Data is currency online and on the dark web where social security numbers sell for $1 each, debit or credit card numbers as much as $110, and passports and medical records $1,000 or more. Without deep visibility into user activity within an organization, suspicious behaviors that signal fraud may go unnoticed and insiders can profit by selling your sensitive data.
2. Your Speakers
Darwin Salazar
Darwin Salazar is a dynamic cybersecurity professional with experience at large
entities spanning the automotive, medical device technology, public policy, finance
and insurance industries. He earned a masters degree in Homeland Security and also
completed two pre-MBA programs at Harvard Business School. After landing a highly
coveted spot at TAVTech in Israel, he went on to lead research on the impact that
emerging technologies, including impacts of AI, anti-money laundering and fraud
prevention.
Dr. Christine Izuakor
Dr. Izuakor is a cybersecurity expert with over 10 years of Fortune 100 enterprise
technology and leadership experience. She earned a PhD in Security Engineering, is an
adjunct professor of cyber security at Robert Morris University, writes and speaks on a
wide range of cyber security issues globally, and independently helps corporations solve
strategic cybersecurity challenges.
3. Today’s Agenda
• The State of Digital Fraud
• Common Culprits Behind Fraud
• Deception Tactics You Should Look Out For
• Methods of Prevention and Detection of Fraud
4. The State of Digital Fraud
Source: Raconteur Fraud Report and FBI Internet Crime Report
Cost of business email
fraud over the last 3 years
Percentage of companies
who have become victims
of fraud in the last 2 years
Rank of the Finance sector
in assessment of 14
industries with highest
fraud costs
$26B 50% 9th Place
5. minimum tenure
of most insider
threats
average cost of
insider threat to
organizations
of companies assessed
for user threat profiles,
discovered active insider
threats
of cyber attacks
are carried out by
insiders
The Culprits Behind Fraud
Source: Raconteur Fraud Report, Ponemon Institute 2018 Report, and Carnegie Mellon Insider Report
60%
100%
5 years
7.86M
6. Deception Tactics
It takes an average of
197 days
to detect a breach.
Source: Ponemon Institute 2018 Report
7. Best Practices for Preventing Fraud
1. Hire good people
2. Teach employees what not to do
3. Create policies and standards
4. Integrate segregation of duties
5. Implement layered technologic defenses
6. Pay attention to 3rd parties
8. Best Practices for Detecting Fraud
1. Focus on comprehensive enterprise visibility
2. Embrace the power of User Behavior Analytics(UBA)
3. Deploy a robust insider threat strategy
Darwin:
Let’s start with the basics. Generally, digital fraud is a growing problem, it’s expensive, and more sectors are getting impacted.
Give us a quick rundown on digital fraud. What is it, how are you seeing it impact companies, and why should companies care?
Christine:
-Discuss relevant stats on fraud, the fact that large finance companies are no longer the biggest target, share recent examples of fraud related incidents.
Darwin:
I’ve heard you speak in the past about how behind every cyber attack, no matter how much technology is leveraged, there is a human being involved. Numerous statistics point to insiders as the largest culprit when it comes to fraud.
What’s your initial reaction when you hear specifically that 100% of companies have active insider threats (employees who are doing abnormal or unauthorized activities)? Can you talk more about the many faces behind digital fraud?
Christine:
Discuss the various threat actor profiles associated with fraud (internal and external). Share real examples where some of these profiles have played out, with some emphasis on insider threat.
Darwin:
It takes an average of 197 days to detect a breach. Todays attackers go above and beyond to evade alerting capabilities and make it look like they were never there. While that number tends to be shorter for insider threats, insiders also tend to be much better at deception and covering their tracks.
What are some creative ways that you are seeing fraudsters cover their tracks?
Christine:
Discuss common tactics including deletion and modification of logs, files, creative use of ransomware, etc. Discuss heightened advantage insiders have in covering tracks. Address “false negative” insider threats.
Darwin:
From an enterprise standpoint, there are a host of measures that can be taken to prevent fraud. Some of those best practices include focusing on processes, policies and standards that deter your employees from committing or enabling fraud.
Can you walk us through some of the tips you recommend for preventing fraud?
Christine:
Cover the various ways that people, processes, and technology can support fraud prevention.
Darwin:
Being able to detect fraud as accurately and as quickly as possible can make or break a companies ability to recover from an attack.
Can you walk us through some of the tips you recommend for detecting fraud? And specifically share how User Behavior Analytics can help?
Christine:
Discuss 3 points on slide in detail. End with last note on AI based insider threat technology.
Darwin:
Add any final expertise on how AI is being used for advanced fraud detection. (Remain vendor agnostic)
For the last few minutes of the webinar, you’ll hear from Veriato, the host of this event, on some more tactical ways that you can begin addressing some of the challenges we’ve discuss throughout this session.
Hi my name is John Snow from Veriato
We provide an integrated insider threat intelligence solutions for corporations and government organizations worldwide.
The power of cerebral comes from it’s artificial intelligence and integrated functionality.
It watches everyone 24/7
It analyzes all behavior
It alerts you when there’s a sign of threat
It lets see video of exactly what’s happening
Letting you react in minutes instead of days weeks or months
Veriato AI analyzes at all user activity on the endpoint including, emails, chats, web usage, files transferred, network usage, geofencing, psycholinguistics and more