The Ponemon Institute’s “2017 Cost of Data Breach Study” reported that the global average cost of a data breach is $3.62 million. When combined with ACL’s tally of $6.3 billion in annual fraud losses, these statistics paint a bleak picture. Threats leading to such staggering numbers include profile hacking, distributed denial-of-service (DDoS), data breaches and ransomware.
Cyberattacks, financial crime and fraud incidents are becoming more targeted, intricate and persistent. While technologies and processes have made advances in risk management, cybersecurity and fraud prevention, a recent IBM Institute for Business Value (IBV) report revealed that 42 percent of banking executives believe that their fraud operations are in need of an overhaul. Another IBV survey found that 61 percent of security leaders are significantly challenged to identify, assess and prioritize threats, due to insufficient resources.
The State of Cognitive Convergence in 2017
These reports led me to reflect upon two research white papers I authored at the Information Security Forum (ISF) on the alignment and future of fraud and information security. I compared the key findings of my research in 2014 with a perspective of what has — or hasn’t — improved in 2017.
Prioritizing Cybersecurity and Fraud Protection
Three years ago, I noted that business leaders needed to pay the same amount of attention to information security as they pay to fraud at the board level, which requires investment in a risk-based approach. In 2017, organizations are placing these topics on the board-level agenda, and most global companies have specific references to both fraud and cybercrime risks in their annual reports. Cybersecurity and fraud are on management committee agendas at least quarterly for 80 percent of institutions surveyed, according to IBV.
Aligning Security and Fraud Management Strategies
I also recommended implementing aligned information security and fraud management models focused on education, awareness, process and technical controls in 2014. Today, however, many security and fraud practices are still built on a collection of point products that are not integrated and do not provide the visibility and actionable intelligence needed to quickly respond to incidents. Fraud and security activities remain distinct and misaligned.
Sharing Threat Intelligence
When it comes to knowledge sharing, I advised security teams to exchange confirmed fraud data, knowledge and internal intelligence with peers, law enforcement and other security analysts across industry sectors.
Today, there are limited examples of formalized knowledge and intelligence sharing between fraud, risk and information security functions and external parties. These functions often only interact in the aftermath of breach, and security and fraud point solutions typically remain isolated. Less than 50 percent of organizations in the IBV survey use additional information from external sources, and only 34 percent share crime intelligence with their competitors to reduce repeated offenses across organizations, regardless of sector.
Addressing Evolving Threats With AI
Finally, I noted in 2014 that organizations should feed multiple sources of enterprise intelligence into their big data analytics to more effectively visualize threats and use that artificial intelligence (AI) to expand behavioral analytics. Despite the isolated manner of operations, organizations are increasingly taking advantage of shared data sets across risk, fraud and information security. Big data has helped organizations develop analytics to become more predictive and innovative. However, the use of AI is still in its infancy, with only 21 percent of organizations stating that it has a significant impact on their operating model in relation to data security, according to an IBM report. Organizations are suffering from a lack of data science skills and knowledge, leaving them unable to develop risk models with machine learning and AI to address risks that evolve on an almost daily basis.
While some organizations have improved in the aforemetioned areas, others still have a long way to go when it comes to converging fraud, risk and cybersecurity with cognitive solutions. If organizations do not have top-grade expertise feeding into a set of cognitive tools, they will fall behind their peers and become easy targets for fraudsters.
Initial Stages of Cognitive Convergence
Organizations looking to start their cognitive convergence journeys should recognize the importance of taking a holistic and formalized approach to understanding their existing risk, fraud and security solutions, as well as data flows and governance. The initial steps to consider before embarking on a large-scale AI program are as follows.
1. Align Strategy, Ownership and Governance
A clear board-level business case and investment plan is critical. Historically, risk, cybersecurity and fraud functions operated independently, with senior leaders owning independent budgets and priorities that are not fully aligned. It’s important to create and agree upon a target operating model for cognitive convergence, and to clearly define roles, responsibilities and accountabilities.
2. Build a Clear Road Map
While planning for convergence, determine how to best communicate the benefits of cognitive security solutions to technical and business stakeholders. Build an education plan for the implementation team and executives on cognitive capabilities that solve business problems.
3. Perform an Analysis of the Current State
Review pain points and weaknesses as they relate to technologies, processes and human factors. Identify where AI can be applied to augment and support human decision-making. You must understand and prioritize areas in which the business needs to improve, and highlight areas that hinder secure growth, compliance and trust.
4. Gather Data Sets
During the initial analysis, develop a comprehensive view of all data sources and potential gaps. The existing systems will hold a significant amount of reusable data. Cutting-edge cognitive data discovery tools can help support this activity.
5. Assess and Identify Skills
Requisite skills and competencies will be needed in a variety of areas beyond just data scientists, statisticians, programmers and developers. Other roles, such as talent sourcing, internal communications, training and procurement, are also necessary to maintain neural networks within an enterprise.
6. Develop Use Cases
Organizations should consider creating use cases for the implementation of converged cognitive fraud, risk and cybersecurity solutions. These must be aligned to business need and aim to resolve areas of weakness.
7. Perform a Proof of Concept
Conduct a small-scale test system to prove the viability of predictive models for a use case business problem. Note that a proof of concept (PoC) is different from a pilot, which may automate live processes. The PoC should be quick and simple to deliver, building upon awareness and learning initiatives for the overall road map.
Supporting Tools for Convergence
AI, through machine learning and advanced analytics, can be used to protect digital platforms against a range of threats, such as account takeover and fraudulent transactions, and help detect devices infected with high-risk malware.
Effective fraud detection solutions offer greater visibility, making it easier to adapt to threats and simplify the deployment of security solutions. This, underpinned with global threat intelligence, can further enrich machine learning to normalize and correlate data on incidents requiring investigation.
These analytics and intelligence tools, linked with a security information and event management (SIEM) capability, can apply cognitive reasoning to the large volumes of constantly changing data to help detect anomalies, uncover advanced threats and reduce false positives.
The End State
A combined operational risk, financial crime, fraud and information model can deliver fully dynamic risk indicators and machine learning capabilities through agile methods to quickly implement new rules and policies to identify fraud, minimize false positives and stay one step ahead of threat actors. This can lead to increased customer trust, stronger security controls, greater business efficiency and faster identification of emerging cybercrime trends.
Associate Partner, IBM
Indy possesses over 17 years’ experience, having worked in both operational and consulting positions at FTSE100 and Fortune 500 organisations including IBM...