Security Experts:

Data Analytics Rarely Leveraged to Detect Fraud

Proactive Data Analytics Accounts for Just 3 Percent of Fraud Detected

A new report released by KPMG this week on fraud shows little major change when compared to previous reports - except perhaps that there are more female fraudsters today than there were previously. Statistically, fraudsters tend to be male, management, working in groups colluding with outsiders, and aged between 35 and 55. But there is one particularly worrying statistic: technology-assisted fraud is increasing while technology-assisted detection is falling.

Cyber fraud is an emerging threat, and technology already plays a part in 53 percent of frauds. In North America, technology played a 'significant' part in enabling fraud, compared to 24 percent worldwide. But technology is not being used to detect and prevent fraud. "Proactive data analytics, searching for fraud amid anomalies and suspicious business activity, accounts for only 3 percent of frauds detected," says the report.

"We find that executives know that hackers and criminal organizations can wreak havoc on companies; they read about such cases almost every day in the media. But they often don't believe it can happen to them, whether or not they have built defenses against the threat," suggests Ron Plesco, Cyber Investigations Lead in the US.

A major recommendation of the report (PDF) is the increased use of technological defenses. "Many companies lack the skills to defend against cyber fraud, so strong internal controls and data analytics are needed. And companies need to share insights with other companies to stay on top of a fast-changing threat landscape," says Kevvie Fowler, Partner, National Cyber Response Leader in Canada.

This, incidentally, is precisely the approach announced by SWIFT yesterday to harden the SWIFT banking community following the theft of $81 million from a Bangladesh bank: threat information sharing combined with support for "banks' increased use of payment pattern controls to identify suspicious behavior."

Data analytics is seen as the primary remedy against fraud. "Companies can use advanced data analytics technology to search for suspicious and unusual business activity amid millions of daily transactions," said Phillip Ostwalt, partner and Global Investigations Network Leader at KPMG LLP. "However, many are not capitalizing on such technology while fraudsters find new ways to gain access to confidential information, manipulate accounting records and camouflage misappropriations."

There are two primary approaches to analytics. The first is manual, making use of the technologies companies already have. Searching logs can help visually recognize anomalies - but logs are so massive that this is only really feasible when the analyst already knows what he or she is looking for.

The second approach is to use one of the many new threat detection tools that can employ some form of behavioral analytics, such as those offered by RSA, ThreatMetrixGuardian Analytics, or even Splunk. The difficulty here is setting the detection rules to a level that is manageable; that is, likely to detect genuine issues without overwhelming the security team with inconsequential warnings.

The branch of analytics recommended by KPMG is 'transactional analytics', which is, suggested Ostwalt, "more commonly deployed, and accepted." To be effective the routines and data sets need to be frequently reevaluated based upon changing risks, and an understanding of where the high value anomalies might exist. 

"A few companies' organizations are deploying behavioral analytics, and there is certainly more discussion about how to do so, and what data to utilize," he added. "Some data is within the company environment and some is outside."

But one problem with many forms of analytics is that it involves monitoring users behavior at a time when privacy issues are heightened. "It certainly could create a distrustful climate among staff if an organization is not careful in how it establishes and communicates the program to its staff," said Ostwalt. "It is an emerging area, and the debate will become more active in the months to come."

view counter
Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.