In recognition of National Cybersecurity Awareness Month, our recent webinar provided an overview of the current threat landscape, highlighted emerging risks, and explored innovative strategies to enhance cyber and fraud prevention efforts, with an emphasis on innovative compliance e-learning.
Our expert panellists included Katharine Leaman of Leaman Crellin, CIFAS Chief Product Officer Mark Courtney, Strategic Fraud Prevention & Behavioural Lead at UK Finance, Paul Maskall and Natwest Boxed Chief Information Security Officer Kevin Fielder.
Discussion points
- Understand the current cybercrime and fraud landscape, including recent trends and emerging risks.
- Learn how to align your cyber and fraud prevention strategies for a more effective and comprehensive approach to risk management.
- Determine the implications of the new APP fraud reimbursement rules and SMCR.
- Discover innovative training methods for cyber awareness and how to implement effective programs for staff.
- Identify best practices for building cyber-resilient organisations and fostering a culture of security awareness.
Before we started the discussion, we asked the attendees how effective they think their organisation's training is in preventing cyber-enabled fraud.
.png?width=659&height=334&name=image%20(17).png)
Most respondents believe their training is somewhat effective in preventing cyber-enabled fraud, with only a few considering it not very effective or unsure. This aligns with the challenge organisations face in assessing the true impact of their training and ensuring meaningful engagement.
While many companies are focusing on improving financial crime training, regulators are less concerned with mere attendance and more interested in ensuring that the training is relevant and impactful.
Current cybercrime and fraud landscape
The cybercrime and fraud landscape is becoming increasingly complex, with a growing regulatory framework and various pieces of legislation in place.
Key regulations, such as the Consumer Duty requirements and changes to the Payment Services Regulations (PSR), are vital in addressing these risks, along with the Economic Crime and Transparency Act.
As more activities move online, fraudsters have evolved their tactics, using AI technologies like voice and image cloning to carry out sophisticated scams such as CEO fraud, where criminals impersonate top executives. The rise of "fraud as a service" has also contributed to this growing threat, with internal data breaches and other cyber-enabled crimes becoming more common.
Criminals now have the ability to commit crimes from anywhere in the world, following the money as businesses and individuals increasingly operate online. Social engineering remains a powerful tool, with cybercriminals leveraging psychological tactics like urgency, fear, scarcity and trust to deceive targets.
Although phishing was once easier to detect, the use of AI and deepfake technology has made scams more convincing, allowing criminals to scale their operations and target more victims. Professional cybercriminal organisations now offer services like malware-as-a-service, elevating fraud to a highly organised and sophisticated level.
From a behavioural perspective, individuals are more vulnerable to cyber-enabled fraud due to the way they interact with technology. Social engineering relies heavily on emotional manipulation, and people often interpret digital messages based on their mindset and vulnerabilities where this creates the context.
As fraudsters refine their tactics, the relationship between humans and technology becomes more critical, making everyone susceptible to these scams in an increasingly digitised world.
Align fraud and cyber strategies
While we already rely heavily on technology, going digital involves managing code across multiple devices and ensuring all those devices are secure. The increasing use of mobile phones for work, combined with remote work environments, has blurred the lines between personal and professional spaces.
Sensitive data is often accessed in less secure settings, making it more difficult to maintain security. Moreover, some employees resist changing the way they work, which makes security even more reliant on staff behaviour in a cloud-based setting. To navigate this, a security-conscious culture must be embedded in the organisation, and staff need to understand why security is essential.
A key challenge in this digital shift is measuring the effectiveness of training. It’s not enough to offer mandatory courses; training must encourage real behavioural change. This involves delivering frequent, easily digestible "nudges" at the point of need, ensuring employees are applying what they've learned in real time.
Additionally, people may be more susceptible to fraud when they are vulnerable, as social engineering and marketing rely on similar emotional triggers— the only difference between the two is the intent. Emotions drive actions, like clicking links or making purchases, through tactics like urgency and scarcity. While we can provide employees with education, their mental health and well-being ultimately influence their behaviour and decision-making.
There is a strong need to align cyber and fraud teams within an organisation. Both teams share an advisory mindset, focusing on detecting bad behaviour and preventing system misuse. A significant amount of fraud stems from malware and social engineering, areas that overlap with cyber threats.
To address this, teams need to communicate and share information on emerging risks. This collaboration might require one team to relinquish some control, but by working together, they can apply the appropriate security measures and better monitor for potential misbehaviour. Building dialogue between these teams is the first step in creating a unified defence against cyber-enabled fraud.
Compliance & risk management in the digital age
In the digital age, compliance and risk management have become increasingly vital, with the role of "tone from the top" being crucial. This concept is exemplified by the Senior Managers and Certification Regime (SMCR), which emphasises individual responsibility to minimise harm to consumers.
While responsibilities can be delegated throughout the organisation, leadership must clearly articulate these responsibilities and ensure that employees understand their roles in maintaining compliance and managing risks.
Leaders not only need to set a positive example but must also be well-educated on the risks associated with digital operations, fostering a culture of accountability and proactive risk management within the organisation. This alignment from the top down is essential for creating a robust compliance framework that safeguards both the organisation and its consumers.
We asked our attendees how integrated they feel cybersecurity is in their business strategy. The poll results indicate that 46% of respondents feel that cybersecurity is somewhat integrated within their organisation, while 28% believe it is fully integrated, and 17% feel it is not integrated at all.
.png?width=653&height=323&name=image%20(18).png)
Even with well-thought-out policies, the effectiveness of integration often hinges on staff adherence to those policies. In the banking industry, for instance, financial crime and fraud prevention are seen as closely intertwined, reinforcing the need for a holistic approach to cybersecurity.
Understanding what integration truly means is essential for organisations to effectively strengthen their security position and ensure that all aspects of cybersecurity are reinforced collectively.
Best practices & training for a cyber-resilient organisation
- Remember the importance of wellbeing: Employee wellbeing is crucial, as it empowers individuals to protect themselves against threats.
- Focus on education and awareness: Educate staff to mitigate vulnerability; both personal and business awareness are essential.
- Identify good practices: Define and communicate what constitutes good practice in cybersecurity
- Don't underestimate the emotional impact: Recognise that around 80% of human responses are emotional; involve the marketing team to ensure training messages create an emotional connection.
- Engage staff in training: Successful training requires engagement across all areas to effect behavioural change.
- Simplicity is key: Keep training content simple and focused on essential points, avoiding overload; staff only need to know what is relevant to their roles.
- Reinforce key points: Continually reinforce the key messages to ensure understanding and retention.
Responsibility for cybersecurity and fraud prevention should be viewed holistically and may vary across organisations. It is essential to combine departments, integrating cyber, fraud, and anti-money laundering (AML) efforts, as these areas are interconnected.
Ultimately, fostering a culture where everyone understands their role in maintaining security is crucial; if staff are not engaged or do not care, they are less likely to take preventive actions. A collaborative approach that emphasises shared responsibility can enhance the overall effectiveness of cybersecurity and fraud prevention strategies.
CyberFocus training package
With our CyberFocus solution, we've reimagined cyber awareness training, moving beyond traditional e-learning to create an engaging and adaptive experience for modern workforces.
Our approach combines real-time adaptive learning with bite-sized microlearning modules, allowing busy professionals to easily integrate training into their schedules. Gamification elements enhance the learning process, while realistic simulations build practical skills.
Rather than relying on annual sessions, we provide continuous assessments to keep cyber awareness current, with personalised dashboards for tracking progress and identifying areas for improvement. Ultimately, our comprehensive, flexible, and engaging cyber awareness programme empowers employees to actively contribute to their organisation’s cyber defence strategy.
Looking for more compliance insights?
SkillcastConnect is our new community bringing together compliance professionals for unique peer group networking free of vendors.
As members of our unique and complimentary community, you can join our live webinars and face-to-face events to interact in person with thought leaders and your peers and access hundreds of digital resources on a variety of compliance, learning, and regulatory topics to support you and your teams along your journey. Join the discussion!
