Laurent - stock.adobe.com
TIN coalition calls for industry action against cyber fraud
An industry group aimed at improving cyber security by tackling enduring challenges has called for collaboration in the fight against cyber fraud
The Intelligence Network (TIN), a coalition of 1,500 global members from academia and industry, is calling for collaboration to tackle fraud as a top priority in its campaign to make cyberspace safer.
The call comes six months after the launch of the industry initiative by BAE Systems and is the result of a research programme that has collated input from cyber crime experts from industry, academia, government and law enforcement.
According to the research report, cyber fraud accounts for more than half of all fraud and is also a main motivator for cyber attacks on all organisations.
If unstopped, said the report, cyber fraud’s cross-jurisdictional nature will continue to bring increased harm to individuals and businesses around the world.
Cyber fraud should be high on the agenda of security teams and business decision-makers, the report said, highlighting four key problem areas as well as detailing the industry group’s vision for stimulating change in each of those areas.
The four priority problem areas identified are:
- Endemic attacks, which indicate business is making it too easy for criminals to access the data they need to commit fraud.
- Social engineering, which is a key enabler for fraud that the security industry needs to tackle by making it easier for people to do their work without risk.
- Operating in silos, which means information is rarely shared across functions and across industries, making joint action difficult and rare.
- The cyber/ fraud gap, which is the result of cyber security, counter fraud and law enforcement being treated as ends in themselves with their own objectives and terminology.
To address these priority areas, the report sets out a vision for each. To tackle endemic attacks, the vision is to establish cyber hygiene as the default across all sectors and make cyber and fraud risk an integral part of business strategy and new service development.
The vision for overcoming social engineering challenges is to reduce the opportunities to establish false trust and to ensure that all remaining threats are well publicised and understood. The vision also requires organisations to interact with customers and staff in a way that reinforces security and to ensure that the security of interactions with individuals becomes less dependent on public information.
To address operating in silos, the vision is to ensure that cyber fraud is understood across functions within and between organisations, to ensure that organisations are recognised for sharing useful information, not punished for suffering an attack, and to ensure that business and law enforcement collaborate effectively to tackle cyber fraud.
And to reduce the gap between cyber security and anti-fraud operations, the vision is to ensure that the response to cyber attacks minimises the broader impact of data loss on society, that fraud teams in business and law enforcement are fully engaged in tackling cyber attacks as a precursor to fraud, that enforcement is globalised to tackle all forms of cyber fraud, and that cyber and fraud terminology are understood across the relevant stakeholder communities.
To realise the vision for each of these four priority areas, the report details 22 proposed actions, which will be honed into an action plan during consultation with members of The Intelligence Networks, and members will take part in working groups to move the plan forward and deliver change.
Some of these draft actions include:
- Moving to a two-way trust model between organisations and their customers.
- Celebrating the organisations that share information publicly and act to reduce the social impact of cyber attack.
- Strengthening channels for businesses to collaborate with law enforcement.
With its vision for change established, The Intelligence Network is calling on industry to join forces in the fight against cyber fraud by consulting on its proposed action plan, and taking responsibility to drive those actions forward.
“Cyber fraud is a pervasive problem that directly impacts individuals every day, and costs the global economy millions,” said James Hatch, chairman of The Intelligence Network. “It is time to make fraud harder for the criminals, but we can only do that by working collaboratively, and that is where The Intelligence Network comes in.
“Together, our member base, comprising cyber and fraud professions across the globe, have examined the cyber fraud landscape and we have developed a vision on how we can tackle cyber fraud better.
“Our vision maps out what we need to achieve to tackle this growing global threat. Our next challenge is to ensure coordinated change in response. Our global community is already making an impact, and we are now galvanising action.”
Hatch said the high number of successful attacks and the effectiveness of social engineering tactics is making it too easy for criminals to access the data they need to commit fraud.
“It is too easy to gain false trust,” he said. “We train people to watch out for suspicious emails or calls, but our technology doesn’t do enough to verify that the person contacting them is who they say they are.”
Read more about cyber fraud
- The Bestmixer cryptocurrency laundering service has been shut down by Dutch anti-fraud police with support from Europol, significantly disrupting cyber criminal money flows.
- Just over half of IT and telecoms SMEs are targeted by fraudsters, with each case of cyber fraud costing more than £1,000, study reveals.
- Security researchers have uncovered an online market selling digital identities to help cyber criminals to defeat anti-fraud technologies, as financial cyber crime becomes a bigger threat than ever before.
- An international operation shut down the AlphaBay and Hansa marketplaces in July 2017, but new ones have sprung up on the dark web, with one in particular helping to drive cyber fraud.
The draft actions proposed by The Intelligence Network are aimed at shifting the economics of cyber fraud by making breaches and social engineering harder to achieve, said Hatch.
“In the long term, the only way to make a real difference is for security to become built-in by default into systems and processes," he said, adding that to achieve success, all organisations need to commit to change and take action.
Jonathan Luff, co-founder of cyber security incubator CyLon and a committee member of The Intelligence Network’s steering committee, said: “From large global brands to cyber security startups, it feels as though we are finally building an ecosystem that is communicating meaningfully – something that is desperately needed in the current cyber climate. This research will make an important contribution to the action plan, enabling real focus and collaboration.”
Steering committee members are described as “global influencers responsible for governing strategy, direction and operation” and are drawn from BAE Systems, Microsoft, Forgepoint Capital, CyLon, the Confederation of British Industry (CBI), Enterprise Strategy Group (ESG), Royal United Services Institute (RUSI) and Trafigura.