Cybercrime takes many forms from website defacing to service disruption and electronic banking crimes. While complete cyber security is impossible, organizations should focus on dealing with incidents, minimizing threats and damage. Digital footprints can reveal fraud but only if data is collected and analyzed properly. As financial crime moves online, some argue financial and cybercrime teams should integrate by sharing intelligence and tools to better detect patterns across IP addresses and payments. However, integrating these teams fully would require aligning different reporting structures, methodologies, and tools while reducing costs during economic pressures.

1. The shifting face of cybercrime
What is the foremost myth associated to cybercrime? One hundred per cent cyber security. Establishing a
completely secure environment can be tough to achieve and should not, in an ideal world, be the
objective. Instead, one must establish the capability and strategy to deal with incidents and minimise
threat, loss and reputational damage.
Cybercrime comprises a range of illegal digital activities targeted at individuals and businesses in order to
cause harm. The term applies to a wide range of targets and attack methods. It can range from simple web
site defacement to more serious activities, such as service disruption that can impact personal and
business revenues, including electronic banking wrongdoings.
Transgressions are further compounded by the fact that the footprint of the digital landscape is constantly
evolving. Private and public sector organisations find it hard to believe they could be a target of choice or
opportunity for cybercrime. Adversary sophistication increases, but many businesses still only react after
the event. Few businesses have the capability to anticipate cybercrimes and implement proactive
strategies, despite prevention being a more cost-effective approach.
Digital footprints can facilitate financial crime investigations. For example, forging or manipulating of
financial statements/records may give an advantage to a given vendor in return for a monetary
backhander, or the submission of false expense claims. It is now accepted that nearly every action
associated with fraudulent activity will be chronicled at numerous places in an organisation’s network. This
digital footprint can be used to investigate and uncover wrongdoing. It can also empower anti-fraud
vetting systems to advance in order to keep in touch with the criminal echelons’ newest efforts to preserve
their clandestine goings-on and to obfuscate their digital footprint.
But, huge volumes of data are of next to no use to investigators and lawyers looking to identify and catch
wrongdoers. Only when it is collected in a forensically sound manner and analysed in a timely fashion, can
digital artifacts, key patterns and relationships be identified. If done correctly, an individual’s or a group’s
digital footprint can be used to reveal wrongdoing—ideally before losses are incurred and reputations are
damaged.
Over the last year, and especially during the pandemic, there have been many cybercrimes on new digital
channels that replicate the common fraud patterns previously observed over traditional channels. To
combat this, should businesses look to integrate financial and cybercrime operations?
Financial crime and cybercrime teams have shared adversaries and frequently endeavour to join forces by
sharing intelligence and making the best of investigative tools. However, they have usually occupied
parallel operating spaces with different reporting lines, methodologies and tools.
A number of financial institutions and the US Secret Service have been dipping their toes in the water,
looking at joining their financial and cybercrime teams. One example being the combining of fraud

2. predictive analytics tools and cybercrime intelligence to spot IP addresses and payment patterns, thus
detecting mule accounts and preventing money laundering. These investigative tools are a match for each
other, and when used in tandem, they're a commanding defense against insider threat and external fraud.
Although the thought of functioning together may be possible in small steps, governing financial crime and
cybercrime under the same umbrella necessitates the two entities establish a common ground. In the past
this has been a barrier to stronger integration, raising the cost of each function. With businesses looking at
a cost crush, as they endure and try to recover from the pandemic, internal roles are now under pressure
to find alternative solutions.
The combining of investigative capabilities could be started at the governance level by sharing risk
indicators and reporting to reduce operational costs and deliver an all-inclusive view of the overall
exposure to cybercrime, and in particular financial crime.
Inculcating the essential cybercrime prevention culture in the wider business necessitates the identical
categories of staff training, awareness drives, metrics and policy strategies as those that work for financial
crime and wrongdoing.
Is there an opening to use cybercrime investigation techniques in financial crime investigations? What
interviewing skills can cyber take from financial crime investigations to apply in cybercrime investigations?
What digital evidence is available for financial crime investigators to use? Can cybercrime investigators be
used to train financial crime teams in insider threat response and early case assessment with regard to
employees exiting a company?
Financial crime is becoming increasingly cyber-enabled, and the wrongdoers we seek to identify and stop
take advantage from our having to play catch-up. Some are even now acting to establish the integration of
investigative teams, leveraging tools, skills, and data across the domains of financial and cybercrime.
Nevertheless, rebranding existing teams and creating new centres of excellence against wrongdoing will
entail a momentous change, especially with regard to investigative methodologies, technology, ethos and
risk governance.
Paul Wright
Senior Advisor Forensic Technology