How Data Loss Prevention Can Fight Fraud
Businesses are giving data loss prevention (DLP) more priority to fight cybersecurity breaches and fraud. This is happening at a time when the global average cost of a data breach is an eye-watering $4.45 million. The global DLP market is growing at a compound annual rate of 24.1 percent. DLP has traditionally focused on safeguarding data from leaking. But at Centific, we believe that businesses can get more value out of DLP by deploying it more broadly as a tool to combat fraud. Let’s take a closer look.
Data Loss Prevention Defined
DLP is a security approach that focuses on identifying and preventing the unauthorized use, disclosure, or destruction of sensitive information. It’s like a security guard for your data, constantly watching for suspicious activity and stopping any attempts to take it out of the walls surrounding your digital estate. Data loss refers to an event in which important data is lost to the enterprise. Data loss prevention focuses on preventing illicit transfer of data outside the organization’s digital estate.
Effective data loss prevention works by classifying sensitive data effectively; monitoring all the channels and devices for behavior that might indicate data is being shared or accessed inappropriately; detecting unauthorized behaviors (such as someone trying to upload confidential documents to a personal cloud storage); and prevention (taking action to prevent data loss).
The Traditional Approach to Data Loss Prevention
Businesses have traditionally deployed DLP as an internal audit. The helps a business assess risk levels for data loss. Doing an internal audit is necessary. But organizations have an opportunity to use DLP to fight fraud by strengthening the data security posture. Let’s look at a scenario inside a financial services firm to illustrate the limitations of how businesses use DLP today:
John is a senior underwriter in the mortgage department of a bank.
Because of his seniority and role, he has access to a lot of data. Bank procedures, customers’ risk tolerance scores, and other confidential customer data.
John’s digital files are loaded with data about potential loans to analyze, including credit reports for customers, their driver's licenses, passports, deeds, credit card statements -- you name it, he has access to sensitive data to assess whether the customer is eligible for a loan.
One day, John, distracted by his work, clicks on a phishing email. He does not know it, but someone has compromised his credentials. Now, each time he assesses sensitive customer data, a bad actor has access to everything John sees -- credit ratings, driver's license information, credit card statements, spending habits, and so on.
A Question That the Traditional Approach Does Not Answer
The traditional approach of using DLP to audit a company’s protocols and policies does not answer a crucial question: how do you know if data has been leaked already? If you've already been compromised, your DLP assessment won't catch that. The reason behind this is the unfortunately common fact that many cybersecurity teams work in isolation, completely disconnected from other teams within the organization like the fraud team, or mortgage department where John works. DLP uses analytics to identify important information such as who accesses specific content and data, the frequency of that access, the device IDs they use, and where someone has shared content internally and/or externally. From there, organizations need to create policies to alert cyber teams concerning the sharing of sensitive information through email, chat platforms, USB devices, etc. Those data security policies may be enriched with external threat intelligence, which helps understand how effective the policies are. Thus informed, an organization could identify insiders who are possibly committing insider fraud or selling data externally.
Data Loss Prevention as a Signal to Detect Fraud
A business can also use DLP to provide signals about potential fraud threats. Certainly, bad actors are looking for signals of opportunities to commit fraud. Contrary to what some might believe, those signals are not buried in the dark web or hidden behind a firewall. Much essential intelligence is hiding in plain sight, and bad actors are exploiting it. Example: open-source intelligence (OSINT) is the process of getting information from legal, public data sources such as LinkedIn, X, Facebook, and Instagram. Unfortunately, bad actors rely on OSINT, sometimes with many readily available toolkits. Even worse, bad actors can apply generative AI to help them find those signals.
Here’s an example of OSINT. Imagine scrolling through your LinkedIn feed. Suddenly, a post catches your eye. An employee celebrating a recent promotion, complete with their job title, department, and even access levels to internal systems. This means malicious parties have access to valuable social engineering material for a targeted phishing campaign. This scenario highlights how seemingly innocuous details on social media can become weapons in the wrong hands.
Threats from Multiple Sources
Consider also unguarded cloud conversations. Cloud collaboration tools are a boon for productivity, but leaving sensitive information exposed can be disastrous. Picture confidential business plans or financial reports accidentally uploaded to a public cloud storage space. Anyone with the link can access this information, potentially leading to intellectual property theft or competitive advantage loss.
Threats can also come from inside a company, whether deliberately or (in the case of our example above) by accident. Unfortunately, disgruntled employees with access to internal systems pose a significant risk. Imagine an IT administrator, upset about recent layoffs, planting malware within the company network. This insider threat can bypass traditional security measures and wreak havoc on your systems and data.
But businesses can use OSINT in positive ways. And DLP can be useful by providing valuable signals to detect fraud in several ways. Consider:
Identifying Unusual Data Movement
- Monitoring data exfiltration: monitoring data movement across various channels (email, cloud storage, endpoints) and flagging suspicious activities like large data transfers to unauthorized locations or outside regular business hours.
- Detecting unauthorized access: tracking access attempts to sensitive data by unauthorized users or from unusual locations, potentially indicating insider threats or compromised accounts.
- Recognizing data anomalies: using content analysis and machine learning to identify anomalies within data itself, such as unexpected changes to financial records or the presence of keywords associated with fraudulent activities.
Analyzing Data
- Matching patterns to known fraud indicators: DLP systems can be configured to search for specific patterns within data that are red flags for fraud, such as Social Security Numbers, credit card details, or keywords related to money laundering.
- Identifying suspicious communication: DLP can analyze email content and conversations for language indicative of phishing attempts, bribery, or other fraudulent schemes.
- Correlating data with external threat intelligence: integrating DLP with threat intelligence feeds can help identify data movement or content patterns associated with known fraud campaigns or malware.
Bottom line: when we understand the types of threats that are possible -- breaches that have occurred already – you can make a breakthrough with external threat intelligence. DLP can help you do that.
DLP and Governance, Risk, and Compliance (GRC)
I have stipulated in this post that effective DLP goes beyond preventing data leakage and can be used to fight fraud. A business can make DLP an even more powerful weapon to fight fraud by aligning DLP with the company’s governance, risk, and compliance (GRC) program. For example:
- Proactive defense and risk mitigation: DLP solutions track user behaviors and alert administrators to risky activities. This includes transfers to unauthorized locations, use of insecure communication channels, or atypical data usage patterns that could suggest a threat. By enabling proactive intervention, DLP helps mitigate risks associated with data breaches and fraud before they occur. This proactive approach aligns with a core principle of good GRC -- identifying and addressing risks before they materialize.
- Risk quantification: DLP provides insights into where sensitive data resides, the frequency and context of its use, and its transfer patterns. This mapping is crucial for GRC risk assessments, allowing you to pinpoint areas of vulnerability and prioritize those most at risk of fraudulent exploitation.
- Compliance support: Many regulations, like HIPAA, PCI DSS, and data privacy laws, center around proper protection of sensitive information. DLP’s monitoring, logging, and alert mechanisms aid in demonstrating compliance with data protection standards and reduce the risk of regulatory penalties.
- Bridging the gap between teams: DLP’s insights can facilitate crucial collaboration between security teams, fraud teams, and other departments within a company. Sharing data access patterns, unusual behaviors, and other red flags sparks more effective threat detection and response, bolstering both security and fraud prevention.
Fighting fraud is intricately linked with GRC. That’s why DLP can be so effective in supporting both fighting fraud and supporting GRC.
The Value of Generative AI
As recently as a few years ago, it was inconceivable for DLP to have an expanded role in cybersecurity What has changed? The ascent of generative AI.
Generative AI is ushering in a new whole world of fraud detection opportunities and can help organizations sift through the noise and allows for signals to be more noticeable – such as social media posts, unusual activity inside a company, or even shifts in financial markets that might suggest someone has knowledge of a critical cyberbreach on the horizon. Where humans may not be able to detect such indicators, generative AI can.
The Role of a Generative AI Platform
A common generative AI platform can also foster collaboration among disconnected teams in the cybersecurity, fraud, and functional departments. That’s because one platform connects everyone across the organization through the data they use. This connection spurs collaboration and more data sharing. For example, if the platform comprehends signals of potentially fraudulent activity, it can send alerts and generate a set of actions such as reports and steps needed for everyone to fight fraud and breaches.
Of course, using generative AI to uncover potential threats based on external threat intelligence comes with its own set of challenges and considerations. For one thing, the quality of a company’s training data directly affects the effectiveness of your AI model. Businesses must ensure their data is comprehensive, up-to-date, and free from bias. Biases in data can lead the AI to miss threats or flag harmless information as suspicious. Threats are constantly evolving, so, businesses must regularly update their data with new information from threat intelligence reports, social media monitoring, and dark web analysis.
The Importance of Keeping Humans in the Loop
At Centific, humans in the loop to train and manage any external threat intelligence platform. We have taken this approach to build our own platform, which we offer to clients as part of our Cybersecurity & Fraud Services and Solutions. As a result of doing so, we help clients achieve better outcomes such as:
- Reduced costs resulting from fraudulent activity and cybersecurity breaches.
- A better experience for customers.
- A better employee experience because employees can focus on their jobs instead of the distractions that come with a cybersecurity breach.
To learn more about our Cybersecurity & Fraud Services and Solutions, visit our website. We’re here to help you protect your reputation.