Kroll: Corporate fraud is almost 100-percent preventable
Corporate fraud and corruption may seem like the stuff of movies, but such threats can be found in your own office. Shocking but real statistics show four out of five companies suffered from corporate fraud in the past three years. One in 10 large companies loses more than $100 million per year to fraud.
New technologies, investors, and overseas expansion opened the door to different forms of fraud, according to the Kroll Global Fraud Report from New York-based Kroll, a risk consulting company. “IT fraud is way up due to Internet use, globalization, and tech-savvy personnel,” says Alan Ebrill, senior managing director, Kroll.
The report is based on a survey by the Economist Intelligence Unit of 900 senior executives worldwide. It focuses on prevention, detection, and response; and offers breakdown and analysis of business sectors and vertical industries. This first annual report presents the collective knowledge of some diligent fraud fighters.
“Our expertise is based on actual cases where we investigate and determine what did happen,” says Ebrill. “Our goal is to give useful information to management so they can mitigate risk that can be controlled.”
Ebrill says nearly 100 percent of the cases are preventable if companies take the time to learn how fraud occurs and take prudent steps to become a less attractive target.
“Fraudsters are not going to spend a lot of time trying to break into a company that is hard to [crack]. It is similar to theft in the home: Just as alarms will deter burglars, certain steps can be taken to prevent corporate fraud.”
Updating applications with security patches from vendors is one easy way, but Ebrill cautions that companies must be sure to update all their systems—including those they do not use.
“One case involved almost 700 machines that were running a particular online service that the company wasn’t even using. The software was known to be extremely risky, but the IT staff knew they weren’t using it, so they didn’t update it.”
Internet use also should be strictly monitored because external devices easily can function as another hard drive. “Ipods, digital cameras, and memory cards are common devices that can plug into a USB port and steal gigabytes of information,” says Ebrill. “Without the right controls in place, engineering data files can be copied.”
In another case, a company found that its Internet connectivity shut down every seven minutes. After investigating, Kroll determined that every seven minutes, a worm took over the system and looked for any new devices that it could infect.
“The company had been in this condition for at least a month,” says Ebrill. “The most frustrating part of fraud is that companies are usually totally unaware of a problem, and therefore, when it happens, they are completely stunned. Most cases involve things people can—and should—fix. It is difficult to tell clients that 100 percent of their pain was preventable.”