Why amalgamating cybersecurity & anti-fraud is the best defense strategy

Arun Rishi Kapoor, Practice Lead - Telecom & Utilities at Infosys
Anand Chandrashaker, Senior Domain Principal at Infosys

Why amalgamating cybersecurity & anti-fraud is the best defense strategy

Until the last few years, cybersecurity and fraud prevention were seen as different functions within an organization. The growing need for improved security and data privacy in a hyper-digital world has brought these siloed functions together after all. Quite aptly so because cybersecurity and fraud prevention are two sides of the same coin.

While cybersecurity protects from any possible attacks on enterprise assets and employee/customer data of an organization sitting in cyberspace, the latter focuses more on protecting revenue from the risks of transactions running on these applications and networks. The modus operandi used by cybercriminals and fraudsters to attack either also differed, wherein cybercriminals would use viruses such as trojans, malware, SQL injections, or brute force/DDoS attacks. Fraudsters attacking the financial stability of a company largely used synthetic IDs and stolen credentials to abuse company policies and process vulnerabilities. Both, however, lead to the same repercussions – loss of revenue and reputation.

With digital getting a nitro boost due to technological advancements in 5G networks, cloudification of applications, connected devices (IoT) and now Metaverse, the concern is palpable that cybercriminals and fraudsters will also evolve their tactics to match the growing sophistication of digital systems. Companies risk exposing customer data to criminals with security systems developing to go beyond biometric authentication to capture behavioral aspects from user-generated patterns. Integrating cybersecurity and anti-fraud efforts will be of utmost importance to combat such attacks.

Let’s say an intruder breaks into a company’s PBX System (Private Branch Exchange) or their internal telephone line system, and generates as many calls as possible to the international premium-rate numbers that he directly or indirectly owns. In this attack, the intruder abuses internal vulnerabilities such as weak/default passwords or implements techniques like war-dialing, i.e., an auto-dialer to break passwords, in order to invade the enterprise PBX systems. A big chunk of revenue generated due to the traffic on premium numbers is lost by the telecom provider and now belongs to the fraudster. In such cases, either the bill-shocked enterprises end up paying huge bills or telecom providers of PBX(s) write-off the bill to retain the customer.

Cybersecurity teams strengthen their defense by putting various controls in place such as a policy on changing default passwords, or deployment of the latest anti-virus software and bot-traffic detectors. However, if the behavioral aspect of calls that are generated from various enterprise phone lines within an organization is not monitored, then end-to-end cyberattack/fraud coverage cannot be ensured. No criminal will stop after breaching the first layer of security. He will either demand ransomware, steal organization credentials to sell on the dark web, or abuse their internal system to tweak configurations for personal monetary benefits.

A graphic titled, Collaboration between cybersecurity and fraud team

As explained above, while cybersecurity plays a prominent role by being the first line of defense to combat attacks on networks, devices, and data, the anti-fraud team dives deep into the profile of the fraudsters/attackers, zeroing in on their modus operandi – be it existing or emerging – and continuously monitor the difference between the legitimate and suspicious behavior of a customer, employee, or devices.

To fight against criminals in this new era of cyber-threats, organizations must develop a strategy and its corresponding roadmap to bring both cybersecurity and fraud detection under the same umbrella. Digital transformation has revolutionized technology, so much so that now we have the option to connect any device with any network. The attackers are exploiting this development by abusing the existing vulnerabilities and employing bots or using social engineering skills to defraud the enterprises.

The amalgamation of cybersecurity and anti-fraud functions will offer an end to end coverage to an enterprise wherein both teams will complement each other by sharing intelligence on cyberattacks and fraud incidents with each other. Detection of unusual behavior of devices and suspicious transactions by an anti-fraud team can also provide a cybersecurity team to detect any internal intrusion by a hacker operating incognito. Similarly, any incident caught by a cybersecurity team leading to stolen credentials can help the anti-fraud team to configure controls at a transaction level and generate alerts for suspicious behavior of the impacted customers whose data is stolen. The notion is that an enterprise can have the best tools and people to protect its business, but unless the security is reinforced with the double layer, an attacker will always find a way to perpetrate their crimes.