Why Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be MergedWhy Your Anti-Fraud, Identity & Cybersecurity Efforts Should Be Merged
To address the rising risk of online fraud, stolen identities, and cyberattacks, innovative organizations have begun converging their security functions — here's how yours can prepare.
April 18, 2023
Across early-stage startups and mature public companies alike, we're seeing a convergence of fraud prevention, identity and access management (IAM), and cybersecurity.
It's time for businesses to take notice and break down these walls.
During my 20 years of experience building and scaling cybersecurity solutions, I've witnessed a slow shift that's finally picking up speed and becoming essential for businesses as they seek to reduce operational overhead and streamline security operations.
A Silo-Breaking Moment
To improve an organization's overall security posture, business, IT, and fraud leaders must realize that their areas shouldn't be treated as separate line items. Ultimately, these three disciplines serve the same purpose — protecting the business — and they must converge. This is a simple statement, but complex in practice, due mainly to the array of people, strategies, and tooling today's organizations have built.
The convergence of these three functions comes at a seminal moment, as global threats are heightened due to several factors: geopolitical tensions like the war on Ukraine, the economic downturn, and a never-ending barrage of sophisticated attacks on businesses and consumers.
At the same time, companies are facing slowing revenues, rising inflation, and increased pressure from investors, causing layoffs and budget reductions in the name of optimization. Cutting back in the wrong areas, however, increases risk.
Pay Attention to the Warning Signs
Every business unit that participates in the security ecosystem is stressed, but if there's one thing I know about operational pain points, it's that they have great potential to inspire change across industries and business units.
Consider these questions in the context of your organization:
Is the friction you've added to online digital experiences hampering your revenue growth?
Are you limited in your ability to launch or grow your business in new markets due to heightened fraud risks?
Are you seeing continual scams and fraud attacks with little to no prevention progress?
Do you feel you have blind spots in your security visibility due to disparate tooling, data, and teams?
Is your understanding of how the fraud ecosystem thrives underground comprehensive enough?
Is the level of burnout across your security-focused teams at its peak?
If you answered yes to even one of these questions, it's time to start reimagining how the three above-mentioned areas can work together to break the forced compromise between security and revenue growth.
Many forward-looking companies have already aligned these teams under the common goal of creating safer digital experiences. Here are a few tips for how you can do the same.
Take inventory: First things first — take a look at your cybersecurity, IAM, and fraud prevention approaches.
Many organizations have amassed loads of technical debt due to the accelerated threat landscape, which pushed them to adopt technologies without comprehensive strategies. These might include security and compliance, bot detection, identity and access functionality (authentication, MFA, and identity verification), anti-risk and anti-fraud solutions, orchestration, and case management.
What are my business goals and priorities? What measures, metrics, and objectives must be set?
What do my budget and my spending look like? What should they look like?
Where are my gaps in staffing?
What business-critical tools are we using? Do we need any tool changes?
This inventory is key to gathering a single source of truth that builds the case for convergence and highlights what's truly important to secure your business.
This step is especially important because fraudsters like to hide in the cracks. Organizational silos allow those cracks to proliferate.
Get a quick win: Even if your three teams sit in different departments, align around a common goal and develop an annual plan. Knowing the basics from your inventory pull, have each team share about their individual objectives, priorities, tooling, signals, and processes. You may find some easy-win opportunities by standardizing vendor technology or introducing a joint initiative.
For example, you could build a joint account takeover metric that quantifies the number of fraud attacks you can successfully thwart by pairing an IAM initiative with a fraud initiative.
Go big: Pull together a joint business case for your CEO. Along with a general manager or chief operation officer who owns revenue, customer adoption, and customer experience, document and define what these three domain areas can do together to accelerate security and fraud prevention. Be sure to highlight how this approach enables you to take in more business without introducing customer friction.
Once key stakeholders see how the strategic value of a unified fraud detection, IAM, and cybersecurity approach enables the best possible user experience, creative ideation and strategic conversation should follow.
At this point, you're no longer reviewing fraud signals to merely solve a fraud problem. Rather, you're reviewing fraud signals to simultaneously strengthen the posture of your IAM solution and provide friction-free experiences for your users. You will find that you can accept more orders and reduce friction when you're more certain of your customers' identities and your own fraud posture.
As your work unites, measure against these goals and keep your teams honest.
Fraud and identity naturally align on user experience (UX), and putting them under one owner is certainly a step toward convergence, but don't stop there. Regularly brainstorm ways of bringing cybersecurity functions into your strategy. Cyber has great insights and domain expertise in malware, network security, and bots — all signals you should bring together alongside fraud signals for the most powerful coverage.
Develop your strategy and your workforce. Over time, you should iterate on processes and build a customized security convergence framework for your organization. Don't be afraid to get creative. Begin leveraging technologies like machine learning and AI to build context between teams, automate workflows, and improve efficiency and visibility across teams. Meanwhile, prepare to upskill and reskill your teams.
We're embarking on uncharted territory here, but keep the goal in sight: Safer digital experiences for all.
About the Author(s)
Tricks to Boost Your Threat Hunting GameNov 06, 2023
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023