Boosting IT security doesn't combat fraud: agencies

Commonwealth entities responding to the Census believe that increasing IT security makes little difference in preventing fraud, a report from the Australian Institute of Criminology shows.

A study into instances of fraud encountered by government entities between the 2010–11 and 2013–14 financial years indicates that just 3% of respondents believe implementing ICT and security controls helped prevent fraud in the final year covered.

The percentage was little higher during the other years examined in the report — just 4% in 2010–11, rising to 5% in 2011–12 and falling back to 4% in 2012–13.

"New technologies bring new fraud risks for government. ICT has become fundamental to how society operates, and government use of ICT affects all Australians," the report states.

The report also shows that the percentage of entities reporting cases of fraud involving malicious insiders' misuse of ICT declined over the four-year period, from 16% in 2010–11 to 11% by 2013–14. The percentage of entities affected by external fraud involving ICT misuse likewise fell from 8% to 4%.

Among internal fraud incidents, accessing information or programs via computer without authorisation was by far the most common category. But incidents involving this misuse fell from 991 in 2010–11 to 588 in 2013–14.

Cases involving misuse of email meanwhile fell from 57 to 2010–11 to 23 in 2011–12, stayed relatively flat in 2012–13 at 25 before spiking to 82 in 2013–14.

Total fraud losses across all categories meanwhile reached around $1.2 billion over the four financial years, growing from $119 million in 2010–11 to $673 million by 2013–14.

Image courtesy of Paul Downey under CC

Follow us on Twitter and Facebook