Page 1 - GS210701
P. 1
July 12, 2021 • Issue 21:07:01
Cracking fraud's code
automated and distributed criminal attacks. Following are
highlights from our discussions.
Bankrupt fraudsters
Kevin Gosschalk, chief executive officer and founder at
Arkose Labs, observed payments professionals can both
underthink and overthink cybercriminals. It's a mistake
to view all hackers as evil geniuses, he noted, adding that
most are low level functionaries who use prepackaged
tools. Reacting to attackers who infiltrate your network is
not an effective security posture.
"Our strategy is more deterrence than mitigation, because
even if you block 95 out of 100 attacks, one of the remaining
five can fund another 29 days of attempts," Gosschalk said.
"We think about solving fraud by asking why it happens.
Most attacks are financially motivated, so we apply adap-
tive friction and challenges to bad actors to increase their
cost and effort. Attackers will go elsewhere if they can't
By Dale S. Laszig make money."
ost-pandemic commerce presents more choices Gosschalk also observed that ransomware would disap-
and threats to merchants, consumers and service pear if people stopped paying for it. "The reason ransom-
providers than ever before. While abundant ware is even a thing is because we're paying these ransoms,
P checkout options delight consumers and mer- because the pain to a business is too high and shareholders
chants, they create a buffet line for bad actors who are say, yeah, just pay the bill," Gosschalk said. "It all comes
focused on stealing our data, identities and money, accord- back to the incentive structure. When people are willing to
ing to recent reports. Statistics show attackers return to pay the fee, there's blood in the water, and criminals will
their victims and reenact the same crimes, impacting busi- keep doing it."
nesses, careers and costs of goods and services.
Government and private agencies, jointly combating fraud,
urge businesses to engage with the Cybersecurity and In- Contributed articles inside by:
frastructure Security Agency (CISA), the Multi-State Infor-
mation Sharing and Analysis Center (MS-ISAC) and other
information sharing agencies. CISA and MS-ISAC pub- David Close .............................................................................................18
lished a free ransomware guide in September 2020, with
tips on preventing and responding to ransomware attacks. Jeff Fortney .............................................................................................28
Businesses that maintain offline backups have no need to Max Miller ................................................................................................31
pay ransoms for readily accessible data, researchers noted.
The Green Sheet sought advice from cybersecurity leaders Michael Ault ...........................................................................................32
on how to deal with ransomware and other types of cyber
threats. Experts interviewed herein serve on the frontlines TOC on page 3
of cyberwarfare and use advanced, automated technolo-
gies and artificial intelligence (AI) to address increasingly
Continued on page 26
