Cyber Risks Mount:
Preventive Measures for Manufacturers
Danielle Winkle, CPA
Cyber-attacks are on the rise and manufacturing companies are not immune. Manufacturers who rely on automation, robotics and connected networks are especially vulnerable. Here are some examples of cyber-attacks and how you can protect your business to minimize the associated risks.
Know Your Risks
Spear phishing is a type of e-mail phishing campaign that targets multiple people at an organization using inside information that makes the hacker’s inquiry look legitimate. This scheme is not sophisticated in that malware used to execute this attack can be purchased on the black market. Last December, hackers caused a blackout in the Ukraine by breaching the control system for a power grid using a phishing campaign.
Data breaches are one of the biggest fears of business owners and hackers often use that fear to cripple organizations through ransomware. This type of scheme entails malware that is installed on a computer or network without the user’s consent. This software relinquishes control back to management only if they agree to pay ransom to the malware operators. Once the money is paid, the hackers promise to remove the restrictions.
Cyber-attacks can harm a manufacturer or distributor in many ways. They can cause safety issues, negative publicity, lost time and productivity, and compromised personal and corporate data. The average cost of a data breach in the United States is now more than $7 million, according to a 2016 study published by independent research group The Ponemon Institute.
Safeguard Your Operations
How can you reduce cyber risks? A manufacturer’s first line of defense against hackers is its employees. However, employees can also be a liability if they are not vigilant and knowledgeable about cyber threats. In fact, the latest Ponemon study found that 23% of breaches were caused by negligent employees. It is critical to provide training about the latest computer scams and encourage employees to report suspicious emails immediately to the information technology department. Always insist that employees do not open e-mails and attachments that look suspicious.
Hackers looks for easy targets. It is no different than thieves who look for unlocked doors and windows. Therefore, even the simplest security measure will deter some cyber breaches. One easy option is to use inexpensive, over-the-counter encryption software and phishing filters to make it harder for hackers to get inside your network.
To minimize losses if a breach occurs, consider purchasing cyber insurance products to cover direct losses from breaches, as well as the costs of responding to them. Your traditional business liability policy probably does not include such coverage.
You can also assemble a breach response team before a breach occurs. Doing so decreases the average cost of a data breach by about 12%, according to the Ponemon study. Once it is formed, the response team can start by identifying potential weaknesses in your network and making recommendations for improvements to security.
Spotlight on Fraud in the Manufacturing Industry
Joel Herman, CPA
The Association of Certified Fraud Examiners (ACFE) has published its 2016 Report to the Nations on Occupational Fraud and Abuse. The latest biennial study breaks down white collar crimes by industry, highlighting some common scams that manufacturers need to watch for and ways for them to minimize potential losses from fraud.
How Much Does Fraud Cost?
The ACFE estimates that the annual cost of fraud globally is roughly $3.7 trillion, based on a gross world product of $74.16 trillion in 2014. That is a significant amount of money, but what hits closer to home is how much fraud affects individual victim organizations.
The median loss for frauds occurring at U.S. companies was $120,000, according to the 2016 report. Even more disheartening is the median loss for manufacturers of $194,000. A loss of this size would be difficult for most small manufacturers to absorb. Moreover, these estimates include only direct monetary losses. Fraud also potentially costs companies in terms of lost productivity, diminished employee morale and loss of confidence with customers.
Which Schemes Are Most Common?
The ACFE breaks down its findings by industry; manufacturing ranks third in terms of the frequency of fraud cases. The most common schemes reported by manufacturers include:
Corruption. Almost half of manufacturers in the study (48.4%) fell victim to these scams. Corruption includes bribery, illegal gratuities and economic extortion.
Billing Scams. About one-third of fraud cases (32.8%) involved billing ploys. These scams may include submitting invoices for fictitious goods or services, inflated invoices or invoices for personal purchases.
Noncash Theft. Rounding out the top three categories, noncash ploys were reported in more than 30% of fraud cases. These incidents often involve theft of raw materials and finished goods inventory, production tools and supplies and office or production equipment.
In addition, roughly a quarter of fraud cases involved fictitious or exaggerated claims for expense reimbursement. Many fraudsters test the waters with these types of entry-level scams by starting with small amounts infrequently. Then, if no one notices their expense fraud, they graduate to larger amounts and more frequent transactions.
How Can Manufacturers Fight Fraud?
Fraud prevention and detection measures do not necessarily have to be expensive to be effective. According to the ACFE, the anti-fraud controls that offer the highest potential return on investment — that is, offer the biggest reduction in comparative median fraud losses — include:
- Regular data monitoring and analysis techniques;
- Management review and scrutiny; and
- Reporting hotlines and whistle-blower mechanisms.
Across the board, the presence of anti-fraud controls was correlated with lower losses and quicker fraud detection. More specifically, victim organizations that were using proactive data monitoring and analysis techniques as part of their anti-fraud program suffered fraud losses that were 54% lower and detected the frauds in half the time compared to organizations that did not use these techniques. Management review and the presence of a hotline were correlated with 50% lower median losses and 50% less time to detect the scheme.
How Should Victims Handle Fraud Allegations?
The majority of the fraud victims in the ACFE study have recovered no funds from the perpetrators. Many worry that prosecuting criminals could lead to bad publicity. Others prefer to just fire the wrongdoers and then focus on internal recovery, rather than spend time and resources pursuing a financial settlement or conviction.
Prosecuting fraud may be worthwhile for several reasons, however. It sends a message to would-be thieves that management has adopted a zero-tolerance policy, thereby deterring future crimes. In addition, a conviction will be reported on the fraudster’s permanent record, which may prevent him or her from striking other victims in the future. If you suspect fraud, contact your attorney or a forensic accountant for help deciding how to proceed.