Today’s cybersecurity and fraud landscape is increasingly becoming an arms race.
For every 12-foot-tall wall that businesses build, fraudsters start to shape an ever-more sophisticated 13-foot ladder. In this tit-for-tat landscape, constant vigilance has become crucial.
“What you want to do is catch it before it becomes a crisis,” Boost Payment Solutions Chief Technology Officer Rick Kenneally told PYMNTS for the series “What’s Next in Payments: Protecting the Perimeter.”
He added that the first step in threat detection can be as simple as “keeping up with the basics” as it relates to monitoring and compliance checks, noting that “they will turn things up.”
Within the world of B2B payments in particular, the ongoing challenge of thwarting fraudsters is especially pronounced due to the large transaction values and complex processes that can create unique and attractive vulnerabilities.
Kenneally explained that detection, prevention and protection in the B2B environment is not just about internal vigilance but also about selecting strong partners who can provide valuable insights and support.
“We ensure that we are getting that information not just from our own monitoring but also from partners who help us stay informed,” he said.
This proactive approach is important in a landscape where new threats emerge constantly, and the consequences of a breach can be catastrophic.
In today’s rapidly evolving digital landscape, where cybersecurity threats are becoming increasingly sophisticated, protecting the perimeter of an organization’s digital infrastructure has never been more critical.
Learning from industry incidents, such as the CrowdStrike event in July, is also a critical part of Boost’s strategy. Kenneally explained how this particular incident prompted his team to reevaluate their own processes.
“The CrowdStrike incident made us sit down and think, ‘OK, what would we do if suddenly all of our laptops bricked, and people couldn’t log in? What’s our recovery process?’” he said.
This type of scenario planning is essential for ensuring that companies can respond quickly and effectively to unforeseen challenges.
While the basic approach to developing contingency plans has remained consistent over the years — bringing together the right people to think through potential scenarios — the specific threats that companies face have evolved.
“The things that we discussed change over time,” Kenneally noted, highlighting the emergence of new fraudsters and types of threats. Despite these changes, he stressed, the fundamentals remain the same: developing plans, testing them regularly and making adjustments as needed.
When it comes to strengthening the defenses against both internal and external threats, Kenneally emphasized the importance of a multifaceted approach.
“You need to look at the cybersecurity aspect and the fraud prevention aspect,” he said.
For Boost, which operates in the B2B credit card payment space, fraud prevention is built into the business model. Payments can only be made to companies that have passed a rigorous vetting process and are registered with Boost, reducing the risk of fraudulent transactions.
By partnering with companies that provide early warnings about threats and scams when they see them independently, such as domain spoofing attempts, businesses can stay ahead of potential threats.
“That’s an important control, and I strongly recommend it for any company,” Kenneally said, stressing the benefits of collaborative working partnerships.
“It’s about ensuring that the controls are in place and that we are partnering with our customers to mitigate risks,” he added.
This is particularly relevant given the increasing sophistication of phishing attempts, some of which may be assisted by artificial intelligence.
Another aspect of Boost’s strategy is fostering a culture of resilience and agility within the organization. This involves continuous training and education, not just for the IT team but across the entire company.
“Training is critical,” Kenneally said. “It needs to be consistent, prioritized and focused on keeping employees aware of the latest threats.”
Regular exercises, such as phishing campaigns, are also essential in maintaining vigilance.
“We take examples of phishing attempts and share them with the company to keep these threats top of mind,” he said.
As the cybersecurity landscape continues to evolve, the need for companies to protect their digital perimeter becomes more pressing. But while the threats may change, the fundamental principles of good cybersecurity — vigilance, education and proactive planning — remain constant.
For all PYMNTS B2B coverage, subscribe to the daily B2B Newsletter.