January 31, 2025

Cyberattacks & fraud: The current threat landscape

Summary:

Fraud and cyberattacks are a continuous threat to businesses of all sizes. Our goal at Associated Bank is to provide you with information and tools that can empower you to prevent and secure your systems against these attacks.

In November 2024, we partnered with Crowe LLP, a public accounting and consulting firm that specializes in helping businesses identify vulnerabilities and make incremental improvements to defend against fraud and cyberattacks.
Along with Adam Pajikowski, Jeremy Epstein and Serge Jorgenson, we presented a webinar on fraud prevention as part of International Fraud Awareness Week. Here are our most important fraud tips from this session.

The current threat landscape

Preventing fraud starts with understanding the volatile environment businesses are up against today. This includes who the threats are coming from, what their motivations are, who the targets are and what types of threats are emerging.

Knowing the major types of threat actors and their motivations helps you prevent their attacks. They range from nation-states with near-unlimited resources, to organized crime groups, to “lone wolf” hacktivists—still sophisticated and often armed with the same tools as larger entities.

Anyone can be a target—sometimes due to the valuable links they have to other targets. The goal may be financial gain, but it could be political leverage, intellectual property, personal data, notoriety or something else. It’s critical to think objectively about why a bad actor might view your business as a potential target and plan your defenses accordingly.

What about trends in the threats themselves?

Credit card theft is decreasing because people are using their cards less often, but stealing card data from websites is growing.

AI-generated deepfake videos and voice-fakes are dangerous emerging threats.

Using cryptocurrency requires special care, as it’s very difficult to trace and recover. That’s why many fraudsters request it as a payment vehicle.

Proactive fraud controls

As the saying goes, an ounce of prevention is worth a pound of cure. Implement best practices at your business now to create stronger internal controls that make fraud less likely to occur.

Where to start? Major strategies to focus on include risk assessments, internal audits, system controls and “tone at the top.”

Some controls will matter more for certain industries. For instance, businesses with physical inventory will benefit from controls like three-way match or inventory cycle counts.

Segregating duties and requiring dual approvals for transactions is an easy way to improve your fraud controls. Associated Bank’s system has built-in controls that allow you to create that separation of duties for free. Keeping that feature turned on can help keep you protected. 

This system also includes tools like positive pay and ACH filter that help you identify payment items that might not be quite right.

Carefully review your process for creating and editing vendors in your system. Make sure that access to purchase orders, invoices, ACH, wires and other payment vehicles is restricted to appropriate authorized people within your organization.

Finally, ensure your technology environment is set up with proper backup and recovery protocols.

The tone you set at the top of your organization, whether positive or negative, sets the course for the rest of the company. If your CEO follows these policies, so will others. If your CEO can make anything happen without secondary approval, you could have a problem on your hands. That’s why in addition to assessing the controls you already have in place, you should remember to look for the gaps.

What to do when cybercrime strikes

Let’s say the worst happens, and your business is affected by fraud or a cyberattack. What do you do?

  • Assemble your incident response team in advance so you know exactly whom to contact when fraud occurs. This team should have experts from a variety of internal teams, including executive decision-makers. This team can also exclude external experts who may not know your business intimately but know how to mitigate a fraud crisis.
  • If you discover fraud, follow the scope and containment strategy according to your response plan. Contact key partners like your bank to keep your business running while you contain the threat. We can work with you to create alternate communications strategies, put debit holds on your account or assist in any other way.
  • When you notice a fraudulent payment, notify your bank right away—no longer than 48 hours—for your best chance of recovery. Due to the normal cycle of banks settling with each other, there’s a very short window in which to stop unauthorized payments. After that window, settling these types of claims with other banks could take 12 to 18 months.
  • Once your business has recovered from the incident, investigate what went wrong to mitigate future threats. The law also requires that you may need to notify other affected parties.

The downstream impact of fraud incidents

The fallout a business might face from fraud is more than the money a fraudster might take. Beyond other financial costs, the impact also includes lost data, lost business and lost time.

On top of that, your business could face fines, legal fees or other regulatory ramifications. An insurance policy might help recover some costs, including lost sales and continuing operating expenses. However, other costs are irrecoverable, including discretionary expenses like system improvements or bonuses to your IT department for working overtime.

A business may also face reputational damage with suppliers, customers, regulators and the public. Clear, cohesive, effective communication following an incident is crucial to minimize this. Depending on the industry and data involved, there may also be special legal considerations for notification requirements (for example, healthcare data and HIPAA laws).

Simple upgrades to your fraud prevention practices

To bring this all together, let’s give you some low-hanging fruit: here are easy things you can do now to prevent fraud at your business and dampen the blow if it happens.

  • Be mindful about what consumer data you collect. Do you truly need all of it, or could you minimize the data you’re storing to protect you and your customers?
  • Don’t forget about cyberthreats just because they’re invisible. You wouldn’t have a brick-and-mortar store without a sturdy lock on the front door. Put at least as much care and investment into your digital protection, too.
  • What’s your best defense against fraud? Staunchly holding the line on policies, procedures and controls. Make this a part of your company culture, and your business will be much safer for it.

Prevent Fraud with Associated Bank

If you want to know more about fraud prevention services from Associated Bank, contact Treasury@AssociatedBank.com. Our Treasury Management team is happy to assist you. And if you’re interested in talking to our partners at Crowe LLP, we can help you connect.

Related Posts

Tips to Protect Your Business From Fraud

How businesses can protect themselves from data breaches.

Fraud Awareness for Businesses

Build a Risk Management Culture

Subscribe for more business insights
* = required field
⚠ Please fix the error in the form.

⚠ Enter your email address in the format: yourname@example.com

⚠ Please check the box that says 'I'm not a robot' before proceeding