Shaping the Future of Cybersecurity

      As digital threats continue to escalate in complexity and frequency, Waystone Compliance Solutions is spearheading cybersecurity solutions under the guidance of Conor Flynn, Managing Director.

      With extensive experience in the industry, Flynn is at the forefront of tackling today’s cybersecurity challenges while preparing for tomorrow’s threats. In this interview, he discusses the current state of cybersecurity, the evolving nature of threats, and the innovative strategies necessary to stay ahead of potential risks.

      The Critical Role of Domain Monitoring

      As the digital landscape expands, so too does the number and complexity of security threats that organisations face from cloned domains. These domains are specifically designed to deceive users and bypass traditional security measures. In response, the industry has moved towards sophisticated domain monitoring tools that incorporate AI and machine learning. These technologies not only react to immediate threats but also predict and pre-empt potential cyber-attacks, protecting sensitive information from increasingly sophisticated cybercriminals.

      Simultaneously, the regulatory landscape is undergoing significant changes that impact domain monitoring requirements. Regulations such as the General Data Protection Regulation (GDPR), Digital Operational Resilience Act (DORA), and the NIS 2 Directive have set rigorous standards for data protection and privacy. These regulations compel organisations to bolster their monitoring and compliance strategies. Firms that fall short of these regulatory requirements risk severe financial penalties and reputational damage.

      Conor comments, “As cyber threats become more sophisticated, particularly with the increasing use of mimicked domains, the industry must advance its detection technologies not just to respond, but to anticipate and prevent potential breaches. This proactive approach is vital in a regulatory environment that is both complex and punitive for non-compliance.

      The Rise of Fake Websites in the Financial Sector

      The financial sector is facing an escalating threat from fake websites, which are becoming increasingly sophisticated in mimicking legitimate operations. These fraudulent sites utilise advanced techniques that make fake URLs look deceptively legitimate, especially on smaller screens where such differences are less noticeable.

      This rise in fake websites is particularly problematic for entities like Investment Companies with Variable Capital (ICAVs), which often lack a substantial online presence. Cybercriminals exploit this by creating fraudulent sites under the ICAV’s name to harvest sensitive investor data. These clone sites often feature legitimate-looking links and are indexed in search engines, making it challenging to differentiate them from genuine websites.

      Conor explains “In our investigations, we’ve seen that clone content is often just a copy and paste from one fake site to another, with minor adjustments, so are incredibly believable. This has led us to develop strategies not just for identifying these sites but also for taking proactive measures with the right partners to remove them before any real damage is done to our client’s brand.

      Recent Developments in Clone and Lookalike Domain Detection

      AI technologies have enhanced the ability to detect sophisticated cyber threats. They can analyse vast amounts of data to identify patterns that may indicate malicious intent. This includes monitoring web content, customer portals, and email services that could increase the likelihood of a complex fraud event. This technology can now detect the misuse of logos, not just text based content.

      Conor says, “The escalation of domain cloning tactics has necessitated a more dynamic and responsive approach in our defences. AI has enabled us to detect and respond to such threats with unprecedented precision. We’re now able to identify potential threats before they escalate into more serious breaches, ensuring better protection for our clients.

      Immediate Response to Lookalike Domain Threats

      When an organisation detects a clone or lookalike domain, it must act swiftly. The process begins with accurate identification and classification within the incident response framework, helping to gauge the threat’s severity and influence further actions.

      A collaborative, multidisciplinary approach involving cybersecurity, legal, compliance, and data privacy teams is essential. This ensures comprehensive threat analysis and enhances response effectiveness. Immediate coordination with the compliance team is also critical to ensure accurate and transparent regulatory reporting.

      Conor says: “Once we identify a lookalike domain, we coordinate with our legal, compliance, and cybersecurity teams to assess the threat and quickly initiate takedown procedures with our brand protection partners. This proactive stance is vital in protecting our client’s stakeholders and complying with regulation.

      Future Tactics of Fraudsters and Proactive Cybersecurity Measures

      As the digital landscape evolves, so too do the tactics of fraudsters, particularly in the area of clone and lookalike domains. Cybercriminals are expected to continually refine their strategies, using advanced technologies like AI to create more convincing fake sites. These developments make fraudulent sites increasingly difficult to detect and require robust countermeasures.

      A recent example was the widely publicised clone site of the Van Gogh Museum in the Amsterdam where many who had planned visits were defrauded by the clone site in a “malvertising” scam.

      Conor says, “Our cybersecurity team has responded to this evolving threat by implementing a comprehensive horizon scanning function. This involves constant monitoring and analysis of intelligence from global security partners to anticipate and address emerging threats. Additionally, our team is enhancing its focus on monitoring social media platforms and the dark web. These areas are often breeding grounds for the planning and coordination of cyberattacks, as well as the sale and sharing of stolen data. By keeping a vigilant eye on these channels, we can detect potential threats early and respond swiftly.

      He concludes, “Our ability to anticipate and adapt to the evolving tactics of cybercriminals defines our strength. By continuously advancing our detection capabilities and compliance strategies, we ensure that our defences not only meet but exceed the challenges posed by modern cyber threats.

      Conor Flynn recently spoke on these themes at the European Anti-Financial Crime Compliance Summit in Dublin on 16 May 2024 on the Panel: Beating the Fraudsters – How We Do It.

      How Waystone Can Help

      Waystone partners with asset managers and fund boards to safeguard their operations against cybersecurity threats. Our offerings include a range of cybersecurity program solutions and outsourced support such as CISO (Chief Information Security Officer) and DPO (Data Protection Officer) roles. Additionally, we provide incident response, crisis support and GDPR assistance. Our global team takes a proactive approach, implementing best practices and effective strategies to mitigate cyber risks, ensuring that our clients’ operations are secure and resilient against potential threats.

      If you have any questions or would like to sign-up to receive our communications, please contact Conor Flynn or your usual Waystone representative via the below.

      Contact us

      Previous post Next post
      Share

      More like this

      Global IT Issue on 19 July

      On Friday, 19 July a global IT issue impacted industries around the world.
      Read more

      Navigating DORA compliance: A practical guide for SMEs

      To address the rising threats of cyber-attacks and digital disruptions in the financial sector, the European Union has introduced the…
      Read more

      Anti-greenwashing rule - not to be underestimated

      At the end of 2023, the FCA published its long-awaited and delayed Policy Statement: “PS23/16 Sustainability Disclosure Requirements and investment…
      Read more

      DFSA – Fixed Penalty Notice Regime

      On 5 April, the DFSA published a Dear SEO Letter. The purpose of this letter was to inform all Senior…
      Read more

      Exploring FSRA Supervision Fees: Everything you need to know

      The FSRA proposed amendments to its Fees Rules (“FEES”) and General Rulebook (“GEN”) to better align fees with operational costs.
      Read more

      FSRA proposes enhanced measures for Cyber Risk Management

      On 29 November 2023, the Financial Services Regulation Authority (“FSRA”) issued Discussion Paper No. 1 of 2023 on Information Technology…
      Read more