September 19, 2022
by Gergo Varga / September 19, 2022
In today's ecosystem, losses at the hands of enterprising scammers are as inevitable as the changing seasons.
It’s no longer a matter of “if” fraud will happen – rather, it’s a question of how to prepare for an attack, how you’ll be attacked, how to respond, and how to prepare for the future. Cyber resilience is a pressing issue, as it determines how you will survive constantly evolving cyberattacks.
Cyber resilience refers to a company's ability to avoid, prepare for, respond to, and recover from a cyber attack.
Cyber resilience is an organization's ability to prepare for a cyberattack, respond appropriately, and recover cleanly from any damage caused.
Cyberattacks know no bounds. Even organizations with ingrained policies and leadership can fall prey to them. Digital fraud and cyber attacks are like any other business problem – you must identify and mitigate them to keep your business, employees, and customers safe.
And what's even more frustrating? Threats are constantly evolving, and cyber resilience means adapting to the changing cybercrime landscape for better monitoring and vigilance.
As the international economy battens the hatches in preparation for an impending recession, companies should be aware of the increase in fraud losses that always coincide with hard times.
As finances dry up and margins come under closer inspection, the impulse to slash budgets may be very tempting, but compromising the strength of your security stack will inevitably make it harder to bounce back after a breach – resilience is about dealing with change, after all.
What to do, then, when adapting to a changing world means opening up new loopholes for cyber-assailants? When your workforce increasingly wants to work from home, in a purely digital environment, how do you ensure this structure is not exposing any number of your company’s vulnerabilities?
First, your company should be aware of the four legs of risk it stands on, and how each of them might be affected by digital attacks.
Every company can segment its risk appetite into four different silos, all of which are paramount to a company’s stability, and thus its ability to bounce back after an incident.
When implementing a protocol for cyber resilience, consider:
These can be thought of as meta risks, coming from outside of your company’s environment. Factors like media coverage that alter public trust and reputation, regulatory changes, geopolitical stresses, or battling with a competitor.
These risks are obviously older than cybercrime and cyber resilience, but are equally vulnerable, and an unprepared-for attack on this silo is just as damaging as a hit to your cash flow or business-as-usual (BAU) workflow.
The most obvious risk and, thus, the most obvious thing to safeguard is your metaphorical vault, where you keep your very real capital.
While a full-out assault on your digital coffers (or your bank’s) would be unexpected in its audacity, it’s hard to think of a modern cybercrime that wouldn’t somehow be interfering with your liquidity.
As well as this, disruptions in this sector of your company may lead to other headaches down the road, particularly when it comes to documenting your tax complexities or being compliant with financial mandates.
These are the risks involved with how your company physically operates. This includes threats to your employees’ well-being, the control of your physical workspace elements, supply chains, and third-party service providers.
A cyberattack targeting the safety of your employees or physical premises would be damaging to business as usual, as well as your reputation in the short- and long-term.
The risks associated with your company’s data and cyber functions are, of course, both the most vulnerable and the most critical line of defense. As your company’s workforce, data, and products become more digitized, they naturally become more likely to be attacked by an assailant who exists in the digital plane.
Consider that a work-from-home employee base is essentially digitized, as are your networks, and it’s very likely that many levels of your infrastructure are aided by enterprise technologies. However, this same plane is also where you should be mounting a proactive campaign against malicious actors.
Only after developing an understanding of what is at risk for your company can you design an appropriate set of protocols for cyber resilience.
Truly getting ahead of the shadowy cyber-threats on the horizon requires a multi-tiered strategy for your entire company. The most resilient companies – the ones whose business continuity will be the least disrupted – will be the ones that are prepared.
The following framework is a summation of elements any security-minded company should be thinking about when planning its defense.
What are you doing in advance of the anticipated attack? The first step towards sustainable resilience is at the infrastructural level, including:
These may seem basic or obvious, but any oversight is potentially a loophole that could turn into a huge exit wound.
This pillar also includes more advanced pre-emptive security measures, including cyber intelligence. How robust is your Know Your Customer (KYC) compliance process, whether it be mandated by law or introduced to make you more resilient, despite being optional? How ready are you to discern a good actor from a bad one?
Ensuring that only authorized users can enter your digital space is a constantly evolving struggle, as is detecting potential vulnerabilities in your gateway.
Beyond a basic shield, protecting your company’s data requires malware software that can run analytics on your traffic to help you develop a profile of your good users and any malicious ones, most likely through device fingerprinting, velocity checks, and data enrichment.
After gathering enough of your custom data, you should be able to prohibit suspicious users from interacting with your network – at least temporarily.
Think of this pillar as the one that focuses on mitigating the impact of a cyberattack. Even though your company should take for granted that an incident will happen at some point, that doesn’t mean there should be a lapse in actively securing your intellectual space.
When confronted with a cyberattack, your cybersecurity suite should obviously step up, but this is not as simple as simply enabling a shield and hoping for the best.
A fraud prevention solution should be able to help your company map its user data to understand what “normal”, good behavior looks like. Then it should be able to identify (and hopefully isolate) the anomalies, either for manual evaluation by your fraud team or automatic preclusion.
To further limit the negative impact a scaled cyberattack can have on your systems, your employees should be aware of what to do during the incident. Developing a set playbook of anticipated issues, perhaps in response to intelligence gathered as part of the first pillar, will be crucial to navigate through the actual attack.
This will only be effective, of course, if your entire staff is aware of their responsibilities within the playbook and the plays are smartly developed from reliable data.
This pillar mostly asks your workforce to keep calm and carry on, with the support of an existing protocol. That protocol should include teams responsible for re-establishing any infrastructure disrupted by the cyberattack, securing data stores, or restoring any other system whose operation is crucial to business continuity.
Importantly, during this time, companies should also try to document the incident and the recovery process as closely as possible, both to help mitigate issues moving forward (the fourth pillar), and also to share with the business community.
To thrive, malicious fraudsters and other bad actors often rely on communication breakdowns between companies or even within a single company, using the time lost to confusion to maximize the damage they cause.
Fraudsters and other cyberattackers know that once they have used an exploit to successfully damage a company, that avenue will never be open to them again. It is, therefore, part of their nature to always be looking for new exploits and loopholes that security and fraud prevention software has not yet anticipated.
They will adapt, and your organization must as well.
A confident cyber resilient company will collect data passively from their good customer base, but collect even more from incidents of malicious cyber assault. With the help of a risk management program, the company will apply what they glean to predict upcoming vulnerabilities and close them up before they become an issue.
In most cases, security rules will need tweaking, human resources will need to be reassigned to shore up weak points, and protocol playbooks will need to be updated.
Depending on your sector, data breaches and cyberattacks may trigger or necessitate some sort of compliance check. Part of this pillar includes making sure your responsibilities to local mandates are complied with – noncompliance fines can potentially be as costly as an actual attack.
Even for a corporation with any number of minds working on the security team, having four distinct silos of risk and four pillars of best practice protocol is a lot to keep under effective purview.
The problem with these four silos is that they become just that: siloed from each other. In a large company, there are predictable communication breakdowns between departments that fraudsters and other cybercriminals want to take advantage of – organizational blind spots that might turn into a hole if poked enough.
As well, fraud, cybercrime, and other sophisticated cyberattacks will be totally irrespective of your business’ cyber, financial, and operational silos, and will surely cut across all of them in some capacity.
Fraud detection software can be thought of as an effective, holistic safety blanket over your four silos, filling in those blind spot gaps and bolstering your protection. The software should already have some sort of machine learning (ML) to keep fraudsters out of your system, but many fraud solutions should also have a ruleset that can be customized to match your anticipated attackers.
Being able to know exactly what the AI is doing behind the scenes and why it’s taking the actions it is is also important – which is why “whitebox” ML solutions are increasingly preferred over opaque ones.
Some fraud detection tools also offer some sort of data enrichment, including digital footprinting, allowing you to gather the data that will be crucial in developing the profile of said attacker. Overall, in the pillars of cyber resilience, your fraud stack should be able to do a lot of the heaviest lifting.
Enable a fraud prevention tool that allows your security team to create custom rulesets, or specific checks on system users that are tailored to your red flags. These checks can then be set up at historical vulnerabilities in your system or in places anticipated to be problematic in the future.
If you were an attacker, where would you abuse the system? If you can answer that question, you can essentially set up a tripwire near that element using your custom checks.
For example, you run an advertising affiliate program and start noticing an increase in affiliate payouts, but the traffic the affiliate brings in never converts to a profit for you. If you were an affiliate fraudster attacking your company, how would you take advantage of this system? Why not set up a few checks to monitor the affiliate’s traffic more often than just when it’s time to pay them out?
You might notice suspicious patterns like a high velocity of visits or many accounts with essentially the same password. Or, is an affiliate performing with bizarrely good conversion rates? Bizarrely bad ones? Both are reasons to investigate further inside the data insights provided by your anti-fraud software.
A fraud prevention solution that allows you to make bespoke checks can be used to put eyes on the nooks and crannies of your system that don’t usually get enough attention, but can be excellent places for cyberattackers to hide.
Fraud prevention suites should also let you know where your shortcomings are in terms of monitoring your customer activities. By harvesting data from their interactions, you can develop a better picture of a fraudulent actor, then notice their particular markers to exclude similar behavior in the future.
This may require customized rulesets in your machine learning algorithm, or necessitate a custom database whose parameters you set up inside the software.
For example, if you suspect a pattern of fraud, you could set up a custom user check that puts the information of any client that has X location, account age of Y, and spends less than Z into a database. This kind of information might not usually be worth gathering manually, but if your security team wants to look for any patterns in that dataset, it should be simple to set the database, as well as run it automatically and have it generate reports or notifications using fraud software.
Some enterprise-level businesses may want to consider building their own internal fraud prevention utility to have a tool specifically for their needs, but this specificity may be less effective than a product whose scope is more generalized.
Particularly, when considering potential cyberattacks, a fraud solution aimed at a large market will also be trying to cover as many bases as possible – not just the ones for a single company.
For companies whose resources aren’t so expansive, there are plenty of modern solutions. Many of these options will explicitly address creating custom rulesets based on your company’s unique vulnerabilities, and be able to gather data from both the customer-facing side of the system and from internal users. Addressing a common pain point for security teams, many suites are also optimized for easy integration into an existing security stack.
During economic downturns, fraud is expected to explode. Not only because when times are tough, everyone gets desperate (including fraudsters), but also because companies going through layoffs might leave loose threads, or won't have the bandwidth to cover all their security bases.
For a cybercriminal, weaknesses like this are ample opportunity to strike.
Even though your company might be going through dire straits in the same economic downturn, you can and should audit "too good to be true" numbers within your organization. Discovering fraudulent or abusive behavior can be a massive cost-saver in trying times, and fraudsters will leverage anything they can to meet their goal – even your blind hope.
Building a realistic vision of your company’s relation to cybercrime is an essential part of your journey to cyber resilience. In a chaotic world, acknowledging the likelihood that your company will become a victim should be an early step, and certainly not an afterthought.
Finding the right tool to assess your company’s exposure and plan for the future is a given. Thinking proactively will always be the best first line of defense against the next faceless cyberattacker who will be trying to think outside the box in order to defraud or damage your company. But the most important defense will still be actioning your ideas proactively.
Don't wait until it's too late. Proactively combat cyberattacks and detect high-risk online activities with fraud detection software.
Gergo Varga has been fighting online fraud since 2009 at various companies – even co-founding his own anti-fraud startup. He's the author of the Fraud Prevention Guide for Dummies – SEON Special edition. He currently works as the Senior Content Manager / Evangelist at SEON, using his industry knowledge to keep marketing sharp, communicating between the different departments to understand what's happening on the frontlines of fraud detection. He lives in Budapest, Hungary, and is an avid reader of philosophy and history.
A peek at recent headlines backs up what most IT professionals already know: cyberattacks...
The zero-sum game between cyber adversaries and defenders is now becoming lopsided.
A peek at recent headlines backs up what most IT professionals already know: cyberattacks...