Tackling fraud: Moving beyond the lock-and-key
With recent warnings of an accelerating ‘cyber arms race’ in the months ahead, every business should establish a review of their defences against cybercrime as a priority.
With recent warnings of an accelerating ‘cyber arms race’ in the months ahead, every business should establish a review of their defences against cybercrime as a priority.
If the unending news stories reporting yet another major cyber fraud haven’t been incentive enough to prompt businesses to review existing security and compliance processes, the recent expert study by a UK government counter-fraud agency should alarm even the most complacent of executives.
The National Crime Agency (NCA) ‘Cyber Crime Assessment’ report concludes that cyber fraud represents an “existential threat” to businesses, and one that can result in substantial loss of revenue and valuable data, significant fines, reputational damage and executive-level dismissals.
The NCA further warns of a growing “cyber arms race” in 2017, with the accelerating pace of technology and criminal cyber capability currently outpacing the dated defences of businesses.
This technology arms race potentially features highly resourced state-sponsored bad actors. The widely-publicised cyberattack in February 2016 on Bangladesh Bank – reportedly the ‘biggest ever cyber-heist’ – used SWIFT messages to transfer US$81m from the Federal Reserve Bank of New York to fraudulent accounts in the Philippines. While investigations are still ongoing, multiple agencies have identified forensic connections with North Korea, suggesting that government-backed entities are possibly targeting global payments infrastructures through weaknesses in the local environments of organisations connected to them.
The increasing number of corporates and non-bank financial institutions utilising SWIFT for multi-bank connectivity and payments need to ensure they are compliant with the new SWIFT customer security programme, which enhances security and audit controls and provides a framework for ensuring a comprehensive counter-fraud system is in place for your organisation.
Reviewing your defences
What can businesses do to defend their finances, data and reputations against such seemingly sophisticated adversaries? Is this even possible?
The good news is that solutions do exist that can provide extremely high levels of fraud detection and prevention capabilities. The bad news, however, is that traditional security approaches such as intrusion prevention and log analysers are simply not enough to defend your organisation against the growing cyber fraud threat and compliance challenges we all now face.
Whatever the size, structure, or geographical spread of your organisation, there are some common issues that businesses should review when assessing existing procedures. Here are four core considerations that should form part of your defensive armoury review:
Your risk management officer has strong firewall and intrusion prevention systems in place. Network endpoints are monitored, with access controls and application security running smoothly. Such a static ‘lock-and-key’ approach is unfortunately ill-suited to the fraud challenges we face today. This security approach, while certainly not fool proof, is focused upon protecting business assets and systems from unauthorised ‘external’ intrusion.
Investigations by the UK Association of Certified Fraud Examiners (ACFE) confirm that 78% of fraud losses are committed by – or depend upon – insider employees. A focus solely upon locking down your digital perimeter defences can overlook this significant internal risk, with fraudsters gaining credentials for ‘authorised user access’ to your payments systems.
External intrusion prevention best-practices should of course be followed, but this needs to be viewed as an outer base layer to a more comprehensive cyber security approach.
The alternative to yesterday’s static outlook is comprehensive process monitoring and analysis across all applications, channels and data repositories. This holistic approach can non-invasively capture all user interactions and processes across all systems with capabilities to compare activity in real-time against established historical norms. This makes it possible to detect abnormal behaviour or instructions that are indicative of fraud.
Such fraud prevention solutions alert security teams to suspicious behaviour, preventing crime, data and identity theft. This ensures staff accountability by capturing user behaviour across multiple platforms in all environments, creating centralised visibility. In addition, once employees are aware that system actions are being monitored, unauthorised activity is deterred.
In addition to broad fraud prevention objectives, businesses face increased regulations that can span sanctions screening, anti-money laundering (AML) and know-your-customer (KYC) obligations. Ensuring compliance with global regulations can be costly and complicated. It requires that organisations perform appropriate due diligence, including screening financial transactions for suspicious activity, and checking customers against global sanctions lists. An effective AML compliance process should include the ability to detect direct and indirect links between accounts and customers, along with the ability to match against similar names, aliases, and spelling variations.
Enforcing policies to meet complex compliance demands are harder across multiple channels, unless you can capture and analyse data and behaviour regardless of systems and time. To ensure your financial and reputational security, your compliance regime needs to have such an integrated overview. Of critical importance is the ability to monitor financial transactions in real-time, as well as proactively flag and alert to abnormal customer and employee activity – both of which could be linked to money laundering schemes.
Powerful anomaly detection capabilities provide significant protection against attempted payments fraud – initiated from whatever source, internal or external. The tools to investigate alerts and incidents should be configurable to the different needs of your business-lines or departments. For regulatory compliance, flexible and detailed reporting and audit trails are essential.
Solutions that possess the ability to replay user activity screen by screen can provide powerful investigatory powers and controls – enabling rapid case investigation and resolution. Systems should also be capable of securing captured data for legal submission if required.
With growing rates of financial fraud and heightened regulatory obligations, it is imperative that your existing compliance and risk mitigation systems and processes are reviewed. A comprehensive cyber fraud and risk management solution can ensure you keep your finances, your data and your business reputation secure – against all adversaries. This is an arms race you can win.