Breaking Down Silos: Leveraging Edge Security Data to Unite InfoSec and Fraud Detection
By: DefenseStorm
In the face of increasingly sophisticated fraud schemes, most credit unions continue to describe their fraud defenses as good but too reactive with many relying on next-day information. We all want to be more proactive and see the fraud risk early enough to stop it before money is stolen and laundered.
One of the keys to success is looking for risk in data streams a fraud investigator may not be familiar with or even know exists. The way to discover these is by forming tight relationships with information security. Information security (InfoSec) and fraud detection have traditionally operated in isolation, each with its own tools, data, and strategies, but as cyber threats continue to grow in sophistication and scale, the time has come to break down those silos and forge a united front against the threat actors that seek to undermine our security and privacy.
Bridge the Gap between InfoSec and Fraud Detection
Bridging the gap between InfoSec and Fraud prevention teams has become imperative for credit unions to navigate the complexities of cyber risk management. These two functions are essential and carry significant importance and, though often siloed, share a common objective: protecting the institution and its members from evolving cyber threats and fraudulent activities. InfoSec teams focus on safeguarding sensitive data, fortifying networks, and defending against breaches, while Fraud prevention teams are dedicated to identifying and mitigating potential fraud losses.
Through collaboration, credit unions can deploy proactive measures to identify and stop fraud, while fortifying their defenses against cyberattacks. This leads to two very positive outcomes: The credit union’s overall fraud exposure is reduced, including potential losses and operational costs for recovery efforts and the credit union builds loyalty by alerting members who may have been caught up in a scam before their money is at risk. All it takes is a program that combines the expertise and tools from both InfoSec and fraud prevention teams.
Taking Action
To bridge the gap between InfoSec and Fraud prevention, credit unions need to work on building relationships between the two teams. It will take an investment from both teams as they learn new vocabulary, look at unfamiliar data sets, come up with ideas, and have honest conversations about what works and what doesn’t.
Ways to cultivate relationships between the teams:
- Leadership meetings: During these meetings, leaders can ask about data capabilities, learn what's important to the other team, ask questions about what's happening in their world, and build leadership capital.
- Identify areas of intersection: Teams can identify where their information security and fraud prevention efforts overlap, such as with phishing emails, takedown services, and reporting bad domains.
- Listen and offer help: By listening to each other's pain points and blind spots, both teams can identify ways to help each other. Consider sharing data or network resources to assist in the prevention of cyber fraud.
- Analyze scenarios together: Start with simple scenarios where there's high confidence that it is fraud. The teams can work together to analyze the situation, using screenshots or reports to illustrate their findings.
By working together, credit unions can bridge the gap between information security and fraud prevention to create a safer and more secure environment for their customers.
Leveraging Useful Data
Edge security data is an underutilized resource that can revolutionize our defenses and bring InfoSec and Fraud prevention teams together. This data can act as a bridge between the two groups, enabling them to collaborate more effectively in identifying and mitigating security threats and fraud attempts. Edge security data refers to the data generated at the outer layer of a credit union's network. This data provides valuable insights into the activities happening at the network's edge. By analyzing this data, credit unions can identify potential security threats before they penetrate the network's core. Some of the edge data streams that credit unions can use for fraud detection include:
- Web Application Firewall (WAF) Streams: WAFs are designed to protect web applications from various attacks, including SQL injection and cross-site scripting. Credit unions can identify suspicious activity patterns and potential fraud risks by analyzing WAF logs.
- Web/Application Server Access Logs: These logs contain information about user activity on web servers, including IP addresses, user agents, and requested resources. By analyzing this data, credit unions can gain insights into user behavior and identify potential fraudsters hiding behind VPNs to appear as if they are accessing accounts from within the United States.
WAF streams contain valuable information that can help credit unions identify potential fraud risks. By analyzing WAF logs, credit unions can identify patterns of activity that may indicate fraudulent behavior. For example, suppose a user tries to submit a form multiple times with the same IP address or user agent. In that case, it may indicate an attempt to exploit vulnerabilities in the application. Through WAF log analysis, credit unions can identify these patterns and take corrective action before any damage is done.
Chairman and CEO of Berkshire Hathaway, Warren Buffet, said, “It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you’ll do things differently.” When a member becomes a victim, trust is broken, even if the credit union did everything it could to prevent the situation, and even when the member was culpable. Preventing fraud is not just about protecting your business's bottom line. It’s about safeguarding the trust and confidence of your members and stakeholders. Fraud should never be viewed as just the cost of doing business. Investing in a proactive cyber risk management program is essential to protect the future of your members and your business.