Fraud is one of the most prominent threats facing the UK economy, costing a reported £130 billion each year. Due to the relentless activities of cyber criminals, businesses, and consumers alike are suffering from the devastating effects of fraud. In the first half of 2019, there were over 1.3 million cases of payment card fraud, a 16 percent rise on the same period last year, according to UK Finance. Furthermore, half of UK businesses have fallen victim to cyber fraud in the past two years, explaining why 42 percent believe cybercrime will have the greatest impact on businesses over the next two-year period.
Data breaches in 2019, affecting major brands such as Capital One, have exposed 4.1 billion records. Cyber criminals can then use the stolen information to set up new bank accounts in the victim’s name, and any compromised passwords can be used in credential stuffing attacks.
However, although breaches and fraud are becoming normal, everyday events, there are steps businesses can take to protect themselves and their customers. Security needs to be baked in from the beginning – not bolted on at the end – to protect critical data. Here are some key questions businesses should ask themselves when evaluating their ability to tackle fraud in 2020.
When did you last assess your security infrastructure?
The cyber-landscape is changing so rapidly – driven by a combination of regulations, complex enterprise infrastructures, and increasingly sophisticated criminals – that companies need to constantly assess and update their security systems and processes.
In order to detect and defend against modern attacks with greater efficiency, value and importance must be placed on dynamic and flexible controls. Organizations need to invest in the collection of high-quality data that will provide the basis for these controls, as well as the informed decisions they need to make on threats and criminal activity.
For example, we’re seeing the emergence of next-generation intelligent security, such as adaptive authentication, which uses AI and machine learning to score the increasingly vast amounts of data businesses collect, analyze the risk of a situation, and adapt authentication levels accordingly.
Using a layered approach to authentication, incorporating biometrics, behavioral analysis, and data from third-party tools makes staying ahead of the cybercriminals that little bit easier. Security moves from being a black and white binary story, to becoming precise and intelligent. Businesses need to regularly update their infrastructures and adopt a strong, multi-layered approach to security that’s capable of detecting the most advanced and new strains of cyber-attacks.
Does every channel in your business have sufficient security to halt fraud?
Make no mistake, fraud is as much a business as any other, and this won’t change in 2020. As such, cyber-criminals will focus their attacks that will bring them the greatest return on investment with minimal effort. As such, it’s important that your business is capable of securing all channels, as all are potential targets for criminals to exploit.
Criminals are already using an arsenal of tools and tricks to deceive individuals into handing over sensitive information via multiple channels. For example, more than 175,000 phishing sites were taken down over the past year by the National Cyber Security Centre, and Mimecast halted an astonishing 99 billion suspicious emails, ranging from sophisticated impersonations to volume-focused spam campaigns.
Mobile channels are also increasingly under threat. Apple and Google Play app stores are no strangers to malware infested apps. Despite an incredible amount of suspicious activity being thwarted, malicious software and websites still slip through the net.
In 2020, fraud will continue to follow the ebb and flow across different channels as new technologies or standards are introduced, making one channel more secure than another. As the saying goes, when one door closes another one opens. It’s the job of businesses to predict those doors opening, and make sure they’re secure from the offset.
Do you have an updated employee security program?
The best position security position you can take is one that incorporates both technology and human behavior.
While it’s important to have controls in place that can filter malicious content, such as fraudulent emails and suspicious websites, you shouldn’t forget that human error can compromise even the best technological defenses. So having an educational program in place that trains employees on how to spot phishing emails, outlines what to do if they’re targeted, and provides other tips for staying secure is key. Crucially, this should be a process that’s constantly revised, and training should be held at regular intervals so that staff don’t lose focus of the most prevalent threats.
Ultimately, there is plenty of work still to be done to improve IT security and get ahead of attackers, whether its strengthening human or technical defenses. Despite modern companies placing far more importance on security than ever before, the threat of fraud remains.
But, by regularly assessing their security infrastructure, making sure every channel is covered and training their employees, businesses can put themselves in the best position to fight back against fraud in 2020 and beyond.
Published December 27, 2019 — 16:00 UTC