith, Founder & CEO of FedEx: in 1973 he did not have enough money to make the company’s payroll and keep their planes flying. Smith flew to Las Vegas, played Blackjack, and won enough money to cover keeping the company afloat. He wired the winnings back to the home office…and the rest, as they say, is history. In today’s regulatory intense business world, going to Las Vegas and gambling like Smith did with his company’s money would get him thrown in jail.

There is much an enterprise can do to effectively manage risks to their financial assets. Establishing detailed procedural checks and balances are extremely important and necessary process controls. Routine audits, coupled with surprise or unannounced audits, ensure to the greatest extent possible that procedural controls are maintained and aberrant behavior is detected. In addition, managers taking the time to monitor their employee’s attendance, validating time cards, payroll and supplier/vendor audits, expense report audits, rebate and warranty claim reviews, budgetary spending limits, additional authorizations for large budgetary expenditures and conducting detailed due diligence reviews anytime a new supply chain or channel partner is engaged are just a few of the basics necessary to safeguard financial assets. And we can’t forget about intellectual property safeguards and anti-counterfeiting measures to guard future earnings and profitability.

Rest assured, virtually every effort that you take to safeguard your enterprises financial assets will be met with equal or even greater efforts by bad actors to relieve your enterprise of those financial assets. So, as the Latin phrase “Semper Vigilare” translates…you must remain Ever Vigilant.  

 

About the Authors:

 Jerry J. Brennan is the founder and Chief Operating Officer of Security Management Resources (SMR Group), the world’s leading executive search firm exclusively focused in corporate security. Lynn Mattice is Managing Director of Mattice and Associates, a management consultancy focused at the development and alignment of Enterprise Risk Management and Business Intelligence Programs, as well as Intellectual Property Protection and Cybersecurity. 

Did you enjoy this article? Click here to subscribe to Security Magazine. 

Recent Articles by Jerry Brennan

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

September 2014

2014 September

In the September issue of Security Magazine, find out who this year's most influential people are in the security industry are. Also, take a peek at the technology products that ASIS 2014 will be showcasing at the upcoming event. Read about the lessons learned from security at the World Cup, find out why tactical medical training is a must for your enterprise and how Atlanta increased security by sharing surveillance.
Table Of Contents Subscribe

Adopting New Technology

How long do you wait before adopting a new technology?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.  

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+