Category: Financial Services

The World Economic Forum’s Global Cybersecurity Outlook 2025 Insight Report paints a bleak picture of what the year ahead holds for technology security  teams worldwide. However, some industries are likely to be worse off than others. The financial sector, for example, is an attractive target for cyber-attacks, as confirmed by Statista which states that the average cost of a data breach in this industry in  2024 was approximately $6.08 million, compared to $4.88 for the overall average cost of a data breach across all industries. As such, financial institutions must prioritize cyber defense and take action to minimize the impact of attacks. One route to doing  this is by automating aspects of cybersecurity so SOC teams can focus on higher-value activities. 

According to the latest Threat Quotient research into The Evolution of Cybersecurity Automation Adoption, financial services organizations tend to be more mature in cybersecurity  automation adoption than their industry counterparts. Further, they may have passed through the period of disillusionment that commonly occurs in the technology adoption cycle. This is evidenced by the report finding that 87% of financial services organizations value the importance of cybersecurity automation, up from 69% the previous year, which is mostly used to focus on incident response, phishing analysis and threat hunting.  

However, given the growing complexities of the threat landscape, more needs to be done to equip financial organizations globally to prepare for attack. To try to counter this issue, governments have introduced new regulations for the financial sector such as The Digital Operational Resilience Act (DORA) which is an EU regulation that aims to strengthen the sector’s resilience to ICT-related incidents  with clearly defined requirements. Part of the regulation requires organizations to engage in threat intelligence sharing, to raise the level of knowledge and awareness of cyber threats on an industry scale. 

Knowledge is power 

Being aware of the latest industry threats, vulnerabilities and attack patterns is a powerful way to enhance the security posture of an organization and proactively mitigate risks. To achieve this, companies should systematically collect, analyze and disseminate information about potential cybersecurity threats to help identify emerging trends and stay ahead of possible threats. This knowledge, when shared across organizations and industries, can go a long way in helping more companies be alert and prepared for potential cyber threats. 

Within the financial services industry, threat intelligence is commonly only shared with direct partners and suppliers (59%) and within their organizations (48%), according to ThreatQuotient research. However, by sharing insights beyond the borders of the organization to the broader industry, security teams within all these organizations are empowered to gain a tactical advantage and actively improve their cybersecurity practices based on information collected according to real-world attack methodologies. 

Growing a community of information sharing  

Nevertheless, it is encouraging that 59% of Financial Services organizations are sharing threat intelligence with partners and suppliers, because considerable cyber risk resides in the supply chain – especially where smaller suppliers may lack sophisticated security solutions and in-house expertise. DORA addresses this by specifying that third-party ICT risk must be managed as an integral component of the overall ICT risk management framework. Sharing threat intelligence with the wider supplier ecosystem should be considered best practice as part of this risk management approach. 

Threat actors are sharing knowledge amongst themselves to enhance their skills with Cybercrime-as-a-Service (CaaS) providing a range of sophisticated tools and malicious services to a broad range of users through online marketplaces. Organizations must follow suit and band together with the sharing of threat intelligence across large and small organizations to collectively assess vulnerabilities and implement proactive measures to defend against rising threats. This collaboration is a cornerstone of effective cybersecurity which is further enhanced by integrating cybersecurity platforms to augment collaboration efforts. 

Closing the skill gap with automated threat intelligence 

There is no quick fix for the widening cybersecurity skills gap, but technology can be part of the solution in helping to ease the pressure on the teams that are combating cyber risks daily. With threat intelligence, security teams have valuable, real-world intelligence that can help them to be better prepared for attacks.  

Further, by automating elements of the process of threat hunting, intelligence gathering and threat profiling, security teams can work smarter and not harder, as they gain insights to prioritize threats, detect attacks earlier and develop strategies to respond faster and more effectively. This proactive approach not only strengthens the cybersecurity posture of the organization but – when intelligence is shared – also improves the posture of supply chains and the industry.  

AI is the problem and the solution 

While cybersecurity automation has achieved a degree of maturity in the financial sector, applying artificial intelligence to cybersecurity is still in relatively early stages across most industries. Again, the sector seems to be an early adopter, as evidenced by The Evolution of Cybersecurity Adoption report, which found that half of the financial services respondents are using AI across their cybersecurity operations, a figure that is considerably higher than other industries. 

However, the widespread adoption of AI will also increase the threat landscape. Not only do technologies like ChatGPT create potential risks for organizations, but AI tools are also being used by threat actors to enhance their skills and increase their breach success rates.

Despite the risks, AI also brings with it immense potential in bolstering an organization’s defence mechanisms, detecting threats and enabling faster incident response times. For example, Gen AI can help speed up threat intelligence gathering and reporting, so security teams can focus on more complex tasks.  

As cyber threats become increasingly sophisticated, it is more important than ever that the financial services industry bands together to collaborate and establish a united front against potential cyber-attacks. This includes prioritizing the adoption of cyber security automation to identify, analyze and prioritize threats in the industry to make better decisions and respond efficiently and effectively, thereby minimizing the impact of a potential attack. Ultimately shared threat intelligence enables organizations in the financial services industry to put up a united front and safeguard the valuable assets that their customers entrust them with. 

 

The post Fortifying Financial Services Cybersecurity with Threat Intelligence and Cybersecurity Automation appeared first on Cybersecurity Insiders.

Kaspersky, in its latest IT Security Economics report, has revealed a significant trend: companies are projected to increase their cybersecurity budgets by approximately 9 percent over the next two years. This upward shift is driven by the growing realization that businesses are currently ill-equipped to handle the financial repercussions of cyberattacks. While this conclusion is rooted in research, it also aligns with broader business logic: allocating additional resources to strengthen cybersecurity makes sense in today’s increasingly vulnerable digital landscape.

The data from Kaspersky further illustrates the scale of these investments. In 2024, large corporations allocated roughly $57 million towards IT security, with $41.8 million of that sum specifically dedicated to bolstering their cybersecurity posture. In comparison, small and medium-sized businesses (SMBs) invested far less, with only $0.2 million directed toward IT security out of their total $1.6 million budget. While the raw numbers are starkly different, both groups are clearly prioritizing cybersecurity in response to the growing threat environment.

Kaspersky attributes much of this budget increase to the rising frequency and cost of cyber incidents. Large enterprises, for example, experienced an average of 12 cyberattacks in 2024, resulting in financial losses that totaled over $6.2 million. This was despite the fact that these organizations had in-house cybersecurity talent to manage and mitigate the impact of these attacks. Meanwhile, SMBs were not exempt from the growing threat either; they faced an average of 16 cyber incidents last year, with mitigation costs reaching approximately $0.6 million.

Interestingly, the report focuses specifically on the IT security budgets and does not take into account the additional spending that companies are making on cyber insurance premiums.

However, it is important to note that many Chief Technology Officers (CTOs) and Chief Information Officers (CIOs) have recognized the value of these insurance policies in protecting against the financial fallout of cyber incidents. This growing recognition has enabled them to persuade senior management to increase the overall budget to include comprehensive cyber insurance coverage, further bolstering the organization’s defense against digital threats.

In conclusion, as cyber threats continue to evolve and pose significant risks to businesses of all sizes, it is clear that organizations are allocating more resources to fortify their cybersecurity infrastructures. This trend is a direct response to the escalating costs of cyberattacks and the increasing importance of securing both business assets and sensitive data. Given the current trajectory, we can expect this increased investment in cybersecurity to continue as companies prioritize resilience in an increasingly complex digital world.

The post Kaspersky finds US Cybersecurity budgets up by 9 percent in next 2 years appeared first on Cybersecurity Insiders.

Match Systems, a leading authority in crypto crimes investigations and crypto AML solutions provider, has published a comprehensive research report examining the potential implications of Central Bank Digital Currency (CBDC) implementation.

The report, crafted under the guidance of Match Systems CEO Andrei Kutin, meticulously examines the potential implications of Central Bank Digital Currency (CBDC) implementation on a global scale. It addresses the economic, regulatory, and societal impacts of adopting such digital currencies.

Match Systems, a leader in crypto crimes investigation and crypto AML solutions, has historically played a pivotal role in shaping the conversation around cryptocurrency regulations. With increasing incidents of crypto fraud and more sophisticated methods of asset theft, there is a pressing need for a balanced approach towards digital currency regulation.

In the report entitled “Analyzing the Prospects for CBDC Implementation,” Kutin explores the complex dynamics between freely circulated cryptocurrencies and centralized digital currencies governed by national banks. He proposes a middle-ground solution where global standards could harmonize the benefits of cryptocurrencies with the regulatory assurances provided by CBDCs.

“The dichotomy between free cryptocurrencies and centralized CBDCs presents society with two extremes,” remarks Andrei Kutin. “The optimal solution likely lies in a middle ground, where governments establish unified global standards for cryptocurrency circulation, safeguarding individuals while preserving economic autonomy.”

This report is especially significant at a time when the digital currency landscape is becoming increasingly contentious. It provides insights that could help inform policymakers, business leaders, and technologists about the potential routes forward in the evolution of global financial systems.

The full analytical report, titled “Analyzing the Prospects for CBDC Implementation,” is now available for public access on the Match Systems website: https://matchsystems.com/analyzing_the_prospects_for_cbdc_implementation/

The post New Report from Match Systems Sheds Light on Central Bank Digital Currencies (CDBC) appeared first on Cybersecurity Insiders.

In a concerning development for financial security, American Express has announced that its customers’ credit card information has been compromised in a data breach. The breach occurred through a third-party service provider, marking another significant event in a series of financial data security breaches affecting major companies.

The Breach: A Closer Look

The Amex breach was disclosed in a notification filed with the state of Massachusetts, revealing that American Express’s own systems were not directly compromised. Instead, the vulnerability stemmed from a service provider used by the company’s travel services division, American Express Travel Related Services Company. Information at risk includes American Express card account numbers, names, and expiration dates. Customers with more than one American Express credit card exposed in the breach (and wondering “Did my credit card data get leaked?”) have been advised to expect follow-up contact from the company.

Response and Recommendations

American Express has urged affected customers to vigilantly monitor their accounts for fraudulent activity over the next 12 to 24 months and to enable notifications in the American Express Mobile app for real-time account activity updates. The company assured its customers that they would not be held liable for any fraudulent charges detected on their accounts.

Industry-Wide Concerns About Leaks

This data breach comes on the heels of a similar incident at Bank of America, where a ransomware attack on third-party provider Infosys McCamish Systems affected at least 57,028 customers. These breaches underscore the growing concerns around third-party vendor security within the financial sector.

The Underlying Issues

The lack of details regarding the Amex breach’s detection and the scale of compromise has been a point of criticism. Industry professionals highlight the need for better logging and monitoring capabilities among third-party providers to identify and respond to data compromises effectively. This incident highlights the broader issue of “nth party” risk, where the security vulnerabilities of one vendor can affect multiple parties down the supply chain.

Moving Forward

Experts argue for a multi-faceted approach to mitigate third-party risk, including rigorous vetting during onboarding, specifying breach response responsibilities in contracts, and adopting best practices like data masking. The aim is to minimize access risk and ensure that third-party partners adhere to high standards of data security.

Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, commented: “The problem of service providers, who get successfully hacked, that then end up causing a much larger data breach compromise is quite common. Really anyone who has access to a system becomes an ingress point for hackers. That’s why all services must routinely take inventory of who has what type of access and ensure that they are following recommended security guidelines. It also can’t hurt to have data monitoring so that when a large amount of data begins to move in an unusual way it can be reviewed, and if unauthorized, stopped soon as possible.”

Conclusion

The American Express data breach is a stark reminder of the vulnerabilities present in the complex supply chains of financial institutions. As cyber threats continue to evolve, it becomes increasingly important for organizations to invest in advanced data security capabilities, enforce robust access controls, and proactively reduce their data risk. The financial industry must prioritize these efforts to safeguard sensitive customer information against unauthorized access and ensure the integrity of their operations in the digital age.

The post American Express Customer Data Compromised in Third-Party Service Provider Breach appeared first on Cybersecurity Insiders.

[By Doug Dooley, COO, Data Theorem]

The rise of OpenAI and new changes with ChatGPT-4 Turbo will help to revolutionize the way financial services organizations take advantage of their data, enabling them to scale their analysis rapidly and stay agile in a fast-paced digital environment. However, the number of enterprise Application Programming Interfaces (APIs) to connect and share data with GenAI system like OpenAI has also brought new risks and vulnerabilities to the forefront. With every new API integration that OpenAI gets access to, the attack surface of a financial organization grows, creating new opportunities for attackers to exploit vulnerabilities and gain access to sensitive customer and financial data.

APIs have become the backbone of modern digital ecosystems, allowing financial organizations to streamline operations, automate processes, and provide seamless user experiences. They are the data transporters for all cloud-based applications and services. APIs act as intermediaries between applications, enabling them to communicate with each other and exchange data. They also provide access to critical services and functionality in your cloud-based applications. If an attacker gains access to your APIs, they can easily bypass security measures and gain access to your cloud-based applications, which can result in data breaches, financial losses, compliance violations, and reputational damage. For hackers looking to have the best return on investment (ROI) of their time and energy for exploiting and exfiltrating data, APIs are one of the best targets available today.

It’s clear these same APIs that enable innovation, revenue, and profits also create new avenues for attackers to achieve successful data breaches for their own gains. As the number of APIs in use grows, so does the attack surface of a financial organization. According to an industry study by Enterprise Strategy Group (ESG) titled “Securing the API Attack Surface”, the majority (75%) of organizations typically change or update their APIs on a daily or weekly basis, creating a significant challenge for protecting the dynamic nature of API attack surfaces.

API security is critical because APIs are often the important link in the security chain of modern applications. Developers often prioritize speed, features, functionality, and ease of use over security, which can leave APIs vulnerable to attacks. Additionally, cloud-native APIs are often exposed directly to the internet, making them accessible to anyone. This can make it easier for hackers to exploit vulnerabilities in your APIs and gain access to your cloud-based applications. As evidence, the same ESG study also revealed most all (92%) organizations have experienced at least one security incident related to insecure APIs in the past 12 months, while the majority of organizations (57%) have experienced multiple security incidents related to insecure APIs during the past year.

One of the biggest challenges for banks and other financial service organizations is protecting their APIs and proprietary data from OpenAI and other generative AI tools. With ChatGPT 4-Turbo, the technical and cost barriers for experimentation on APIs and data have substantially lowered. Further, the new support for API keys, OAuth 2.0 workflow, and Microsoft Azure Active Directory opens up enterprise data like never before. As a result, the popularity and growth of Enterprise AI assistants enabled by tools such as OpenAI’s Playground and the new “My ChatGPT” creator will invite an onslaught of new users attempting to gain greater insights on proprietary banking data. The intention for nearly all these new Enterprise AI experiments will be to help customers get better financial services and insights, but as the popularity and usage of Enterprise AI continue to surge, financial institutions will find themselves facing a unique dilemma. On one hand, the potential benefits of harnessing AI-powered tools like OpenAI’s Playground for automating tasks, enhancing customer experiences, and increasing their clients’ wealth are enticing. However, this newfound capability also opens the door to unforeseen vulnerabilities, as these AI agents access and interact with sensitive financial APIs and private data sources.

The advent of Enterprise AI assistants introduces a host of security concerns for the financial sector. One immediate concern is the potential for unintended data exposure or leakage as AI systems learn and adapt to their environment. While AI-driven tools aim to streamline processes and improve decision-making, they also have the capacity to inadvertently access or expose critical financial data, likely violating many privacy laws such as the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI DSS), and California Consumer Privacy Act (CCPA) to name a few. Financial institutions must carefully monitor and regulate these interactions to prevent unauthorized access or misuse of sensitive information.

Furthermore, financial service companies must grapple with the challenge of securing their APIs against malicious actors who may exploit AI-powered systems for nefarious purposes. The integration of AI agents into financial processes creates an additional attack surface that can be targeted by cybercriminals seeking to breach systems, steal valuable data, or disrupt operations. Robust security measures and continuous monitoring are essential to mitigate these risks and safeguard against potential breaches.

As Enterprise AI assistants become increasingly prevalent within the financial services sector, institutions must strike a delicate balance between harnessing the potential of AI for innovation and ensuring the highest standards of data protection and cybersecurity. A proactive and comprehensive approach to API security, data governance, and AI-assisted decision-making is paramount to navigating these new challenges successfully while maintaining the trust of customers and regulatory bodies.

When it comes to securing APIs and reducing attack surfaces to help protect from ChatGPT threats, Cloud Native Application Protection Platform (CNAPP) is a newer security framework that provides security specifically for cloud-native applications by protecting them against various API attacks threats. CNAPPs do three primary jobs: (1) artifact scanning in pre-production; (2) cloud configuration and posture management scanning; (3) run-time observability and dynamic analysis of applications and APIs, especially in production environments. With CNAPP scanning pre-production and production environments, an inventory list of all APIs and software assets is generated. If the dynamically generated inventory of cloud assets has APIs connected to them, ChatGPT, Open AI, and other AI and ML libraries can be discovered. As a result, CNAPPs help to identify these potentially dangerous libraries connected to Enterprise APIs and help to add layers of protection to prevent them from causing unauthorized exposure from API attack surfaces to protect your organization’s reputation and clients’ private data, and build trust with your customers.

Ultimately, the key to managing the risks posed by expanding API attack surfaces with ChatGPT is to take a proactive approach to API management and security. When it comes to cloud security, CNAPP is well suited for financial organizations with cloud-native applications, microservices, and APIs that require application-level security. API security is a must-have when building out cloud-native applications, and CNAPP offers an effective approach for protecting expanding API attack surfaces, including those caused by ChatGPT.

The post Beware of OpenAI and ChatGPT-4 Turbo in Financial Services Organizations’ Growing API Attack Surface appeared first on Cybersecurity Insiders.

By Anna Tang, Information Security Officer, Data Theorem

In recent years, financial services organizations have increasingly moved their applications and infrastructure to the cloud to take advantage of its scalability, flexibility, and cost-effectiveness. However, this shift to the cloud has also introduced new security challenges, particularly in the realm of application security. Attackers are constantly looking for ways to exploit vulnerabilities in financial applications to gain access to sensitive data or disrupt business operations. To mitigate these risks, financial firms need to adopt a comprehensive security posture management approach that covers both cloud security posture management (CSPM) and application security posture management (ASPM).

While CSPM solutions focus on monitoring and securing the cloud infrastructure itself, it’s the ASPM solutions that secure the financial applications running on that infrastructure. ASPM is a holistic approach to application security that involves continuous discovery and monitoring, assessment, business logic exploitation, and remediation of applications and their vulnerabilities across the entire software development lifecycle. It helps organizations identify and prioritize security issues, and provides guidance and tools to help them mitigate and remediate vulnerabilities, protecting firms from unauthorized data access, interception, manipulation, regulatory violations, fraud, and disruption of services.

By integrating ASPM into their security posture management strategy, financial organizations can discover APIs in use they may not have known about, identify vulnerabilities in their applications, prioritize remediation efforts, and ultimately reduce their overall security risk. Furthermore, by filling coverage gaps in CSPM, ASPM can help financial firms save money by avoiding costly security breaches, financial losses, compliance issues, reputation damage, and downtime.

To leverage ASPM to save costs and fill coverage gaps found in CSPM, follow these best practices:

  • Discover and prioritize critical applications – One of the biggest challenges for CSPM is discovering and determining which applications and services are most critical to the organization. ASPM can help by discovering all APIs in use, mapping those APIs to specific web and mobile applications, providing visibility into the security posture of all applications, and identifying which ones have the most sensitive data. This information can help financial organizations prioritize their security efforts and allocate resources more effectively.

    By focusing on the most critical APIs and applications first, organizations can save costs and reduce their overall risk exposure, particularly since they deal with so much sensitive customer information, including financial transactions and account details. They can also ensure that their security efforts are aligned with their business goals and objectives.

  • Automate security testing and compliance checks – Another way that ASPM can save costs and fill coverage gaps is by automating security testing and compliance checks. With the increasing complexity of cloud environments, manual testing and compliance checks can be time-consuming and error-prone. Automating these processes can help financial firms identify vulnerabilities and non-compliant configurations more quickly and accurately, helping to protect their reputation and clients’ private data, and build trust with customers.

    By automating security testing and compliance checks, organizations can save costs on manual testing and reduce the risk of human error. They can also ensure that their security efforts eliminate regressions as new features are added to cloud-native applications in today’s dynamic environments.

  • Integrate security into the development process – ASPM can also help financial organizations fill coverage gaps by integrating security into the software development process. By incorporating security scans into this process, firms can ensure that security is built into the application from the ground up. This can help reduce the number of vulnerabilities that need to be remediated later.
  • Monitor application behavior in real-time – Another key aspect of ASPM is monitoring application behavior in real-time. This involves using runtime tools that can detect and alert on suspicious activity, such as unauthorized access attempts or data exfiltration. By monitoring application behavior in real-time, financial firms can quickly detect and respond to security incidents, minimizing the potential impact on the business. Machine-learning (ML) based anomaly detection has become more mainstream with addressing these types of API and application-centric attacks in recent years.
  • Use automation to streamline remediation efforts – Remediating vulnerabilities can be a time-consuming and resource-intensive process. However, by using automation tools to streamline the process, financial organizations can reduce the time and effort required to fix vulnerabilities in application code, infrastructure-as-code (IaC), and cloud services. For example, some ASPM solutions can automatically provide Terraform and CloudFormation scripts to auto-remediate application- and API-layer exploits by hardening runtime production configurations. By using these tools to automate the remediation process, organizations can save time and reduce their overall security risk.

Integrate ASPM with CSPM

To get the most out of their security posture management efforts, financial firms should integrate ASPM with CSPM. By doing so, they can fill coverage gaps in CSPM – including API discovery and vulnerability checks – to identify and address vulnerabilities in their applications that cannot be detected by CSPM alone. This integration can also help organizations save costs by avoiding security breaches, compliance issues and fines, and downtime caused by application vulnerabilities. Unlike CSPM, ASPM enables organizations to continuously monitor the security posture of applications and services so they can identify areas for improvement and take action to remediate vulnerabilities and reduce risks.

Overall, ASPM is a powerful tool. By discovering all APIs, identifying and prioritizing critical applications, prioritizing remediation efforts, automating security testing and compliance checks, integrating security into the development process, using risk-based prioritization, and monitoring for continuous improvement and auto-remediation, financial organizations can reduce their overall risk exposure and ensure that their applications and data are secure.

The post How Financial Services Firms Can Use Application Security Posture Management (ASPM) to Save Costs and Fill Cloud Security Posture Management (CSPM) Coverage Gaps appeared first on Cybersecurity Insiders.

By Greg Woolf, CEO of FiVerity

The marriage of fraud and artificial intelligence (AI) is lethal. Right now, fraudsters are upping their games, leveraging new and innovative tools such as ChatGPT and Generative AI to wreak havoc on the financial world. Their goal? To create deep-fake personas that look so authentic that financial institutions are granting them loans, allowing them to open accounts, approving transactions, the list goes on.

Adding insult to injury, most don’t realize the damage inflicted upon them until it’s too late. This is the new reality financial institutions face today thanks to AI, which not only allows criminals to create deep-fake or synthetic personas but makes the process easier than ever.

This is troubling on many levels.

First, as I mentioned above, these fraudulent identities are virtually undistinguishable from authentic ones, and discerning the difference is a challenge, even to the trained professional. Here’s why—deep fake IDs include a long credit and payment history, exactly the information an institution would see with all their legitimate customers. Exacerbating the issue is that fraudsters are turning to algorithms to quickly create multiple deep-fake personas, which they can refine continually using AI to avoid detection.

Add it all up, and it’s no surprise that fraudsters are achieving significant levels of success and becoming more and more aggressive—according to a TransUnion 2023 State of Omnichannel Fraud Report, digital fraud attempts have increased 80% from 2019 to 2022, while rising 122% for digital transactions originating in the U.S. during that time.

You don’t need to be an expert to realize that the success of fraudsters spells trouble for financial institutions.

  • First and foremost are the financial losses that stem from defaulted loans, charge-offs, and more.
  • Next comes damaged reputations, which can tarnish a business where trust is one of THE key attributes that customers value most—how can a consumer be expected to choose a financial institution making front-page news because it was defrauded by deep-fake personas?
  • And don’t forget compliance. Financial institutions are required to verify the identity of their customers to prevent fraud, money laundering, and other financial crimes. Any failure to meet these mandates can come with a hefty fine and penalty.

Going From Bad….to Worse

If you think the above scenario sounds ominous, I have bad news. It’s only going to get worse. That’s because technology never sits still. It’s always advancing and growing in sophistication, and incidents of digital catfishing and identity fraud will reach new levels as fraudsters leverage these advancements. This will manifest itself in different ways. One will be the use of deep-fake biometric data. This includes facial recognition or voice prints. The result would be a deep fake persona that is convincing on multiple levels, on paper and in person. Just imagine the challenges businesses will face trying to distinguish the fraudulent from the legitimate.

Criminals will also leverage AI to automate the creation of synthetic identity creation. The result would be hundreds to thousands of deep-fake personas being created and used simultaneously. This scale would be unlike anything we have ever seen before.

Fighting back 

Fighting back starts with collaboration. Financial institutions must be committed to sharing information on known fraudsters and intelligence on suspicious transactions. By pooling the resources and expertise of all these institutions, they can identify emerging patterns and trends and better detect digital catfishing and identity fraud ways that aren’t possible with information siloes.

Working together, they can also devise best practices. This should include everything from how to best share data and intelligence, how to act before an incident causes significant financial losses, and how to prevent these incidents from happening in the first place.

For anyone wondering what will support this collaborative mode, your best bet is a centralized platform that enables the safe, secure, and real-time sharing of fraud data. The platform should leverage AI and machine learning algorithms, and here’s why. AI and ML make it possible for businesses to analyze huge libraries of data to detect patterns and anomalies that may indicate fraudulent activity. Some key use cases that can help spot fraud include:

  • Dynamic Profiling: Implement a system that dynamically profiles user activity and attributes such as name, email address, zip, and state. This means not merely looking for hard matches but understanding the normal behavioral patterns of users to spot anomalies.
  • Multi-Attribute Analysis: Why look at a single attribute when you can examine multiple attributes and the interrelationship between each? For example, a change in email address alone might not raise a flag. Many of us use more than one email address. But when that switch coincides with a change in state, further investigation may be necessary.
  • Machine Learning Adaptability: Leverage adaptive machine learning algorithms to gain insights from the constantly shifting tactics. As you gain new levels of knowledge, take what’s been learned and update detection protocols.
  • Time-based Monitoring: Implement time-based flags that trigger alerts when sudden changes in key attributes are made in a short timeframe. This helps to enable fast action while freeing teams from spending countless hours sifting through data to identify fraudulent activity.

All of these capabilities are hugely valuable, but I would be remiss if I didn’t spotlight your biggest resource in this fight, your fraud analysts. At the end of the day, the intuition of these experts is invaluable. We encourage businesses to continue plugging into their knowledge experience to conduct periodic manual reviews, especially in cases that the system flags as borderline.

At the end of the day, financial services businesses face a highly sophisticated threat that is escalating in frequency. This is not a battle that can be one in isolation. It required action that is equal parts collaboration and a commitment to tapping into the latest innovations. By gaining a better understanding of fraudsters, they can identify patterns as well as fraudulent accounts that can not only take preemptive action but also collaborate on methods to stay ahead of the ever-evolving threat landscape of digital fraud.

The post The Evolution of Financial Fraud appeared first on Cybersecurity Insiders.

The cybersecurity landscape has undergone a dramatic transformation over the past few years, influenced by shifting threat vectors, technological advances, and changing market dynamics. For venture capital firms like Evolution Equity Partners, navigating these complexities is more crucial than ever. I recently had the opportunity to explore these topics with Richard Seewald, the Founder and Managing Partner at Evolution Equity Partners, a VC firm that has been successfully investing in cybersecurity companies for the last 25 years.

Big Picture Shifts in Valuations and Investments

Richard outlines how Evolution Equity Partners has been investing throughout all stages of the business cycle, including critical moments like the post-9/11 era, the 2008 financial crisis, and the post-COVID-19 scenario. These times were marked by significant shifts in investor confidence, interest rates, economic growth, and supply-demand imbalances. However, the opportunities and growth drivers around cybersecurity have remained persistent.

Seewald recalls that in the year 2000, the overall total addressable market for cybersecurity was around $5 billion. After the 2008 crisis, it rocketed to $50 billion. “We are on target to be at $250 billion as we reach the middle part of this decade,” he adds. To put it in perspective, a McKinsey report suggests that cybersecurity could be a $2 trillion market by the end of the decade. “It’s exactly at this point in the cycle that best-of-breed cybersecurity companies are built that are addressing next-generation attacks,” Richard emphasized.

When we look at recent history, we see that the emergence of companies like Crowdstrike, Okta, and Palo Alto Networks coincided with economic downturns, aligning with Seewald’s observations and confirming that periods of economic instability often act as a catalyst for innovation in the cybersecurity space.

Investment Opportunities in Cybersecurity Segments

When asked about the most attractive investment segments within cybersecurity, Richard took us through the firm’s experience in Machine Learning (ML) and Artificial Intelligence (AI). Evolution Equity made its first AI/ML investment in a company called Cognitive Security back in 2012, which later got acquired by Cisco. Richard further observes that machine learning and AI have evolved from just detection to response capabilities.

“One of the areas that we think is particularly compelling in the machine learning space today is protecting the developer environment,” Richard notes. In this context, he mentions an investment in Protect AI, helping organizations deliver secure and compliant ML models and AI applications. The focus is on protecting the AI and ML algorithms, applications, and models as the vulnerability and attack surface to hackers has significantly increased. This is a particularly salient observation as ML and AI are now being deployed across all major industry sectors including healthcare, finance, and more.

Adding Value Beyond Capital: The Evolution Equity Approach

Evolution Equity Partners’ investment philosophy extends beyond capital infusion. Richard cited the example of AVG Technologies, a company where the team at Evolution Equity Partners was instrumental in growing revenue from $4 million to almost $400 million within a decade.

“The playbook that we developed over the last two decades in helping growth-stage businesses in the cybersecurity space has now become institutionalized,” says Richard. He mentions that the firm operates centers of excellence around cybersecurity growth, staffed by professionals who have been integral in building cybersecurity businesses over the last two decades. This involves specialized know-how in product-led growth, operating metrics, and focusing on ROI-driven growth versus “growth at all costs”.

The Shifting Geographical Dynamics

Seewald dives into a fascinating aspect of cybersecurity investments—the geographical dimension. Contrary to popular belief, the cybersecurity investment world isn’t as U.S.-centric as one might think. While 80–90% of cybersecurity companies are U.S.-based, followed by Israel and the U.K., Seewald believes that Europe presents a burgeoning opportunity for cybersecurity startups. “We’ve been one of the most active investors in European cybersecurity over the last decade,” he says, noting investments or acquisitions in almost every major European country.

European cybersecurity companies often set up their headquarters in the U.K. due to an ecosystem that facilitates opportunities for them across Europe, similar to how U.S. cyber ecosystems are concentrated on the East and West Coasts. Companies from countries with significant defense budgets, such as the UK France and Germany, are creating exciting opportunities in the cybersecurity space.

“I am positive we are going to see a billion-dollar machine learning and AI company based on revenue, not just valuation, come out of Europe in the cybersecurity space over the next couple of years,” Seewald predicts. “The quality of universities in Europe is fostering an environment ripe for this sort of innovation.”

Israel, according to Seewald, holds a special place in the global cybersecurity landscape. “Israel is just a unique ecosystem in part because of the flywheel that exists around the cybersecurity entities in the country that produce talent that is well connected, experienced, and technically savvy,” he explains. Evolution Equity Partners has been a key investor in Israel, with recent investments in cybersecurity startups in Tel Aviv.

The Future Outlook

Seewald emphasizes that now is the opportune moment to invest in cybersecurity. “Companies that are born today will be the champions of tomorrow,” he asserts. For instance, during the 2008 financial crisis, companies like CrowdStrike were born, which later turned into market leaders. Seewald encourages cybersecurity entrepreneurs not to be disheartened by current economic fluctuations or contraction in the market. “This is an area that’s mission-critical to our world today. It’s our infrastructure, our companies, our governments that need protection. It’s our way of life,” he says, underlining the sector’s critical importance. “We’re pretty positive about the opportunity in this category over the next couple of years,” Richard asserts.

As we wrapped up our discussion, it was evident that the evolving cybersecurity landscape presents both challenges and opportunities. Evolution Equity Partners, with its depth of experience, is well-positioned to capitalize on these opportunities, steering cybersecurity companies through market cycles to become next-generation cybersecurity leaders.

As the demand for cybersecurity solutions continues to grow—driven by an expanding attack surface, regulatory mandates and an evolving threat landscape—now is an attractive moment for investors to engage deeply with this critical and expanding market. This isn’t merely about hedging against risks or short-term gains; it’s about contributing to building a safer, more secure digital world and protecting our way of life for decades to come.

Venture firms like Evolution Equity Partners serve as key pillars in the cybersecurity ecosystem, enabling innovation, fostering growth, and facilitating market adaptation. Their experiences and strategies offer crucial insights into how the investment community views cybersecurity — as a dynamic, high-growth sector with tremendous potential, not just now, but in the decades to come.

And for those looking to start the next cybersecurity success story: “Don’t be discouraged by any of the headline reports,” Seewald advises, “The right time to be building a cybersecurity company is now.”

Learn more about Evolution Equity Partners here: https://evolutionequity.com/

 

Image By vecstock

The post Investing in Cybersecurity’s Future: A Conversation with Richard Seewald of Evolution Equity Partners appeared first on Cybersecurity Insiders.