Skip to content

Posts from the ‘fraud detection’ Category

Your Mobile Phone Is Your Identity. How Do You Protect It?

 The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M. U.S.-based breaches average $8.19M in losses, leading all nations. Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach. Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average). These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 - 75 of the report. Key insights from the report include the following: Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained. U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively. Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below. Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes: Conclusion Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third. The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization. Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

  • The average cost of a data breach has risen 12% over the past 5 years and is now $3.92M.
  • U.S.-based breaches average $8.19M in losses, leading all nations.
  • Not integrating mobile phone platforms and protecting them with a Zero Trust Security framework can add up to $240K to the cost of a breach.
  • Companies that fully deploy security automation technologies experience around half the cost of a breach ($2.65M on average) compared to those that do not deploy these technologies ($5.16M on average).

These and many other fascinating insights are from the 14th annual IBM Security Cost of a Data Breach Report, 2019. IBM is making a copy of the report available here for download (76 pp., PDF, opt-in). IBM and Ponemon Institute collaborated on the report, recruiting 507 organizations that have experienced a breach in the last year and interviewing more than 3,211 individuals who are knowledgeable about the data breach incident in their organizations. A total of 16 countries and 17 industries were included in the scope of the study. For additional details regarding the methodology, please see pages 71 – 75 of the report.

Key insights from the report include the following:

  • Lost business costs are 36.2% of the total cost of an average breach, making it the single largest loss component of all. Detection and escalation costs are second at 31.1%, as it can take up to 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach. IBM found the average breach lasts 279 days. Breaches take a heavy toll on the time resources of any organization as well, eating up 76% of an entire year before being discovered and contained.

  • U.S.-based breaches average $8.19M in losses, leading all nations with the highest country average. The cost of U.S.-based breaches far outdistance all other countries and regions of the world due to the value and volume of data exfiltrated from enterprise IT systems based in North America. North American enterprises are also often the most likely to rely on mobile devices to enable greater communication and collaboration, further exposing that threat surface. The Middle East has the second-highest average breach loss of $5.97M. In contrast, Indian and Brazilian organizations had the lowest total average cost at $1.83M and $1.35M, respectively.

  • Data breach costs increase quickly in integration-intensive corporate IT environments, especially where there is a proliferation of disconnected mobile platforms. The study found the highest contributing costs associated with a data breach are caused by third parties, compliance failures, extensive cloud migration, system complexity, and extensive IoT, mobile and OT environments. This reinforces that organizations need to adopt a Zero Trust Security (ZTS) framework to secure the multiple endpoints, apps, networks, clouds, and operating systems across perimeter-less enterprises. Mobile devices are enterprises’ fasting growing threat surfaces, making them one of the highest priorities for implementing ZTS frameworks. Companies to watch in this area include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. The framework is built on the foundation of unified endpoint management (UEM) and additional zero trust-enabling technologies, including zero sign-on (ZSO), multi-factor authentication (MFA), and mobile threat detection (MTD). This approach to securing access and protect data across the perimeter-less enterprise is helping to alleviate the high cost of data breaches, as shown in the graphic below.

  • Accidental, inadvertent breaches from human error and system glitches are still the root cause for nearly half (49%) of the data breaches. And phishing attacks on mobile devices that are lost, stolen or comprised in workplaces are a leading cause of breaches due to human error. While less expensive than malicious attacks, which cost an average of $4.45M, system glitches and the human error still result in costly breaches, with an average loss of $3.24M and $3.5M respectively. To establish complete control over data, wherever it lives, organizations need to adopt Zero Trust Security (ZTS) frameworks that are determined by “never trust, always verify.”. For example, MobileIron’s mobile-centric zero-trust approach validates the device, establishes user context, checks app authorization, verifies the network, and detects and remediates threats before granting secure access to a device or user. This zero-trust security framework is designed to stop accidental, inadvertent and maliciously-driven, intentional breaches. The following graphic compares the total cost for three data breach root causes:

Conclusion

Lost business is the single largest cost component of any breach, and it takes years to fully recover from one. IBM found that 67% of the costs of a breach accrue in the first year, 22% accrue in the second year and 11% in the third.  The more regulated a company’s business, the longer a breach will accrue costs and impact operations. Compounding this is the need for a more Zero Trust-based approach to securing every endpoint across an organization.

Not integrating mobile phone platforms and protecting them with a Zero Trust Security (ZTS) framework can add up to $240K to the cost of a breach. Companies working to bridge the gap between the need for securing mobile devices with ZTS frameworks include MobileIron, which has created a mobile-centric, zero-trust enterprise security framework. There’s a significant amount of innovation happening with Identity Access Management that thwarts privileged account abuse, which is the leading cause of breaches today. Centrify’s most recent survey, Privileged Access Management in the Modern Threatscape, found that 74% of all breaches involved access to a privileged account. Privileged access credentials are hackers’ most popular technique for initiating a breach to exfiltrate valuable data from enterprise systems and sell it on the Dark Web.

AI Is Predicting The Future Of Online Fraud Detection

Bottom Line: Combining supervised and unsupervised machine learning as part of a broader Artificial Intelligence (AI) fraud detection strategy enables digital businesses to quickly and accurately detect automated and increasingly complex fraud attempts.

Recent research from the Association of Certified Fraud Examiners (ACFE)KPMGPwC, and others reflects how organized crime and state-sponsored fraudsters are increasing the sophistication, scale, and speed of their fraud attacks. One of the most common types of emerging attacks is based on using machine learning and other automation techniques to commit fraud that legacy approaches to fraud prevention can’t catch. The most common legacy approaches to fighting online fraud include relying on rules and predictive models that are no longer effective at confronting more advanced, nuanced levels of current fraud attempts. Online fraud detection needs AI to stay at parity with the quickly escalating complexity and sophistication of today’s fraud attempts.

Why AI is Ideal for Online Fraud Detection

It’s been my experience that digitally-based businesses that have the best track record of thwarting online fraud rely on AI and machine learning to do the following:

  • Actively use supervised machine learning to train models so they can spot fraud attempts quicker than manually-based approaches. Digitally-based businesses I’ve talked with say having supervised machine learning categorize and then predict fraudulent attempts is invaluable from a time-saving standpoint alone. Adopting supervised machine learning first is easier for many businesses as they have analytics teams on staff who are familiar with the foundational concepts and techniques. Digital businesses with high-risk exposure given their business models are adopting AI-based online fraud detection platforms to equip their fraud analysts with the insights they need to identify and stop threats early.
  • Combine supervised and unsupervised machine learning into a single fraud prevention payment score to excel at finding anomalies in emerging data. Integrating the results of fraud analysis based on supervised and unsupervised machine learning into one risk score is one way AI enables online fraud prevention to scale today. Leaders in this area of online fraud prevention can deliver payment scores in 250 milliseconds, using AI to interpret the data and provide a response. A more integrated approach to online fraud prevention that combines supervised and unsupervised machine learning can deliver scores that are twice as predictive as previous approaches.
  • Capitalizes on large-scale, universal data networks of transactions to fine-tune and scale supervised machine learning algorithms, improving fraud prevention scores in the process. The most advanced digital businesses are looking for ways to fine-tune their machine learning models using large-scale universal data sets. Many businesses have years of transaction data they rely on initially for this purpose. Online fraud prevention platforms also have large-scale universal data networks that often include billions of transactions captured over decades, from thousands of customers globally.

The integration of these three factors forms the foundation of online fraud detection and defines its future growth trajectory. One of the most rapid areas of innovation in these three areas is the fine-tuning of fraud prevention scores. Kount’s unique approach to creating and scaling its Omniscore indicates how AI is immediately redefining the future of online fraud detection.

Kount is distinct from other online fraud detection platforms due to the company’s ability to factor in all available historical data in their universal data network that includes billions of transactions accumulated over 12 years, 6,500 customers, across over 180 countries and territories, and multiple payment networks.

Insights into Why AI is the Future of Online Fraud Detection

Recent research studies provide insights into why AI is the future of online fraud detection. According to the Association of Certified Fraud Examiners (ACFE) inaugural Anti-Fraud Technology Benchmarking Report, the amount organizations are expected to spend on AI and machine learning to thwart online fraud is expected to triple by 2021. The ACFE study also found that only 13% of organizations currently use AI and machine learning to detect and deter fraud today. The report predicts another 25% plan to adopt these technologies in the next year or two – an increase of nearly 200%. The ACFE study found that AI and machine learning technology will most likely be adopted in the next two years to fight fraud, followed by predictive analytics and modeling.

PwC’s 2018 Global Economic Crime and Fraud Survey is based on interviews with 7,200 C-level and senior management respondents across 123 different nations and territories and was conducted to determine the true state of digital fraud prevention across the world. The study found that 42% of companies said they had increased funds used to combat fraud or economic crime. In addition, 34% of the C-level and senior management executives also said that existing approaches to combatting online fraud was generating too many false positives. The solution is to rely more on machine learning and AI in combination with predictive analytics as the graphic below illustrates. Kount’s unique approach to combining these technologies to define their Omniscore reflects the future of online fraud detection.

AI is a necessary foundation of online fraud detection, and for platforms built on these technologies to succeed, they must do three things extremely well. First, supervised machine learning algorithms need to be fine-tuned with decades worth of transaction data to minimize false positives and provide extremely fast responses to inquiries. Second, unsupervised machine learning is needed to find emerging anomalies that may signal entirely new, more sophisticated forms of online fraud. Finally, for an online fraud platform to scale, it needs to have a large-scale, universal data network of transactions to fine-tune and scale supervised machine learning algorithms that improve the accuracy of fraud prevention scores in the process.

%d bloggers like this: