There are three types of people in the world. One that will look for any opportunity to commit fraud, the second will commit fraud if it looks easy and he could get away with it and the last a person that will commit fraud to make his family survive. Systems do not commit fraud, it is the human factor that needs to be addressed as part of the controls.
Decrease your Fraud Risk
‘Ghost in the Machine’
The term ‘Ghost in the Machine’ refers to the unknown threat in your environment which can be a bad actor or even an application such as a Trojan Horse or other malware. There are a few ways to mitigate your risks, however if you are specifically targeted, standard defenses usually do not protect you against unauthorized access, destruction or disclosure.
Monitoring Subjects and Objects
Subjects (Users, Applications) and Objects (Resources, Databases, networks, etc) needs to be monitored for unwanted and spurious activity. Exceptions need to be investigated and then the system fine tuned as close as possible to real-time. Logging this to a separate big-data system, User Behavioral Analysis is possible.
As we perform investigations, we also make sure that proper evidence is generated and collected where it was lacking. It is not directly applicable to the current investigation but will make an organisation ‘Forensically Ready’. If users know that they are being monitored, they will be less tempted to commit fraud.
The primary objective of a fraud investigation is to ensure that the evidence gathering process is done as quick as possible and within a legal framework. We work from volatile to non-volatile and would perform the victimology at a later stage.
→ Secure the Crime Scene
→ Collect Digital Evidence
→ Data Collection
→ Analyze the Evidence
→ Generate a Report
→ Prepare to Testify
The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the information.
Contact SACS for a brochure on Fraud Monitoring Management & Investigations.