One take-home message

In anticipation of the Australian Cyber, Fraud and Risk Summit, I wrote this blog as an introduction to the way we think about insider threat. While I wanted to cover a veritable blizzard of ideas, I decided to try to stick to a single point, one take-home message.

So here it is: if you only do one thing to improve your risk management of fraud, ensure your managers have high integrity and are excellent with people.

The problem with this take-home message is that it is not very sexy. I’m not an advocating a new piece of technology, a two-day training package or three-step way of “revolutionising culture from the board to the floor”. But it is the best single thing to do and the most likely thing that will work.

If you only make one adjustment, make sure your managers are of high integrity and are people-managers...and if they are not, do something about it pronto!

Fraud Prediction

I am drawn to trying to understand why people do things, and, what allows you to influence their behaviour. Prediction and influence. The science of psychology centres around these two ideas. What should we measure; what can we change? This relates directly to insider threat and fraud.

Fraud risk is like an algorithm insofar as there are various factors that need to be understood in combination. There are ‘organisational’ factors, i.e., workplace culture, the behaviour of top management, policies and procedures, the effectiveness of immediate managers and the opportunity to commit fraud. There are ‘individual’ factors, including the personality, values, attitude & situational pressure affecting the individual at risk of perpetrating fraud.

Various analyses of fraudulent behaviour point out that there is a combination of opportunity, organisational and personal factors behind fraud. This interaction allows you to form a rough typology of insider risk. If anything, the rise of the Internet has simply augmented issues of opportunity and scale rather than the fundamental nature of the behaviour.

Three Types of Risk

I use a rough typology to understand risk. To my way of thinking, there are four types of insider risk. The first – and one I won’t cover here – is that of the bad barrel. This is the business where fraud appears to part of the DNA of the place, almost a necessary component of one’s conduct. Enron is one popular example of this type of organisation. The other three types are the ‘benign’ insider, the ‘bad apple’ and the embittered employee.

Now the benign insider is an individual who exposes an organisation to risk without themselves attempting to profit from it. This is the individual who brings the USB stick in from home not knowing it’s infected, who clicks on the link, who uses ‘password’ as their password. This is discussed more in our presentation and is less a focus when it comes to the issue of fraud and creating exposure or opportunity for malignant others to exploit.

The bad apple is someone intrinsically motivated to use deceit for personal gain. These are individuals who, when presented with the opportunity, need very little encouragement to pursue it. They fit with the long research history regarding the criminal personality.

Then there is the embittered employee. This is the individual who feels particularly poorly treated by an organisation and probably a bad manager in particular. They reach a moral tipping point…and tip over. Their sense of poor treatment acts as the catalyst for revenge.

With all three types of insider, the high integrity people manager has the opportunity to prevent and detect behaviour associated with risk.

A Few Good Managers

From a fraud mitigation perspective, managers are in a unique position because they can see the organisational issues, the potential opportunities and the individuals with access to such opportunities.

They have the following advantages:

• A manager can work with HR around developing structured interviews and psychometrics around hiring. This can go some way to hiring staff less likely to be a risk, or, highlighting staff who come with particular talents but who also require a more watchful eye. It also establishes a baseline for behaviour. Psychometrics should tell you what to expect over time, and the alert manager can spot staff acting quite differently to that expectation;

• Managers can establish the working rules and culture of the team or teams under his/her influence. Culture is known as an effective predictor of the number of workplace behaviours including those considered counter-productive;

• A frequent problem behind insider threats is that of the embittered or opportunistic employee rationalising their behaviour. Effective person management can offset this risk by keeping a greater number of staff engaged and creating both rewarding and psychologically safe working environment;

•  Managers can themselves set the example around safety and security related behaviour. In this way they can demonstrate that they “walk the walk”. Doing so acts as a pre-emptive deterrent: if you see the boss consistently watching that the rules are followed it decreases opportunity and increases likelihood of detection and punishment;

• Having high-integrity managers reduces the risk of the managers themselves acting fraudulently;

• High-integrity managers may be more likely to act on seeing other managers or superiors engaging in fraud.

In summary, managers are probably your best form of defence. Good people managers are more able to detect problematic behaviour in employees, model appropriate behaviour in the workplace, monitor workplace controls/processes etc and establish rewarding relationships with staff. In addition, many other means of fraud prevention, including improved policies and procedures, the attitude of top management, workplace culture, appropriate controls and checks are often moderated by managers.

The upcoming conference will see experts from around the county and the world gather to talk through issues of fraud, risk and the cyber-world. Problems will be dissected; solutions generated. The risk with this - as with all such events - is that you come away with great ideas that struggle through implementation.

This is one that can be done now.

Make one adjustment. Make sure your managers are high-integrity people-managers.

Written by: Dr. Tim Doyle

Graduating with a Major in Psychology at the University of Melbourne in 1997, and completing his post graduate Doctorate of Clinical Psychology at Deakin University in 2005. Dr Tim Doyle has established himself within the ranks of the psychology field. Initially establishing a name within the public health service industry, Dr. Tim Doyle transitioned to a private practice.

Dr. Tim Doyle is currently the Principal Psychologist and founder of Proof of Character in East Melbourne, Australia. Dr. Tim Doyle through Proof of Character and the implementation of validated psychology assists businesses select, develop and drive talent. As well as determine not only who is fit for a role or fit for culture, but who is fit for business. 

Read more

The future of AI lies in your hands

I have a bit of a confession to make (and I am probably the only one in my generation to have held out on this) I hadn’t bought a single thing online before producing the Retail Tech Summit.

For research sake, I thought I’d better go on a bit of a virtual shopping spree (very enjoyable project I assigned myself!)

The whole process was impressive – from very relevant product recommendations, to the information provided right up till my once intangible products were magically in my hands.

I have to be honest though, if I hadn’t consciously stopped myself with all these items being suggested to me and maintained self-control, I would have a bit of a hefty credit card debt.

It got me to thinking of all future instances where I may not have such strong will power and will inevitably throw self-deprivation out the window to succumb to what I am sure to think I ‘need’.

This was all daunting enough, until the real reality hit - this was actually tame use of AI. I came across an article on Linked In about the potential of AI to read and interpret human thoughts.

While this may sound very doomsday-ish, there’s no denying this is a very real possibility, as are a plethora of other scenarios I’m sure you’ve got at least one of imprinted in your imagination.

I read the other day that you cannot have advanced technologies in any beneficial way without advanced thinking – this seemed to be the perfect, yet contrasting, example of this article that spun me into a state of shock-horror.

Don’t get me wrong, I am all for AI and the amazing opportunities it presents to transform our lives. What I’m not all for is if technology advances at a pace faster than the human race evolves, where instead of being used responsibly and for the benefit of all, it’s used for power, manipulation and control.

I am sure this has run through everyone’s minds at some point.

The way I see it is we are at a crossroads. We could approach AI with the intention to serve, i.e. developing sophisticated product recommendations because you genuinely think the customer may get joy out of purchasing that product, or to improve their satisfaction from faster delivery of items, to in-store experience. Of course, profit is the end goal and there’s no avoiding that, nor should there be. But if we go the other way and completely disregard the common good, then there’s a good chance it will become very imbalanced, very quickly.

Right now at least, it’s a matter of being conscious in your decision making, rather than being impressionable, but if it reaches the stage where we start to lose that control, that’s when the future begins to look dim.

I for one do not want to live in a world like that. I want AI to take the mundane, slave-like tasks out of the lives of others and free everyone to live in a world where they do what they do for the love of doing it, enabling them to be much more creative beings.

There are of course going to be some who use AI for power, but every individual has the responsibility to look at the intention behind their use of it and make a conscious choice to use it to serve others.

After all, whatever we do to others, we do to ourselves.

Written by: Gracie Fea

Originally from NZ, Gracie worked as a Broadcast Journalist for a few years before moving to London, and then to Sydney, where she fatefully came across conference production and quickly realised it was her dream role. Getting to speak with such passionate and successful people and create an agenda so that people can see themselves in other’s experiences, really spins her wheels.

She has a hunger to hear everyone’s unique story and really thrives from creating a platform for them to share these and help move their industry forward through collaboration.

Read more

Why mental health needs a bigger focus in Australia’s prisons and detention centres

Aboriginal and Torres Strait Islander people are outrageously over represented in Australia’s justice system.

According to the Human Rights Watch Report 2018, Indigenous children and youth are 25 times more likely to end up in the juvenile justice system compared to non-Indigenous youth.

About one quarter of Australia’s prison population is made up of Aboriginal and Torres Strait Islander people. However, Indigenous people only make up three per cent of Australia’s total population.

The Human Rights Watch Report also reports that over half of Australia’s prison population has a disability, which often includes mental health issues.

However, as prisoners don’t have access to Medicare, it’s up the states’ health and justice budgets to accommodate for prisoners’ needs.

Leaders from across Australia will come together to speak at the upcoming National Indigenous Mental Health & Wellbeing Forum in Perth on the 21^st-23^rd February, to share their thoughts on the growing mental health crisis.

Some of the speakers include Ngaree Ah Kit, Assistant Minister for Suicide Prevention, Mental Health and Disabilities and Assistant Minster for Seniors and Youth in the NT, Josie Farrer, Member for Kimberley, Aunty Cheri Yavu-Kama-Harathunian from the Indigenous Wellness Centre, Gerry Georgatos, Suicide Prevention and Prison Reform Researcher and Mervyn Eades from Ngalla Maya.

They will, together with other presenters, share their stories, case studies and practical strategies on how to change the statistics and improve the mental wellbeing of Australia’s Aboriginal and Torres Strait Islander population.

Speakers will also discuss the correlation between mental health issues and imprisonment, and discuss the importance of appropriate support within jails and detention centre as well as post-release.

It’s time to change the statistics, and that starts with everyone taking action.

Written by: Mimmie Wilhemson

Mimmie grew up in Sweden and first came to Australia as a backpacker after high school. After travelling around the country for two years she returned to Europe and pursued a Bachelor’s degree in Journalism in London. But the longing for Australia and the sun became too strong. After having worked for some time in the media industry, Mimmie decided to make a change and swap the news for conferences. She now gets to do what she loves the most, meeting new people and keep learning about cultures and issues while producing conferences on current topics.

Read more

Payment Diversion Fraud - A disturbing new hacking trend hitting corporate Australia

When Sydney business owner, Mr Tony Davies (not his real name), hit the send button on the $175,000 payment to Malaysia in October 2017, he had a bad feeling about the payment. His gut instinct told him something was wrong but he needed the shipment of products urgently to satisfy his customers in Australia.

He had met his Chinese supplier, Mr Jack Sim (not his real name), in person some months previously. Mr Sim was a reputable Chinese building product supplier who manufactured products from his factory in Fujian province. Mr Sim’s office girl, Tammi, dealt with all financial matters involving the company.

In early October 2017, Mr Davies sent his first deposit, for a large order of products, to the Chinese bank account controlled by Mr Sim’s company. The product order was prepared for shipment.

When Mr Davies was preparing to send the final payment of $175,000 he received an urgent notice from Tammi by email not to pay the money into their China bank account as they had some tax issues with the Chinese authorities. She advised him that the money needed to go into their Malaysian account as they wanted to keep the funds offshore whist they sorted out their tax problem.  

Mr Davies expressed his concern to Tammi about sending the funds to Malaysia but was convinced by Tammi that this was the only option. “Sir, we use overseas accounts for many of our international customers, this is normal for China business and Mr Sim has told me to give you this message”, Tammi wrote in her email.

The products needed to be shipped urgently and the only option was for Mr Davies to pay the funds into their Malaysian account or face delays. “Okay Tammi I will make the wire today, thank you”, Mr Davies wrote. “Please send the remittance immediately so we can release the products”, Tammi responded. Mr Davies wired the funds and sent Tammi the remittance but something worried him about sending the funds to Malaysia.

Several days later, Mr Davies received an email from Tammi stating, “Sir, we have not received the funds, please send urgently”. Mr Davies immediately responded saying the funds were already sent to the Malaysian bank account and the remittance was also sent. “Sir, I did not receive any remittance from you and we don’t have a Malaysian bank account”, Tammi replied.

Mr Davies slumped on his desk with shock. “How could this be possible, I will forward you the email again”.  Mr Davies sunk further into shock and despair when he received the real Tammi’s response. “Sir, that’s not my email address, that’s a fake, it’s my signature details but not my email, how could this happen?”.  Mr Davies was gutted. He just became the latest victim in a new crime wave targeting corporate businesses in Australia.

The hackers had entered the email communication between Tammi and Mr Davies and were monitoring every conversation. They cleverly set up an almost identical email addresses of Tammi and used her real email address in the signature. They also set up an almost identical email address of Mr Davies and communicated with Tammi, making excuses why the payment was delayed. Both parties were communicating with the hackers and not each other. The fraud was blatant but clever. The fraudsters knew when to strike and celebrated another big pay day before disappearing offline, never to be seen again.

This new trend of payment diversion fraud has become much more prevalent in Australia during 2017. The hackers are always offshore and work with highly organised fraud groups to perpetrate the frauds in an anonymous online environment. They slip away before any action can be taken. The offshore bank accounts are closed and money withdrawn in cash, before they can be frozen. The evidence trail is cold before law enforcement agencies can even record a complaint. The jurisdiction of the fraudsters is never known so no law enforcement agency will put their hand up to take the complaint let alone investigate the fraud.

So, what can be done to avoid these costly frauds? Firstly, companies need to be made aware of these frauds and have proper countermeasures in place for sending money overseas. Even a simple code word only shared with the genuine supplier could be used by text message to verify payments. Secondly, companies must ensure that their emails and servers are secure. Regular penetration testing can be carried out to check for vulnerabilities. Software security updates should be kept current and email programs should be regularly checked and updated by an IT security professional. Many companies become so busy they forget to patch simple flaws in their system or forget to update their software not knowing that exploits and vulnerabilities have been identified causing online security risks.

These vulnerabilities can be easily identified by foreign based hackers using sophisticated remote access tools to silently gather data about your company’s computer habits, email usage, security software, browser types and operating systems. Many companies who operate in the manufacturing industry don’t place enough emphasis on their computer security until it’s too late. For Mr Davies, it’s a $175,000 lesson learned. Meantime the hackers who got his money are busy perpetrating the next attack.

Written by: Ken Gamble

Ken Gamble is the Executive Chairman of IFW Global, an international cybercrime intelligence firm. 

He is also the current Australian chairman of the International Association of Cybercrime Prevention. 

Professional investigator, corporate security specialist and cyber crime expert with 30 years experience working with multinational corporations.

Read more

Can technology put the elderly at the centre of their care?

Technology and the elderly may seem like a coupling comparable to water and electricity, but new initiatives in the sector are seeing innovation with the consumer in mind.

In a world-first, Silver Chain is piloting ‘holoportation’ to deliver remote consultations. Doctors will be able to appear in real-time as holograms via a holographic computer which is worn as a headset.

 This will eliminate the time-consuming and often exhausting experience for elderly residents of being physically taken to a healthcare facility.

The development of a smart robotic companion, capable of assisting the elderly with everyday tasks, has received a $1 million grant from NSFA. Brown University and American toy manufacturer Hasbro have formed a collaborative partnership to add artificial intelligence capabilities to Hasbro’s Joy for All Companion Pets.

Whilst the robotic cats and dogs provide companionship, they will also be able to help senior citizens with tasks such as finding lost objects, medication reminders or let them know that it’s time to do something.

In another world first, Australian aged care provider IRT Group has partnered with UK Company RDM Autonomous to bring driverless cars to aged care. Testing will take place at the Canberra-based facility this year before moving up to Brisbane.

Pod Zero will be able to safely navigate private roads within IRT and residents will be able to hail the vehicle to travel independently to appointments or social activities.

We can expect to see further innovation in the space given the release of the Technology Roadmap for Aged Care which provides guidance and a framework for integrating technology in aged care which will ensure independence, choice and control for consumers. 

Written by: Claire Dowler

Claire Dowler is a Senior Conference Producer with Akolade. She recently graduated with a double degree: a Bachelor of Journalism and a Bachelor of Media and Communications Studies majoring in International Communication. Claire minored in sarcasm and puns.

A ballroom-dancer who collects salt and pepper shakers and volunteers for animal rescue, you might say Claire has eclectic interests.

Read more

How to Be One of Our Best Speakers – Winning Over the Hearts (and Minds) of Your Audience

Having watched countless presentations ranging from piling and deep foundations to Artificial Intelligence, read volumes of feedback across almost every industry event, and spent countless hours networking and researching, it’s pretty clear what makes the most compelling presentation.

As a rough guestimate, I would have seen around 400 presenters over 22 events.

And regardless of audience feedback, I’m a person with only surface knowledge of the topics we cover, so to be engaged by a speaker from an industry which is pretty foreign to me is a big ask.

***Full disclaimer – the opening remarks are enough pressure to spin me into a shy, nervous panic and make me crumble, and that is only a matter of minutes on stage. So hats off to the rest of you who bear 30 minutes of it, before being put on the spot with impromptu and often demandingly specific questions for another 10.

The thing is, you either have it or you don’t - humour on stage that is. And most of it comes from confidence. However, humour is probably the last thing on your mind when you are standing vulnerably in front of leading executives for 40 minutes convincing them you are worth listening to.

It’s a great icebreaker, but not a necessity. In my humble opinion, listeners want 3 things:

Engagement:

You don’t have to be a stand-up comedian to win over the audience’s hearts with humour.

Whether you were the ’class clown’ or not, if you stand up there with the intention of enjoying yourself and act as though you are having a one-on-one light-hearted conversation with the audience (interlaced with serious, meaningful insights), your authenticity and quirks are bound to shine through and ensure you’re seen in an endearing light. Not only this, your audience will connect with you and remember a lot more of what you say. It’s hard to relax on stage, but if you do, it’s bound to pay off.

I’m hooked as soon as I see someone is passionate about what they do. I want what they have. It’s human nature to want to be excited about something – and it makes you want to hear more to figure out why they’re so enthusiastic about this topic.

It’s incredibly contagious, everyone has the inherent ability, and no one can resist its charm.

Passion aside, do a show of hands, prompt them with questions to discuss with the person next to them, make them feel included.

  

Insight:

It’s kind of an obvious one, but people want golden nuggets. The ‘Aha!’ moments that just click and help all the pieces of the puzzle connect. They want to see themselves in your story and link parts of what you have done, or the mistakes you have made, to their experience to help navigate the next part of their journey. Future thinking, opinion, imagination, anything thought-provoking is absolutely key in being remembered as insightful.

Don’t hold back with sharing your vision, people crave a bit of dreaming big.

But then you also need to balance this with proof.

As great as vision is in winning over your audience, there also need to be cold, hard facts, practicality and measurable past wins to give you credibility.

The old adage ‘the proof is in the pudding’, meaning you can only judge the quality of something after you have tried, used, or experienced it, is very relevant here.

Which leads me to the final factor:

Honesty:

All we want is for you to drop the act that everything has worked out successfully and instead, air the dirty laundry.

We are all human. It’s actually a badge of honour to have failed, and failed fast, these days. To have tried something new and had the ability to look at why it failed, then have the guts to share that with your peers is bigger picture action and collaboration.

It’s refreshing in a world of facades to be brave enough to be transparent and speak openly. As much as you think it will bruise your professional image, these days, that couldn’t be farther from the truth.

Written by: Gracie Fea

Originally from NZ, Gracie worked as a Broadcast Journalist for a few years before moving to London, and then to Sydney, where she fatefully came across conference production and quickly realised it was her dream role. Getting to speak with such passionate and successful people and create an agenda so that people can see themselves in other’s experiences, really spins her wheels.

She has a hunger to hear everyone’s unique story and really thrives from creating a platform for them to share these and help move their industry forward through collaboration.

Read more