Cybersecurity is the practice of protecting companies’ infrastructure and endpoints from unauthorized access. Multiple teams within an organization drive different aspects of cybersecurity. From web application firewall (WAF) to application programming interface (API) security, these teams often work in silos with their own independent key performance indicators (KPIs) and road maps leading to fragmentation in understanding the full landscape threats to the organization.
The discipline of fraud prevention, a relatively new but well-established method for stopping threat actors exploiting web applications for profit, has further fragmented the cybersecurity landscape within an organization. Fraud prevention teams, often part of consumer growth and onboarding teams, maintain their own independent roadmaps and attempt to root out fraudulent financial losses.
Redefining cybersecurity to combine these disciplines under one umbrella brings numerous benefits to an organization, including a comprehensive approach to cybersecurity, efficient use of resources, and reduced capital consumption.
The threat actor perspective
Threat actors target an organization primarily for financial incentives. And financial incentives exist on multiple surfaces within an organization. Attackers could target employees to gain unauthorized access to internal servers and then blackmail them in exchange for giving up unauthorized access. They can also target the consumer-facing application for distributed denial of service (DDoS) attacks or other malicious purposes.
Recently, Microsoft stopped Storm-1152, a cybercriminal group known for illegally reselling Outlook accounts for profit. There is no guarantee that the people behind the group will not resurface to attack a different Microsoft platform.
Given the threat, organizations would be better off unifying the different teams involved directly and indirectly in cybersecurity to achieve a comprehensive security approach.
Efficient capital management
Cybersecurity is a fragmented market, and vendors are blurring the lines between traditional cybersecurity and fraud management by trying to unlock these use cases within the same platform. However, because buyers of fraud management tools differ from buyers of traditional cybersecurity tools and these teams operate in silos, organizations fail to consolidate vendors and spend more than necessary.
The current macroeconomic climate demands efficiency and efficient supplier management through consolidation across multiple surfaces offers a profitable prospect for capital efficiency.
Domain integration
While difficult at first, a few initial actions can help set your operations up for success:
-
Unified strategy and common KPIs: Having the right representation and creating a unified strategy is the key to success. A unified strategy ensures that every stakeholder is responsible for carrying out that strategy. Defining KPIs across teams makes the unified strategy measurable. For example, instead of having the bot management team set an isolated KPI, such as “Number of bot attack blocks per month,” bring together the bot management, account taking, and transaction fraud detection teams and setting KPIs that look at bot attacks have been stopped and bots flocking to commit account takeovers and ultimately transaction fraud can bring greater visibility throughout the chain and hold everyone accountable.
-
Integrated technology stack: Once you have a unified strategy in place, invest in an integrated technology stack. Isolated technology stacks create opacity which, in turn, leads to inefficiencies. An integrated technology stack ensures full visibility from any team in the chain. Downstream teams can use threat indicators identified by upstream teams to further probe the traffic. Likewise, if downstream teams find interesting and actionable information, upstream teams can act on that information. For example, API security teams can find threat intelligence based on the pattern of API usage by consumers that is typically not available to bot and fraud protection teams. Such insights can be used if there is such an integrated technology stack.
-
Unified supplier strategy: Nearly all cybersecurity and fraud protection teams use vendors to supplement their work. Most vendors offer overlapping functionality to unlock additional use cases. Having a unified vendor strategy ensures that each team is aware of the vendors used by other teams. Additionally, the integrated technology stack ensures that supplier signals can be used across teams rather than just one. Cost efficiency is an added benefit.
-
Unified Threat Incident Response: Creating cross-functional tiger teams during incidents ensures that each incident is considered holistically. Such an effort not only significantly reduces the likelihood of another attack by the same or similar groups, but also preserves capital outflow resulting from ransom demands.
Conclusion
The integration of different cybersecurity and fraud management disciplines, driven by a unified strategy, common KPIs and shared responsibilities, is not only a strategic move but a necessary evolution in the face of increasingly sophisticated digital threats. By promoting collaboration and alignment of goals, companies can build a more resilient and efficient digital security posture, protecting their assets, their reputation and, most importantly, their customers. The goal is to create a united front against digital threats, where the strengths of each domain are leveraged to improve the organization’s overall security.