Barely a week goes by without a data breach of some kind making the headlines, with Uber being the latest high-profile example after it emerged the company had paid a $100,000 ransom following the 2016 theft of information relating to its 57 million users and drivers worldwide.
The reputational damage caused by this breach, not to mention the subsequent attempted cover-up, is likely to be substantial. And in an increasingly digital world where trust is paramount, organisations are rightly concerned about the negative effects that such breaches can have on their customer relationships.
Besides the tarnishing of a brand’s image, there are also considerable financial and operational risks associated with cyberattacks. Financial firms are prime targets for such attacks, with criminals looking to steal not just funds but also sensitive individual and business transaction information.
An increasing number of financial transactions have moved to digital channels (e.g., mobile, online, and program trading) over recent years, and customers tend to assume that secure systems are in place. Despite their best intentions, however, it can be difficult for firms to stay ahead of emerging threats.
Of the various types of cyberthreats, the growth in malware attacks is particularly concerning. Malware is typically embedded in apps, other programs, or shared data files, and the malware then spreads as infected files are shared.
Once a server, PC, or mobile device is infected with the malware application, criminals can use a variety of strategies and tactics to steal sensitive financial information and account credentials. The most prominent malware tactics include:
Man-in-the-Middle (MitM) Attacks: A third party that intercepts customer information while it is in flight or “listens” to customer information being shared online.
Man-in-the-browser (MitB) Attacks: Malware intercepts and captures encrypted information (e.g., username and passwords) that users share with applications through their Web browser.
Bots and Botnets: Malware that enables the attacker to take control of a computer. Often, these machines are part of a network of infected devices known as a botnet that can span multiple countries. The goal is to stay hidden until the machine infected with the bot is instructed to carry out a task such as sending spam to other machines or participating with other infected machines in a denial-of-service (DoS) attack.
Advanced Persistent Threats (APT): After gaining access through malware, an unauthorised person gets access to your network and then stays there undetected for a period of time in an effort to infiltrate key systems and steal data. Often the goal of an APT attack is to steal data and then send the stolen data to other systems that can be located inside or outside the firm.
We are also increasingly seeing the use of unauthorised copies of firms’ websites, with the intention of encouraging victims to open applications and files so malware can be installed on servers, PCs, and mobile devices.
And to complicate matters further, threat actors are becoming bolder and using more aggressive tactics to pretend that the sites and files that they are using to spread the malware are from legitimate and trusted sources.
Increasingly, firms are investing in risk-based transaction monitoring and risk analytics tools in an effort to protect themselves, their counterparties, and their customers from such tactics. Indeed, the availability of real-time transaction information and threat intelligence is helping firms to detect, prevent, and contain the impact of cyberattacks and threats.
To this end, we are seeing more and more firms invest in behavioural analytics that compare customer transaction patterns with their peers’ behaviour, the customer’s KYC (know-your-customer) file, and historical transaction patterns.
For employees, firms can track and analyse employee identities for patterns and anomalies to expected and predicted transaction patterns. Some anomalies can be very good cyberthreat and cyberfraud markers, such as access to email or network resources late at night or access from an overseas IP address.
While there will inevitably be some valid mitigating circumstances (e.g., an employee may be working late on a project or travelling abroad for business), many firms are increasingly wanting to actively monitor and investigate anomalies for signs of potential cybercrimes.
As firms deploy more comprehensive transaction-monitoring, cyberthreat-detection, and attack-prevention systems, they must ensure that these systems do not negatively impact the customer experience, especially for online and mobile transactions.
Protecting customers and enshrining trust in the customer relationship is critical, and the best way to achieve this is for firms to always remain cognisant of the customer experience while testing, developing, and implementing enhanced cyberthreat detection and prevention strategies.
The columnist is group vice-president and regional managing director for the Middle East, Africa and Turkey at global ICT market intelligence and advisory firm International Data Corporation (IDC). He can be contacted via Twitter @JyotiIDC. Content for this week’s feature leverages global, regional, and local research studies undertaken by IDC.