Leidos team contributes to Industry Collaboration at BAI Payments Connect in San Diego
In a recent article, The Guardian reported that Bangladesh’s central bank governor, Atiur Rahman, resigned after $81m (£75m) was stolen from the bank’s account at the Federal Reserve Bank of New York in one of the largest cyber-heists in history.
Cyber-crime was a hot topic discussed during the 2016 BAI Payments Connect conference in San Diego. While cyber-attacks have grown more frequent, more severe and more sophisticated, banks are struggling to prioritize and collaborate to meet the challenge. So where does cyber fit in the priority mix?
1. Fraud is the consequence – cybersecurity is the defense.
The conference boasted a dedicated track to the topic of fraud. As the resident cybersecurity practitioner/partner we were eager to host a round table discussion to explore the development and execution of fraud mitigation playbooks in the context of hypothetical scenarios hitting close to home. The exercise focused on fraudulent cash withdrawals from customer accounts – either wired out or transferred to someone else’s account and wired out.
Lively table-top discussions ensued and three common themes emerged: 1) stop the bleeding, 2) recover the money and 3) manage the fall out.
These themes reveal the common nature of the scenarios reviewed. They were all reactive – the money was stolen before the fraud team became aware of the incident. At what point in your fraud prevention planning do you involve your cybersecurity team? Based on the discussion in San Diego, there isn’t much alignment between the departments – and siloes exist. The fact that so much fraud is committed through cyber-attacks, including advanced persistent threats, insider and internal threats, denial of service attacks (DDoS), account takeovers, payment card skimming, mobile banking breaches, and many others, illustrates that eliminating siloes is imperative. Siloes limit visibility across the enterprise, reducing productivity and creating increased risk by providing opportunities for intruders to hide while exploring for sensitive or account information, intellectual property and exposed system.
The Leidos contribution: A proactive cybersecurity posture that is working with and communicating with the fraud department is essential for evolving cybersecurity maturity, which in turn, can prevent incidents. What would the aforementioned mitigation themes (stop the bleeding, recover the money and manage the fall out) look like with a more collaborative approach?
- Stop Avoid the bleeding. A proactive cyber defense strategy utilizing analysts trained in advanced computer network defense will enable you to predict attacks and prevent the bleeding altogether. The spelling mistake that thwarted the bank heist involving the Bangladesh central bank is one classic example of the type of clues left behind by attackers. Cybersecurity programs enabled to flag, track and react to indicators such as this can provide proactive alerts and communications to fraud protection owners.
- Recover Protect the money. With such a clear objective – cyber analysts can create a tailored cyber threat program to guide trend analysis and indicator identification with a goal of profiling and identifying adversaries, their objectives and the methods they are using against the organization. This strategy can help rally the organization against a common adversary and help to start tearing down the siloes.
- Manage Synthesize the fall out. For the fraud department this step represents internal and external communications, brand management and the like. By adding the cybersecurity program to this step we begin to see a more robust picture that will have direct impact – not only on post-breach mitigation – but also on improved protections moving forward. Using an analysis framework analysts can systematically gather and aggregate intelligence at every step of the attack. When an attack is successfully detected before it’s been executed – analysts can still use the framework to synthesize how the attack would have played out. Such a proactive approach not only strengthens the tactical advantage of an organization’s cyber posture but can strengthen internal and external messaging to support reputation and brand management.
2. Balance rewards programs and cybersecurity for improved customer loyalty.
During Tuesday’s thought leadership panel discussion Nick Perrelle joined Moderator Jim McLeod of Carlisle & Gallagher Consulting Group and Mike Knoop, President of Financial Institution Loyalty at Augeo to discuss Enhancing the Payments Customer Journey. While Mike Knoop offered a great discussion on ideas for enhancing the customer’s experience through mobile enhancements and multi-vendor reward consortiums like Plenti, Perrelle was quick to remind the audience that enhanced convenience can come with a cybersecurity price.
Knoop agreed that cybersecurity must be considered when implementing loyalty reward programs. The Target breach was used as a notable example. What did the publicized 2013 breach cost the company in customer loyalty? Preventing a breach is important to maintaining consumer confidence and staying "top of wallet".Historically, the “healthy” tension between product features and functionality and security has been decided in favor of the product. Over the past 18 months, however, that trend has started to reverse itself in view of an increasingly more mature cyber threat landscape. The demand by consumers for enhanced privacy and data security require payments reward and loyalty program owners to balance “cool” features with the “spooky” factor that comes from automated communications triggered by location and spending habits. Additionally, card companies are quick to recognize that guarding against a breach is directly related to defending brand reputation.
3. Protect yourself from the inside out.
With so much emphasis on fraud perpetrated by external adversaries it can be easy to be lulled into a false sense of security when it comes to employees. We had some great conversations at our booth about insider threat protection. Payments professionals were quick to see the value of our Arena ITI™ Insider Threat Identification (ITI) platform.
One example was shared of a customer service employee at a large financial institution who had unfettered access to customer account information, including Personal Identifying Information (PII). This employee, working with outside criminal elements, manipulated account information and stole credit card numbers causing significant loss to the institution before the employee was caught. Arena ITI with its proactive approach to identifying potential insiders was created with just this type of scenario in mind. As part of a robust insider threat program, Arena ITI ingests company data sources to aggregate and identify insider threats through predefined scoring models. Further investigation and analysis using Arena ITI would have allowed an investigator to discover new information and link highly suspicious activity with this employee before a serious incident would have occurred.
Request a demo to discuss how our insider threat detection technology and program experience can assist your organization.