Only You Can Prevent Cybercrimes

Sen. Marco Rubio — the original architect of the Paycheck Protection Program, a part of the multitrillion-dollar CARES Act — tweeted in April that workers at independently owned stores and businesses who “live paycheck to paycheck” are “exactly who the program was meant to protect.” Sen. Ben Cardin said in April that the purpose of the funds was to help small business owners “keep employees on payroll and avoid financial ruin.” That’s what happened in most cases — but not all. The opposing forces of fraud and the fear of fraud act together to suffocate an economy struggling for those relief dollars.

The Small Business Administration’s inspector general just revealed “pervasive” fraud in its economic assistance program. For example, reality star Maurice Fayne has been charged with spending more than $1.5 million from loans for his trucking company on jewelry, a Rolls-Royce and child support payments. In May, Massachusetts businessman David Staveley was charged with claiming dozens of employees on PPP loan applications when he actually had none. 

However, fear of fraud may be creating an incentive for slow and overly cautious approaches, which could inflict even more damage on workers and business owners. The CARES Act provision for midsize companies, called the Main Street Lending Program, has barely taken any action to help. According to an August report in The New Yorker, midsize companies “are a significant source of jobs, employing an estimated 45 million people around the U.S. Yet four months after it was created, the fund of the Main Street Lending Program has barely been touched, even as tens of thousands of businesses have closed and millions of workers have been let go.”

Also Read: IT Governance Framework PDF Best Practices And Guidelines

What can we do? First, engage everyone in the fight. For example, consider the 1947 campaign by the Wartime Advertising Council: “Only you can prevent forest fires.” When the U.S. Park Service sought to combat forest fires and preserve one of the nation’s greatest resources, it did not close down the parks; instead, the Park Service empowered those visiting parks to take the necessary preventative actions. Perhaps this is the kind of empowering message we need to convey to those in corporations, banks and government agencies. People can be empowered to fight risks at the time of the risk.

Second, provide better technology for screening to people in the front-line positions adjudicating assistance — whether under the CARES Act or not. The most interesting aspect of today’s spike in fraud, money laundering and data theft is how cybercrime is growing. Cybercrime today occurs in a global market. Like any market, individuals bring some expertise in the form of a good or a service and seek to trade with others. The “money mule,” for example, works for a “cash-out” operator, who works for fraudsters purchasing stolen identities services from a bulletproof hosting (BPH) operation. The BPH owner brings tremendous tech skills, and the cash-out expert needs only to have the ability to open fraudulent bank accounts. Imagine a darknet job board posting: $3 trillion in U.S. dollars flowing — cybercriminals wanted — no coding required.

Defending against cybercrimes is like protecting the valuables in a home — screen those who enter. Securing the outside with thicker doors and windows as well as a sophisticated alarm system is like deploying a firewall and antivirus software to keep out the unknown. People such as a plumber can still get into your home by knocking on the door. You screen by looking at evidence of identity. Checking for the plumber’s tools and a van with a company logo is part of screening.

Today’s massive spike in fraud on the one hand and the slow pace of loan distribution on the other provides evidence of the inability to successfully combat the massive global marketplace for fraud services. The good news is that we know how to step up defenses.

Also Read: Data Protection Framework: Practical Guidance for Businesses

First, to engage in the fight against cybercrimes, we must screen better. This means screening wider (all customers versus just high-risk customers) and screening deeper (searching larger datasets, to include publicly available information). Thanks to tools enabled with artificial intelligence and machine learning (AI/ML), front-line workers — regardless of their technical skills — can now screen large numbers of people and companies in a fraction of the time. My own company brought GOST to market to enable large-scale screening using behavioral science enabled by AI/ML. Several government agencies and financial institutions already use our technology to combat fraud, money laundering, trafficking and other crimes.

It’s important to understand that these tools should not require extensive technical knowledge. Most successful tools used by risk and compliance professionals should instead rely on a combination of artificial intelligence and human oversight.

Second, we must audit the behaviors of people once they are screened. When you let the plumber into your home, do they go to the sink with the leak? Did someone receive a CARES Act benefit and use the proceeds to purchase a sports car? Technology can also confirm what we know — that almost everyone applying for assistance honestly needs the help.

Many small and medium-sized businesses need immediate assistance to get through the Covid-19 shutdowns. Fraud and fear of additional fraud seem to be slowing down this assistance. We can do better. Most criminals don’t commit crimes when they think they will be caught. Empowering the entire workforce — not just the people who specialize in botnets and malware innovations — with screening and audit technologies should ensure fraud attempts shrink.

Today’s spike means that we haven’t scared them, but the technology exists. Let’s empower the front-line workforce with technology and get the entire team engaged in preventing cybercrime.