The ability to exchange cyber threat intelligence (CTI) in privacy preserving and in a secure manner is vital for enterprises to manage their security risks effectively. Securing the CTI involves sanitizing privacy data from the identified threat information and dynamically generating Indicators of Fraudulent Transactions (IoFT) that will contain only the relevant CTI. The exchange is facilitated by usage of the decentralized identity network that permits participants on the network to establish trust with each other and avail secured communication channels to exchange information.
However, there are some inherent challenges:
Existing threat exchange mechanisms are prone to unwanted noise, concerns on enterprise data privacy and data minimizations which deter enterprises from sharing threat intelligence
Quality of threat intel data that is shared limits organizations from acting on them in a time bound manner
An innovative solution to mitigate threats
IoFT are cyber threat intelligence metadata derived from the fraudulent behavior pattern that is relevant for each domain. These fraudulent patterns are validated by respective domain experts. The IoFT will be devoid of any privacy information, but will have sufficient data elements to convey potential cyber threats as applicable for the respective domain. This offers greater confidence for peers to collaborate and address common cyber threats more effectively. In addition,
Threat information will be dynamically generated using IoFT and will not contain private and confidential data of the organization
Enterprises will share CTI in a seamless and privacy preserving manner with their peers
Threat intelligence information is validated by the trust network, thus ensuring quality and relevancy of threat intel being shared
The infographic above depicts a trust network of financial Institutions. In the Figure Enterprise A & Enterprise B are financial institutions, both participants of the trust network. The Enterprises can leverage the decentralized Trust network to exchange CTI information using IoFT among the peer participants of the network. Enterprise A can exchange details of fraudulent transactions that it has identified with the peer organization Enterprise B in privacy preserving manner using IoFT. This would help Enterprise B to address similar fraudulent transactions more effectively, thereby preventing incurring financial losses by such transactions.
Here are a few use cases that demonstrate the applicability across various business domains:
Financial domain – Financial institutions can collaborate with each other to identify fraudulent activities such as forging letter of credits, forging individual identity details for availing loans and sharing this information as IoFT among peers to seamlessly address fraudulent activities. It enables organizations to enhance trust among peers without disclosing private information.
Government sector – Government organizations can identify forged government issued documents submitted by fraudsters and share this information with all government departments to stop recurring forgery attempts.
Insurance domain – Fraudsters can raise several false claims to avail financial gain. Insurance organizations can identify such attempts and share with peers to minimize such attempts.
Retail domain – Some individuals exploit the facility to return items to retailers wherein used or stolen items are returned for refund. Retailers can identify and share this information among the retail outlets to prevent such attempts.
Cybersecurity - Organizations can interact with various security agencies / departments like CERT, CISA, NIST etc. to identify and share CTI using IoFT, thus enabling organizations to be better equipped and adopt proactive measures to address potential cybersecurity threats.
Organizations can identify and weed out fraudulent transactions in the shortest possible time. Access to quality threat intel and diligent information sharing amongst peers can help minimize enterprise risk. With IoFT based solutions, organizations can now restrict what is being exchanged to actionable CTIs without exposing confidential information of the organization.
Comments