Podcast Transcription


Dr. Christine Izuakor:
Welcome to the Veriato Insider, a bi-weekly podcast covering some of the latest trends and things to know in cyber security. Reporting to you from Chicago today I'm Dr. Christine Izuakor, your host, and today's podcast covers recent fraud trends amidst the ongoing pandemic.

Now this podcast is sponsored by Veriato, an award-winning employee monitoring and insider detection software provider and to talk more about this topic, Pete Nourse is joining us from the Sunshine State of Florida. Pete is the chief marketing officer of Veriato and has a wealth of experience in the technology marketing space. He's focused on the cyber security industry for about 20 years now and has tons of great insight to offer here, so welcome, Pete and thanks for joining us.


Pete Nourse:
Thanks Christine. Thanks for having me.

Dr. Christine Izuakor:
Of course, and it's my pleasure. Now I'm going to kick things off with a general question first. Now while numerous countries are starting to, you know, report decreases in new cases and things seems to be slowly but surly dwindling down, it's productive that the economic impacts of the pandemic may be felt for a few years to come and so how do you think the current pandemic will continue to impact the fraud space especially?

Pete Nourse:
Well, I think the fraud space, um, has a couple of key elements that- that drive it. Um, one is opportunity. The people who perpetrate fraud are always looking for opportunities, um, and there've been some unusual ones that have come around with the pandemic and I'm sure as we move forward, um, as things like, um, the aid that different federal or state governments are providing, um, there's money to be had and you know that fraud is going to be involved in that.

And then it gets down into the individual companies, company level where someone who's, you know, within a company and sees an opportunity, uh, because things are different, things are changing at a high level, a fast level I should say, you know, they can take advantage of that. You know, the systems are- are maybe not in place. Um, the checks and balances, when the company was running, everyone was in the office all day, every day and we were running like clockwork for the last 15 years. All of a sudden that's all thrown into chaos. People working from home, systems are different, access is different, uh, people can take advantage of that, so I think, you know, anytime there's massive change, there's- there's, uh, there's a big opportunity.

Dr. Christine Izuakor:
Yeah. And I know you all focus a lot on insiders right? So, interested in getting your opinion on this element even more and there have been reports on, you know, everything from employee sabotage that lead to PPE delivery delays, unfortunately to, um, employees who may not be trying to do anything malicious, but may have clicked on, you know, phishing emails. There's a ton of, uh, pandemic and Coronavirus, uh, related phishing attempts and social engineering attacks out there, uh, posing as, you know, stimulus financial relief packages which you eluded to a little bit as well to employees being arrested for faking, uh, test results to get paid time off and so on. And so fraud continues to be a concern even from insider employees. Now how concerned should companies be regarding this employee fraud that you've touched on a little bit already, but also this potential shift in employee motivation amidst everything else going on?

Pete Nourse:
Uh, yeah. If I was running security, I would, I would be very concerned about it because there's, one other thing I didn't mention, not only is the opportunity as we just talked about, um, you know, available possibly now, depending upon the situation with the company, but it's- it's a need-based, an opportunistic, uh, based in terms of when someone's struggling, someone's going through a life change. That's usually when you see people doing something bad. Someone steals the IP, steal- steals credit card numbers, gets- gets sucked into a, you know, a fraud ring by some unscrupulous outsider.

It's usually because they're- they're struggling in some way, right? They have some kind of financial burden that's come upon them, um, maybe they've gotten divorced, there was an arrest, there was a- a medical situation in the family that's drained all the funds. There's a lot of things that can happen to a person outside of their work that can have a huge impact on- on how they react and they end up taking the wrong opportunities, um, from within the work.

So insiders are a huge issue and what I was just describing, that was in normal times. You put it in the pandemic times that we're working through right now and those stressors are multiplied by a thousand. Everybody's literally stressed about, you know, health situations, but what about if someone's, you know, spouse all of a sudden is laid off from their job, so you have a huge financial burgen- burden. You know, obviously people that are laid off, you'd- you'd mentioned about the person who was laid off and had, uh, sabotaged (laughs) actually the, uh, personal, uh, protective equipment, so there is that piece of it where people are feeling angry.  they still may have access to system networks if things are not shut down properly for them and they can go in and sabotage, so there is a lot of different stresses that are coming on to people and during this time of pandemic, being extra vigilant in really thinking ahead, thinking about all the things that could be happening to employees and how that's affecting- affecting them and having the right security strategies and technologies in place to help is- is gonna be key over the next couple of years.

Dr. Christine Izuakor:
Yeah, definitely. Speaking of security, you know, strategies and plans, what are some ways that companies can prepare to detect and prevent this kind of fraud?

Pete Nourse:
 In terms of putting strategies in- in place, um, I think the key is to be proactive, right? It's not waiting for- for something to come crashing down and then try to fix it afterwards. By that point it's too late, so what can, what can you put in place that are- are gonna reduce the risk? How can you be proactive in identifying signs that indicate someone within the organization or someone who has left the organization may still has access, how do you identify those signs that they've become a likely point of risk?

You know, technology can do it. Working with management teams so they're able to manage remote workers better, make better communications are big, are big pieces of it as well to identify people who are not doing well in remote circumstances, at least here for the short-term that we're all dealing with. So, you know, technology and then the, you know, the strategies around making sure, even in new network environments that are now extending with VPN's and everything else that they, the security protocols are still in place and extra vigilance is being taken.

Dr. Christine Izuakor:
Yeah, I- I agree and you touched on the human side of- of things too and- and, um, focusing on people a little bit and I think that another area that is often, um, undervalued, I think especially today is how can employees help in this case? You know, if you set up programs where employees can safely report incidents or suspicions of fraud. Um, I feel like those programs are another way to help in this space as well.

Pete Nourse:
Yeah, absolutely. whistle blower programs, a lot of times you know, the colleagues know exactly, you know, what's going on within their departments, uh, maybe more than the management and the upper management does, so the, you know, the ability in having open lines of communication so you can let people know, "Hey, this doesn't seem right," without ramifications is- is huge. Everybody's getting, like we said, are getting different stressors and it always does come down to the people. You know, one of the things we- we say, 'cause we- we focus on the, on the human element of risk is that, you know, a router never goes rogue and steals all the, uh, intellectual property out of a company, right? It's- it's always a person, so it- it always comes back down to the people. So having those people policies in place, uh, is- is really important.

Dr. Christine Izuakor:
Yep. Completely agree. And you've touched on, you know, just being more proactive already quite a bit. Is there anything else you want to add on how companies can be more proactive in managing turnover?

Pete Nourse:
Yeah, absolutely. I think technology plays a big part of that and we talked about a couple of other things that are not technology related like communication. You were talking about whistle-blower programs and so forth, but when you're talking about, there's so much that goes on in- in the average organization. Where you have people working, possibly in different countries, different time zones, thousands of hours of work happening in an interaction on our network on an- an internal network. The ability to sift through all of that and find signs of threat is a difficult thing to do. It's impossible to do, uh, from a human perspective. You really need artificial intelligence that's monitoring everything that everyone's doing.

What we do is specifically are looking at behavior. What- what are the people doing? Um, so we use, um, advanced behavior analytics. It's watching what everyone's doing all the time and if all of a sudden someone in, uh, you know, the accounting, um, happens to be pinging the engineering server, um, that they're, uh, doing, you know, unusual things. In off-hours they're logging in and pulling down customer data. It's- it's very unusual.

Those are the things that- that may go unnoticed by, you know, an individual, but if, with behavior analytics it knows that that's out of that person's normal pattern. You know, as we said, a router doesn't go rogue and steal everything, a person does, but to that, a person isn't generally (laughs), it'd be very unusual for a person to be a really great, happy employee, very productive and all of a sudden they go out, you know, for lunch one day and then they come back and say, "Hey, geez I think I'm going steal all of the credit card numbers out of the, uh, credit card server."

That doesn't usually just, it doesn't happen like that. Something's happened down the road, whether it's external, spouse lost a job and they have financial stresses or internal. Maybe they got passed over for promotion. Something. Something's triggered a change in that person and then they- they move down that path to the point where they've come disgruntled and then they probably, you know, they may do something that's- that's bad.

Stealing data for money. Getting approached by someone and finding a way to get into the credit card servers. Whatever it might be, but that- that change is observable by our artificial intelligence in the behavior analytics. So we can see when people are starting to exhibit signs of risk and we flag those up to the security team so that they can take a deeper look. You know, maybe it's involving, you know, the- the HR department at that point, the manager of the department. Maybe it's already gone too far and there's already a security breach that's happened and, so being able to see exactly what happened and how they did it, that's crucial as well. So, this, it's all about visibility and getting the alert to know what you're looking for and then actually seeing exactly what that person did so you can take, uh, take action to- to hopefully prevent it, but if it's already taken place to lock it down quickly.

Dr. Christine Izuakor:
Absolutely. As we wrap up, do you have any final thoughts that you want to share?

Pete Nourse:
Um, just that, I think you brought it up in the beginning. This is a time when everybody's life circumstances are changing and that makes so many people that were living in a very stable world, all of a sudden they're in an unstable world and so many people, you know, I've heard people saying, "It seems like the Twilight Zone." Um streets are empty, it's... Everything has just changed, so that puts stress on everybody and people that you never would have imagined doing something wrong, now maybe they, they might do something wrong under extreme financial pressure that a co-worker or a manager may not realize that person's under.

So the ability to have the right tools in place to help, help from the security standpoint, uh, is- is critical, especially in these- these strange times that we're living through right now.

Dr. Christine Izuakor:
Yes. Very strange times indeed. Um, well amazing insight as always. Thanks so much for sharing. Um, that concludes the Veriato Insider podcast for this week. Again this podcast has been brought to you by Veriato, an award-winning cyber security company recently recognized by Gartner. Their solutions are anchored around four core pillars of cyber security protection, including employee monitoring and web filtering, insider threat detection, employee investigations and ransomware support, again many of which can help address some of the concerns companies might have around employee fraud, especially in today's climate.

To learn more about how Veriato can help protect your company, check out veriado.com. Thanks for tuning in and a special thanks to Pete for joining us today. I'm Dr. Christine Izuakor, the CEO of Cyber Pop-Up and it's been our pleasure to share these insights with you. Until next time, stay safe and secure insider.


Listen To Podcast