The landscape of online threats is constantly evolving as criminals develop new tactics, techniques, and procedures (TTPs) to achieve their goals. These methods can range from simply collecting information to committing fraud, posing a serious risk to businesses and their customers. To combat these threats, organizations must proactively defend against account takeovers, synthetic accounts, API authorization, and other forms of cybercrime that target their business-to-consumer (B2C) products.
This presentation will explore how adversaries exploit weaknesses in controls and visibility to attack B2C products. We will discuss how organizations can use data-driven approaches to measure the “threat pressure” on their controls and assess the control’s effectiveness against these attacks. We will also provide a plan for strengthening control stacks and product architectures, including using internally sourced data to track changing TTPs in the cybercrime ecosystem. With these measures in place, organizations can better protect themselves and their customers from the negative consequences of cybercrime.