The discipline of cybersecurity has evolved so frantically in such a short amount of time, it's hard to believe that only 63% of the Fortune 100 have a CISO. The field's ongoing talent shortage has been well documented, as are the high burnout rates. Cybersecurity teams need help – and that’s why the rise of cyber fraud fusion centers can really help security teams.
Cyber fraud fusion centers are specialized SOCs that merge security and fraud people, processes and technologies into a single, cohesive unit. These next-gen SOCs fuse cybersecurity, threat intelligence, and fraud prevention into a single function. They are a common-sense response to shifts in the landscape, such as the rise of “cybercrime as a service” providers, which offer financial and payments fraud as part of a menu of hacking and cybercrime services, as well as the rise of next-generation tools such as deepfakes that have proven effective at circumventing authentication systems and other security controls.
Another major shift in fraudster tools, techniques and procedures (TTPs) has been the shift from targeting banks to targeting their customers. Widespread use of instant payment platforms such as Zelle and Venmo has given rise to scams in which fraudsters con customers into making authorized transactions. To effectively combat new fraudster TTPs, defenders now shift from verifying a user’s identity to determining their intent.
It’s a shift that’s simple in concept, but profound in impact. Both security and fraud teams use anomaly detection to discern intent. But because cybersecurity teams need to defend against a broader set of cyber criminals (nation-state hackers, hacktivists, IP thieves.), security teams are inherently more proactive when it comes to determining the intent based on continuous monitoring of user behavior.
Fraud teams, on the other hand, have traditionally been more reactive, with monitoring kicking in only when a clearly defined indicator of fraud triggers an alert. As a result, fraud detection technology has had to fundamentally evolve so companies can continuously monitor how their customers behave online. Additional factors – such as the rise of cloud computing and mobile payments, have pushed fraud detection to occur on edge networks, closer to customers. Now, it’s technically feasible to conduct core fraud detection functions such as device profiling and behavioral biometrics while continuously monitoring the customer journey.
As fraud teams re-architect their fraud detection stacks to account for changes in the landscape, they are backstopped by security teams, which are already spotting attacks against security infrastructure. The ability to cross-correlate in real-time has become one of the main ways cyber fraud teams can infer intent. And as cyber fraud teams gel, they pool resources, and eventually teams can use the data in shared data lakes that can ascertain context with greater clarity and accuracy.
As cyber fraud fusion centers mature their capabilities, a new model for detecting cyber fraud – called the cyber fraud kill chain – has emerged. Based on Lockheed Martin’s Cyber Kill Chain, the cyber fraud kill chain breaks the core stages involved in executing online fraud, and within each stage, outlines fraudster TTPs to add granular cyber fraud policies and rules into fraud prevention platforms.
Unlike Lockheed's model, there are variations in how different sources segment the cyber fraud kill chain, but it’s still the early days. The point of its existence signifies that security and fraud teams are fusing in a structured, thoughtful manner, creating a true win-win for all parties. Cyber fraud fusion keeps fraud teams grounded through a very disruptive time and offer security teams with more skilled analysts with institutional knowledge and additional TTPs – tools that offer better visibility and context about who the adversaries are, what they are doing, and how to shut them down.
Alisdair Faulkner, co-founder and CEO, Darwinium
