KPMG Canada report warns that hackers and fraudsters are capitalizing on growth of online channels
The acceleration of the digital transformation over the last year has kept many organizations in business and given a boost to many others.
But the rapid rise in the use of cloud-based solutions and other digital channels has also provided additional opportunities for cybercriminals who are finding new ways to target firms.
A new report from KPMG in Canada shows that online databases is one area that hackers are focusing on, intensifying the risk of identity theft.
Wealth professionals may be storing client data online for the convenience of being able to access information from anywhere, especially with many working from home.
The need for access from multiple locations will have been implemented with security in mind, but the report warns that belief that cloud databases are ‘secure’ may be misguided.
The sudden rush to make systems accessible to remote teams along with access from home networks that may be less secure than office-based systems is likely to mean that security protocols are not at full strength.
"The reliance on digital platforms and cloud computing has put more sensitive data within the reach of cybercriminals, who are becoming increasingly more adept at accessing or hacking into 'secure' customer databases to steal identities," said Enzo Carlucci, the new National Forensic and Investigative Accounting Services Leader at KPMG in Canada.
Reputational risk
The risks are not purely about financial fraud with reputational damage one of the concerns for organizations.
Hackers are using a combination of tactics to benefit from their cybercrimes with identity theft among the most worrying. Synthetic identity theft is also prolific, where fraudsters use both real and fake data to create a new identity.
Stéphan Drolet, a Forensic Partner and KPMG's Business Unit Leader for Advisory in Quebec, says that firms should conduct full reviews of their online systems to identify weaknesses that could allow hackers in.
But this is not a one-off review, with ongoing assessment to make sure systems are secure.
"Organizations should treat fraud prevention as a living, breathing program," Drolet said. "Cyber threats are here to stay, so follow the trends, know the red flags and keep on top of best practices."