A Tale of Two Cyber Crimes
The news provides a daily reminder of the prevalence of cybercrime. We are told businesses are under constant attack from a spectrum of bad guys, ranging from lone individuals to criminal syndicates and state sponsored organizations, and in our experiences, we completely agree.
When looking at the data and recent trends we see two distinct crimes emerge: Wire Fraud and Ransomware, each driving about 1/3 of cyber insurance claims. Although the crimes tend to be equal in occurrence, that is where many of the similarities end, especially for the victims.
Victims of Ransomware tend to suffer publicly with the full support of the business infrastructure while victims of wire fraud suffer privately with none.
If you are hit with ransomware the world, or at the very least your customers and vendors, know. Your insurance company shows up with coverage and law enforcement is generally there for you. Ransomware insurance policies explicitly state the bounds of ransom you can pay, and a bevy of advisors appear to help execute the transaction. Law enforcement will answer your phone call, after all, this is a global story and a topic President Biden and Mr. Putin spoke about in their most recent conference. You, or a representative, must even negotiate with those holding you ransom, and they will often trade their exploit and a promise never to attack again as part of any settlement. The typical occurrence reads like a James Bond movie.
In wire fraud, frankly, you are on your own. As a victim of wire fraud, you will quickly realize that support from law enforcement is limited to completing a police report and filing a claim with the FBI Internet Complaint Center. Your insurance coverage is voided or severely limited due to social engineering clauses that exist within cyber and crime policies. Lastly the banks are handcuffed in stopping the crime, because you fully intended to send the money to the bad guys and authorized your bank to do so (sometimes even on a recorded phone call with a banker). Generally, victims are angry not only at the crime and the loss, but by the grinding, fruitless process one must endure with little hope of recovering the wire transfer.
Ryan Castle, Conduit Security’s CEO, predicts we will see a dramatic increase in wire fraud.
“Generally speaking, nearly all of these crimes are driven by financial incentives, not ideological. As a criminal, If you really compare the two crimes, one comes with an enormous amount of heat and pressure from the public and private sector, and the other does not. It is a reasonable expectation that if you shut down an oil pipeline, hospital system, or food processing plant, the full force of the US Government, along with the bet and highest paid private market consultants, will be working on the case. If you steal a million bucks from these same companies using wire fraud, no one cares.”
“When you combine this analysis with the training ground PPP fraud created, it is not a big leap to think many of these new bad actors will turn their sights to wire fraud. For the criminal, it’s an easy crime to commit, you need zero technical training, and you will avoid the radar screen of America’s business infrastructure.”
Combating Wire Fraud
While wire fraud is historically considered a “cybercrime,” preventing wire fraud is approximately 10% IT and 90% accounting and financial controls. Combining training and education with written policies, secure workflows, and banking protections will go a long way towards insulating you from this crime. “What I know,” says Castle, “is that companies are typically unaware and uninterested in this crime until they become a victim. The reality is with minimal effort and the right tools, long term protections are available. It’s why I started Conduit Security, to arm the back office of America’s companies with a practical solution that can both move at the speed of business and secure wire transfers against criminals. The only way to address wire fraud, and protect your revenue, is pre-loss. Conduit solves this by combining the innate strengths of your teammates with our best practices and automated workflows, ensuring a repeatable and scalable solution.”