The blunt truth is, insiders who are close to critical systems—or outsiders who are skilled enough to exploit vulnerabilities in anti-fraud and other security controls—will steal. They may target assets they’re entrusted to protect or cook the books to hide their tracks; in the end both types of fraudsters aim to make off with significant money. Here Chris Camacho, Chief Strategy Officer at Flashpoint, offers expert insight into fighting fraud right on your business’ doorstep.
Fraud persists, and frankly, it’s not realistic to believe businesses can take measures that will permanently eradicate it. Fighting fraud, however, doesn’t have to be in vain.
Get inside the adversary’s head
Anti-fraud systems may be effective and getting better, but they’re not going to deter a profit-motivated criminal. The challenge then becomes an exercise in anticipating the fraudster’s next move. In order to get inside an adversary’s head, anti-fraud professionals must consider what incentivises a fraudster and what their targets could be. In most cases, this is a simple exercise: credit card data, personally identifiable information (PII), user account login credentials, and other types of proprietary data and information are common targets.
It’s also imperative to consider how fraudsters might attempt to hurdle existing controls in order to access your business’ assets. Multi-factor authentication may protect some payment card transactions, but what about gift cards, for example. Unlike bank-issued credit and debit cards, gift cards are generally not held to strict anti-fraud standards, which is largely why they are a desirable asset among many fraudsters. Illicit vendors selling stolen gift cards have become commonplace on the Deep & Dark Web (DDW) in recent years, leading to an uptick in instances of gift card fraud.
Thinking like a fraudster means considering all of the options available to an attacker and admitting that certain systems or processes may be flawed. Proactively identifying and addressing any weaknesses in existing anti-fraud programs—such as what fraudsters determined are often present within gift card security controls—can help businesses better anticipate and prepare for fraud.
Thinking like a fraudster means considering all of the options available to an attacker and admitting that certain systems or processes may be flawed.
Have eyes and ears on DDW fraud forums
Thinking like a criminal is only one part of this strategy. To accurately anticipate how your company, your peers, or your industry is being targeted, it’s important to have insight into the conversations and behaviours of those perpetuating fraud. Not all organisations are going to have proper visibility into these realms, therefore it’s important to have a trusted partner with eyes and ears on the DDW, for example.
Certain DDW forums focus on fraud, and on these forums, certain trends emerge. For example, discussions related to the lax anti-fraud controls of gift cards eventually manifested in a spike in gift card fraud.
Many fraudsters’ ever-evolving tactics bear little resemblance to the tried-and-true fraud schemes with which most businesses are familiar. Although countless variations of credit card fraud, for example, are generally well-known and well-mitigated in the financial services and retail industries, many businesses continue to incur substantial losses from lesser-known types of fraud. In addition to gift card fraud, refund fraud, health savings account fraud, and rewards point fraud are only a few of many such examples that were initially conceived within the cybercriminal underground before posing a threat to businesses.
The DDW can be a rich source of insight into emerging fraud tactics and schemes. But because accessing and engaging within these online communities can be challenging and risky without the proper expertise and protections, businesses are encouraged to work with reputable intelligence vendors to more effectively, easily, and safely gain visibility into the cybercriminal underground.
Just as fraudsters are extremely resilient, persistent, and resourceful, businesses, too, should seek to emulate these characteristics when fighting fraud. This means approaching fraud from new perspectives, learning about emerging schemes and tactics proactively.
Keep track of regional ties and variations
Analysts have tied different types of fraud certain regions such as Eastern Europe, forcing businesses go to great lengths to gain insight into new schemes and tactics. These types of insights are critical for establishing countermeasures, the most effective of which typically account for the social, cultural, and linguistic nuances known to characterise fraudulent activity originating in certain regions.
But in recent years, new cybercriminal communities and, as a result—new tactics and types of fraud—have quickly emerged in many more regions. Latin America is one such example. While fraudsters in Latin America have long been considered unsophisticated, unorganised, and unlikely to pose any substantial threats to businesses, this community has since evolved substantially. Many businesses that previously had no reason to monitor the Spanish-language cybercriminal underground are now striving to understand and combat threats originating from fraudsters in Latin America. And given that threats and indicators can vary substantially across different regions and communities, keeping track of these variations and new developments is a must for businesses and anti-fraud teams.
Assessment
Just as fraudsters are extremely resilient, persistent, and resourceful, businesses, too, should seek to emulate these characteristics when fighting fraud. This means approaching fraud from new perspectives, learning about emerging schemes and tactics proactively, and seeking third-party services and expertise when necessary. While businesses have little control over the existence of fraud, they can control the extent to which they prepare for and mitigate this ever-evolving threat.
In light of the recent cyberattacks that TSB and British Airways were faced with, Andy Barratt, UK Managing Director at cybersecurity consultancy Coalfire, delves into the trend for large corporates to be hit harder by IT glitches than their SME peers.
It seems barely a week goes by without the world’s news channels breaking the story of a major cybersecurity incident affecting yet another household-name business. In the last month alone, we’ve seen CEOs fall on their swords, the value of shares plummet and hundreds of thousands of people urged to re-secure their online accounts after IT failures and malicious attacks caused widescale disruption.
In the modern age, no business is safe – either from external threat or from itself. The IT saga that engulfed TSB this summer, and ultimately cost the bank’s CEO Paul Pester his job, is an example of a big business causing itself a monumental headache through poor risk management.
Bank customers were left without access to their digital accounts for weeks as TSB tried to migrate its clients’ account details across from its existing IT platform to that of its new Spanish owner, Sabadell. When IBM was called in to consult on the issue, it quickly became apparent that insufficient testing had been carried out in advance to ensure the transfer process would run smoothly.
Customers, MPs and journalists alike have since accused TSB of having its head in the sand over the incident, failing to get to the root of the issue quickly enough and keeping customers in the dark. The question on the public’s lips was ‘how could this happen to a business with presumably vast security resources?’.
Corporates miss security sweet spot
The answer is that behind the curtain – and contrary to accepted wisdom on cybersecurity – large enterprises are often not the best prepared to protect themselves against cyber risk, despite having bigger budgets and more resources. Coalfire recently conducted its inaugural Penetration Risk Report, which tested the cyber defences of enterprises of various sizes across sectors including financial services, retail, healthcare, and tech and cloud services. The research involved simulating planned cyber-attacks against the businesses – a practice known as penetration testing - to identify weak spots in their security armour.
A financial services organisation fared better that most. But even in this comparatively well-performing sector we found that large enterprises were not the most secure, despite having the most substantial cybersecurity budgets. Instead, it was mid-sized firms that found the sweet spot in terms of protecting their assets and mitigating their security risks.
So why doesn’t bigger spend correlate to improved security?
It’s worth noting at this point that TSB’s issue was not caused by malicious intent or outside interference. However, the incident highlighted a disturbing lack of understanding running throughout the business that is indicative of how large corporations expose themselves to risk.
Culture shocks
Business leaders must become comfortable hearing about problems and technical risk when it comes to IT. Often in large organisations, there is a mindset that the board doesn’t want to know about a problem, so risks are constantly re-framed and cracks painted over.
Consequently, senior executives often don’t have visibility of deeply-rooted issues and, ultimately, make decisions that don’t factor those risks in. This can be particularly unhelpful when businesses are looking to innovate as investment in new technology (mobile banking, rapid deposit taking, etc.) is hamstrung by existing technical challenges.
This mindset where boards are in the dark often occurs in organisations where a culture of blame is prevalent. We must move to a corporate environment where staff feel comfortable elevating issues to management rather than patching them up.
In the worst-case scenario, this disconnection between boardroom and shop floor can leave senior spokespeople fronting up to the media with little understanding of the issues that have embroiled their business in controversy. Highlighting how it should be done was British Airways’ Chief Executive Alex Cruz, who was quick out of the blocks to publicly communicate a detailed understanding of the specifics after the flight operator discovered a malicious breach in September.
Heads will roll
In the immediate aftermath of TSB’s IT failure, the Financial Conduct Authority accused the bank’s leadership of ‘portraying an optimistic view’ and failing to adequately communicate the extent of the issue to the public. The bank apologised unreservedly but the real question remained about its competence and whether TSB’s leadership understood, or was on top of, the job at hand.
While it would be unreasonable to expect the CEO of every UK bank or FTSE 100 business to be an expert on IT and cybersecurity, ultimately the buck stops with them. Given the monumental disruption to reputation and performance, there are a lot of lessons senior leaders can learn from the case of TSB.
Partner networks
Large businesses can also be put at risk due to the security shortcomings of the many partners they work with. This issue was evident when Ticketmaster was subject to a supply chain attack earlier this year. In this case, hackers used code supplied by Ticketmaster’s chatbot operator to extract payment details from its website after the code in question was incorrectly repurposed by Ticketmaster’s in-house team.
Similar activity was likely at play for the British Airways data breach, where data was lifted live from its website most likely via third-party code. BA is a regular participant in industry forums and best practice initiatives, and yet has still been affected, highlighting the risk big businesses face through their extended network of partners. Airlines in particular are at risk of attack because they frequently rely on complex infrastructure and shared services provided by airports, booking agents, aggregators and global distribution systems. Many don’t meet the security compliance rules we set here in the UK.
The same can be said for the financial services industry where there is constant interaction between myriad third parties and their affiliated platforms. For businesses of this size, resilience in the face of an attack is the modern approach. Always assume that someone will find a way in. Responding to that quickly will enable you to minimise loss.
To err is human
It’s also worth considering the somewhat unavoidable risk human threat poses to large institutions given the number of people they employ. It goes without saying that the potential for human error increases exponentially the bigger a work force is.
Our Penetration Risk Report found that people remain companies’ biggest weakness – across all sizes and sectors. Whether through human error or creating opportunities for social engineering hacks, the chances are that your staff will be your cybersecurity Achilles’ heel.
Accountancy giant Deloitte was targeted last year as hackers got hold of confidential data via an administrator’s account which had only single-factor authentication in place. In this case, it’s likely that access was achieved after the account password was exposed through phishing – where hackers pose as a trustworthy entity (usually via email) to obtain sensitive information such as usernames and passwords.
GDPR
Fortunately for the majority of the businesses mentioned in this article, the breaches and failures fell before the arrival of GDPR. British Airways, however, is the first high profile business to experience a major data breach since new rules came into force in April. The new rules outline that a business can be fined as much as 4% of turnover if it has failed to take technical precautions to protect its customers’ data. Unfortunately for BA, if it is found to have failed in that duty of care, then its fine could total £489million.
On top of reputational damage, the proportionate nature of GDPR means that, more than ever, cybersecurity is an issue big businesses can’t afford to get wrong. The days of thinking ‘bigger is always better’ are numbered.
ABOUT COALFIRE
Coalfire is the trusted cybersecurity advisor that helps private and public-sector organisations avert threats, close gaps and effectively manage risk. By providing independent and tailored advice, assessments, technical testing and cyber engineering services, we help clients develop scalable programs that improve their security posture, achieve their business objectives and fuel their continued success. Coalfire has been a cybersecurity thought leader for more than 17 years and has offices throughout the United States and Europe.
For more information, visit Coalfire.com.
ABOUT COALFIRE LABS
The Coalfire Labs team leverages highly skilled penetration testers with focused expertise in helping organisations of all sizes improve their security posture by thinking and acting like an attacker. Coalfire Labs simulates threats, evades your defences, and hunts for active breaches in your environment, and then helps you understand the risk and impact to your organisation.
With cybercriminals costing the global economy $600 billion last year alone, global digital threat management leader RiskIQ tapped proprietary and third-party research to examine the growing volume of malicious activity on the internet to reveal the latest ‘Evil Internet Minute.’ The data shows that in a single evil internet minute, $1,138,888 is lost to cybercrime, and 1,861 people fall victim. Despite businesses’ best efforts to guard against external cyber threats, spending up to $171,233 in 60 seconds, attackers continue to proliferate and launch successful campaigns online.
“As the internet and its community continue to grow at a rapid pace, the threat landscape targeting it grows at scale as well," said RiskIQ CEO Elias Manousos. "We made the vast numbers associated with it more accessible by framing them in the context of an ‘internet minute’. Leveraging the latest research as well as our own global threat intelligence, we're defining the sheer scale of attacks that take place across the internet to help businesses better understand what they’re up against on the open web.”
Attacker tactics range from malware to phishing to supply chain attacks targeting third-parties. Their motives include monetary gain, large-scale reputational damage, politics, and espionage. Cybercriminals continue to find success in a range of tactics including launching 1,274 pieces of unique malware and deploying more than nine malvertisements each evil internet minute.
RiskIQ’s research has also uncovered additional malicious activity each minute, ranging from blacklisted mobile apps to malvertising:
- 1.5 organisations fell victim to ransomware attacks every minute with an average cost to businesses of $15,221
- .17 blacklisted mobile apps
- .21 new phishing domains
- .07 incidents of the Magecart credit card skimmer
- .1 new sites running the CoinHive cryptocurrency mining script
- 4 potentially vulnerable web components discovered
“As companies innovate online to make more meaningful touchpoints with their customers, partners, and employees, attackers prey on their lack of visibility into their internet-facing attack surface to erode users’ trust and access credentials and sensitive data,” Manousos said. “Businesses must realise that they are vulnerable beyond the firewall, all the way across the open internet."
To view RiskIQ’s Evil Internet Minute infographic, please click here.
Financial organisations are expanding their online presence across web, mobile, and social channels at a pace that is unprecedented. Overall this is great, as it provides increased access for customers and levels the playing field by allowing organisations of all sizes to broaden their reach and cut costs. However, this expanding digital presence also comes with increased risks, as it enlarges the attack surface that can be exploited by cybercriminals and increases the number of legitimate digital channels they can impersonate to dupe customers. To this last point we are seeing increasingly creative ways of leveraging digital brands to target organisations and their customers.
The threat of brand impersonation
Organisations can no longer afford to ignore any of their digital channels as an opportunity for brand impersonation; domain infringement, phishing, rogue mobile apps and fake social media accounts all form part of the adversary’s arsenal. As it goes, financial organisations are especially vulnerable – our recent report**, which details trends in phishing activity, revealed that financial institutions are almost always the target of the highest volume of attacks - capturing 40% of all phished brands.
Cybercriminals continually adapt their tactics in an effort to stay ahead of recent developments in the cybersecurity industry. Many are currently exploiting the interconnectivity of today’s digital world to maximise their reach through multiple channels to conduct fraud, distribute malware and carry out other abusive activities. That finance organisations get targeted so often is no surprise. Not only does the sensitive and valuable nature of the data that they are entrusted with naturally attract malicious actors, but since many companies operate in multiple countries they also tend to lack visibility across all their digital assets and find it difficult to react quickly to potential brand impersonation threats. More often than not, significant numbers of customers end up getting scammed before social threats are identified and properly remediated.
A recent example of this is the phishing campaign observed during TSB’s recent IT meltdown – during which the bank itself warned customers about fraudsters posing as TSB and attempting to trick people into handing over sensitive information in order to steal their money. Mitigating against these types of threats should be a top priority for organisations across the finance sector.
Security and fraud prevention strategies
The nature of targeted attacks has changed. Not only are we seeing a multi-channel approach from malicious actors, the short duration of many of these campaigns makes them difficult to detect and respond to. For example, it’s not uncommon to see phishing campaigns that last less than a day. Identifying potentially infringing digital assets across the vastness of the Internet in a timely manner requires internet scale automation and sophisticated machine learning to be effective.
Maintaining up-to-date asset inventories across web, mobile and social platforms enables security teams to quickly distinguish fake domains, web pages, mobile apps and social accounts from legitimate ones that may belong to different parts of the organisation. Today it is quite common for corporate IT and security teams to lack visibility into as much as 30 % of their organisation’s publicly exposed digital assets.
Once an infringing asset has been identified, organisations need to ability to quickly respond, no small challenge given the number of domain registrars, hosting providers, mobile app stores and social media platforms there are to deal with. Automation can play a key role here in sending out legal notices, monitoring responses and escalating when necessary. Once taken down, automation can continue to monitor for the reappearance of offending assets.
To benefit from these advances, financial organisations will need to adopt new technologies and modify working practices. Many have already established dedicated external threat management teams that work alongside other security teams to ensure that the organisation has a holistic view of threats, both within their corporate networks and out on the open Internet.
When it comes down to it, customers entrust financial organisations with highly valuable and personally identifiable data and ensuring that they continue to do so requires there to be a high level of trust in the organisation’s brand. Counteracting brand-related threats is therefore key to any organisation that wishes grow its customer base going forward.
Website: https://www.riskiq.com/
There used to be a certain romance about a classic bank robbery - the outlandish plots, the intricate planning and the ingenious strategies (often involving digging tunnels) designed to get criminals into the vault and out with the cash. In the 21st century, though, the digital banking revolution means that instead of cracking the vault, cybercriminals are concentrating on cracking the network and moving laterally within it to get their hands on the goods. This doesn’t make for such great movie plots but it does mean that banks are facing a far more relentless threat to their security systems. Below Finance Monthly hears from Rick McElroy, Security Strategist of Carbon Black, to find out how today’s would-be bank robbers are targeting the digital vault.
It’s no surprise that the financial sector is constantly under attack as criminals pursue financial gain directly, or via the theft and sale of valuable customer data. The number of material cyber incidents reported to the Financial Conduct Authority rose 80% in 2017 and that trend is only likely to continue. More specifically, what we found when talking to CISOs is that the threat has undergone considerable evolution in the past three years and the last six months have seen still greater innovation from cybercriminals as they adopt new techniques, tactics and procedures to thwart banks’ attempts to keep them at bay.
The invisible invasion – fileless attacks on the rise
Instead of leaving a gaping hole in the door of the vault, cybercriminals would rather banks didn’t know they’d got in at all. Fileless or non-malware attacks are increasing as actors “hide in plain sight” using legitimate tools, such as PowerShell and Windows Management instrumentation, to gain illegitimate access to networks and facilitate lateral movement without detection. 90% of the CISOs we talked to had seen PowerShell being used during an attempted attack on their network. This awareness is actually a good thing, because with 97% of Carbon Black customers suffering non-malware attacks in the last year, if our CISOs hadn’t spotted an attack of this kind it would simply have meant that the attacker had succeeded in getting in unseen.
Ransomware remains a tactic of choice for cybercriminals with 90% of financial institutions reporting that they were targeted by a ransomware attack in 2017. The commoditisation of ransomware, which now sees it offered on an “as-a-service” basis, and the lack of expertise needed to carry out attacks means that it has become the lowest common denominator of cybercriminal activity and with financial gain being the primary motivation of most cybercriminals, it’s not surprising that banks are a regular target.
Criminal masterminds are getting smarter
So far, so familiar, but a most interesting and concerning development uncovered by our survey was that a quarter of CISOs had experienced counter-incident responses when defending their networks. Attackers have realised that network defence is often based on simple indicators of compromise that launch an automated or manual incident response playbook. By going off-script after their initial attempt, they can find another way in while security teams think they have thwarted the original threat. Tactics include mutating code, targeting security analysts and engineers in separate but coordinated attacks, deleting logs from endpoints to obscure their activities and launching DDoS attacks on critical defence systems. As attacks grow in sophistication, cyber security becomes a high stakes game of digital chess, where the attacker only has to be lucky once, but defenders need to get it right every time.
The weakest link – third party providers
It’s not just their own security banks need to consider. The security of third party technology service providers is becoming an increasing concern as attackers seek out the weakest link in the chain. They use suppliers’ privileged credentials with the banks’ networks as a stepping stone to gain access to their real target. 44% of CISOs at financial institutions said they’re concerned about this issue and as more incidents come to light the scale of the problem will be more clearly revealed.
To combat the twenty-first century thief, we need to remember that we’re talking about human assailants here. It’s logical that attacks will grow more sophisticated as attackers learn more about companies’ defences – the potential loot is well worth the effort of innovation. Security teams are locked in a cycle of reactivity which needs to be broken if they are to gain the upper hand. So far, only 37% of financial institutions say that they have established threat hunting teams which means that, far from keeping thieves out of the building, 63% are still having to wait until they hear them knocking on the door of the vault before they can act. With an average of 220 days between intrusion and detection a lot of digital gold can leave the building before anything is done about it!
By actively threat hunting, teams look for signs of abnormal activity on endpoints that could indicate compromise well before any alerts are generated. To quickly detect and respond to threats, suppress intrusion and prevent lateral movement, financial institutions need to collect and analyse endpoint data in near-real-time. By doing this they can build up a ‘sight picture’ of attacker behaviour relating to internal movement and external command and control channels. Once these anomalies have been detected and analysed they can be communicated to existing control mechanisms and action taken to disrupt and contain the attacker’s kill chain.
In the age of the digital bank heist a proactive threat hunting strategy is far more effective at stemming the network invasion, capable of evolving alongside the TTPs used by assailants and stopping their digital tunnelling towards the vault. It won’t make such a classic movie, but it will put a bit of star power in the hands of CISOs and security teams who really are the lead actors in the fight against cybercrime.
As a society, we cherish our right to privacy probably more than anything else. Sharing is great, and we all enjoy it, but there is always that other side, the untold story, the personal, the secret. Now, let’s extrapolate this to a societal level. How many information is out there, purposely being concealed for the sake of greater good, for the sake of our own safety? The number is probably unfathomable. Today, when everything is online, and our lives are intertwined with a world most of us know nothing about, privacy and safety become an issue of epic proportions.
That is why we need to talk about cybercrime and utilize the very best VPNs . However, instead of writing a tract of tedious length, here is an infographic that outlines the most important cybercrime facts all of us should be aware of in 2018.
www.Zagg.Com/Register for Zagg customers
(Source: BestVPNs)
Whilst recent cyber-attacks have highlighted the need for all organisations to review their IT security, many business owners remain unaware how vulnerable reliance on mobile devices can leave them to cybercrime.
According to a recent report, two thirds (64%) of SMEs currently rely on mobile phones for business purposes, with an increasing majority of these (49%) being smartphones. However, recent reports indicate that iOS devices such as iPhones are no longer immune to malware attacks and Android-powered phones remain especially susceptible to malicious mobile apps. As a result, A&O IT One Solution (www.aoitgroup.co.uk) is urging small businesses to minimise their corporate security risk by a full audit to assess their threat levels.
With 66% of SMEs having experienced cybercrime, the worldwide IT support and technology services specialist recognises that smartphones are not always covered within their computer and internet usage guidelines. As a result, employees may not realise that mobile malware could allow hackers to access sensitive information, from downloaded work files and confidential emails to login details.
Rod Moore, chairman of A&O IT One Solution, said: “As mobile devices continue to blur the lines between traditional phone and IT devices, it can be all too easy to overlook how smartphones are an extension of your IT equipment. However, with cyber-related attacks having the potential to bring small businesses to their knees, it’s essential that SMEs ensure any phone being used for work purposes has the same level of antivirus software installed on it as office computers.”
(Source: A&O IT)
Here Charlie Abrahams, Senior Vice President of MarkMonitor, a brand of Clarivate Analytics, discusses with Finance Monthly the problems behind cybercrime, in particular phishing and fraud.
While internet commerce has enjoyed exponential growth over the past 15 years, it has also created a significant opportunity for bad actors to indulge in cybercrime. It not only affects a brand’s revenue stream, but more importantly its reputation. As a result, organisations are investing in brand protection technology and processes – not just to prevent brand abuse and counterfeiting, but also prevent other forms of cybercrime. Keeping your intellectual property safe requires a multi-layered approach, regardless of the size of the business or the type of information you hold.
While it’s true that cyber criminals are targeting all industries, the financial services industry is particularly at risk. Firms within this sector have many high-value assets that make them an attractive target for cyber criminals — including significant intellectual property relating to their business processes and transactions, Las Vegas Immigration Lawyer and the financial records and customer data. Financial services companies stand to lose a lot more than money should cyber criminals be successful. Brand reputation would suffer, customer trust would be irrevocably damaged, and there may well be wider consequences such as fines from financial regulation bodies, especially with the deadline for compliance with the new European Union General Data Protection Regulation (GDPR) fast approaching. As a result, the financial services segment is one of the biggest buyers of enterprise security technology.
However, all that investment in enterprise security technology does not offer any protection for one of the most popular methods that is being used to take advantage by cyber criminals - phishing. The reason is that phishing attacks don’t target the enterprise, but directly their consumers, and this is where brand protection technology comes in. Phishing has been around in some form for the past few decades and are essentially emails — sent from what appears to be a legitimate source — asking for personal information, such as login details, passwords, payment card details, etc.
Over the years, phishers have evolved in the way they carry out their cyberattacks. They are creating phishing websites to collect passwords, conduct identity theft schemes and carry out online advertising scams. Despite being a relatively low-tech method of cyberattack, it remains one of the most effective. Research conducted by a German university found that 78% of respondents admitted to opening unknown emails and clicking the links within, despite also claiming that they were aware of the dangers of phishing. This shows there is still work to be done in raising awareness around how to avoid being caught out by these cyber criminals.
Given the continually threatening nature of phishing, protecting and proactively defending organisations has never been more important within the financial services industry.
The first crucial step for businesses is to be fully prepared and adopt a ‘when’ rather than an ‘if’ approach, with the aim of preventing the attacks in advance. Organisations can set up early warning systems alerting them of new domain registrations — that may misleadingly read like their brand name and may target that brand to host malicious content — before it impacts their customers, for example.
Fraudulent activity can also be detected using the right intelligence, as well as proactively monitoring and analysing key intelligence sources to detect phishing and malware activity across email and other digital channels. Fintech businesses need to shut down or restrict access to phishing sites, and should consider partnering with an anti-fraud (brand protection) vendor to share their phishing alerts with Internet Service Providers (ISPs), browsers, email providers and security vendors, helping them block malicious sites at the Internet gateway.
Lastly, all businesses — not just those within the fintech sector — should draw up an online brand protection strategy, which outlines the actions that should be taken in the instance of any particular cyberattack, including phishing. A brand protection strategy essentially means that you’re covered and ready to counter any of these infringement acts should they ever happen. Without a strategy, businesses are likely to either make snap decisions that might harm the brand, or spend precious time considering the multiple options available, by which time the damage has been done.
In this day and age, companies, regardless of the industry in which they operate, simply cannot afford to leave themselves vulnerable to phishing attacks. The risks are simply too great, and as public awareness of such cyberattacks continues to increase, the reputational damage that comes as a result is only likely to get worse. Therefore, brands must be more proactive in fighting the cyber threat, while each business should be backed up by a comprehensive brand protection strategy.
