Cybersecurity: don’t learn the hard way

" In recent times we have seen an explosion of cyber enabled fraud attacks against customers and other businesses."
Tamsyn Harris, Head of Fraud Risk Strategy, ANZ

Criminals have been focusing more and more on businesses as a source of their exploits, as banks have hardened their defences. But what is it banks can teach their customers so they too don’t become a target?

The shift towards attacking businesses has led to a number of new attack scenarios.  

Since January 2015, there has been a 1,300 percent increase in identified exposed losses from cybercrime attacks, totaling over 3.1B and impacting more than 22,000 victims.

"The victims of the BEC scam range from small businesses to large corporations. The victims continue to deal in a wide variety of goods and services, indicating a specific sector does not seem to be targeted," the FBI says.

BUILDING AND REBUILDING TRUST

It is not just the financial losses (although significant) businesses have to deal with. When fraud occurs there are often a lot of questions about how it happened, who did it, why us? In my experience, there are always more questions than answers.

Often even when there are answers they don’t give the comfort or satisfaction desired and what results is the erosion of trust; trust between customer and banker, trust within a company and between their board and the list goes on.

Often it isn't possible to identify who perpetrated the attack and why. Instead the focus needs to be on preventing these attacks in the first place. That is where education and knowledge sharing come in.

PROTECTING CUSTOMERS FROM CYBERCRIME

It is well known banks have been the favoured targets for fraudsters for many years. Over these years we have developed an understanding of fraud and various attack scenarios but more importantly, we have learned how best to prevent and respond to these attacks.

It is important for businesses to understand what they have of value to cybercriminals. Money is the obvious one, where the first type of attack experienced by businesses is often a fraudulent payment.

But businesses are also a rich source of information - both business intelligence information and personal information. 

Directors and other high profile individuals can find themselves targets - there are plenty of examples of cybercriminals gathering data from social media and using social engineering techniques targeted towards individuals to attack organisations.

Once a business understands what may be of value, they should focus on how to protect it. Cybersecurity controls are often the first thoughts, but even more simple actions such as raising awareness of threats and planning how you would respond in the event of an attack can make a big difference. 

It is also important these conversations are held across all levels of the organisation, from the Board down. It is everyone's responsibility to protect themselves and their businesses against cybercrime.  

To foster these conversations, companies - including banks - are providing educational materials on cybersecurity and cybercrime.

To help fight financial crimes, banks are working to build stronger relationships and collaborate across industry and with governments to share learnings on specific threats and preventative measures.

Over time this improves everyone’s resistance to attack. As we learn from each other’s experiences this increases the sophistication of our defences across not just technology, but our processes and people. 

Tamsyn Harris is Head of Fraud Risk Strategy at ANZ