Do firms understand the value of co-operation? When it comes to cyber security and online fraud prevention I remain sceptical. Not because there aren’t risk managers and information security professionals out there who know that the best way of fighting back is by collecting and analysing more complete industry-wide sets of data. Rather, because too often they’re shouted down by their legal and corporate counterparts who think that the risks of sharing outweigh the reward of more effective fraud prevention.
Now, last week Barack Obama and David Cameron stood in the Oval Office and jointly announced a series of new measures designed to improve information sharing and intelligence co-operation on cyber issues. I say we should all take a leaf out of their book this coming year.
Stronger together
The US and UK leaders agreed that the problems both countries are facing from a faceless, but determined and well-resourced enemy in cyber space required an equally bold response. They agreed to share best practices and standards for the benefit of organisations in both nations; to increase threat information sharing; and conduct joint cybersecurity and network defence exercises. Also on the cards is deeper collaboration between MI5, GCHQ and the NSA, with the establishment of a "joint cyber cell" which will co-locate operatives from both sides, in each country.
The US and UK are two of the world’s most advanced nations when it comes to e-commerce, internet infrastructure and the provision of services online. They also both regard themselves as world leaders in cyber security best practice. So by foregoing that advantage to gain an even greater one through improved co-operation, Obama and Cameron are sending out a clear example that we should all follow.
On the front line
Unfortunately, away from the heady world of geopolitics, ordinary businesses are still reluctant to co-operate in the fight against online crime and fraud. There’s little formalised information sharing of fraud data, leaving even third party platforms lacking that critical mass of data they need to provide accurate fraud and risk scoring to clients.
On the one hand it’s understandable. After all, no-one wants to hand over information on their business or online defences which competitors could use against them – it could be disastrous. But even when reassured about the anonymity of any data sharing, there can be a cultural barrier which stops many firms. Part of it has to do with the fact that the UK and much of Europe still doesn’t have mandatory data breach notification laws, so the approach has always been to keep any online fraud or breach incidents a secret.
Tentative steps
Now there are signs of changing attitudes. An agreement between the European Banking Federation and Europol will help banks understand fraud patterns better and boost law enforcers’ efforts to track cyber criminals. The British Bankers Association, meanwhile, will provide its members with a Financial Crime Alerts Service (FCAS) using government and law enforcement data. In addition, Action Fraud has been set up as the UK’s centralised fraud and cybercrime reporting centre.
Content from our partners
It’s a start, but there’s a long way to go and an awful lot to do.
Global trust, shared
At ThreatMetrix, we firmly believe in the power of shared fraud intelligence. It’s what our Global Trust Intelligence Network is based upon. Every month it analyses behavioural, device and identity data and threat assessments from over 850 million transactions to determine whether they’re fraudulent or not. All data is anonymised to protect the reputation and privacy of our 3,000+ clients and their customers.
The beauty of this system is that the more clients and data we have to crunch, the more accurate we can be about connecting up global fraud patterns and making the right call on logins, payments, new account registrations and remote access attempts. The decision is made in real-time and is completely invisible to the user.
Sharing information needn’t mean giving away competitive advantage. If two global giants like the UK and US can do it, we can too.
Tony Larks is EMEA Director of Research and Communication at ThreatMetrix
