Work with Human Behavior to Avoid Breaches and Cybercrime, Says Cybersecurity Expert


Organizations continue to operate under a cybercrime misconception about their customers, and it’s costing them a lot of money, said cybersecurity expert Theresa Payton, the Monday luncheon keynote speaker. “The conventional wisdom [in cybercrime and fraud] is that ‘humans are the weakest link … That’s why we have security problems.’ I want to change that conversation now.

“I used to feel that way when I was in the financial services industry,” she said. “I’d say, ‘I wish we could just train our customers on the little bit of what I know. My job would be safer and easier to do, and we’d all be happier.’ We’ve been talking this way for decades. We keep asking ourselves, ‘Why do people click on links? Why do people open attachments? … Why do people make these mistakes?’

“But we especially don’t design our security and fraud strategies around the human,” Payton said. “How many times have you have you said, ‘We have to be careful about how we put in place these fraud controls because we don’t want to cause too much customer friction. We have to charge off fraud like it’s a cost of doing business.’ The design and the way we think about it is wrong.”

Payton said that we have to accept that people will continue to operate in risky ways with technology. All technology is now designed to “interoperable.” “Think about your smartphones. You can talk hands-free in the car … You can connect it to speakers. Smart TVs. Smart thermostats. Smart doorbells. You’d be ticked if you spent that much money and discovered that it didn’t communicate with anything else. But that air of operability means that it’s open to be hacked.” 

Organizations have to work with connectivity technology rather than hope that it doesn’t proliferate. Some cybersecurity experts, for example, were able to hack into an Internet of Things (IoT) tea kettle at a business with a rogue hotspot device so they could surreptitiously connect with the organization’s systems. But Payton also gave the positive example of a U.K. program of IoT smart light posts that will detect breaking glass, loud noises and shouting. The light will then grow brighter and a camera will turn on so law enforcement will see if they need to send officers.


Payton prognostications

Payton has some predictions for 2020, and she wants you to call her out on LinkedIn if they don’t come true:

1. A digital misinformation campaign will destroy a company/industry for financial gain.

2. The blockchain will be cracked.

3. Artificial-intelligence-powered bots will adapt and evolve to commit cybercrimes without human intervention.

4. “Digital forensic anthropology” will become a gig.

Don’t bet that she’ll be wrong because she has a good track record in previous cyber prophecies.           

Though her predictions reflect that cybercriminals’ methods are rapidly evolving, some things remain constant. “The better you give of your ‘A game,’ the better fraudsters get,” Payton said.

“They don’t say, ‘Wow, look at the great job fraud examiners are doing around the world to end fraud. This is getting so hard. I should just be a good person and bake pies for my neighbors.’ They don’t do that do they? … We’re in a war! It’s an arms race between you and them, and I’m betting on you to win. But the only way we win is we have to constantly change our tactics,” she said.

“[Fighting cybercime] is a team sport. From my perspective — working the cybersecurity industry — you guys are superheroes … trying to make sure fraudsters don’t get in the way of consumers, protecting your business, protecting the world. There’s a huge economic impact to what you do.”   


Payton invites all attendees to ask her questions between today and Friday tagging @TheACFE @trapperpayton #FraudConf. Those responding will be eligible to receive one of her two signed books.