Cybercrime is a growing threat for businesses, with 68% of business leaders feeling cybersecurity risks are increasing according to a recent survey by Accenture. This evolving risk landscape includes everything from denial of service attacks to ransomware, phishing through to complex cyber fraud. This high-threat environment has an increasingly acute impact on enterprise risk functions.
The global cost of cybercrime is staggering, and is on track to hit USD10.5tril by 2025 according to the latest version of the Cisco/Cybersecurity Ventures 2022 Cybersecurity Almanac, a huge rise on the USD3.5tril global cost as of 2015.
When we look at how we live, work, and socialize today it’s evident that rapid digitalization has led to a vastly expanded attack surface for fraudsters to target individuals and businesses. Digital processes are now integral to how we operate, from the tap of a key to send a message to the critical banking processes for our household finances. That means protecting those processes is equally vital.
The shift from complex signaling systems underlying communication service providers’ (CSPs) networks, built from multiple specialized hardware and software systems, to 5G networks based on IP-based protocols opens the prospect for cyber-technical level intrusion using off-the-shelf toolkits. This will create a bridge from the existing internet cybersecurity threats into our digitalized smartphone world on CSPs’ 5G networks.
Enterprises are used to assessing and addressing risk. But the sheer volume of data that needs to be analyzed in order to address cyber and traditional fraud risks now represents a major burden for risk management. A critical step to mitigating this risk is recognizing the realities of the landscape, and embracing the need for an integrated approach that provides holistic oversight of your enterprise’s entire fraud management process.
Adapting to a changing fraud environment
Fraud has long been viewed by enterprises as a crime based on deception—tricking customers into giving bank details, creating fake profiles to scam mobile phone credit, or forging signatures to claim unearned funds. In many cases it was positioned as a risk function that was unique and distinct from other areas of potential loss, particularly those financial losses attributed primarily to aspects of compliance such as money laundering, or the process-related risks for revenue leakage.
With the advent of cybercrime, however, risk analysts are now faced with an additional front in this battle, and one which is increasingly blurring the lines that enterprises once sought to keep distinct. A holistic view that incorporates the end-to-end landscape of fraud and financial loss is vital if enterprises are to maintain the safety and security of customers, and reduce the risk to their own bottom line.
The truth is that fraudsters now regularly use multi-channel attacks to defraud customers and businesses. We’ve moved past the days where fraud was encapsulated by a single individual forging a signature to gain access to another person’s finances. Fraud today is often on a truly industrial scale, with bad actors adopting evolving and sophisticated techniques to profit from the misfortune of others.
A multimillion-dollar fraud could begin with a hack to steal user details from a database, often exploiting human error or poor processes to gain unlawful access to data. Yet the value of that data can be actualized in the real world, perhaps through social engineering using targeted scam phone calls that use stolen information as the basis for tricking a customer into believing a fraudster is a legitimate agent of a bank or other enterprise. Fraud is complex, and multidimensional, and requires an equally sophisticated response if enterprises are to address it.
A foundation of data enables enterprises to understand, monitor, and react
While the avenues of attack may differ, good risk analysis fundamentally incorporates three key areas of action, underpinned with the value of good data.
Enterprises want to understand the initial risk, be that the client risk rating, the verification of identity and associated customer history, or the veracity of a particular individual’s online profile and activity. This engagement phase poses the same needs and challenges regardless of whether we’re talking about cybercrime, fraud, or financial and compliance issues.
Once the initial engagement has been made, enterprises then move to monitor activities and events to ensure clear oversight of the evolving profile of an individual or customer. That means transaction histories that continue to develop over time, event history such as call data, and monitoring of digital activity.
Finally, enterprises want the tools, technologies, and strategies to react, to move to address a risk as and when it is identified. This could include cyber forensics, automated account closures, processes to block calls before they reach customers such as Neural Technologies’ SCAMBlock solution, or instant closure of accounts or halting of transactions to reduce financial exposure.
Underpinning these three stages in the modern world is the question of data. The right data is the backbone of an effective fraud management strategy, whether that’s anti-money laundering (AML) compliance, or user data to track persistent cyber fraud threats.
We know from our own history delivering effective fraud management systems for enterprises around the world that siloed working systems mean siloed data. There needs to be a collaborative approach across operational areas and risk teams, creating a truly unified and holistic view of enterprise fraud risks in both digital and traditional systems.
The ability to integrate all data and sources is key to how Neural Technologies’ own product portfolio is developed, and provides the pathway to unlock enterprise-wide oversight of fraud risks, closing gaps that fraudsters can exploit, and delivering comprehensive fraud approaches that recognize the need for quality data to drive the process to understand, monitor, and react across an enterprise.
Extracting information from all these data sources, taking into account the huge volumes, requires a hybrid solution of artificial intelligence (AI) and machine learning (ML) techniques. Increasingly, these techniques are being used effectively to identify cyberthreats based on “known” knowledge. Neural Technologies’ research and development has produced novel techniques that can self-learn through streams of data to automatically identify categories of behavior. That means when new unusual types of repetitive data behavior are identified, AI methods provide detailed reasons analysis to enable determination of whether they represent a new type of threat. As the ML techniques can take data simultaneously from across a wide range of data sources, this gives a holistic method to combat the growing arena of cyberthreats.
Digital capabilities are unlocking new capabilities and opportunities for business, and with that convergence of opportunities comes an equally important convergence of risk. Businesses need to act to address those challenges, and ensure that the value of new technologies doesn’t come at the cost of appropriate fraud risk management.