Forensics Digest

In this issue

The Cyber Fraud Threat Landscape: Learnings from our recent cyber incident response engagements in the financial services sector

The PwC Rwanda Digital Forensics Unit has released the latest issue in our ongoing Forensics Digest series.This edition builds on our previous discussion on the increase in invoice fraud spoofing incidents and explores the current cyber fraud threat landscape. We provide our insights based on our work advising clients in the financial services sector (banking, microfinance institutions and SACCOs) on managing and responding to various cyber fraud threats across Eastern Africa . The digest delves into the details of:

Man typing on his computer.

1. Patterns we have observed of threat vectors exploited by cyber fraud threat actors, including vulnerabilities in customer service and distribution channels and exploitation of gaps in systems integration.

2. Consequences of cyber fraud threats to organisations, especially in relation to potential financial loss due to theft of funds, extortion demands, loss of revenue due to downtime and high costs conducting investigations.Organisations also face reputational damage and a possible loss of customers when the fraud cases are published.

3. Observed recurring challenges across various institutions in the management of cyber fraud risks in the region, including but not limited to;

  • Lack of automated transaction monitoring systems to identify suspicious activities and instances where the installed systems are not set up to account for the organisation’s unique risk exposures.
  • Use of shared accounts/credentials to access systems, applications, and shared data

Lack of segregation of duties due to lean human capital resources within the IT department

  • Lack of control over software installations making it challenging for organisations to maintain a secure and well-managed IT environment
  • Lack of end-to-end reconciliation to verify the validity and integrity of transactions
  • Lack of employee awareness of emerging cyber fraud trends such as phishing approaches

4. Key measures that we recommend organisations take to safeguard against the common observed cyber fraud threats

5. Immediate actions organisations should take in the event of a cyber fraud attack. 

To comprehensively understand the threat landscape, challenges organisations face and how your organisation can safeguard against cyber fraud, we urge that you download and read the full digest.

Follow us