Redefining Cybersecurity for a Comprehensive Security Posture
The integration of different disciplines of cybersecurity and fraud management is a necessary evolution in the face of increasingly sophisticated digital threats.
Cybersecurity is the practice of securing businesses' infrastructure and endpoints from unauthorized access. Multiple teams within an organization lead different aspects of cybersecurity. From Web application firewall (WAF) to application programming interface (API) security, these teams often work in silos with their independent key performance indicators (KPIs) and road maps leading to fragmentation in understanding the comprehensive threat landscape of the organization.
The discipline of fraud prevention — a relatively new but now-established method of stopping threat actors who exploit Web applications for financial gain — has fragmented the cybersecurity landscape within an organization even further. Fraud prevention teams, often a part of consumer growth and onboarding teams, operate their independent road maps and attempt to eradicate fraudulent financial losses.
Redefining cybersecurity to combine these disciplines under one umbrella brings a multitude of benefits to an organization, including a comprehensive cybersecurity posture, efficient resource utilization, and reduced capital burn.
The Threat Actors' Perspective
Threat actors target an organization mostly for financial incentives. And financial incentives exist across multiple surfaces within an organization. Attackers could target employees to gain unauthorized access to internal servers and then blackmail them in exchange for giving up the unauthorized access. They can also target the consumer-facing application for distributed denial-of-service (DDoS) attacks or other malicious purposes.
Recently, Microsoft took down Storm-1152, a cybercriminal group, known for illegally reselling Outlook accounts for financial gain. One can't guarantee that individuals behind the group won't resurface to attack a different Microsoft platform.
Given the threat, organizations are better off unifying the different teams involved directly and indirectly with cybersecurity to land a comprehensive security posture.
Efficient Capital Management
Cybersecurity is a fragmented market, and vendors are blurring the lines between traditional cybersecurity and fraud management by trying to unlock those use cases within the same platform. However, since the buyers of fraud management tools differ from buyers of traditional cybersecurity tools, and these teams operate in silos, organizations fail to consolidate vendors and spend more than needed.
The current macroeconomic climate demands efficiency, and efficient vendor management through consolidation across different surfaces offers a lucrative angle to capital efficiency.
Integrating the Domains
Although difficult in the beginning, a few initial actions can help set the operations up for success:
Unified strategy and common KPIs: Bringing in the right representation and creating a unified strategy is key to success. A unified strategy ensures that every stakeholder is accountable for driving that strategy forward. Defining cross-team KPIs makes the unified strategy measurable. For example, instead of letting the bot management team set a siloed KPI, such as "Number of bot attacks stopper per month," bringing in the bot management, account-takeover, and transaction fraud detection teams together and setting up KPIs that look at bot attacks stopped and bots that trickled down to commit account takeovers and, ultimately, a transaction fraud can bring more visibility across the chain and keep everyone accountable.
Integrated technology stack: Once a unified strategy is set, invest in an integrated technology stack. Siloed technology stacks create opaqueness that, in turn, leads to inefficiencies. An integrated technology stack ensures full visibility by any team in the chain. Downstream teams can use threat indicators identified by upstream teams to further probe the traffic. Similarly, if downstream teams find interesting actionable insights, upstream teams can act on such insights. For example, teams responsible for API security may find threat insights based on the sequence of API usage by consumers that aren't usually available to bot and fraud protection teams. Such insights can be used if such an integrated technology stack exists.
Unified vendor strategy: Almost every team responsible for cybersecurity and fraud protection uses vendors to complement their work. The majority of the vendors offer overlapping capabilities to unlock additional use cases. Having a unified vendor strategy ensures that every team is aware of vendors used by other teams. Additionally, the integrated technology stack ensures that signals from the vendors can be used across teams instead of in just one. Cost efficiency is an added benefit.
Unified response to threat incidents: Creating cross-functional tiger teams during incidents ensures that each incident is looked at holistically. Such an effort not only significantly reduces the probability of another attack from the same and similar groups but also conserves capital outflow from ransom demands.
Conclusion
The integration of different disciplines of cybersecurity and fraud management, guided by unified strategy, common KPIs, and shared accountabilities, is not just a strategic move but a necessary evolution in the face of increasingly sophisticated digital threats. By fostering collaboration and alignment in objectives, companies can build a more resilient and efficient digital security posture, protecting their assets, their reputation, and, most importantly, their customers. The goal is to create a unified front against digital threats, where the strengths of each domain are leveraged to enhance the overall security of the organization.
About the Author
You May Also Like