The growing intersection of cyber security and fraud prevention
Cybercrime is a growing phenomenon globally but is increasing at a more rapid rate in Africa, cybercriminals have considered Africa an opportune spot to commit their criminal acts.
As technology advances, so does the evolution of the fraud landscape, moving from types of fraud like ATM fraud, Application fraud, Internet banking fraud, and mobile banking fraud to more evolved cyber-enabled fraud like Malwares and Trojans, to phishing, DDoS, Botnets and Ransomware to name a few.
It is steadily becoming a big business, complete with paid employees given new tools to access multiple user accounts and infiltrate organizations at will. In 2013 for example, the malware was deployed by an organized criminal gang, they gained access to the bank’s system through phishing and then transferred inflated balances to their accounts or pre-programmed ATMs that dispensed cash to their waiting accomplices. They made off with over $1 billion.
Technology has made this process so sophisticated but simple as well and with incredible precision. Today all it takes is:
- With a process called “spear phishing”, they send an email with the backdoor malware attached to an employee of the targeted organization.
- Once the attachment is opened, the backdoor is activated and the employee’s credentials are stolen.
- This malware then spreads through machines on the network searching for the Admin PC.
- When the Admin PC is located, the attacker intercepts the Admin screen and mimics his behavior and processes for their cash transfer system.
- After this is done, all they need to do is change figures on account balances and transfer funds through different wire transfer channels or to programmed ATMs.
Cyber-enabled attacks are becoming more ambitious, creating personalized attacks to exploit personal information & break through security protections.
As the success of cyber-attacks, fraud and financial crimes are becoming increasingly dependant on information security, a new operating model must be devised, the traditional siloed approach to these interconnected risks have become indefensible.
Bringing together the efforts of fraud prevention, information & cyber security units would create a stronger line of defense. In these units, a typical countermeasure in assessing threats or attacks would be to: Identify & authenticate the user, monitor & detect behavioral or transaction anomalies, and respond to mitigate risks & issues.
Considering the fact that these measures are supported by similar data & processes, bringing these unit’s data sources together would significantly improve visibility while providing insights that would evolve detection capabilities & prevention efforts.
Developing a new operating model and the level of integration is dependent on your existing organizational & governance design. Full integration is the aspiration but adopting the wrong initial model to your organization would harm your security’s integrity.
GTBank in partnership with Resourcery Plc is taking a step forward in achieving full integration with the completion of its new Uptime Institute Certified Tier III Design Data Center. This is a space dedicated to all their IT infrastructure, data storage, backups, and recoveries.
The AFRICAN CYBER SECURITY AND FRAUD PREVENTION FORUM aims at transforming the current operating model to match the evolving landscape of financial crime. Scheduled to hold in Lagos, Nigeria on 6th-7th May, 2020.
Experience engaging sessions with Bharat Soni, MBA / Chief Information Security Officer / GT Bank Plc and other leaders on rethinking approaches to take advantage of the synergies available in integration and strategic prevention on our journey towards a unified operating model for financial crime, fraud & cybersecurity.