The Association of Certified Fraud Examiners is marking International Fraud Awareness Week this week, with more than across the world educating their communities about the threat of fraud and scams and how to stay safe.
The ACFE launched the weeklong event in 2000. It began as National Fraud Awareness Week and became international seven years later. Next year will mark the 25th anniversary.
Last week, the ACFE hosted the ACFE Government Anti-Fraud Summit in Washington, D.C., bringing together experts from inside and outside government to discuss ways to combat fraud.
"In terms of online activity, we always tell people when you put information out into the world, you need to be aware of the fact that you're leaving digital breadcrumbs that people are going to be able to pull together if, in fact, you really are a worthy target," said Morgan Adamski, executive director of United States Cyber Command during a keynote session. "Something to be very cognizant of, and limiting their friend zone in terms of who has access to that information."
She warned of activity by a Chinese government-backed group of hackers. "They are prepositioning in U.S. critical infrastructure so that they can potentially disrupt, degrade and deny those services at a time that they're choosing to create societal panic," said Adamski.
The hackers have been exploiting vulnerabilities in people's home routers as a way to access critical infrastructure and advised attendees to update the software in their routers.
"The key takeaway is that a lot of the cybersecurity we're talking about is a little basic, but when we have technology in all aspects of our lives, it can be a little daunting to think about security and the role that we play in that, and how we have to kind of really stay attuned to it," said Adamski. "Just remember malicious cyber actors are always looking for targets of opportunity. They are hunter gatherers. One piece of revealed information very often leads to a breadcrumb trail of other information, and when we put that together, that can result in compromise."
The federal government often needs to partner with the private sector, noted Joseph Ford, owner and principal of Newman and Ford Associates. He was formerly executive vice president and chief security officer at Bank of the West and spent 30 years with the Federal Bureau of Investigation, including as the FBI's CFO and COO.
"Having sat on both sides, with government and private sector financial services, information sharing and building these collaborative relationships really becomes very, very important, but you have to have something to share," said Ford. "Being able to establish a culture in the private sector that allows you to have that outreach, having working groups of government entities. Think of yourselves as each having a role to play,, whether you're in the audit function, the law enforcement function or the intelligence function. You all have a role to play in collaborating with the private sector. Having those relationships is important, but how do you translate those relationships into something actionable? I think we all struggle with that."
He's seen working groups create information-sharing processes through joint training efforts and joint exercises such as tabletop exercises to help them prepare for a crisis like a cybersecurity or fraud event.
"I actually do a lot of work with cyber tabletop exercises," said Ford. "Inevitably, in every exercise, I add a fraud element because most bad guys that are committing cyber attacks, whether it's a cyberattack on a government agency's payment system, or a cyberattack to get information, there is usually a fraud element involved."