“The False Sense of Security – The Illusion of Automated Protection for Business Assets and Threat Environments”

“The False Sense of Security – The Illusion of Automated Protection for Business Assets and Threat Environments”

How many more cases of “successful frauds” have to take place before the IT industry, especially those who produce anti-fraud, security systems and auditing controls are going to admit that their product(s) are NOT a “total solution”?

It is not a guarantee, not will such systems prevent frauds and threats alone. As a matter of point, companies that hard-sell and advertise that their “automated” solutions will truly detour, isolate and segregate potential financial attacks on client’s businesses and targets-of-opportunity are creating a dangerously-proven illusion, which, in turn, companies and agencies believe (or are talked into believing) with statistics and marvelous-looking matrix systems… reports… etc., etc.

In reality, the financial frauds and threats that exist today constantly adapt and are SMARTER, more EFFECTIVE and WILL CIRCUMVENT any automated system that is created.

This is a statement of fact that is supported by the “Billions” of dollars lost to frauds, scams and threats where allegedly “best” automated protection systems were in place.

It is just a matter of time before they were circumvented, compromised, or even “used” to help steal and commit financial frauds and threat penetrations that range from a few thousand dollars, to billions.

From the top-ten banks in the EU alone, to numerous clearing houses throughout Asia, automated systems have provided a false sense of security and have tossed aside common-sense practices of “manual” systems and procedures.

The term “Proactive” means “nothing” to companies that prefer to embrace “Reactive” strategies and have no idea about WHEN the fraud or threat happens how to “mitigate” the effects. Why?

The claim of faster, more “efficient” systems with “techno-babbly” jargon (talk). Bells-and-whistles sales pitches and the constant use of the term “fraud matrixes and libraries” designed to sport frauds and trends “before” they happen.

It is great on paper.

It is a total failure in reality.

Makes for fantastic presentations and statistics which can raise eyebrows, which, in reality are nothing more than trying to predict the weather.

How fast we forget the financial catastrophes that have taken place over the years, especially 2014.

The billions upon billions of dollars lost that was front-page news today, but a short time later celebrity scandals has taken their place.

Who is divorcing who is more important, and yet the “cause” and “methods” of HOW the monies (e.g. assets) were taken becomes moot.

The threats become reality. Monies are lost, peoples’ lives are destroyed. That is the first “fatal” error (as history repeats itself – guaranteed); The inability to take “responsibility” and day “out automated systems failed” is the second “fatal” error; and The third and most deadly “fatal” error is the company’s or agencies manufacturing / developing anti-fraud / detection systems “continue” on the same path, with the same methodology that they can design and build an ultimate system that will “STOP” frauds and financial asset(s) losses (e.g. including, but not limited to losses of classified documents, sensitive correspondence, key internal data, etc.) let alone plain money and negotiable.

That is as logical as building a mouse-trap to catch a tiger.

How many businesses remember October 5th, 2010? Just a few years ago, I asked that question to over thirty major businesses and financial institutions, during lectures and seminars we gave, which should know that date well.

Even two of the companies that had very special interest in that date didn’t remember, or know.

50 BILLION Euros ($61,000,000,000USD at the end of the scam), yes, sixty-one billion dollars was used to (literally as a bet) without the companies’ knowledge, and the person who did it, Jerome Kerviel, was sentenced to three (3) years in prison.

He was also assessed 5.75 Billion dollars in damages.

Who was the target?

French Bank Societe Generale.

Yes, one of the top banks in the EU with the most up-to-date, most sophisticated electronic and automated financial security systems in place.

ALL compromised by ONE person.

The charge Mr. Kerviel pled guilty to was “Computer Abuse”.

Yet, there should have been a number of “companies” that should have been standing there in the defendants’ box along with Mr. Kervil.

The software and hardware providers that sold a “bullet-proof” system that couldn’t be circumvented. That was their “claim”.

They sold an “illusion”.

But then again, is that a case of “buyer beware”?

I would call this logic “An automated Titanic” – Just like the ship that “couldn’t be sunk”, ONE individual circumvented and cut through every, single automated system in place, like a hot knife through butter.

For THREE (3) + years this had been going on, un-noticed.

Think about it for a moment. Every automated system within Bank Societe Generale that cost millions of dollars to PURCHASE and MAINTAIN F-A-I-L-E-D.

Plain and simple.

Now you say, that was several years ago…

How about:

European Central Bank – $25,000,000,000

Banca Monte dei Paschi Siena SpA – $3,700,000,000

Banco Commercial Portugues SA – $2,700,000,000

Cooperative Central Bank – $21,000,000,000

And the list includes over fifty-one (51) EU banks, seventeen (17) North American banks and when it comes to Asian and Eastern European banks, the list is MULTI- BILLION LOSSES.

Just these alone were in 2013 and 2014.

So don’t think a second that things have gotten better.

Threats and frauds are strong – that’s a fact, and they feed on those who believe the illusion that they can be stopped – just like curing a deadly cancer by “wishing it away”.

Where were the common-sense “proactive” MANUAL systems that could have worked “along” with the automated systems to give some credibility and teeth to a truly “proactive” system?

Where was the business planning, strategies and mitigation plans to implement damages WHEN the fraud / threat took place – not “if” it took place?

Most of the banks were “quoted” that the supervisors and staffing were totally caught “off-guard”, and were “totally unaware” of what was going on or what happened… For THREE+ years?!

No, Mr. Kerviel is not the only guilty party here.

Not even close.

We must examine the “extreme gross negligence” of how a financial institution or agency could possibly put so much “faith” into automated protection systems and procedures to have it FAIL so drastically.

Then what of the companies that “sold” the “Titanic-Style” automated auto-fraud / anti-theft software and hardware and their “liability”?

Well, their end user license agreement (EULA) was one defense.

Literally saying they “guarantee nothing” and “all” losses are ultimately the responsibility of the user were defenses “successfully used” in many cases.

There was ONE (1) conviction of a software company.

ONE.

Yet so many involved and truly, collectively were responsible faded and disappeared like smoke in the wind.

It makes NO difference whether it would have been a thousand dollar loss or billions. It is a “repeat” of the SAME mistakes, based upon the SAME “blind faith” and ignorance of companies and agencies that will put that “blind faith” into automated solutions that have been CLEARLY proven can be easily breached, compromised and remain exceptionally vulnerable.

This is the reality, and business / financial history supports it “without question”.

How many more losses have to be incurred that ultimately effects who?

Consumers, businesses of all types, agencies and the like of ALL sizes.

From small proprietorships to mega-corporations / financial institutions, their employees…

The list grows like a tapeworm.

Is there a solution?

Yes, but it is NOT going to “provide a guarantee of ANY kind” to END fraud and security breaches.

It will NOT “guarantee” to stop the fraud or breach WHEN it happens either.

What is DOES do, is “WHEN” the fraud or threat takes place, it can be “mitigated” and quickly controlled reducing the impact.

However, that is another article.

Research Solutions, Inc.,
Dr. Mark D. Lurie, CFE, CTA, CHRE, CFS

<<< Back