Case Studies June 01, 2013

Customer Profile: BANCO POPULAR DE PUERTO RICO (BPPR)

In this paper, Enterprise Management Associates (EMA) explores the response organizations must marshal to stand up to this industrialized cybercrime threat. If attackers are well organized and well informed, take advantage of the latest innovations in the shadow market of crimeware and automation, and capitalize on intelligence to maintain their advantage, organizations must respond accordingly

Download

As criminals have discovered the profitability of attacks against information systems, the impact of fraud has grown. Adversaries have discovered the lucrative nature of harnessing cyber threats. Their innovations have made it easier to steal from a wider range of victims. This has spurred the commercialization of crimeware and services – which, in turn, has given rise to specialization, competitive pressures, and other factors that illustrate how fraud, abetted by cybercrime, has grown from the unrelated activities of a few into an industry in its own right.

This industry has produced a level of automation and sophistication in fraud techniques to rival those of the legitimate business world. The commercial-grade packaging of complex threats makes it possible to readily convert personal systems into pawns that facilitate fraud, often unbeknownst to their rightful owners. Large-scale systems management capitalizes on the ability to harness entire networks of compromised hosts whose masters often avoid detection and defeat through highly nimble evasive tactics. The net result: an industrialized threat that is costing businesses billions of dollars worldwide.

In this paper, Enterprise Management Associates (EMA) explores the response organizations must marshal to stand up to this industrialized cybercrime threat. If attackers are well organized and well informed, take advantage of the latest innovations in the shadow market of crimeware and automation, and capitalize on intelligence to maintain their advantage, organizations must respond accordingly.

Coordinated strategies embracing multiple tactics to limit exposure and improve effectiveness are now mandated by guidance such as that of the US Federal Financial Institutions Examinations Council and other regulations worldwide affecting businesses targeted by fraud. The RSA Fraud and Risk Intelligence portfolio of solutions offers an example of such a coordinated approach. With its early leadership in technologies and services that integrate intelligence with anti-fraud tactics in real time, the RSA Fraud and Risk Intelligence portfolio gives organizations the tools to enable strategies for confronting an industrialized threat with an industry-wide response