MARSH
Weighing the risks of the AI revolution
As emerging technologies appear almost overnight, Jaymin Kim assesses the risks from a mitigation and risk transfer perspective.
Hard-earned trust can be fast lost and reputational damage can be ongoing – start by removing web links
We humans are an optimistic bunch. As individuals, we tend to think bad things happen to other people, not ourselves. It is classic ‘optimism bias’. It creates a false sense of security and can stop us from taking practical steps to protect ourselves or our businesses.
This can leave us susceptible to cybercrime, with many believing they would never fall victim to a scam. But with increasingly sophisticated scams and generative AI, the reality is that anyone, at any age, can be tricked by scammers. For the victims, the financial loss and emotional toll can be devastating.
Businesses and organisations are not immune either. Invoice fraud is on the rise and a simple employee scam can lead to a significant cyber event. The hard-earned trust of customers can be fast lost and the reputational damage can be ongoing.
We all have a role to play in protecting New Zealanders and our businesses.
As a banking industry, we recently announced a raft of joint initiatives to help combat this growing issue, including working towards the establishment of a centralised, multi-agency anti-scam centre and implementing a name check service that would enable customers to confirm the name of the payee when making payments.
We have also removed all web links from text messages sent by ASB. However, this practice is still widely used by a range of businesses – to confirm an appointment, to provide health information, to link to a media outlet or for event tickets.
This leaves the door open to scammers, who are impersonating well-known brands and their commonly used communication methods. Your organisation could become the next toll payment or package delivery scam.
To really limit the effectiveness of this type of scam, all businesses need to eliminate web links in text messages – not just some. Unfortunately, as we continue to innovate and invest in fraud prevention so too do the scammers, developing complex workarounds and crimes that are increasingly difficult to detect.
As the web-link-in-text-message example shows, this is not just an issue for banks to solve. All business leaders need to be thinking, anticipating and finding solutions for this threat that is conservatively estimated to be costing New Zealanders at least $200 million each year.
“Cybercriminals target people when they are distracted, vulnerable or stressed, and socially engineer their victims to believe their promise of an investment return, a new romance, award or payment.”
As a bank, keeping our customers and their personal information and money safe is our utmost priority. We are investing tens of millions of dollars each year in verification, digital technology, in-branch screening and investigations.
We are blocking more and more fraud from occurring. We have seen a reduction in our customers impacted by unauthorised fraudulent activity, largely driven by improvements to target unusual logins. A two-way push notification system that we introduced in March 2022 has helped more than 37,000 customers digitally respond to card fraud alerts.
Cybercriminals target people when they are distracted, vulnerable or stressed, and socially engineer their victims to believe their promise of an investment return, a new romance, award or payment. And when payments are authorised by the customer who then may become embarrassed and ashamed when they realise they have been scammed, it is very difficult for us to retrieve the stolen funds.
At a personal level, we must all be alert to the risk of scams and fraud. Never click on links in text messages and be wary of cold calls or messages asking for personal details. If someone is trying to pressure you into doing something, it may be a sign they are trying to scam you. You should always check who you are dealing with before sending any money.
In addition to using unique, long passwords, there are a range of tools available. For example, you can set lower daily payment limits and two-step verification to ensure further protection. If you are ever concerned there has been a breach in your accounts, contact your bank immediately and report the matter to police.
For business owners, education sessions are a great starting place. We hold regular education sessions sharing insights and analysis on how to protect against cybercrime.
Consider the following three questions:
There are also useful cybersecurity resources on the IoD website, which all directors and business leaders should be familiar with. CERT NZ’s Own Your Online website is another helpful resource with business and personal cybersecurity advice.
By taking steps such as removing web links in text messages and adopting a collaborative mind set, along with education and vigilance, together, we can make a big impact.