GCP – Cloud CISO Perspectives: How CISOs and boards can help fight cyber-enabled fraud
Welcome to the second Cloud CISO Perspectives for August 2025. Today, David Stone and Marina Kaganovich, from our Office of the CISO, talk about the serious risk of cyber-enabled fraud — and how CISOs and boards can help stop it.
As with all Cloud CISO Perspectives, the contents of this newsletter are posted to the Google Cloud blog. If you’re reading this on the website and you’d like to receive the email version, you can subscribe here.
- aside_block
- <ListValue: [StructValue([(‘title’, ‘Get vital board insights with Google Cloud’), (‘body’, <wagtail.rich_text.RichText object at 0x3e9735660160>), (‘btn_text’, ‘Visit the hub’), (‘href’, ‘https://cloud.google.com/solutions/security/board-of-directors?utm_source=cloud_sfdc&utm_medium=email&utm_campaign=FY24-Q2-global-PROD941-physicalevent-er-CEG_Boardroom_Summit&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
How CISOs and boards can help fight cyber-enabled fraud
By David Stone, director, Office of the CISO, and Marina Kaganovich, executive trust lead, Office of the CISO
David Stone, director, Office of the CISO
Cybercriminals are using IT to rapidly scale fraudulent activity — and directly challenge an organization’s health and reputation. Known as cyber-enabled fraud (CEF), it’s a major revenue stream for organized crime, making it a top concern for board members, CISOs, and other executive leaders.
The financial toll of cyber-enabled fraud on businesses is staggering. The FBI noted that cyber-enabled fraud cost $13.7 billion in 2024, a nearly 10% increase from 2023, and represented 83% of all financial losses reported to the FBI in 2024.
Marina Kaganovich, executive trust lead, Office of the CISO
“Regions that are highly cashless and digital-based” are more vulnerable to the money-laundering risks of cyber-enabled fraud,” said the international Financial Action Task Force in 2023. “CEF can have [a] significant and crippling financial impact on victims. But the impact is not limited to monetary losses; it can have devastating social and economic implications
Tactics used in cyber-enabled fraud, including “ransomware, phishing, online scams, computer intrusion, and business email compromise,” are frequently perceived as posing “high” or “very high” threats, according to Interpol’s 2022 Global Crime Trend Report.
Cyber-enabled fraud drives a complex and dangerous ecosystem, where illicit activities intersect and fuel each other in a vicious cycle. For example, the link between cybercrime and human trafficking is becoming more pronounced, with criminal networks often using the funds obtained through cyber-enabled fraud to fuel operations where trafficked workers are forced to perpetrate “romance baiting” cryptocurrency scams.
At Google Cloud’s Office of the CISO, we believe that a strategic shift toward a proactive, preventive mindset is crucial to helping organizations take stronger action to address cyber-enabled fraud. That starts with a better understanding of the common fraudulent activities that can threaten your business, such as impersonation, phishing, and account takeovers.
Disrupting this ecosystem is a top reason for combating cyber-enabled fraud, yet most efforts to do so are currently fragmented because data, systems, and organizational structures have been siloed. We often see organizations use a myriad of tools and platforms across divisions and departments, which results in inconsistent rule application.
Those weaknesses can limit visibility and hinder comprehensive detection and prevention efforts. Fraud programs in their current state are time-consuming and resource-intensive, and can feel like an endless game of whack-a-mole for the folks on the ground.
At Google Cloud’s Office of the CISO, we believe that a strategic shift toward a proactive, preventive mindset is crucial to helping organizations take stronger action to address cyber-enabled fraud. That starts with a better understanding of the common fraudulent activities that can threaten your business, such as impersonation, phishing, and account takeovers.
From there, it’s essential to build a scalable risk assessment using a consistent approach. We recommend using the Financial Services Information Sharing and Analysis Center’s Cyber Fraud Prevention Framework, which ensures a common lexicon and a unified approach across your entire enterprise. The final piece involves meticulously mapping out the specific workflows where fraudulent activity is most likely to occur.
By categorizing these activities into distinct phases, you can identify the exact points where controls can be implemented, breaking the chain before a threat can escalate into a breach.
In parallel, consider the types of fraud-prevention capabilities that may already be available to support your fraud prevention efforts. Our recent paper on tackling scams and fraud together describes Google Cloud’s efforts in this space, some of which are highlighted below.
- Remove scams and fraudulent links, including phishing and executive impersonation, from Google Ads and Google Workspace services through the Financial Services Priority Flagger Program.
- Combat scams across Google products and services using Safe Browsing, AI-powered warnings for Chrome on Android, spam protection on Google Messages, Scam Detection for voice calls, and our free Cross Account Protection API.
- Guard against account takeover through the Advanced Protection Program which safeguards users by requiring enhanced identity verification.
Though Google combats fraudulent practices through continued investment in enhancing our capabilities, as well as through other means including litigation, we recognize that broader industry collaboration is needed to truly move the needle. That’s why we’ve partnered with industry efforts through the Financial Services ISAC, the Global Anti-Scams Alliance, DNS Research Federation, the National Elder Fraud Coordination Center, and the Global Signal Exchange to collectively drive fraud detection and prevention forward. Most recently, the U.S. government commended us for our efforts to combat fraud.
Combating cyber-enabled fraud is a key task that CISOs and boards of directors can collaborate on to ensure alignment with executive leadership, especially given the financial and reputational risks. Regular dialogue between boards and CISOs can help build a unified, enterprise-wide strategy that moves from siloed departments and disparate tools to a proactive defense model.
Boardrooms should hear regularly from CISOs and other security experts who understand the intersection of fraud and cybersecurity, and the issues at stake for security practitioners and risk managers. We also recommend that boards should regularly ask CISOs questions about the threat landscape and the fraud risks that the business faces, and how best to mitigate those risks.
You can learn more about what organizations can do to combat cyber-enabled fraud in our newest Perspectives on Security for the Board report.
- aside_block
- <ListValue: [StructValue([(‘title’, ‘Join the Google Cloud CISO Community’), (‘body’, <wagtail.rich_text.RichText object at 0x3e9735660760>), (‘btn_text’, ‘Learn more’), (‘href’, ‘https://rsvp.withgoogle.com/events/ciso-community-interest?utm_source=cgc-blog&utm_medium=blog&utm_campaign=2024-cloud-ciso-newsletter-events-ref&utm_content=-&utm_term=-‘), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
In case you missed it
Here are the latest updates, products, services, and resources from our security teams so far this month:
- Security Summit 2025: Enabling defenders, securing AI innovation: At Security Summit 2025, we’re sharing new capabilities to help secure your AI initiatives, and to help you use AI to make your organization more secure. Read more.
- Introducing Cloud HSM as an encryption key service for Workspace CSE: To help highly-regulated organizations meet their encryption key service obligation, we are now offering Cloud HSM for Google Workspace CSE customers. Read more.
- From silos to synergy: New Compliance Manager, now in preview: Google Cloud Compliance Manager, now in preview, can help simplify and enhance how organizations manage security, privacy, and compliance in the cloud. Read more.
- Going beyond DSPM to protect your data in the cloud, now in preview: Our new DSPM offering, now in preview, provides end-to-end governance for data security, privacy, and compliance. Here’s how it can help you. Read more.
- Google named a Leader in IDC MarketScape: Worldwide Incident Response 2025 Vendor Assessment: Mandiant, a core part of Google Cloud Security, can empower organizations to navigate critical moments, prepare for future threats, build confidence, and advance their cyber defense programs. Read more.
- A fuzzy escape: Vulnerability research on hypervisors: Follow the Cloud Vulnerability Research (CVR) team on their journey to find a virtual machine escape bug. Read more.
Please visit the Google Cloud blog for more security stories published this month.
- aside_block
- <ListValue: [StructValue([(‘title’, ‘Fact of the month’), (‘body’, <wagtail.rich_text.RichText object at 0x3e9735660040>), (‘btn_text’, ‘Learn more’), (‘href’, ‘https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-adding-new-layered-protections-to-2fa/’), (‘image’, <GAEImage: GCAT-replacement-logo-A>)])]>
Threat Intelligence news
- PRC-nexus espionage hijacks web traffic to target diplomats: Google Threat Intelligence Group (GTIG) has identified a complex, multifaceted espionage campaign targeting diplomats in Southeast Asia and other entities globally, that we attribute to the People’s Republic of China (PRC)-nexus threat actor UNC6384. Read more.
- Analyzing the CORNFLAKE.V3 backdoor: Mandiant Threat Defense has detailed a financially-motivated operation where threat actors are working together. One threat actor, UNC5518, has been using the ClickFix technique to gain initial access, and another threat actor, UNC5774, has deployed the CORNFLAKE.V3 backdoor to deploy payloads. Read more.
Please visit the Google Cloud blog for more threat intelligence stories published this month.
Now hear this: Podcasts from Google Cloud
- Cyber-resiliency for the rest of us: Errol Weiss, chief security officer, Health-ISAC, joins hosts Anton Chuvakin and Tim Peacock to chat about making organizations more digitally resilient, shifting from a cybersecurity perspective to one that’s broader, and how to increase resilience given tough budget constraints. Listen here.
- Linux security, and the detection and response disconnect: Craig Rowland, founder and CEO, Sandfly Security, joins Anton and Tim to discuss the most significant security blind spots on Linux, and the biggest operational hurdles teams face when trying to conduct incident response across distributed Linux environments. Listen here.
- Defender’s Advantage: How cybercriminals view AI tools: Michelle Cantos, GTIG senior analyst, joins host Luke McNamara to discuss the latest trends and use cases for illicit AI tools being sold by threat actors in underground marketplaces. Listen here.
- Behind the Binary: Scaling bug bounty programs: Host Josh Stroschein is joined by Jared DeMott to discuss managing bug bounty programs at scale and what goes into a good bug report. Listen here.
To have our Cloud CISO Perspectives post delivered twice a month to your inbox, sign up for our newsletter. We’ll be back in a few weeks with more security-related updates from Google Cloud.
Read More for the details.
