From the vantage point of the C-suite and the boardroom, it can be hard to tell that an organization’s cybersecurity and fraud risk management efforts are poorly integrated. Disparate teams put in place countless controls, giving the appearance of multilayered protection. The result is often a patchwork with gaps that hackers and fraudsters can easily discover and exploit. This means cybercriminals can maliciously monetize the business’ internet-facing products like web-based portals, application programmable interfaces (API), and mobile applications. Such malicious activity is known as product abuse.
Hackers and fraudsters are in constant contact with online business tools designed to enable customers to log into accounts, set up and manage new accounts, enjoy seamless experiences involving third-party businesses, and make purchases. Cybercriminals are always testing controls, probing for information, and exploring the limits of actions that can be performed using the accounts and data at their disposal.
This paper provides recommendations to help organizations methodically counter the abuse of their internet-facing products. Here is a recap of the recommended actions:
- Stakeholder alignment:
- Document the key stakeholders who are responsible for controls that protect internet-facing products.
- Identify an executive to provide oversight to protect the organization’s products.
- Develop a unified strategy across the control layers.
- Control mapping:
- Identify all controls for internet-facing products.
- Aggregate the control logging into a centralized data lake/store for analytics.
- Tactics, techniques, and procedures (TTP):
- Document the TTPs that are observed within the organization’s products and ecosystem.
- Identify where there are control gaps or weaknesses for TTPs relevant to the organization.
- Continually update the documentation as new techniques and sub-techniques emerge.
