Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

When siloed functions unite in the face of cyberthreats, organizations can continue, uninterrupted, along their paths to digital transformation.

Joshua Goldfarb, Global Solutions Architect — Security

February 23, 2021

4 Min Read
Image: peshkova via Adobe Stock

Over the past year, the pandemic has accelerated the digital transformation that was already well underway at many organizations. Of course, with more business being conducted online comes the potential for more online fraud — and fraudsters have wasted no time adapting their tactics to maximize their returns.

We, as defenders, must adapt as well.

Traditionally, enterprise defenses were in silos, with three separate functions to handle three very important capabilities:

  • Security: Protects the enterprise from attacks, breaches, theft of sensitive information, and other security threats.

  • Fraud: Protects the enterprise from insider threat, business logic abuse, monetary loss due to fraud, reputational damage, and other such risks.

  • Digital: Ensures a smooth online experience for customers and ensure that business logic flows smoothly and results in revenue growth for the business.

At one time, this delineation of functions made sense. It allowed businesses to build expertise in and focus on countering three different types of challenges that required three very different types of people, process, and technology.

In light of digital transformation, however, separate functions no longer makes sense. On the contrary, it often serves to the organization's detriment. Among the issues:

  • Important items fall through the cracks: When lines have blurred enough that it's not clear which function is responsible for which risks, threats, challenges, and/or alerts, important items will be missed.

  • Redundant technology: As the overlap between security, fraud, and digital increases, the technology acquired, operated, and maintained to address each challenge in a siloed manner will become increasingly redundant

  • Organizational inefficiency: As skill sets across security, fraud, and digital continue to merge, multiple teams will be recruiting, training, and tasking similar types of employees,

  • Workflow inefficiency: As threats increasingly target security, fraud, and digital as one, multiple teams will be working on the same tasks at the same time without necessarily communicating with one another or collaborating across teams.

The time has come to replace those silos with a single, unified view of threats and risks. Whether or not we realize it, as attackers have adapted, the areas of security, fraud, and digital have effectively converged. Here are just a few examples of the convergence:

  • Account opening protection: With so much PII readily available on the underground at a relatively low cost, it is quite easy for fraudsters to open new accounts using the identities of others. To combat this threat, both controls and technology need to be put in place to identify when accounts are being opened fraudulently. This can't happen efficiently and effectively without security, fraud, and digital working together.

  • Account protection: Whether due to phishing, malware, social engineering, or otherwise, credentials get stolen at an alarming rate. Further, those credentials are readily available for purchase on the underground. Preventing credential theft is nearly impossible. On the other hand, detecting and preventing the fraud that occurs after credential theft, namely account takeover (ATO), is a challenge organizations can address through collaboration between teams and across technologies.

  • Payment protection: When attackers gain access to an account, they will often look to profit from it. In many cases, this involves setting up fraudulent payments. It is obviously preferable to detect and prevent fraud before the fraudster gets to this stage. Nonetheless, it should go without saying that organizations that work effectively across previously siloed functions stand a better chance of protecting payments than those that do not.

  • Friction reduction: Friction during the online experience increases user frustration, obstructs the flow of desired business processes, and ultimately leads to lost revenue and opportunities. In a siloed organization, the security, fraud, and digital teams may approach the issue of friction very differently, and often with completely different and competing interests. Fortunately, new technologies allow for friction reduction without increasing security risk. Organizations that have left the siloed world in favor of a unified view stand a better chance of being able to leverage these technologies as part of an overall fraud and friction reduction effort.

Once organizations acknowledge they need to move to a single, unified view of threats and risks, what steps can they take to make that happen? While not an exhaustive list, here are a few of the highlights:

  • Combine security and fraud teams into a converged risk team.

  • Cross-pollinate and cross-train staff between security, fraud, and digital functions.

  • Design and implement processes that enhance and promote collaboration between functions.

  • Acquire technologies that address requirements across security, fraud, and digital.

  • Ensure that information and data are shared across functions and technologies to prevent important tasks from falling through the cracks.

The transition from siloed functions to a single, unified view of threats and risks is most certainly complex. It begins with an organization understanding that attackers and fraudsters have adapted and that the threat landscape has changed. After all, acknowledging an issue is the first step toward tackling it.

About the Author(s)

Joshua Goldfarb

Global Solutions Architect — Security, F5

Josh Goldfarb is currently Global Solutions Architect — Security at F5. Previously, Josh served as VP and CTO of Emerging Technologies at FireEye and as Chief Security Officer for nPulse Technologies until its acquisition by FireEye. Prior to joining nPulse, Josh worked as an independent consultant, applying his analytical methodology to help enterprises build and enhance their network traffic analysis, security operations, and incident response capabilities to improve their information security postures. Earlier in his career, Josh served as the Chief of Analysis for the United States Computer Emergency Readiness Team, where he built from the ground up and subsequently ran the network, endpoint, and malware analysis/forensics capabilities for US-CERT. In addition to Josh's blogging and public speaking appearances, he is also a regular contributor to Dark Reading and SecurityWeek.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights