Leading e-commerce companies are training their cybersecurity analysts on transaction fraud detection systems and collaborating with vendors to detect identity spoofing and the use of stolen privileged access credentials. Fremont, CA: Cyberattacks are becoming more sophisticated, targeting multiple threat surfaces at the same time and employing a wide range of techniques to avoid detection and gain access to valuable data. Bad actors' preferred attack strategy is to use various social engineering, ransomware, phishing, and malware techniques to obtain privileged access credentials in order to circumvent Identity Access Management (IAM) and Privileged Access Management (PAM) systems. Detecting Transaction fraud – According to CISOs, the pandemic's effects on e-commerce sales are the primary motivator for investing in AI and ML-based transaction fraud detection. Transaction fraud detection is intended to provide real-time monitoring of payment transactions through the use of machine learning techniques to identify anomalies and potential fraud attempts.

Did you miss a session from the Future of Work Summit? Cyberattacks are happening faster, targeting multiple threat surfaces simultaneously using a broad range of techniques to evade detection and access valuable data. A favorite attack strategy of bad actors is to use various social engineering, phishing, ransomware, and malware techniques to gain privileged access credentials to bypass Identity Access Management (IAM) and Privileged Access Management (PAM) systems. Once in a corporate network, bad actors move laterally across an organization, searching for the most valuable data to exfiltrate, sell, or use to impersonate senior executives. IBM found that it takes an average of 287 days to identify and contain a data breach, at an average cost of $3.61M in a hybrid cloud environment.

Gartner predicts $137.4B will be spent on Information Security and Risk Management in 2019, increasing to $175.5B in 2023, reaching a CAGR of 9.1%. Cloud Security, Data Security, and Infrastructure Protection are the fastest-growing areas of security spending through 2023. Spending on AI-based cybersecurity systems and services reached $7.1B in 2018 and is predicted to reach $30.9B in 2025, attaining a CAGR of 23.4% in the forecast period according to Zion Market Research. Traditional approaches to securing endpoints based on the hardware characteristics of a given device aren't stopping breach attempts today. Bad actors are using AI and Machine Learning to launch sophisticated attacks to shorten the time it takes to compromise an endpoint and successfully breach systems.

Bottom line: Machine learning is enabling threat analytics to deliver greater precision regarding the risk context of privileged users' behavior, creating notifications of risky activity in real time, while also being able to actively respond to incidents by cutting off sessions, adding additional monitoring, or flagging for forensic follow-up. A commonly-held misconception or fiction is that millions of hackers have gone to the dark side and are orchestrating massive attacks on any and every business that is vulnerable. The facts are far different and reflect a much more brutal truth, which is that businesses make themselves easy to hack into by not protecting their privileged access credentials. Cybercriminals aren't expending the time and effort to hack into systems; they're looking for ingenious ways to steal privileged access credentials and walk in the front door. According to Verizon's 2019 Data Breach Investigations Report, 'Phishing' (as a pre-cursor to credential misuse), 'Stolen Credentials', and'Privilege Abuse' account for the majority of threat actions in breaches (see page 9 of the report).

Bottom Line: Machine learning is enabling threat analytics to deliver greater precision regarding the risk context of privileged users' behavior, creating notifications of risky activity in real time, while also being able to actively respond to incidents by cutting off sessions, adding additional monitoring, or flagging for forensic follow-up. A commonly-held misconception or fiction is that millions of hackers have gone to the dark side and are orchestrating massive attacks on any and every business that is vulnerable. The facts are far different and reflect a much more brutal truth, which is that businesses make themselves easy to hack into by not protecting their privileged access credentials. Cybercriminals aren't expending the time and effort to hack into systems; they're looking for ingenious ways to steal privileged access credentials and walk in the front door. According to Verizon's 2019 Data Breach Investigations Report, 'Phishing' (as a pre-cursor to credential misuse), 'Stolen Credentials', and'Privilege Abuse' account for the majority of threat actions in breaches (see page 9 of the report).