Here Charlie Abrahams, Senior Vice President of MarkMonitor, a brand of Clarivate Analytics, discusses with Finance Monthly the problems behind cybercrime, in particular phishing and fraud.
While internet commerce has enjoyed exponential growth over the past 15 years, it has also created a significant opportunity for bad actors to indulge in cybercrime. It not only affects a brand’s revenue stream, but more importantly its reputation. As a result, organisations are investing in brand protection technology and processes – not just to prevent brand abuse and counterfeiting, but also prevent other forms of cybercrime. Keeping your intellectual property safe requires a multi-layered approach, regardless of the size of the business or the type of information you hold.
While it’s true that cyber criminals are targeting all industries, the financial services industry is particularly at risk. Firms within this sector have many high-value assets that make them an attractive target for cyber criminals — including significant intellectual property relating to their business processes and transactions, financial records and customer data. Financial services companies stand to lose a lot more than money should cyber criminals be successful. Brand reputation would suffer, customer trust would be irrevocably damaged, and there may well be wider consequences such as fines from financial regulation bodies, especially with the deadline for compliance with the new European Union General Data Protection Regulation (GDPR) fast approaching. As a result, the financial services segment is one of the biggest buyers of enterprise security technology.
However, all that investment in enterprise security technology does not offer any protection for one of the most popular methods that is being used to take advantage by cyber criminals – phishing. The reason is that phishing attacks don’t target the enterprise, but directly their consumers, and this is where brand protection technology comes in. Phishing has been around in some form for the past few decades and are essentially emails — sent from what appears to be a legitimate source — asking for personal information, such as login details, passwords, payment card details, etc.
Over the years, phishers have evolved in the way they carry out their cyberattacks. They are creating phishing websites to collect passwords, conduct identity theft schemes and carry out online advertising scams. Despite being a relatively low-tech method of cyberattack, it remains one of the most effective. Research conducted by a German university found that 78% of respondents admitted to opening unknown emails and clicking the links within, despite also claiming that they were aware of the dangers of phishing. This shows there is still work to be done in raising awareness around how to avoid being caught out by these cyber criminals.
Given the continually threatening nature of phishing, protecting and proactively defending organisations has never been more important within the financial services industry.
The first crucial step for businesses is to be fully prepared and adopt a ‘when’ rather than an ‘if’ approach, with the aim of preventing the attacks in advance. Organisations can set up early warning systems alerting them of new domain registrations — that may misleadingly read like their brand name and may target that brand to host malicious content — before it impacts their customers, for example.
Fraudulent activity can also be detected using the right intelligence, as well as proactively monitoring and analysing key intelligence sources to detect phishing and malware activity across email and other digital channels. Fintech businesses need to shut down or restrict access to phishing sites, and should consider partnering with an anti-fraud (brand protection) vendor to share their phishing alerts with Internet Service Providers (ISPs), browsers, email providers and security vendors, helping them block malicious sites at the Internet gateway.
Lastly, all businesses — not just those within the fintech sector — should draw up an online brand protection strategy, which outlines the actions that should be taken in the instance of any particular cyberattack, including phishing. A brand protection strategy essentially means that you’re covered and ready to counter any of these infringement acts should they ever happen. Without a strategy, businesses are likely to either make snap decisions that might harm the brand, or spend precious time considering the multiple options available, by which time the damage has been done.
In this day and age, companies, regardless of the industry in which they operate, simply cannot afford to leave themselves vulnerable to phishing attacks. The risks are simply too great, and as public awareness of such cyberattacks continues to increase, the reputational damage that comes as a result is only likely to get worse. Therefore, brands must be more proactive in fighting the cyber threat, while each business should be backed up by a comprehensive brand protection strategy.