What is Your Data Worth in the Fight Against Fraud?

My Post (20)You don’t need us to tell you that fraud and financial crime is on the rise. A quick google search will give you endless stats to support this claim. Fraud losses are increasing as a percentage of revenue, and that direct impact on the bottom line isan area of laser focus for senior execs.

The theme of this blog is about what your data is worth. Let’s try and put that into context. According to LexisNexis, the level of fraud as a percentage of revenues has increased, from 0.95% in 2017 to 1.53%, on average, in 2018. That means for any reasonably sized organization, the worth of your fraud related data sources is probably in the region of tens if not hundreds of millions of dollars per year. Furthermore, data is the primary raw material used to understand and detect fraud.

Great — now that I have your attention…

New technology and services such as contactless payments make fraud easier, at the cost of convenience for the masses. Is this a price worth paying? Maybe, but fraud comes off the bottom line, and with many financial services firms working to tight margins, it becomes an obvious place to focus on. Not only does preventing fraud improve profits, perhaps more importantly it improves brand reputation too.

Fraudsters are concocting complex strategies and scams to defraud innocent people, by exploiting the gaps between people, process and technology. Take for example, the silo that typically exists between security, fraud and compliance teams and their disparate tooling, reporting lines and datasets.

Firms are looking more closely at how they can use their data to detect more fraud sooner.

Existing fraud tools on the market ARE data-driven but have not prevented the increase in fraud. This is in part due to two factors:

  • Fraud models are typically being built on structured data and miss insights gained from unstructured sources.
  • Point fraud solutions address individual areas of fraud and are unaware of moderately suspicious behaviour across multiple sources that may amount to serious or complex fraud.

Analysing and modelling fraud with structured data alone doesn’t go far enough because it doesn’t encompass all of the interaction points and channels a fraudster has with an organisation, leaving blind spots in detection logic and monitoring. Only logs provide insights into website, call centre and mobile app activity, critical in building a behavioural understanding of how complex fraud takes place, starting with account take-over attempts through to money laundering and financial crimes.

Websites and apps are the shop window of today and fraud teams should have a full view of activity so they can understand the attack vectors and scams leveraged by fraudsters and put effective controls in place.

Companies can gain more value from their data through improved correlation across structured and unstructured sources by leveraging a data platform like Splunk. Splunk can handle the challenges of unstructured data which typically arrives in high volumes, at high velocity and in many varieties and formats. These challenges are the reason why fraud teams tend to avoid modelling these types of data sources; however, Splunk makes it much easier to consume these data sources and model for fraud in combination with structured sources to aid the detection of more fraud. – Read more

Learn More About Splunk

IT Monitoring: Top Services to Monitor Now That Everyone is WFH

My Post (11)One of the practices being thrust into action right now is social distancing. As you would expect, this means millions of people around the world are working from home and this migration in the workforce is going to have a massive impact on the services IT practitioners must monitor and maintain in a virtual-first environment. We are already seeing reports of massive usage surges across tools like Zoom and outages in Microsoft Teams just as the COVID-19 pandemic pushes people to work from home.

This shift to many workers doing their jobs remotely means there is a real and urgent need to get better visibility into remote access operations without the luxury of time to make sweeping changes to existing environments. With your existing data already in Splunk, it can be simple to create useful dashboards for administrators to check capacity and health of these solutions that may not have had to handle these kinds of loads or capacities before.

IT practitioners have a responsibility to make sure the services that connect our workforce stay online and continue running smoothly. Our goal in these posts is to give you a guide to some of the key services we are monitoring and ways you can get started doing the same. Over the next few weeks we will be creating deeper dives into best practices you can adopt now as our work lives are altered by this pandemic state of emergency. – Read more

Learn More About Splunk

Zoom in on Security in a Remote Work World

My Post (1).pngOur world has been turned upside down by COVID-19. Whether it’s strategically planning our grocery run decontamination process, or trying to keep the kids quiet for even one single moment while on a conference call — things are different. One very evident difference is the change in the way we meet with each other. And one technology enabling this change is Zoom.

From a security perspective, this uptick in the use of Zoom brings to light some concerns and situational awareness that may previously have been paid much less attention. Fortunately, Splunk recently announced Splunk Remote Work Insights (RWI) designed to provide real-time visibility into disparate, remote-work-enabling systems, like VPN, Microsoft 365, Okta, and, you guessed it, Zoom. Even better, getting data in with Zoom and the JWT Webhooks modular input couldn’t be easier.

Better still, this data allows security practitioners to answer a number of the basic security questions that organizations have when it comes to Zoom. Meeting information like meeting duration, meeting attendees, and scheduled meeting dates can all be mined and used for security use cases and operational dashboards. However, some questions remain unanswered, chief among them are:

  • Are the meetings being secured properly?
  • How can we take proactive measures to educate and enforce meeting security?

The Zoom JWT Webhooks provides a very low friction way to bring a great deal of rich meeting data into Splunk, but it only tells part of the story. To get the rest, we must use the Zoom API, which thankfully provides everything you could ever want to know about your meetings.

The new Zoom App for Phantom provides a simple, user-friendly interface to this API to facilitate a variety of useful actions:

Meeting Enrichment

With only a meeting ID, the app can identify if scheduled meetings or meetings in flight are password protected and have the “waiting room” functionality turned on. You can eEven get a transcript of files transferred during meeting chat.

Meeting Modification

Upon identifying meetings that aren’t adhering to security best practices, meetings can be updated to require a password and enable the “waiting room” feature. Or, taking a more draconian approach, meetings can be removed from the schedule. – Read more

Learn More About Splunk