Fighting fraud in government: emerging threats

Fraud is a constant threat in any organisation, be it private or public i.e. government and public sector (GPS) organisations. GPSs need to be vigilant and proactive in fighting economic crime. Traditionally fraud suffered by GPSs has comprised of: asset misappropriation, accounting fraud, and bribery and corruption.

A PwC global survey published in 2012 highlighted new types of frauds are emerging, in particular, cybercrime. With growing usage of new technologies, the probability for GPSs to suffer a cybercrime threat is only going to increase. In this changing environment GPSs have to remain alert to the real dangers of cybercrimes’ fraudulent attacks. The solution resides in marrying the right detection and prevention tools to eliminate the “old and new” fraudulent patterns.

Cybercrimes are usually hard to detect and investigate. There is a general lack of understanding regarding cybercrime. This environment provides fraudsters an opportunity to exploit any weaknesses in GPSs’ control framework.

The challenge with cybercrimes is that perpetrators are usually “virtual”.  Fraudulent acts or third parties penetration can be committed in and from any jurisdiction. This renders identification not only difficult but bringing those perpetrators to justice even tougher.

Detection and prevention tools

GPSs usually manage and hold sensitive information, say on the population. Those personal records are potential gold-mines for fraudsters. Thus data should be maintained in a safe and secured environment. 

The trouble with cybercrime fraud lies in its fast-pace coupled with new sources of risks that continue to originate. The key resides in the effectiveness, and flexibility of the detection and preventive tools. Their timeliness to spot, track, risk-assess, and deal with an incident as soon as it is detected is critical. So GPSs’ resources and detection capabilities have to be strengthened to spot and investigate cybercrimes. In some instances external assistance can be of support to supplement these efforts. 

GPSs should regularly plan and conduct penetration testing exercises to assess their respective control framework robustness to withstand a cyber-attack. Those preventive measures can help GPSs to strengthen their risk management protocols.

The combined effects of all those initiatives will lower the incidence of negative headlines, management time, and potential collateral damage an economic crime usually entails. GPSs’ investment in fraud detection and prevention measures must therefore continue despite budget constraints. 

GPSs’ leaders should be fully conversant both with the risks and opportunities surrounding cyber threat. The ultimate responsibility to create a “cyber-aware” culture rests with GPSs’ leaders. To deliver on this, people with relevant skills and experiences should be supporting them.

GPSs’ leaders should raise internal awareness on matters regarding potential cyber attacks. Any steps initiated from that perspective will bridge not only confidence levels but concurrently any knowledge gaps between the public, the employee/civil servants, and GPSs leaders.

Government should also regularly review its legislative framework to close any potential loopholes. Law enforcement bodies here have a crucial role to play to translate the legal intent into enforceable legal actions. To that end there is scope for GPSs to open those support opportunities to outside players.

Tone at the top

There is a general misconception that the overall responsibility for managing cybercrime risks lies with the Chief Information Officer of an organisation, parastatal or Ministry. Like for any anti-fraud programme, GPSs’ leaders should ultimately take ownership and accountability. It is therefore important that cybercrime features as a discussion point in meetings. This will further enhance and consolidate GPSs corporate governance framework.

It is essential that GPSs’ leaders accept more responsibility to managing and mitigating cybercrime risks, and set an appropriate tone at the top. Leadership by a management team that nurtures a cyber risk-aware culture is essential to ensure that all departments are aligned in a common fight against fraud.

The success of government and public sector organisations will not only be safeguarded but sustained trust will be achieved in today’s ever- increasing digitised environment.