Sharing Insider Threat Indicators: Examining the Potential Use of Swift’s Messaging Platform to Combat Cyber Fraud

Abstract

Cyber actors are operating under a shared services model giving them access to infrastructure, tools, targets and the ability to monetize their exploits. As a result, organizations across industries must enhance communication channels to share threat information in order to preempt cyber fraud schemes. This requires both an ability to identify the patterns of behavior that indicate cyber fraud activity is occurring and a platform for communicating potential threat information. This report focuses on identifying the patterns of behavior typically indicative of efforts by criminals to use insiders to cash out on fraudulent activity. The objective of this research is to explore the potential for organizations to use an existing telecommunication platform, such as SWIFT, to communicate cyber fraud threat information by establishing indicators of cashout behavior, which could warn of cyber fraud activity.