Tim Ayling, global head of Fraud Prevention Solutions at Kaspersky Lab, calls for businesses to remember the crucial ‘information’ element in information technology as the evolution of fraud threatens them both financially and reputationally in the digital age
How has the digital threat landscape evolved in recent years?
A key change that we’ve seen in the digital space is the way the fraudsters have come together to form a community. Undoubtedly the dark web has played a huge role in this, but it is now commonplace to see information being shared on open social networks to help each other succeed in perpetrating fraud. There’s also a big market for tools that can launch malware, phishing scams and more. This has made it much easier for fraudsters to launch fraud attacks as the hard work is done. There’s now even a growing market for “fraud-as-a-service” where you can ask for a certain organisation to be targeted and they will do it for you. These are highly professional outfits that offer 24-hour support, a choice of payment options and will interact openly with you on social media.
In what ways is fraud typically carried out in the digital world?
We could talk all day about the different types of fraud in the digital world. The Nigerian Prince scam is still the most common, though in different guises and now not just via email, but also Facebook, LinkedIn, instant messaging and more. Phishing is still prevalent, where malware links are sent to people via email, though SMishing is also popular where email is replaced by SMS. Moreover, besides new and traditional kinds of malware, other means are used either to get access to a legitimate account or to steal login credentials. Social engineering is still popular, while the use of automated tools, such as bots or remote access software, are on the rise. While organisations across all verticals will have fraud prevention measures in place to fight this, fraudsters offer training and knowledge-sharing to help find a way past well-known fraud management solutions.
What are the financial and reputational consequences of suffering digital fraud?
That’s a very timely question, with the European Union’s GDPR (General Data Protection Regulation) having come into effect in May. If breached, businesses can now be fined either €20 million or 4 per cent of global turnover, whichever is greater. That’s a massive incentive for organisations to do the right thing when it comes to protecting their customers’ personal information. Of course, fraud can occur without a data breach, so GDPR isn’t the be all and end all of it, but it helps bring these issues to board level as there’s an immediate potential of a crippling fine. Before GDPR, the bigger problem was brand damage. What we’ve learnt is that much depends on the response to these attacks and any fraud-related issues. People tend to be forgiving of organisations that are open about a breach, but punish those that are more secretive.
How does Kaspersky Fraud Prevention help companies protect their business and customers?
Kaspersky’s success is built on the threat intelligence information we have gathered during more than 21 years in the security industry. In 2017 alone, we discovered an average of 3.25 million online attacks a day. This is unprecedented in the fraud prevention industry and hugely important. Over the past 20 to 30 years, organisations of all sizes have spent billions, if not trillions, of pounds on technology. While this has certainly brought efficiencies, it has not really provided competitive advantage. Businesses are now waking up to the importance of the information piece of IT. Technology without information is limited and flawed. In the finance sector, for example, we identified 294 fraudulent accounts in four different banks connected to Kaspersky Fraud Prevention Cloud and uncovered a massive cross-banking money laundering group. In retail, we identified and blocked a fraudulent scheme involving 3,000 accounts in a network loyalty programme. Kaspersky Fraud Prevention will continue to use that information for good, and supplement it with new information and technology through behavioural analytics, biometrics, machine-learning and device analysis.
For more information please visit kaspersky.co.uk/enterprise-security/fraud-prevention