Despite the headlines about the continued geopolitical turmoil, the risk of cyberattack isn’t exactly new. Denial-of-service attacks and ransomware are never far from mind. Data exfiltration — where consumer information is taken from inside a firm (sometimes by corporate insiders) — is a worry, too.
The bad actors have found ways to market their malevolence as services, sometimes divvying up their revenue streams across diverse efforts.
As Selim Aissi, Blackhawk Network’s chief information security officer, told PYMNTS, digital adoption has been the single biggest change within the payments industry. Along the way, the consumer has gained a greater level of control over their shopping and payment experiences.
But of course, the proliferation of online commerce, leveraging of mobile technology to conduct faceless, remote commerce, means that fraudsters can hide behind synthetic IDs, SIM card schemes and all manner of subterfuge. It’s becoming harder to defend against payments fraud and large-scale, targeted cyberattacks.
Forging Lines of Defense
Within any organization, Aissi said, crafting a multiyear, strong cyberdefense strategy entails enlisting a wide range of tools, processes and people. At a minimum, he said, companies need to engage in certain core security practices — and branch out from there.
“You might think of this as security hygiene,” he said, which means implementing patches, strengthening access management, and protecting data. Fortunately, as data breaches and security incidents gain in frequency, CISOs are becoming more vigilant.
“They also are getting ‘deeper’ into threat intelligence as they try to collect the indicators of compromises,” Aissi said, “as they seek to make sure network defenses are robust.” Time to leverage the urgency, in other words.
Layering data security is among the most effective approaches, he said. It takes a village to combat security threats, and companies should collaborate with government agencies and intelligence organizations to stymie criminals.
Looking ahead into the rest of 2022, Aissi said new threats will emerge — same as any year.
“The adversaries are very intelligent, very well-funded, persistent, and they always look for the low-hanging fruit,” he said.
CISOs should take advantage of predictive analytics and artificial intelligence (AI), which can be enlisted across a corporate security stack in the battle against cybercriminals.
Aissi said that advanced technologies have helped organizations cut through the “white noise” of false positives. Artificial intelligence (AI), he said, can help security organizations find the proverbial needle in the haystack — the genuine fraudster who has managed, over time, to (so far) escape detection. AI can be especially useful in ingesting, analyzing and making sense of threat intelligence that is gleaned from a variety of sources — and making that intelligence “canonical” with every other input that is used for detection and prevention.
With all these tools being folded into firms’ defenses, Aissi said, there is the opportunity to see positive impact this year and beyond — even if, of course, it is impossible to eliminate all cybersecurity threats and fraud.
“We’re seeing more value that AI is adding to cybersecurity controls, tools and technologies,” he told PYMNTS, “and AI makes security stronger over time.”