Should anti-fraud and cyber converge and how do we bridge the gap?
Cybercrime and financial crime are moving closer and closer together. A growing number of cyber attacks are believed to be the work of organised crime and combine cyber techniques, fraud and money-laundering. And an increasing percentage of fraud and other financial crimes use online technology to achieve their aims.
Despite this, most financial services institutions continue to treat cybercrime and cybersecurity as one activity and fraud and loss prevention as another.
Each team will have its own personnel, tools, and operating procedures. In some cases, teams are located in separate offices or even separate cities.
This siloed approach no longer works. It increases the criminal exposure of financial firms and their customers. It duplicates effort, increases costs and slows the response to incidents. Organisations that keep the two areas separate are missing the chance to share intelligence and refine their techniques.
John Maynard, CEO of Adarma said “Financial crime still has a different focus, mindset and lexicon to that of cyber; this difference is embedded in history, operating model, organisational design and regulation. Areas such as anti-money laundering (AML) have traditionally been about compliance, fraud has traditionally been about losses and cyber has traditionally been seen as the domain of IT; these boundaries have now blurred. We have seen this in many attacks against the financial services industry. Many of the stages are still the same for all teams – identify, protect, detect, respond and recover”
Duncan Ash, VP of Global Financial Services at Splunk said “93% of fraud is now online, given that 96% of banking is now online. This has only been accelerated by COVID-19. Reports of banking fraud are up over 100% and reports of cybercrime are also up by over 30%. We are living in a state of incomplete data, with different teams looking at different things often with the same purpose in mind. The lack of of a common data architecture, fragmented data management and organisational complexity creates challenges to get ahead of the problem”
Law enforcement agencies increasingly distinguish between cybercrime — attacks on IT systems and infrastructure – and cyber or digitally enabled crime. Cybercrime, or cyber-dependent crime, is most closely associated with malicious hacking, including attempts to disable computer systems or to steal data. Cyber-enabled crime casts the net wider.
Any crime that can be facilitated using digital tools is cyber enabled. In today’s digital business environment that is a very wide range indeed.
The UK Government defines cyber-enabled crime as “traditional crimes, which can be increased in their scale or reach by use of computers, computer networks or other forms of information communications technology (ICT).”
Cyber-enabled crimes are types of offenses that could be carried out without the use of technology, such as theft.
But increasingly crime is a digital business too. Crime groups are increasingly using cyber tools to target financial services institutions. And there is convergence between physical and electronic or online crime too. Could an incident in a bank branch be a precursor to a cyber attack? Is a phishing attack cyber or is it fraud or both? Could intrusion into a computer system be an attempt to bypass or disable surveillance systems or commit fraud on a massive scale? Criminals are not concerned by arbitrary dividing lines between cybersecurity and anti-fraud.
Building a common response
Should cyber and anti-fraud teams converge too? There are solid arguments both for and against running a single team to counter all types of online crime. There is, though, a clear case for better co-operation.
Reasons for not combining cybersecurity and anti-fraud include organisational culture, incompatible working practices and tools, and a fear that a combined department could become too large and unwieldly. Security teams might also be concerned that involvement in financial crime work could divert attention away from the SOC.
These disadvantages, though, are likely to be outweighed by the advantages of bringing teams closer together. In fact, technical barriers, such as differences in data and tools, can be addressed by using a common data model. And tools can work in both areas: advanced analytics, used in cyber defence, could also be applied to detecting fraud, or crimes such as attacks against ATMs.
John Maynard said “Integrated cyber and fraud teams are better placed to move to an attacker-journey perspective. The traditional point focussed view, prevalent in both disciplines, was useful for examining single interactions. That view is outdated now; modern crime is pervasive, omnipresent and integrated. Modern crime prevention should be, too.”
Changing working practices always takes time and effort. But intelligence sharing and sharing best practice between anti-fraud and cyber will help make financial services firms more secure. It is quite likely, once teams have developed a shared understanding of their methods and goals, that they will be more effective.
An alert or unusual behaviour on one side, might well help the other team to identify a crime or breach that might otherwise, have gone unnoticed. At the most basic level, convergence between cybersecurity and anti-crime comes down to removing barriers to communication, and streamlining reporting processes.
Duncan Ash reiterated a number of examples, “We are working with a number of FSI organisations to focus on a few, high impact use cases. For example, integrating ATM monitoring into cyber operations for signs of money-mules or using predictive analytics for large payment anomalies coinciding with or shortly after a high fidelity cyber event”
One business, one view of risk
Perhaps the greater prize, though, is a single view of risk.
If criminals make no distinction between financial crime and cyber attacks then businesses that do make such a distinction leave themselves more vulnerable than businesses that don’t.
Bring together the two teams – converge and consolidate cybersecurity and fraud prevention and detection – and give boards the more comprehensive and up to date view of risk they need.
This will lead to better and faster decision making, fewer losses, and improved customer experience. Bringing cybersecurity and financial crime experts together is a realistic goal that all financial services institutions can aim for.
Get in touch with Adarma to discuss your next steps.