Over the past several years the number of attacks against financial institutions has grown exponentially.
There are multiple threat vectors that are actively used each day to target literally everything in the financial sector, with the ultimate aim of generating revenue or ‘cashing out’ as it’s more commonly known. These vectors range from the highly technical such as custom-built malware or compromised infrastructures, to the more prominent and simpler vectors such as spear phishing employees and customers, stealing or cloning credit cards, attacking websites and the digital targeting of senior executives, managers and staff at every level of the organisation.
The Cyjax digital intelligence platform was deployed as part of a strategy to monitor the levels of risk associated with as many threat vectors as possible. This would involve the automated collection of brand based exposure in the global mainstream press across all languages simultaneously, sentiment analysis of social media exposure, digital profile monitoring of all staff and company assets including all staff and execs, a complete sweep and subsequent monitoring framework around their entire supply chain and affiliate network, darknet monitoring and intelligence in both public and closed source areas of the various darknets, critical vulnerability monitoring of their entire software and hardware infrastructure and, the ability to monitor and view the logs of their internal processes to seek abnormal patterns in internal network traffic – also, they need to know what is happening around them; technologies, methods and processes are common throughout the financial industry, so what happens to one is of interest to all; thankfully, they share threat information, but this also needs to be collected and processed.
The difficulty in implementing an anti-fraud technical strategy is that the audience is largely non-technical, while most of the threat data is largely technical. Integrating systems to automatically block known bad things is a simple process but making vast datastores of intelligence information available to non-technical facets of a business is where the magic happens. What a financial organisation needs more than a security patch, is to understand the risk associated with the process of patching, or indeed not. Utilising the extensibility of the Cyjax digital intelligence platform, we created several new applications that were designed to provide the necessary capabilities to deliver risk-based intelligence to the important areas of the business.
While it took time to navigate the strict policies and processes that govern financial institutions, we successfully implemented a solution that provided a major boost in the fight against fraud. By the end of the first month of operation the bank had been able to fend off over 2000 low level attempted credit card fraud transactions; identify and secure the compromised access of several bank accounts containing large sums of money, rule out the possibility that they were the source of 3 breaches that were claiming to sell their customer information on darknet marketplaces, identify serious flaws in the personal online social media security practises of several senior executives, and identify and subsequently measure the level of cyber awareness among their entire staff base, helping them to quickly understand who was a target for awareness training.
The solution is now used across the entire organisation, from the board level to communicating automatically with their firewalls to block attacks in real-time. It helps to identify risk, inform strategy and ultimately prevent financial loss.
The impact is most notable at the operational level, but difficult to quantify financially. It would likely be easier to measure how much fraud help to save their customers and the general public from.
We made a metrics engine that is as functional as Microsoft Excel, but as easy to use as an abacus. It allows anyone in the organisation to real-time mine the big data that is generated by the extensive collection processes of the mixture of technologies described above.
Cyber intelligence, physical intelligence, or just all branched under digital intelligence, it doesnt have to be difficult and it is no longer just at the reach of the technical only. It is accessible to everyone no matter their technical ability. Ensure that when you are building or advising on digital intelligence strategies that you include every area of the business and ensure that they too can make use of the tools and information that is produced as a result. Even the cleaners have keys after all.