THE TOP REASON SMALL BUSINESSES LOSE $BILLIONS FROM FRAUD EACH YEAR (and are too embarrassed to report it)

If cybercriminals can dupe $100 Million out of a tech giant, what makes you feel safe? In this post we will present an inexpensive control against the most common cyberattack. 

The combination of my backgrounds from economics, auditing and an undergraduate cyber security course made me realize that it is possible to implement a control against forged invoices. It’s quite simple: Make it costly to attack. 

HOW DOES AN ATTACK LOOK LIKE?

Imagine you are responsible to release funds according to invoice details. Suddenly a vendor asks why their payment is overdue. But you already paid it last week, how can this be?  

You come to the chilling realization that you have become a victim of a Business E-mail Compromise.  

Someone had broken into your vendors email without being noticed. Maybe he guessed the vendors password? Depending on security controls, breaking into an email is often low cost. Once inside, the attacker could easily forge an invoice and send it to you. Unfortunately, most funds are lost forever. Some companies are even forced to go out of business after an attack. 

Alternatively, sending a fake invoice without breaking into the email is still possible. This is another attack vector with even lower cost (but might have a lower success rate). 

The psychological pain of being duped isn’t fun, however it’s the magnitude of the amount on these invoices that could cause an honest and hardworking employee to have a tough time. Some needs to see a psychiatrist.  

JUST HOW BIG IS THE PROBLEM?

FBI reported about the increase in Business E-mail Compromise (BAC) and forged invoices in 2018. From 2013 to 2018, over 12 Billion Dollars were reported lost worldwide. 12 Billion USD is an equivalent of 32 brand new Boeing 747 jumbo jets, or 7% of all 747 jets in global operation.

 

CAN IT AFFECT ME PERSONALLY OR MY COMPANY?

Many firms are still unaware of the invoice fraud risk. 

The attack hits individuals and all sizes of companies, from small businesses and even up to the biggest tech giants. A 2019 report from banking trade body UK Finance (page 48), shows average size of the frauds is just about 16 400 £. Only 29% of the stolen funds are recovered, usually being the largest transactions. Small players are thus extra exposed because it could cost more to retrieve the funds than the size of the theft itself. 

And its only getting worse in 2020. Abnormal Security Corporation reported a 200% weekly increase of BEC attacks focused on invoice fraud. 

 

accounting

SO HOW DO WE COUNTER THESE ATTACKS?

The solution is the digitally signed invoice. We increase the cost of an attack and add an auditable trail. 

Our Abendum Triple Entry Accounting system verifies the identity of signers on a shared ledger. This leaves an auditable trail back to the issuer of the invoice. If the attacker needs to authenticate with a physical token (something you have), password (something you know) and biometrics (something you are) it is a very high cost to execute a successful attack. 

Triple Entry Accounting is quick & easy to use and inexpensive. The cost of protection is way lower than expected loss of an attack. It is thus a viable protection mechanism. 

You can’t control your vendors internal control and e-mail password hygiene(routines/rules?), but you can request invoices over a significant amount to be digitally signed. Likewise, you can protect your customers by always signing the invoices you issue. 

Additionally, you also take care of your employees by adding an inexpensive internal control against being duped and the mental hardship that can follow. 

Lastly, your auditor will appreciate it. 

Business Email Compromise and forged invoices are among the biggest cyber threats today, and these attacks are growing fast (2020). They prey on weak internal control not only in your organization, but also in your vendors organization. Protect your employees, company and vendors today by start digitally signing your invoices.  

 

Do you think digitally signed invoices will increase your cyber security? 

Experience the easy process to send and receive secure invoices to yourself or to a colleague with our FREE TRIAL.

 

Torje Vingen Sunde, CCI
MSc in Accounting & Auditing
Abendum AS