Use data to fight industrialised cyber crime, says RSA fraud head

Fighting cyber criminals is all about collecting and using data, according to RSA head of anti-fraud services Daniel Cohen

Fighting cyber criminals is all about collecting and using data, according to RSA head of anti-fraud services Daniel Cohen.

“This includes collecting data on user behaviour, data on the device itself and external threat intelligence. You want to do it in real time or in as near to real time as possible to identify malicious activity,” he said.

According to Cohen, the more data organisations are able to collect and the better their analytics engines are the more accurate they become.

“Our analytics are stopping 98% of fraud, which means fewer than 1% of users are having to answer queries to determine if transactions are fraudulent or not,” he said.

This approach is necessary, he believes, in light of the transition to crimeware services as part of the industrialisation of cyber crime that is enabling criminals to go around most traditional defences.

In 2013, cyber criminals moved on from malware kits that had to be set up and configured by users to crimeware services such as GameOver Zeus and Dyre.

Read more on crimeware-as-a-service

These services mean cyber criminals no longer have to worry about infecting machines and maintaining botnets, which has opened the doors to relatively unskilled cyber criminals.

“Traditional business differentiators, such as customer service, have migrated to the underground – if the stolen credit card you just bought has been cancelled, you’ll get a refund.

“Other business concepts, such as innovate-to-stay-ahead, are also becoming commonplace among cyber crime-as-a-service suppliers,” said Cohen.

In practice, this means cyber criminals are increasingly finding ways around any and all barriers organisations are putting in their way.

“The real race is collecting enough data for analytical engines to enable security decisions. If we don't keep up, criminals will find a way under, over or around anything we put in front of them,” said Cohen.

“You want to be in a position where the engines have enough data and enough visibility to make the right decisions. That is true in the anti-fraud world as well as the enterprise security world,” he said.

Smaller businesses typically lack the in-house expertise for maintaining and using such systems, but Cohen said smaller companies should look to cloud-based services to gain these advantages.

At the RSA Conference 2015 in San Francisco, Microsoft Trustworthy Computing corporate vice-president Scott Charney said that smaller companies are able to access high-level security resources through cloud services.

However, Cohen said larger enterprises still need to invest because most have a mixture of on-premise and cloud-based systems.

“This means larger companies will have to invest in a ‘good enough’ sensory infrastructure to collect information and send it to a box that knows what to do with it. The box will then help their security professionals prioritise their projects and workflows,” he said.

Above all, Cohen believes organisations should not panic in the face of unprecedented cyber threats.

“Instead, ensure you are aware of what is happening in the digital world and that you are able to assess risk properly so your most important assets are protected,” he said.

A risk-based approach, said Cohen, will help organisations to prioritise their projects and investments to deploy the most appropriate defences around what really matters, rather than trying to address all cyber threats at once.

“For example, put property identity management around your most valuable data assets with multiple factors of authentication, make sure that only authorised users can access that data and that you are monitoring who is accessing the data,” he said.

Looking ahead, Cohen expects cyber criminals to increase attacks on mobile transactions as they become more popular.

“From 2013 to 2014 we saw an 80% increase in fraud coming from mobile native apps or web browsers, and attackers are continuing to develop new capabilities very fast in mobile,” he said.

He said most of the malicious activity to date has been around abusing mobile app permissions rather than through mobile malware.

“However, we are already seeing attackers embedding anti-security measures in some mobile malware such as identifying sandboxes and making it more difficult for security researchers to analyse source code,” he said.

RSA anti-fraud services are also seeing standalone attacks on mobile, using methods such as ransomware, that are being drawn from the world of PC malware.

Cohen also expects phishing to rise steadily in the future. “Because it is so easy and effective, it is more likely to increase rather than go away,” he said.

While the mobile threat is yet to be fully realised in the enterprise space, organisations can ensure that they are not blindsided by keeping an eye on the networks.

“The mobile phone is a device that is going to communicate somewhere to access data. If you are monitoring traffic, looking at who is connecting and who is logging in from where, then you suddenly see anomalous activity, you know something is happening,” said Cohen.

As threats happen, he said organisations can slowly start building out their capabilities to address the problem as it evolves.

Read more on IT risk management