Disrupting this ecosystem is a top reason for combating cyber-enabled fraud, yet most efforts to do so are currently fragmented because data, systems, and organizational structures have been siloed. We often see organizations use a myriad of tools and platforms across divisions and departments, which results in inconsistent rule application.
Those weaknesses can limit visibility and hinder comprehensive detection and prevention efforts. Fraud programs in their current state are time-consuming and resource-intensive, and can feel like an endless game of whack-a-mole for the folks on the ground.
At Google Cloud’s Office of the CISO, we believe that a strategic shift toward a proactive, preventive mindset is crucial to helping organizations take stronger action to address cyber-enabled fraud. That starts with a better understanding of the common fraudulent activities that can threaten your business, such as impersonation, phishing, and account takeovers.
From there, it’s essential to build a scalable risk assessment using a consistent approach. We recommend using the Financial Services Information Sharing and Analysis Center’s Cyber Fraud Prevention Framework, which ensures a common lexicon and a unified approach across your entire enterprise. The final piece involves meticulously mapping out the specific workflows where fraudulent activity is most likely to occur.
By categorizing these activities into distinct phases, you can identify the exact points where controls can be implemented, breaking the chain before a threat can escalate into a breach.
In parallel, consider the types of fraud-prevention capabilities that may already be available to support your fraud prevention efforts. Our recent paper on tackling scams and fraud together describes Google Cloud’s efforts in this space, some of which are highlighted below.
Though Google combats fraudulent practices through continued investment in enhancing our capabilities, as well as through other means including litigation, we recognize that broader industry collaboration is needed to truly move the needle. That’s why we’ve partnered with industry efforts through the Financial Services ISAC, the Global Anti-Scams Alliance, DNS Research Federation, the National Elder Fraud Coordination Center, and the Global Signal Exchange to collectively drive fraud detection and prevention forward. Most recently, the U.S. government commended us for our efforts to combat fraud.
Combating cyber-enabled fraud is a key task that CISOs and boards of directors can collaborate on to ensure alignment with executive leadership, especially given the financial and reputational risks. Regular dialogue between boards and CISOs can help build a unified, enterprise-wide strategy that moves from siloed departments and disparate tools to a proactive defense model.
Boardrooms should hear regularly from CISOs and other security experts who understand the intersection of fraud and cybersecurity, and the issues at stake for security practitioners and risk managers. We also recommend that boards should regularly ask CISOs questions about the threat landscape and the fraud risks that the business faces, and how best to mitigate those risks.
You can learn more about what organizations can do to combat cyber-enabled fraud in our newest Perspectives on Security for the Board report.
Source Credit: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-ciso-board-can-fight-cyber-enabled-fraud/
