Survey: Record Number of Organizations Were Victims of Payments Fraud in 2016

Nearly three-quarters of corporate treasury and finance professionals said their companies were victims of payments fraud last year, according to the 2017 Association for Finance Professionals (AFP) Payments Fraud Survey, which generated 547 responses.

This is the highest percentage since the survey debuted in 2005 and comes after a dramatic increase in 2015. Check fraud and business email compromise are both on the rise.

Checks continue to be the most popular method for committing payments fraud. Fully 75% of organizations that were victims of payments fraud in 2016 experienced check fraud – an increase from 71% in 2015. This is a reversal of the declining trend observed in check fraud since 2010.

Highlights of the 2017 AFP Payments Fraud and Control Survey, which was underwritten by J.P. Morgan.

  • 74% of survey respondents said their organizations were victims of business email compromise in 2016 – a 10 percentage point increase from 2015.
  • 70% of organizations have implemented controls to prevent business email compromise.
  • 63% of payments fraud attempts were made by outside individuals.

“Companies that offer mandatory training for all employees, particularly around cybersecurity, and that have a plan to respond to payments fraud, will fare better than those that do not,” says Jim Kaitz, president and chief executive of AFP.

Over 70% of corporate treasury and finance professionals are hesitant about adopting mobile payments at their organizations as they question the security of this payment method.

Nancy McDonnell, managing director at J.P. Morgan, says, “With three-quarters of companies experiencing fraud in 2016, it is important that businesses take preventive measures by educating their employees and implementing the products and processes they need to prepare and protect their assets and data from cyberfraud.”

Four Disruptive Cyber Trends That Could Slow the Bad Actors

Jason Bloomberg, president of industry analyst firm Intellyx, has written in Forbes about four broad trends that reveal transformational aspects of the cybersecurity marketplace after recently attending a huge RSA cybersecurity conference in San Francisco.

Disruption No. 1: Targeting the Links in the Cyber Kill Chain

Vendors are improving their ability to understand how bad actors behave, and can thus take steps to prevent, detect or mitigate their malicious activities, says Bloomberg. This may be the broadest of all the disruptions. Today’s vendors are understanding the ‘Cyber Kill Chain,’ or the steps a skilled, patient hacker will take to achieve his or her nefarious goals.

The product of U.S. Defense contractor, Lockheed Martin, The Cyber Kill Chain contains seven links: reconnaissance, weaponization, delivery, exploitation, installation, establishing command and control, and actions on objectives. Today’s more innovative vendors target one or more of these links, with the goal of preventing, discovering or mitigating the attack, Bloomberg says.

Disruption No. 2: Leveraging AI to Better Understand Human Behavior

One area where vendors are successfully applying Artificial Intelligence, Bloomberg writes, “is to tell the good guys from the bad guys, and furthermore, to tell the good guys from the bots simply by analyzing their behavior.” Insider threats are among the most pernicious. Cybersecurity vendors are identifying, investigating and blocking insider threats by tracking the behavior of users and identifying when that behavior violates policy.

Disruption No. 3: ‘Software-Defined’ Cybersecurity

“Cybersecurity has also joined the Software-Defined Everything (SDX) movement. If we can represent our entire cybersecurity deployment as a software-based model, the reasoning goes, then we have better control, visibility and flexibility,” Bloomberg says in Forbes.

Disruption No. 4: Israel Becomes the Cyber Silicon Valley

The fourth trend is how Israeli cybersecurity startups have come to dominate the innovation in this area. Of the 26 vendors Bloomberg and his colleagues met with at the RSA Conference, they spoke with no less than six Israeli firms. Silicon Valley may still have the edge generally, but Israel is gaining fast in the cyber arena.

Combined with innovations in threat prevention, detection and defense, the long-standing advantage that bad actors have enjoyed may finally be nearing its end.

Study: Technology Pressures in Audit Profession Will Force Major Changes

With constantly evolving technology driving change in the profession, firm leaders anticipate a future that may fundamentally transform the way audits are conducted. According to Thompson Reuters, the most pressing challenges facing the audit profession can be grouped into four main categories: quality, innovation, talent and relevance.

A recently released whitepaper covers how each of these challenges impact today’s audit and how reimagining solutions to these challenges can mean a new future.

The white paper, “Four Keys to the Future of Audit,” says that firms don’t realize that their audits are living in the past. “Many are under the false pretense that since their audits are paperless, they are modernized and future-ready. However, most of these firms don’t take into account that while the medium may have changed, nothing about the audit process itself has changed along with it – thus, the same systematic inefficiencies are still present. Furthermore, auditors continuously fail to use technology to better understand a client and their business, the industry and as a tool to enhance curiosity.”

Technology can be used to improve quality of the audits, the report says. For example, real-time quality dashboards can help the firm monitor quality. Emerging cloud-based audit technologies offer significant improvements in this area and hold “great promise in helping the profession move into the future,” the report says.

Big data and data analytics also offer promise, as auditors can provide insights that were not possible when only samples of data were examined. “However, auditors now have the ability to rise above limited amounts of data and scope out observations,” the report says. “With the ability to have an expanded real-time internal and external view, auditors can now think holistically and promote innovation within their firms.”

Cloud-based audit platforms can help position the firm for the audits of the future. Cognitive computing systems, which use algorithms to drive machine learning, will eventually become capable of anticipating problems and their solutions. “Other industries are much further along than the audit profession, but there is little doubt that cognitive computing has a prominent place in the future of the audit,” the report says. “It’s only a matter of time.”

All of these development will impact the kind of talent recruited into the profession and the skills training that should be made available.

“The audit technology tools that are in the cloud today, that integrate platform and methodology, are very good starting points to move to the future,” the report concludes. “Add cognitive computing and data analytics once they are more fully evolved, and the result could be an audit game-changer.”

LinkedIn Launches Facebook-like Redesign; Facebook Adds Job Search

While LinkedIn has launched a redesign that makes it look more like Facebook, Facebook has added a job search function that’s a lot like LinkedIn.

Both changes came about in the last couple of months. LinkedIn launched what it called a “complete overhaul” of its design in January, and Facebook allowed users to search and apply for jobs in February.

LinkedIn says its redesign was intended to provide a “more intuitive, faster” and more valuable experience. “Our goal is to ensure you can seamlessly access the most relevant professional conversations, content and opportunities whether you’re on our mobile app or on our desktop experience,” the company says. LinkedIn users say it looks and acts more like Facebook now.

LinkedIn is the most-used professional networking and job recruiting social media site, but Facebook’s new feature allows companies to publish a job posting on their page. Facebook users can click an “apply now” button that leads them to a page that is pre-populated with your name and any education or employment history that you’ve agreed to make public. A 1,000-character text box allows for a note, although resumes can’t be uploaded. The information then goes to the company in a Facebook message.

“Businesses and people already use Facebook to fill and find jobs, so we’re rolling out new features that allow job posting and application directly on Facebook,” Facebook vice president Andrew Bosworth said in a statement.

Wired magazine calls LinkedIn’s “blatant cribbing” of Facebook “smart.” In a Jan. 20 article, Wired says, “People know how to use Facebook, but even company co-founder Reid Hoffman once called the old LinkedIn ‘confusing.’ Amy Parnell, the company’s senior director of experience design, was more charitable when she said it had ‘too much noise, too much cognitive load.’ ”

LinkedIn’s cleaner look is easier to digest, thenextweb.com reports. “It’s more Facebook-like, which for a lot of people – especially new members – will mean something more familiar. Anything that gives people a reason to stick around is a win for LinkedIn.”

Survey: Cybersecurity and Infrastructure Management Top Concerns of IT Audit Leaders

Cybersecurity and privacy issues, along with infrastructure management and emerging technologies, rank as the top technology challenges organizations face today, according to a just-released survey report from global consulting firm Protiviti and ISACA, a global business technology professional association for IT audit/assurance, governance, risk and information security professionals. The survey of 1,062 IT audit and internal audit leaders and professionals found that IT audit is also becoming more involved in major technology implementation projects within organizations.

In the survey, respondents were asked to name the top technology or business challenges their organizations face today. The top 10 responses:

  1. IT security and privacy/cybersecurity
  2. Infrastructure management
  3. Emerging technology and infrastructure changes – transformation, innovation, disruption
  4. Resource/staffing/skills challenges
  5. Regulatory compliance
  6. Budgets and controlling costs
  7. Cloud computing/virtualization
  8. Bridging IT and the business
  9. Project management and change management
  10. Third-party/vendor management

Gordon Braun, a managing director with Protiviti and global leader of the firm’s IT audit practice, says other challenges are just as critical, “from resource and skills gaps to ongoing transitions to cloud and virtual networks. Additionally, as more and more organizations rely on third parties to support critical applications and infrastructure, the need to excel at managing vendor relationships has increased dramatically. Many organizations have not sufficiently addressed maturing their vendor management practices, and the resulting business risks can be significant.”

According to the ISACA/Protiviti survey, titled A Global Look at IT Audit Best Practices, in large companies (greater than $5 billion in revenue), 26% of IT audit functions have a significant level of involvement in major technology projects, while 45% have a moderate level of involvement. IT audit is most frequently involved in the post-implementation stages (65%).

“Seeing greater involvement by IT audit in significant technology projects is a positive trend, especially considering the dynamic nature of technology and critical risks related to security and privacy,” says Christos Dimitriadis, chair of ISACA’s board of directors and group director of information security for INTRALOT. “This is also notable because a substantial percentage of IT projects tend to run over budget and behind schedule and fail to achieve the desired objectives. Having IT audit bring a mindset of risk and control to these projects can be highly advantageous.”

In a majority of organizations (55%), the IT audit director regularly attends audit committee meetings. This represents a 6-point jump from the 2015 survey, and reflects a long-term trend in the survey findings since 2012, when less than one in three IT audit directors attended audit committee meetings regularly.

“There’s no question that cybersecurity and emerging technologies are now a regular topic at the board level,” says Braun. “Audit committee members, in particular, are seeking greater assurance around critical IT risks and controls – internal audit and IT audit leaders must be prepared to demonstrate audit coverage of key areas and articulate where the highest risks remain.”

The Protiviti/ISACA study also found that among large companies, 9% conduct an IT audit risk assessment. However, a majority (55%) only do so on an annual or less-frequent basis. Considering the growing risk landscape resulting from cybersecurity threats and emerging technologies, ISACA and Protiviti suggest that more organizations consider an approach that includes continually reviewing the IT risk landscape and adjusting IT audit plans accordingly.

The survey report is available for download at www.isaca.org/2017itauditstudy and www.protiviti.com/ITauditsurvey

The IIA, Crowe Horwath Examine Security Intelligence Centers

Cybersecurity remains a top business priority as cyber incidents and data breaches carry the threat of significant operational and reputational damage for all organizations. A new report from the Internal Audit Foundation (IAF) and Chicago-based Crowe Horwath (FY16 net revenue of $745.2 million) offers a look at the next step in the evolution of cybersecurity strategy by examining the growing use of security operation centers and security intelligence centers.

Next Steps: Beyond Response to Anticipation is based in part on a survey of chief audit executives conducted by The Institute of Internal Auditors’ (IIA) Audit Executive Center and Crowe. The survey found that more than a third of respondents are turning to security operation centers, formal and informal, as part of their cybersecurity strategies.

“It is logical and encouraging that models to address the pervasive and potentially devastating threat of cyberattacks are evolving,” says IIA President and CEO Richard F. Chambers. “The creation of formal security operation centers allows for holistic, proactive approaches to cybersecurity in which all parts of the organization, including the internal audit function, can support the battle against data breaches.”

To conduct the survey, Crowe personnel interviewed information security executives from organizations across the globe. The interviews confirmed a growing number of organizations recognize that “100 percent protection 100 percent of the time” is not achievable. It is then that an organization’s cybersecurity strategies can “shift from a defensive posture to a more offensive and proactive one that focuses on learning about how certain threats operate, how their effects can be limited or mitigated, and how the incident response time (from identification to remediation) can be accelerated,” according to the report.

The report identifies the common terminology, frameworks, metrics and tools used in the security operation centers and examines how these can evolve further into security intelligence centers.

“There is room for internal audit to get more engaged in the evaluation of security operations,” said Raj Chaudhary, Crowe Risk Consulting principal. “Over time, advanced analytics capabilities will allow companies to become more proactive in preventing events that could negatively impact business operations.”

The report is available through the Internal Audit Foundation.

Worldwide Public Cloud Services Spending Forecast to Reach $122.5 Billion in 2017, According to IDC

A new update to the International Data Corporation (IDC) Worldwide Semiannual Public Cloud Services Spending Guide shows that worldwide spending on public cloud services and infrastructure will reach $122.5 billion in 2017, an increase of 24.4% over 2016. Over the 2015-2020 forecast period, overall public cloud spending will experience a 21.5% compound annual growth rate (CAGR) – nearly seven times the rate of overall IT spending growth. By 2020, IDC forecasts public cloud spending will reach $203.4 billion worldwide.

Software as a Service (SaaS) will remain the dominant cloud computing type, capturing nearly two thirds of all public cloud spending in 2017 and roughly 60% in 2020. SaaS spending, which is comprised of applications and system infrastructure software (SIS), will in turn be dominated by applications purchases, which will make up more than half of all public cloud spending throughout the forecast period. However, spending on Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) will grow at much faster rates than SaaS with five-year CAGRs of 30.1% and 32.2%, respectively.

“In 2017, discrete manufacturing, professional services, and banking will lead the pack in global spending on public cloud services as they look for greater scalability, higher performance, and faster access to new technologies,” said Eileen Smith, program director, Customer Insights and Analysis. “Combined, these three industries will account for one third of worldwide public cloud services spending, or $41.2 billion.”

The industries that will see the fastest growth in public cloud spending over the five-year forecast period are professional services (23.9% CAGR), retail (22.8% CAGR), media (22.5% CAGR), and telecommunications (22.1% CAGR). It is worth noting, however, that 18 of the 20 industries included in the Spending Guide will experience five-year CAGRs greater than 20%.

In terms of company size, nearly half of all public cloud spending will come from very large businesses (those with more than 1,000 employees) while medium-sized businesses (100-499 employees) will deliver more than 20% throughout the forecast. Large businesses (500-999 employees) will see the fastest growth with a five-year CAGR of 23.2%. While purchase priorities vary somewhat depending on company size, the leading product categories include customer relationship management (CRM) and enterprise resource management (ERM) applications in addition to server and storage hardware.

On a geographic basis, the United States will be the largest market for public cloud services, generating more than 60% of total worldwide revenues throughout the forecast. Western Europe and Asia/Pacific (excluding Japan)(APeJ) will be the second and third largest regions with 2017 spending levels of $24.1 billion and $9.5 billion, respectively. APeJ and Latin America will experience the fastest spending growth over the forecast period with CAGRs of 28.0% and 26.6%, respectively. However, seven of the eight regions are forecast to experience CAGRs greater than 20% over the next five years with the United States seeing the slowest growth at 19.9%.

“In Western Europe, the public cloud market will grow at a healthy 23.2% CAGR over the forecast period and utilities, insurance, and professional services industries will be the most dynamic market spaces,” said Serena Da Rold, senior research manager, Customer Insights and Analysis. “European companies have been slower in the adoption of cloud when compared to their U.S. counterparts, but now the market is maturing and it is the right time for cloud providers to target and capture the untapped segments.”

“As cloud adoption expands over the next four years, what clouds are and what they can do will evolve dramatically – in several important ways. The cloud will become more distributed (through Internet of Things edge services and multicloud services), more trusted, more intelligent, more industry and workload specialized, and more channel mediated. As the cloud evolves these important new capabilities – what IDC calls ‘Cloud 2.0’ – the use cases for the cloud will dramatically expand,” added Frank Gens, senior vice president and chief analyst at IDC.

The Worldwide Semiannual Public Cloud Services Spending Guide quantifies public cloud computing purchases by cloud type for 20 industries and five company sizes across eight regions and 47 countries. Unlike any other research in the industry, the comprehensive spending guide was designed to help IT decision makers to clearly understand the industry-specific scope and direction of public cloud services spending today and over the next five years.

Deloitte: Pace of Innovation Gives Birth to the Kinetic Enterprise

Deloitte, in its eighth annual technology report, Tech Trends 2017: The Kinetic Enterprise, says companies must sift through the hyperbole surrounding emerging technologies to find solutions offering real potential.

To do so, they should become “kinetic” organizations – “companies with the dexterity and vision required to thrive amid ongoing technology-fueled disruption.”

Tech Trends 2017 examines seven key trends that will likely revolutionize enterprise technology in the next 18 to 24 months. Among the trends discussed are machine intelligence, dark analytics and mixed reality, which is a blend of augmented reality, Internet of Things and virtual reality. The report also covers innovations in analytics, digital and cloud that are transforming the way organizations engage with customers and citizens; and reimagine products, services and business models.

“Kinetic enterprises are fluid and their leaders understand that to remain relevant, they will need to develop a deliberate innovation response to these disruptive forces,” says Bill Briggs, chief technology officer and managing director, Deloitte Consulting LLP. “It’s not about chasing every shiny new object; it’s about translating the raw potential of emerging technology into a focused set of priorities with measurable, tangible business impact.”

According to the report, some of the key trends that will transform the business landscape in 2017 and beyond include:

  • Dark Analytics: Advances in computer vision and pattern recognition allow companies to plumb the recesses of unstructured data, which may include images, audio, video and information residing in the “deep web.” These tools can unlock powerful strategic and operational insights for businesses in the next level of technology-driven enlightenment.
  • Everything-as-a-Service: Services-based ecosystems are becoming increasingly common in business. This model requires open and agile systems, which could provide a business rationale for modernizing legacy core systems. From next-generation ERP to “replatforming” custom back-office applications, everything-as-a-service (XaaS) can help information technology achieve greater efficiencies and lay a foundation for business innovation and growth.
  • Machine Intelligence: Artificial intelligence and machine learning are doing more than providing insights and recommendations. Increasingly they are augmenting and automating more complex, mission-critical tasks. This continuum covers cognitive and predictive analytics, bots and robotics process automation – related but distinct disciplines delivering on the broader promise of machine intelligence.

“This goes beyond the CIOs and IT department. There are factors changing every element of business,” says Briggs. “Machine intelligence, blockchain and other technologies will have huge implications for talent, operations, and for the enterprise as a whole. Developing a strategy for prioritizing investments and harnessing these emerging technologies has become a boardroom directive.”

ISACA Provides Strategies to Combat Emerging Cybercrime Threats

Extortion, dark cloud use and appliance attacks are among the top areas of increased cybercrime activity reported in 2016 and are expected to continue in the coming years, according to a new report from global business technology and information security association ISACA.

Detailed in “Cybercrime: Defending Your Enterprise,” the Internet’s increased convenience and interconnectivity is encouraging enterprises to move more operations to the digital realm, which is also providing more opportunities for cybercriminals.

Common cybercrime methodologies, such as social engineering, continue to be in use. But the adoption of new tactics is occurring as the Internet continues to evolve. The top cybercrime activities are expected to come from:

  • Extortion – Holding enterprise data for ransom
  • Dark cloud use – Leveraging cloud services for cybercrime
  • Appliance attacks – Targeting the increasing surfaces of the Internet of Things.

In addition to highlighting key areas of risk, the report lists several strategies enterprises can utilize to prevent cyberextortion, protect the cloud and stop assaults on devices connected to the Internet.

Juniper Research estimates the cost of global cybercrime will grow to an annual $2.1 trillion by 2019, exceeding other criminal endeavors, such as the drug trade. Based on the growth of online criminal activities, Ernst and Young has declared cybercrime the greatest threat to enterprise survival today.

5 Reasons To Go Paperless This Tax Season

Jesse Wood

Jesse Wood

By: Jesse Wood, CEO of eFileCabinet

Are You Ready To Go Paperless This Tax Season?

As tax season approaches, businesses of all sizes should be reevaluating workflow practices to improve office operations, efficiency and profitability. Electronic document management can create quick wins on an organization’s balance sheet, lower overhead 30% to 40%, and drive profitability and growth during this busy season.

Here are a few reasons why electronic document management will make a difference:

  • Create quick wins on your balance sheet. Electronic document management frees up administrative and productive time spent locating and retrieving documents. For example, a cloud-based document management system can reduce reliance not only on physical hardware and expensive server licensing fees, saving an organization’s office space and IT spending, but it also provides anytime/anywhere access to critical files and documents.
  • Lower key overheads. A well-designed paperless system not only frees up person-hours, it can lower several costs, including stationery expenses and document storage space, and it can even positively influence carbon credit.
  • Drive profitability and growth. The inherent efficiency of a paperless office can be maximized when combined with other productivity tools such as workflow management. Imagine an enterprise where work instructions for every step of a process automatically open when an employee performs the specific step. Secure, paperless offices see significant reductions in cost, turnaround time, risk profile and training periods, and they see better performance on key growth indicators. These growth indicators enable a business to do more with less time and money – another great reason to go paperless.
  • Provide security. Electronic document management and file sharing are the safest way to store and transmit sensitive documents, like tax forms. The security provided through these sophisticated systems protects your customers, your company and your bottom line. It reduces risk from compliance and regulatory requirements (SEC, HIPPA, etc.) and is an easier and safer way of transmitting information than email, FTP and physical document distribution.
  • Produce faster response times. Electronic document management and file sharing allow for faster and more accurate access to information, which not only increases workflow productivity, but also quality perception from customers (the sooner you respond to customers, the more organized you appear and the happier they are).

Jesse Wood is the CEO of Lehi, Utah-based eFileCabinet. Founded in 2001, eFileCabinet began as a tool to digitally store records in accounting firms. Since then, eFileCabinet has developed into a full electronic document management solution designed to help organizations capture, manage and protect their data. www.efilecabinet.com