22 April 2012

WHO ARE YOU PREACHING TO ANYWAY?...

Google
I recently was privileged enough to be asked to present at a merchant forum in London. Interestingly, the intended recipients had been very much in the driving seat since they had selected the topics themselves. After my previous posts (Part 1 and Part 2) on connecting the dots between information security, risk and fraud, you can imagine my pleasure that I, alongside my fellow speakers, were asked to do just that... A delightfully interactive audience, some very interesting chats at the breaks and the recent buzz about the value of security conferences prompted me to share some thoughts on how actively to engage with your stakeholders and get the results you need...

9 April 2012

5 STEPS TO A SUCCESSFUL SOCIAL ATTACK - What's Your Threshold?...

Google
In a previous post, I highlighted that mass marketing fraud against individuals cost the UK economy £3.5 billion in 2011, that is ten time more than the cost of plastic card fraud in the same year, or equivalent to the total fraud losses incurred by the financial services sector in the same period! Sobering perpective, don't you think? We all know that mass marketing fraud is where criminals aim to defraud multiple individuals to maximise revenue by persuading victims to transfer monies in advance in exchange for promised goods, services or benefits. And we all know that this is usually done via mass-communications media (such as telephone calls, letters, emails and text messages) and ranges from foreign lottery/ sweepstake frauds through to ponzi schemes and romance frauds or any other abuse of trust... So, we all know better, don't we?... 

1 April 2012

FROM FRAUD TO INFOSEC and vice versa... Part 2

Google
In my previous post, I summarised the UK National Fraud Authority latest Annual Fraud Indicator and how it relates to information security. In this post, I delve further on this connection by further refining the key fraud enablers used to defraud victims of all types. These cut across the fraud landscape and often overlap which poses further challenges for quantifying their impact, but the classification is nonetheless helpful and recognisable.

FROM FRAUD TO INFOSEC and vice versa... Part 1

Google
In my last post, I attempted to give some real business metrics to help secure information security investment. One of those metrics set related to our ability to link infosec to fraud and in this post I’d like to examine the connection a bit further. Lucky for me, the UK National Fraud Authority have just released their 2012 Annual Fraud Indicator (readers beware, it’s 58 pages...), so with my infosec lens, I’ll take you through the report and hopefully give you some more KPIs to think about...