The insider-outsider threat: Why globotics and the pandemic could combine to alter the landscape

Rubber band or paper clip, that is the question. It refers to the possible shape of society and the economy in the wake of the global pandemic. Will the virus disappear so that we snap quickly back to the old normal like a rubber band; will it be a temporary shock? Or will we face further waves over the coming 2-3 years that embed the changes we have already experienced, and add more, leaving us looking like a bent paper clip; will it lead to a permanent change?

The answers to these important questions have huge implications for the shape and nature of fraud. While it is still too early to say with any confidence how our society will respond in the medium term, there are already some key indicators that provide clues.

Many western economies now face mountains of corporate and government debt, in part due to loss of business and massive job losses but also as a result of unprecedented government borrowing to fund bailouts and the recovery. Many of those already out of work, or likely to be made redundant once the government furlough schemes end, are white collar workers. They are people who know how the systems within their former organisations operate, who understand how decisions are made, and who in an era of accelerated ‘Globotics’ (globalised outsourcing of white collar jobs combined with AI automation of some roles) may struggle to find new employment.

What will these millions of unemployed, well educated, corporate staffers do to make ends meet? As in any previous employment crisis, a minority will consider fraud a potential alternative.

We are likely to see a new cohort entering the financial crime space, bringing its digital and remote working skills to bear. Only a major government project to channel these people rapidly back into appealing employment, a new deal for the 2020s, could potentially offset this risk. Society would need to move from bailouts and income support to massive job creation initiatives, perhaps by favouring local suppliers and offering government subsidies to them, while changing taxation and procurement rules.

With much of society now embracing remote working and virtual networking via Zoom, Teams and other channels, the already popular practices of digital impersonation and remote social engineering are certain to stay with us and potentially increase in number and sophistication. The poorly worded email, still a problem for many, could soon be completely replaced by the expertly worded business proposition, complete with brochures and a nice website, Zoom seminars and one-to-one Teams calls.

The responses organisations need to consider include further strengthening and auditing policies around app provisioning and use, raising employee and customer risk awareness, and testing and implementing clearly defined standards for the security settings required on an app-by-app basis. Performing social engineering health checks by looking at information available to fraudsters online is also an essential countermeasure.

Beyond social engineering frauds, other related challenges will continue to manifest themselves, morphing to fit the new normal. Easy access to government grants or guaranteed loan schemes has, in all likelihood, already triggered a surge in applications by those with no intent or ability to repay them.

Fear of the virus, always a useful button to push during any phishing or spam campaign, has led to a plethora of fake or counterfeit goods and services being offered online, from non-existent surgical masks to useless Covid-19 testing kits. A second and third wave of Covid-19 will exacerbate this.

And finally, the increasing use of AI systems seems likely to result in a surge in new types of hacking attacks; attempts to subvert or alter AI decisioning, denial of service attacks on AI call centres by AI chat90bots (machines attacking machines) and more data breaches resulting from the apparently bottomless appetite modern organisations have for customer data collection and processing.

These risks are relevant whether we experience a temporary shock or a permanent societal and economic transformation. Even the last few months have been sufficient for some new or evolved risks to manifest themselves. ‘Temporary’ is a relative concept and in this case temporary might last several years. The new normal, therefore, calls for new ways of managing fraud and we need to think deeply about what these new approaches might involve if we are to stay ahead of the fraudsters.