Retailers have learned to keep their lights on during off-hours to reduce occurrences of criminal behavior. Yet enterprises continue to let cybercriminals go wild in the dark.
By not integrating silos of data, linking investigations and incorporating real-time analytics into operational decision-making capabilities, organizations fail to elevate analysis beyond simple detection of passive attacks. They cite constraints of organizational privacy policies, line-of-business structures and functional processes. While these challenges are justified, they can and must be overcome to create truly predictive threat intelligence and effective countermeasures.
Holistic approach to risk
Take the $45 million ATM heist as an example of where cybercrime necessitates convergence and coordination of all systems, entities and industries relating to a financial crime. With the proper intelligence tools, this was a prime opportunity to glean clues and connections from a variety of events.
Past cases of Advanced Persistent Threats (APT) were often perpetrated for denial-of-service attacks or data leakages. The recent increase in the volume and velocity of these attacks is commonly tied to cyber-related crimes. The attacks are very sophisticated and employ multiple approaches, including malware, online and mobile vulnerabilities, and data servers and networks.
Firms need to recognize the link between cybercrime and other financial crime risks. But this requires a strategic and more holistic approach to risk mitigation that includes security, compliance and fraud operations.
Big data, big intelligence
With this expanded risk threat comes the intimidating opportunity to harness big data. Organizations need to manage all the new structured and unstructured data by taking advantage of an analytical framework that turns big data into big intelligence. Active collaboration is necessary in the collection, processing, monitoring, analysis and dissemination of the information. This big intelligence will help thwart the anonymous threats of today, but will require real-time behavioral and event-based decision-making capabilities.
In the example of the ATM heist, the thieves used laptops and malware to steal information to generate bogus credit cards. In less than 24 hours, criminals conducted 37 ATM transactions at 10 locations along Broadway in Manhattan – all with similar withdrawal amounts that were well above normal limits. And this process took place around the globe.
Meanwhile data of the criminals in action was collected – ATM machine images, driver’s license photos, and Facebook pictures. With the right coordination, skills and technology, this information could be used to avoid or prevent these types of attacks.
Collaboration among industries
The US and other nations continue to work on policies for sharing data across government and private industry. But organizations can begin taking precautions today. The Federal Financial Institutions Examination Council published a supplement to its guidance on Internet banking that outlines the need for a layered security and risk-based approach. In addition, the National Cyber-Forensics and Training Alliance provides a neutral collaborative venue where global partners from industry, law enforcement and academia use cross-sector resources to more effectively analyze critical, real-time intelligence against emerging threats.
These measures are a sampling of resources that help monitor network and cross-channel data for potential illicit and abnormal behavior. Real-time monitoring and event-driven behavior analytics are a great start to understanding normal behaviors and providing real-time insight into suspicious activities.
Network analytics can add additional visualization techniques to bring linkages to an investigator’s attention that might have otherwise been missed. Firms need data and analytics to see who is creating risk.
In a recent survey done by the Ponemom Institute, 67 percent of respondents admit that current security activity fails to stop a targeted attack; the most difficult barrier to improvement was reducing the number of false positives in the analysis. While these barriers do exist, they can be overcome by visual analytics technology.
Analytical techniques are ushering in an era where data scientists and data miners will be the differentiators for organizations. By uncovering more hidden risks, firms can provide more quality alerts for investigation.
Whether an organization is in the early stages of cybersecurity preparedness or has a well-developed system, a gap analysis of all potential risk areas ensures all threats are included in a more holistic security framework. This will provide better situational and contextual awareness. With real-time, event-driven behavior analytics and the ability to link new threat alerts to existing suspicious cases, investigators can be armed with the right tools to thwart cybercrime and help prevent future losses.
Prevent, detect and manage fraud and financial crimes across all lines of business. Read more about SAS’ enterprise approach to fraud, compliance and security issues – SAS® Security Intelligence.
NOTE: Originally published by Banking Strategies