A recent focus group marked the next step in our Social Engineering work stream. Hosted at the iconic Bletchley Park – the birthplace of modern cybersecurity – the event had an inspirational setting.
We brought together professionals from banking and insurance, law enforcement, and private sector backgrounds to better understand how we can start making social engineering tactics harder for the perpetrators.
Delegates at the focus group had the rare opportunity to hear from four pillars of industry at the same time. Perspectives covered the cyber fraud lifecycle, and we worked on a number of scenarios and exercises together.
Panelists included:
1. Verified identity - the ability to verify the identity of an organisation over digital channels is central to reducing our vulnerability to cyber fraud. This needs to be very simple to understand, and low effort for it to have an impact for the mass of consumers.
2. Norms and consistency - while some organisations can unilaterally change the expectations for their security (e.g. the HM Revenue and Customs commitments on the use of email) most cannot set norms and expectations in isolation. And while different practices prevail, fraudsters can use the differences to induce individuals to operate insecurely. We need to work towards consistent norms and good practice across financial services and other industry sectors.
3. Customer experience and friction - a major reason that the security of customer interactions is not improved further is the friction that security usually introduces into customer experience. Best practice currently constitutes trade-offs within the constraints of the possible. To improve security further we need to identify and develop practices and technologies that enable further improvements in security without increased friction.
4. Takedowns - while police prosecute where they can, most fraud control concentrates on blocking transactions and dealing with the impact. A more robust response from society to cyber fraud would also include the systematic collection of intelligence from financial institutions and victims and the use of this intelligence to disrupt fraud organisations, including freezing accounts and the takedown of digital infrastructure and other elements of their operations.
Key to improving this situation is collaboration within and between industry sectors with an interest in reducing the prevalence and impact of cyber fraud.
The conclusions of this event will be taken forward by the Tackling Cyber Fraud project within The Intelligence Network. This project is currently working towards a full assessment of the risk of false trust, an exploration of the potential for two-way authentication, and a best practice guide considering the value of social engineering to those conducting cyber fraud.
A huge thank you to all who took part in the focus group. Please do reach out if you’d like to find out more.