Resource Corner

Combating Automated Attacks

Learn the importance of bridging the gap between cybersecurity and fraud prevention.
Hands typing on laptop keyboard with icons

So-called bad bots unleashed by cybercriminals now account for almost 75% of internet traffic, according to a recent study. Their top five attack categories: fake accounts, account takeovers, scraping, account management, and in-product abuse.

Gavin Reid is on the front line of this assault. He’s the chief information security officer of HUMAN Security, which helps clients in a range of industries stop online fraud that’s often automated via bots. 

For its customers, HUMAN distinguishes bad bots from good ones, which perform helpful tasks like customer service and content moderation. The bad guys are hogging the spotlight. Last year alone, his New York–based company saw a fivefold jump in malicious bot activity.

That’s hurting businesses and brand trust. 

Thanks to generative AI, it’s easy for criminals to create bots that convincingly mimic humans online, Reid explains. That makes it “really, really hard for companies like us and people to defend their infrastructure from attacks and to enable users to buy stuff.”

There’s little about defending against automated attacks in any of the security compliance regimes that organizations follow, Reid says. That includes the security operations center (SOC)—the team responsible for detecting, analyzing, and responding to cyber threats—and International Organization for Standardization (ISO) guidelines.

“I feel like we’re in a bit of a gap,” Reid says. “And when we have a gap, then miscreants take advantage of that and use it against us.”

Mistrust within companies could be making the problem worse. In some businesses, cybersecurity and fraud prevention are still siloed. That doesn’t add up for Reid, who points out that times have changed. 

“Let’s face it: Financial fraud—or whatever business fraud—most of it is happening online,” he says. “So having these groups separated out doesn’t help at all.”

Then why does it persist?

“Usually, it has to do with political reasons and org structures, not what makes sense for solving this particular problem,” Reid says.

The divide is more common among older organizations. For example, the big U.S. banks typically have separate fraud and cyber divisions. That’s because they started out with teams that handled old-school crimes like stickups and check fraud, then later launched cybersecurity groups to combat online offenses such as hacking, phishing, and ransomware.

But the wall is coming down. Most large financial institutions now operate a “fusion center” that sees both sides join forces. “It’s continuing to merge, but it’s happening slowly.”

For businesses seeking a more collaborative cybersecurity and fraud strategy, Reid suggests following the banks’ lead. “It’s like they’re getting into the pool together,” he says of the two departments. “So they can keep their structure, they can keep the politics, but the actual people that are dealing with the day-to-day issues can work very closely together.”

A second step: “Single leadership that would be responsible for the delivery of both,” ensuring shared access to tools and capabilities. No if, ands, or bots about it.

It’s crucial to have a bank that understands fraud and is already fighting against it. Our robust fraud prevention services are designed to help you combat fraud and make banking easier and more secure for you.

This article was written by Nick Rockel from Fortune and was legally licensed through the DiveMarketplace by Industry Dive. Please direct all licensing questions to legal@industrydive.com.

SUGGESTED ARTICLES
All content is for informational purposes only and does not constitute legal, tax, or accounting advice. You should consult your legal and tax or accounting advisors before making any financial decisions.