Divided we fall: why communication and collaboration is the best weapon against cyber and financial fraud threats.
Forget Airbnb and Uber: the ultimate business disruptors are the cyber criminals.
Composed of a network of specialists that collaborate and innovate 24-7, organised cyber crime has just one aim: to break down existing systems, find vulnerabilities and make a lot of money.
And it seems to be working: fraud and cyber crime are now the UK’s most common offences. More than five and a half million such incidences are thought to occur each year, according to the annual Crime Survey of England and Wales.
But what cyber criminals are exploiting is not just code, hardware and human gullibility. What they’re really exploiting are out-dated business structures and processes on the part of their victims.
For example, take the hard line between fraud and cyber security teams. Historically the cyber security function has existed within the Technology capability, while the fraud team sits in Financial Crime.
The two functions fail to work together effectively in most organisations. But the bulk of cyber crime IS financial crime… otherwise, why would you do it?
And because of this division between two teams, the exchange of information is stifled and the speed of response is slowed. Also, the ability to investigate lacks agility and genuine insight into the latest cyber crime tactics.
The more collaboration and cooperation there is between functions, the more effective companies can become in tackling the threats.
What does this look like in practice? In the finance sector, some banks are appointing a single person to unify responses. They’re also creating joint teams that bring together expertise from different areas of the business.
It’s about encouraging the sharing of information and approaching the threat in a much more joined-up way.
There are several benefits to this approach: for example, more efficient incident responses, where fraud and cyber security experts work together to fix problems or respond to attacks quickly.
Another upshot of this approach can be better intelligence-sharing and more accurate scoping of internal threats such as the ‘inside man’ assisting external criminals. In such situations, the cyber security team will spot suspicious behaviour first, but the fraud team will have the know-how to investigate what’s really going on.
Scroll down to continue reading...
Banks need to ensure customers understand how to protect themselves. But they also need to understand customer behaviour, and not assume that people will always act in a way that is best for their own security. For example, when banks reach out to validate data they shouldn’t be surprised when customers initially refuse to respond.
Managing the balance of supporting customers in protecting themselves, whilst also making the process of interacting with the bank as smooth and painless as possible is critical.
Unfortunately, though, most collaboration tends to happen within sectors and not between them. For example, there is the Cyber Defence Alliance (CDA), whose members are Lloyds, Barclays, Deutsche Bank, Santander UK and Standard Chartered. The CDA allows members to pool their knowledge on cyber security and the latest attack methods.
Wider collaboration is improving, though. The Joint Money Laundering Intelligence Taskforce is an organisation that was set up last year between the National Crime Agency and the financial sector to combat high-end money laundering. It has partners in government, the British Bankers Association, law enforcement and more than 20 major UK and international banks.
If better collaboration can make a significant impact on your vulnerability to cyber crime, then that is something within your control, even if you don’t understand a line of code.
Should you appoint a single person to unify responses?
In what ways can you encourage a collaborative vision of cyber security and fraud protection?
And how can you ensure that your customer is an active participant in security measures, not a baffled outsider without buy-in?
These are not technical questions at all – in fact, they are all questions that belong firmly within your remit.
It’s time to get talking.
© 2020 KPMG LLP, a UK limited liability partnership, and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved.
KPMG International Cooperative (“KPMG International”) is a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.