Greater digital adoption is bringing together people, organizations and data, as well as fraud and information security. This convergence of fraud, identity, and information security (infosec) enables businesses to collectively identify the threat vectors and ensure that the different business units are managing risks effectively in a way that facilitates an efficient and coordinated response
The coronavirus pandemic has showcased the need for a truly integrated security posture for organizations, irrespective of their scale of operations. Unlike earlier, when fraud, infosec and identity teams were operating in their own silos, organizations are now looking to consolidate the tools, data, people & processes for a more integrated view. This convergence is critical for operational resilience and maintaining business continuity during times of disruption.
The convergence of fraud, identity, and infosec is important at many levels as it helps bring diverse views of the threat landscape together. For instance broad macro or industry level risk assessments at the infosec level, portfolio-specific attacks at the fraud level, and the impact on individual identities. Greater the convergence, higher the investment, which allows for a more layered defense approach against the common adversary.
Organizational structure with clear communication policies
Convergence comes about with the culmination of many factors. One of the most important being the organizational structure with clearly defined protocols for information sharing—within and outside of the company—and following the best practices for communication. When it comes to sharing data internally, organizations must identify the teams and people—responsible and accountable—for communication.
Further, organizations can drive changes where needed to ensure that intelligence can be shared appropriately and safely to promote a more secure environment for customers and workforce. Sharing of trends and non-confidential information should be continuous and encouraged. However, there must be an understanding and identification of common goals—such as deterring criminals—and siloed goals such as fraud losses or risk assessments etc.
Leverage advancements in technology to navigate convergence
Navigating convergence efficiently is crucial for organizations; and, they can leverage the evolution in technology to maintain transparency and balance privacy with utility of data. Today, we have better machine learning models that enable us to verify the identities and really look at the convergence of fraud, identity, and infosec.
However, as volumes of data explode—estimated to be 175 zettabytes of data by 2025—there will be a dramatic increase in cyber risks as well. Technologies such as artificial intelligence and machine learning can help cut out the noise to allow fraud teams to focus on responding to more complex threats and try to uncover what the humans behind attacks are planning next.
When done correctly, more regulation can be beneficial
As the amount of data grows, privacy concerns also rise. The changing landscape is a reflection on government, businesses, and individuals catching up with the times in an attempt to combat nefarious activity. There are existing regulations that mandate organizations to ensure security of the customer data they possess. Some may argue that regulations place limitations on how organizations can build certain risk and fraud management solutions. However, if done correctly, more regulation can prove beneficial, as it sets forth the rules for collection, use and sharing data for risk management.
It helps organizations gain regulatory certainty wherever possible so that they can avoid operating in a regulatory or ethical gray area. Regulations also provide justification for activities in cybersecurity, identity, and fraud. It also brings challenges to the practitioners in these areas as they attempt to protect authentic consumers from bad actors.
However, there are a number of loopholes in existing regulations apart from different laws in different states that can be difficult to manage. And then there are industries that are not regulated. At times, regulations can be almost counter intuitive to the protection goals. For instance, cyber investigators without access to a person’s private information can face difficulty while researching events.
As responsibilities towards the protection of customers—and the workforce—become broad, organizations face a greater challenge managing the business, technical, and regulatory needs. Having a strong regulatory change management program can help ensure changes are identified and analyzed. It will also be important for lawmakers and cyber, fraud, and identity practitioners to collaborate for better compliance and creating a trustworthy business ecosystem.
Optimize end-user experience with targeted friction
The digital acceleration, triggered by the coronavirus pandemic, has surpassed that of the last two years. This digital acceleration will continue to influence the way we work and collaborate and therefore, security technology will revolve around improving productivity and collaboration through secure inclusive end-user experiences.
Organizations will, therefore, need to optimize end-user experience with judicious use of friction. This is especially crucial in the events when there is doubt on the veracity of an ID or transaction. Although friction is often construed as negative, in such doubtful events, targeted friction can help drive confidence.
Brace for greater convergence
The economy of the post-pandemic era will be fundamentally digital in nature. Such an economy will require a new generation of critical supporting infrastructures, chief among which are 5G networks and the cloud. These infrastructures depend for their effectiveness on shared technical standards, strong privacy protections and resilient cybersecurity.
A 100% return to pre-covid era is unlikely, which means consumers will continue using the digital channels for contactless spending. This will also mean fraud threats will continue to develop along those vectors, as fraud is primarily driven by money.
Enhanced digital transformation, with employees continuing to work from home, will enhance risks to data—all the breaches, security events, identity theft and a whole lot of other malicious activities—which will further propel the use of zero trust access, artificial intelligence and machine learning. All of this will culminate into greater convergence.
To learn how convergence of fraud, identity, and information security helps organizations build operational resilience, watch the recording of the session “The Convergence of Fraud, Identity & Infosec”.
*** This is a Security Bloggers Network syndicated blog from Arkose Labs authored by Himanshu Bari. Read the original post at: https://www.arkoselabs.com/blog/convergence-of-fraud-digital-identity-infosec/