There isn’t much good to be said about the motives and mindset of cybercriminals, given that they tend to be focused on fraudulently depriving others of their hard-earned funds. But, as Fastly’s Sr. Principal Technologist Zane Lackey told Karen Webster, there is one good thing to be said of the fraudsters of the world; to paraphrase the character Michael Corleone in the movie “The Godfather:” “it’s not personal … it’s strictly business.”
As Lackey noted, once a fraudster can’t make money hitting their target, they’ll move on to the next one. They’re simply seizing a business opportunity — which is a blessing in disguise for defenders trying to ward them off. But, he said, it’s a blessing that also carries a curse with it.
“The curse is that they have resources to throw against this, because it is economically focused,” he said. “If they can invest a thousand bucks, ten thousand bucks, a hundred thousand bucks, and then get back seven, eight, nine-figure returns — they’re going to do that all day.”
Because it’s a business, fraudsters are very engaged in investing to grow and evolve their offerings with bots and other automation tools to make their attacks more difficult to detect, faster and — most damagingly — more scalable. That means they can attack many points in a single enterprise or many separate enterprises simultaneously.
It’s not just about adding more fraud tools, Lackey said, but also about evolving alongside — and hopefully ahead of — the fraudsters in constructing risk models and developing a fraud prevention approach that can handle a rapidly shifting fraud market with many new moving pieces.
Creating New Networks For Security
Fighting off fraudsters tends to be a multi-stage process of getting them out of all the systems in an enterprise they are going after, Lackey noted — but the end goal of every defender is to get the fraudster to move on. The next level of fraud protection is adapting one tool to see attacks as they happen and also see them coming at a distance.
That involves interconnected peer networks that allow firms facing similar security threats to inform each other of upcoming risks, such that whenever one member in that network is attacked, all others get the information so they can be prepared to fend off those attacks in the future. That kind of information-sharing isn’t a new idea, Lackey noted — it had often happened informally through professional connection networks. Now, technology can make these types of fraud alerts officially and rapidly available to all.
“I think what’s changing is that in certain areas of anti-fraud and security, you’re seeing systems that are accurate enough to automatically share intelligence,” he said. “That means you can have systems in place to protect your apps and APIs without a manual component.”
Fighting The Unseen Frauds To Come
It would be nice if there was a day that we could be sure that our security was so cleverly connected, diverse and advanced that the cost-benefit analysis for fraudsters would always ensure a lack of profitability. But that day is likely not coming, Lackey said.
Although we’ve made many genuine advances in security, fraudsters have demonstrated that they’re willing to invest time, treasure and talent into advancing their tactics.
As is the case with digitization, everyone’s on the same journey to create a more secure system, but not everyone is in the same stage of the journey, said Lackey. Attacks are evolving, and businesses must learn to build and implement more flexible, scalable security systems that include multiple lines of defense against potential fraud attacks.
“I would say that it goes from a high likelihood to a low likelihood of fraud, and that’s the best we can do,” Lackey said. “And if you can win those shifts, you’re really moving the needle. The real challenge is that your environment isn’t static — everything is changing in terms of mobile banking, mobile apps and interconnectedness. The target is moving, which makes it really hard to say that we’re going to wipe out fraud entirely, but we can get a lot smarter about fighting it on multiple fronts.”