Cyber Fraud Attacks are serious borderless concerns to government, being impacted or exploited from anywhere in the world. Fraud scams need not be sophisticated to be successful in damaging reputation and revenue for all governments, and businesses within.
Cyber Fraud affects countries, business, and consumers worldwide, and while Cyber Fraud attacks grow in complexity and volume, denial that something needs to be done continues to empower and elevate Cyber Fraud’s exponential destructive growth.
Here we will discuss where the business process and technology are working, and why it is a present business imperative.
Cyber Fraud is an active threat, Enterprise Must Keep Pace.
Enterprise Cyber Fraud is not an emerging threat, it is a present risk that introducing complexity and the threats of cyber criminal attack are breaching in seconds, and Cyber Fraudster evolution in attack vectors are increasingly successful mobile attacks within financial services, at the rate of 3 Billion “automated cyber intelligent” Bot attacks in the second half of 2018
The Cyber Fraudsters hacked into the Bangladesh Central Bank using a classic email phishing that exploited a record USUS$81 million theft- the largest cyber theft from a financial institution. The method was simple Cyber Fraudsters sent by email to bank employees, bank employees who clicked the email link, enabled Cyber Fraudster access to the bank’s SWIFT network messaging where they drew up transfer records. The amount would have exceeded USUS$1 billion were it not for an email spelling error in the email form.
How big is cyber fraud, in perspective, if it were a business, it’s US$1.5 Trillion annual revenue- exceeds the combined annual revenues of Facebook, Amazon, Apple, Netflix. Or to compare to another touch point, if Cyber Fraud were a “valid” Business sector instead of a revenue drain, it would be greater in size than the entire United States Technical Sector and here would be the key “Cyber Fraud as a Services” offerings.
- Privacy Information, Identity, and Stolen Credit Card Data is sold. All Privacy or Stolen Card data is offered sliding scales by country for quality and completeness
- Stolen complete Credit Card and Bank Account data are used to commit eCommerce theft
- Cyber Fraud has organized gangs of subject matter experts working in fraudster teams, selling “recipes” for attacking based upon their success
Despite news of Facebook and Marriot Resorts record with compromised data breaches, 82% of small to medium sized businesses are in denial that they are at risk for vector attacks, and doubt they have anything worth stealing. Read Why Should A Business Worry about Cyber Attacks
Enterprise business of all size should standardize on a solid cybersecurity foundation, with organized basic monitoring, incident and problem management. 60% of Cyber Fraud Vector Attacks are too small to medium size businesses because it is easier to start small and work up the small businesses consumer and supply chain data, to more easily infiltrate larger systems.
The global average cost of a data breach is up 6.4%. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8 percent year over year to US$148.
Conduct proactive tests to understand vulnerabilities and reduce risk. Data is the center of all meaningful business. Enterprises must protect themselves and their customer, for that data has both positive and negative value in the business marketplace, or the cyber crud underworld.
Question : What are the countries leading cyber fraud prevention practice?
Answer : Japan, France, Canada, Denmark, the United States, Ireland, Sweden, the United Kingdom, the Netherlands and Singapore are the countries currently said to be leading in cyber fraud prevention practice.
Understand the business and invest in breakthrough innovation. The same Machine learning systems that has streamlined and empowered Bad Actors to commit effective eCommerce Cyber Fraud Attack Vectors, can also be used by eCommerce business best practices, to determine how to identify and reduce fraudulent risk behavior, reducing both cost and advanced consumer identification and prevention of adverse consequences for good business brand and reputation.
- The average enterprise malware attack to a company is US$2.4Million
- It takes an enterprise on average 50 days to resolve a malicious insiders attack
- Supply Chain Target Attacks have increased 78% (Symantec)
Attributes of Leading and Lagging Cyber Fraud Prevention by Countries
March 2019 encountered a known breach of 2.1 Billion records. For the year 2019, 4.53 Billion business data records have been breached, with a monthly average of 1.52 Billion records per month, all of this is underscoring the global, governmental, and business need for formalizing planning to assess, identify issues, improve business process and cyber security protection against cyber fraud.
Countries leading cyber fraud prevention practice include Japan, France, Canada, Denmark, the United States, Ireland, Sweden, the United Kingdom, the Netherlands and Singapore. Having a good practice for Government, Commerce, and Consumer Fraud Prevention, Problem and Incident Management is key. Keeping it current is another matter. Countries collaborating on a global scale in investigating and bringing digital infrastructure up to international standards, creates a positive guide to encourage global cybersecurity strength and create greater cooperation.
Leading countries need to recognize how to keep pace with constantly changing cyber security attack vectors and rapid advances. Cyber Fraud’s Criminals (bad actors) continue exploits advanced business process analytics and the use of machine learning and artificial intelligence. Use of modern technology makes it easier to breach security, and increasingly more difficult for enterprises to detect and mitigate. The top current attack vectors include:
- Hacking exploits inadequate authentication, using hack able secure login credentials
- Hacking exploitation of backdoor or command and control channel
- Malware back door remote access or redirection of data external controls
- Malware keylogger Spy wear captures data from user activity.
Countries lagging in cyber fraud prevention include Algeria, Indonesia, Vietnam, Tanzania, Uzbekistan, Bangladesh, Pakistan, Belarus, Iran and Ukraine had the least secure countries due to insufficient legislation, computer and mobile malware, and cyber-attack prevention preparation.
Lagging countries need to focus on policy, standards, communication, and education on strong, enough authentication and mobility policy for creating cyber secure standards that strengthen known attack vectors, create shared communities to share best practices for better identification, remediation and removal of active threats.
Key Decision Criteria/Factors
Current Attack Vector Paths and Targets
- eCommerce is the leading target using automated artificial intelligence (AI) global bot attacks allowing Fraudsters to complete a high percentage of data record breach complexity.
- ThreatMetrix detected and stopped ecommerce 2.1 billion bot attacks on merchant’s ecommerce sites, representing 142 % growth compared to the same period the year prior.
- Artificial Intelligence enables Business Efficiency, Mobile Attack Account Access, consist of fraudsters using mobile bots or stealth mobile remote access attacks. Mobile Account Cyber Fraud attacks are experiencing 107 % growth in mobile account takeovers in comparison to the 6 months prior of 2018.
After identifying and prioritizing the heavy Attack Vector Paths and Targets, Proactive Cyber Fraud Prevention involves a managed Business Process model for identifying suspicious behavior, validating and identifying cybercriminal activity, communication, engagement to stakeholders impacted by Cyber Fraud. When a pattern or anomaly in business patterns are detected, monitoring or business process would pick up the detail. Therefore the managed Business Process Model begins with identifying fraud and takes us through management to resolution.
Analysis: Understand Business Value to Improve Decision Making
Understanding and not underestimating the value of privacy, ecommerce, finance, discount, and supply chain Data is valuable, and business is vulnerable. Businesses retailers who are unaware, should conduct a Cyber Security audit to assess business process vulnerabilities and the relative risk for being exploited or exploitable for losing a large percentage of sales revenue due to credit card or discount fraud.
Standard business process awareness business processing can assist across the business teams in reducing risks from the following and simplest risks and vulnerabilities in their business. Hackers (Bad actors) sell stolen credit card numbers and other personal data to other scammers, who then use the stolen data to open accounts with eCommerce merchants using the stolen information to take over accounts, expand services, or pay for purchases.
- Account protection against account takeover vector attacks where fraudsters (bad actors) are exploiting your good customer loyalty programs
- Payment authorization is optimized to avoid card testing and payment authorization fraud.
- Establish dynamic payment authorization and alterative payment risk, based upon shopper’s profile verify their purchase.
- The key is reducing risk of 30% of chargeback fraud patterns that are occurring by purchase of product with a stolen credit card through improving detection profiling. Recognize and allow good orders, preventing false declines from valid chargebacks like billing errors (3%), product quality (8%), shipping wrong product (15%), or product non-arrival (26%).
Empowered Focus on Cyber Fraud Prevention
Too often, at all levels of government, business and personal impact, over 97% underestimate both the value and the importance of Cyber Fraud Prevention Planning. Failure to plan for cyber fraud prevention creates more Cyber Fraud Risks, Breaches and Impacts. It is a government and business imperative to organize a center of excellence and shared standards.
As the industry is changing, so must our agility in identifying and blocking the more destructive and rapid growth attack vectors and defining an appropriate standard remediation tools, to slow the growth of cybersecurity risk that is impacting countries, company brands, and draining billions in annual economy and business revenue.
Cyber Fraud’s bad actors have proven how to extend capabilities through communities of best practice, business process experts and Artificial Intelligence (AI) enablers. Government and enterprise need to invest in communities of continuous advancement in business process and technological capabilities to manage attack vector sophistication. They focus on the social engineering to move people, the business process methods that work, and the Artificial Intelligence and Machine Learning systems to develop and advance their effectiveness.
Today many companies are developing better process and methods for fraud detection and remediation. Community Collaboration can share stories, methods data points, and improve planned analytics, methods to a point where prevention can begin to outpace the bad actors that are threatening business, victimizing customers, and impacting country and business brand. By collaborating on standards and prevention, we can make a difference in the world.
About the Author
Dawn Christine Simmons (Khan) is the Principal Consultant of So Innovate LLC and President of San Francisco Bay Area IT Service Management Forum (itSMF). Dawn is an experienced thought leader among ITIL, Cyber Fraud Prevention, and Change Management professionals with a passion influencing global innovation and communities of best business practice. Dawn had served for over a decade on HDI (formerly known as Help Desk Institute). Dawn has authored itSMF white paper “Energized IT Service Management”, co-authored the article “Application Impact Analysis: A risk-based approach to business continuity and disaster recovery” for the Journal of Business Continuity and Emergency Planning, and collaborating on Amazon Published HDI book, “Implementing Service and Support Management Processes: A Practical Guide”.