In today’s increasingly connected society, it is easier than ever before for fraudsters to wreak havoc. According to Juniper Research, by 2020 there will be close to 40 billion connected devices on the planet, and with this increasing number of connected devices we are also seeing a rise in fraud risks, such as through IoT botnets.
IoT botnets are typically comprised of a large group of computers, routers or servers, and the computing power of these devices is typically jointed together without the owners’ knowledge, with the device being remotely controlled by a single ‘botmaster’.
The botmaster is often part of a criminal organisation that uses the botnets for various types of fraud, including denial of service attacks, which can cripple financial institutions or e-commerce sites, costing businesses millions in losses. These bots are also able to divert traffic to fake webpages and advertising sites, defrauding consumers by stealing their financial and personal information, says Carlos Marques, head of Product Marketing and Alliances, WeDo Technologies.
As we’ve seen earlier this week, such attacks can inflict huge damage on a business; on Sunday, Tesco Bank had been subjected to a “systematic sophisticated attack,” resulting in cash being taken from 20,000 accounts. While Tesco is still racing to determine exactly what happened, the breach, one of the most significant cyber-thefts ever to hit a UK bank, highlights the ever- growing risk that businesses face from hackers and fraudsters.
Following the attack, questions have been raised about how such a failure could take place, with the National Crime Agency, as well as others, examining what has occurred. As part of this process, the security measures Tesco has in place are liable to face severe scrutiny. However, while finding ways to improve security to prevent these attacks is important, it will never be enough.
Creating tighter security is just the first layer of protection and it is vital that businesses are prepared for what happens when security is breached. Ultimately, the end game for hackers and fraudsters doesn’t just stop once they gain entry – as we’ve seen with Tesco Bank, the damage is done once access is gained. This is why the second layer of protection, fraud management, is even more important. For mobile operators, who are expected to face global losses of $294 billion due to fraud and uncollected revenue in 2016 alone, the importance of Fraud Management cannot be overlooked.
To successfully mitigate risk, Fraud Management systems should work seamlessly with security protection to constantly monitor information across an organisation, watch for unusual trends and identify frauds before they happen.
That way, when security is breached, the Fraud Management systems will follow its path and identify patterns that reveal hidden relationships and suspicious movements that might be revealed as threats and minimise any potential damage. Taking a unified approach to fraud, compliance and security provides the extra layer of protection, enabling companies to protect their customers, their business and their reputation.
The author of this blog is Carlos Marques, head of Product Marketing and Alliances, WeDo Technologies
Comment on this article below or via Twitter: @IoTNow_ OR @jcIoTnow