How to Engage in the Fight Against Cyber Threats

Last week at the amazingly successful American Bankers Association (ABA) Risk and Compliance Virtual (RCV) Conference, I suggested we think about cyber threats in terms familiar to compliance and risk professionals so that we can develop concrete plans to engage in the fight. Too often, “cyber” sounds like the domain of hackers and malware experts, when in fact, the call to action in cybersecurity should lead with: no coding experience needed.

Think of cyberspace as a massive and global domain for human interaction -- technology-enabled human interaction. Cybercriminals take actions these days in collaboration with others, and they coordinate via online markets. I used a few examples such as cryptocurrency and bullet-proof hosting, which enable non-technical people to engage actions where they want to use technology to avoid law enforcement. I also pointed out the role of the cash-out specialist: the human who opens bank accounts and enables money mules to convert crime to cash. Today’s criminals simply rent the needed tech skills in a tremendously deep and global market, to capitalize on vulnerabilities. 

Take the example of Ray Hushpuppi, an Instagram influencer who regularly posted about his Rolls Royces and designer watches and clothing to more than 2 million followers. Hushpuppi allegedly specialized in cash-out services. 

When building plans to combat cyber threats, remember Hushpuppi. Improve screening, resolve identities, and audit behaviors. Use technology to screen wider and deeper. Provide a reason for the new, non-technical cybercriminal to back out of the market. That’s how risk and compliance professionals fight cyber threats.