The Role of Credit Managers in Combatting Cyber Crime

 

Snapshot:

• Cyber crime and artificial intelligence (AI) have reached a nexus making it increasingly difficult to spot an attack.
• Credit managers need to be especially diligent to verify identities when assessing credit applications, and to protect the valuable information they hold.

Cyber Attack is a Top Risk for Asia Pacific Organisations

The risk of cyber attacks and data breaches took the number one spot in Aon’s recent Global Risk Management Survey for the top risks facing organisations in the Asia Pacific region, both today and in the future. As attacks typically tend to follow those who are involved with money management, the role of credit manager is one that can be caught in the crosshairs.

The Asia Pacific region is experiencing a huge increase in cyberattacks¹. However, it is not just the volume of attacks that is worrying. AI has enabled increasingly sophisticated breaches, making it even more crucial that credit managers become active in the management and justification for the data they hold, as well as being able to quickly identify fraudulent credit applications.

AI has become a very sophisticated tool in social engineering style crimes. For example, a recent attack involved an employee apparently receiving a request from their CEO to join a WebEx chat with four other people, however it was all fabricated and the employee ended up sending a significant sum to the criminals. While this would have taken some time to set up, once these crimes have been perpetrated, they can very quickly become mainstream.

Credit managers especially may receive instructions from someone posing as their manager, but it may actually be an AI-enabled criminal asking for approval of credit using fake details. Once this method is weaponised and standardised, it may become difficult to discern truth.

It is important that credit managers ensure that the increasing use of automation in their role is matched with the correct levels of security, and that consideration is given not only to the benefits of automatic processes, but also the risks.

Additional training and clear procedures for credit managers can help to ensure responsibility for cyber security is appropriately shared.

Beyond insurance, there are a variety of measures that can be taken, including having an external assessment to decrease risk of a breach and using third-party credit agencies to help verify information provided by potential clients.

However the biggest risk facing credit managers overall is failure to protect the personal information that is provided to attain credit.

It is vital that credit managers understand the risks of holding this information (it is extremely attractive to cyber criminals) and are aware of legislative changes that impact the way the information is retained.

To help protect against the risks of credit fraud and data hacking, core principles should be strengthened. For example, multi factor authentication may need to be reviewed, considered and adapted. There may need to be extra checks and measures in place when money is being moved or credit is being offered, certainly above any preset thresholds.

It is also important not to discount human interaction. Confirming requests made online that may seem out of character via a direct call or in person can help in the identification of fraudulent activity.

Gut instinct is also a useful tool. Before acting on emailed instructions, credit managers should consider not only the content of the email, but also the emotion it provokes. If it is applying pressure to action something that doesn’t seem quite right, that’s a sign to take extra precautions.

 

This article first appeared in the Australian Institute of Credit Managers 2024 Risk Report.

 

¹ World Economic Forum, Why is the Asia Pacific region a target for cybercrime - and what can be done about it?, 12 June 2023