Financial Institutions & Cybercrime

Uploaded on 2016-09-14 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

Recent high-profile cases of financial institutions being targeted by cyber criminals, such as the attack on the Bangladesh Central Bank in February 2016 that resulted in a loss of $81 million, illustrate the dangers posed by cybercrime to the international financial system.

In early 2015, the US Director of National Intelligence, James R Clapper, ranked cybercrime above terrorism and espionage as the greatest threat to national security. GCHQ has also categorised the issue as a Tier 1 threat, indicating that cybercrime is now a high priority on the agenda of governments worldwide.

Governmental and international statistics indicate that the use of information and communication technologies (ICT) to facilitate criminal activity is increasing. In the UK, both Action Fraud and the National Crime Agency (NCA) have recorded an increase in cybercrime. Both large-scale organised crime groups and low-level, non-organised criminals have moved their operations online, creating new avenues for profit and diversifying their activities. In the UK, while there has been an increase in the use of cybercrime by ‘traditional’ organised crime networks, a law enforcement official interviewed for this article said that there has also been an increase in the cyber ‘marketplace’ type of crime, where anyone may purchase tools to carry out fraudulent operations, data theft, ransom and blackmail.

The great advantage of ICT for criminals has been the democratisation of access to tools and thus the ability to carry out relatively small-effort crimes for large profits. Perpetrators range from state-sponsored to members of organised criminal groups, internet hackers, terrorists and small-time offenders. In the UK, law enforcement has identified marketplace criminals as the most prevalent actors in cybercrime, for whom – in contrast to the larger-scale organised crime groups – political and ideological reasons, rather than economic gain, are the motivating factors.

Undoubtedly, the banking sector’s embrace of the digital world has left it more vulnerable to cybercrime. Financial institutions, particularly those operating across different jurisdictions, are particularly at risk as online banking, frequent international transactions, new payment systems (such as PayPal and Apple Wallet, among others) and the significant databases held by banks provide easy targets and high profits. Financier Worldwide magazine suggests that more than half of the world’s top 50 banking websites have been accessed illegally in the last decade, leading to a loss of more than $1 billion. 

Threats to financial institutions include two types of cybercrime. ‘Cyber-dependent’ crimes, such as hacking and DoS attacks, are not possible without the use of the internet. Cyber-enabled (or ‘cyber-assisted’) crimes, by contrast, are ‘traditional’ crimes – such as fraud, robbery and extortion – which are facilitated and made easier by technology, but would still take place if the technology were not available. Financial institutions need to have strategies in place that allow them to respond to and understand both types of threat.

While economic cybercrime is not exclusively directed at financial institutions, recent reports suggest the threat towards them is increasing. For example, the ThreatMetrix Cybercrime Report for Q4 2015 noted that there had been a 40% increase in cyber-criminal activity against banks over the preceding 12 months, including more than 100 million attempts at fraud.

Cybercrime is now the most-reported type of crime by financial institutions, and as providers of national infrastructure through their financial services, the ways in which these businesses respond to and understand threats is of particular importance to a nation’s security and resilience.

A study by the Ponemon Institute, a US-based research centre specialising in data protection and security policy, suggests that it can take over eight months (on average 256 days) before a financial institution detects a malicious attack. By that time, it is likely that high volumes of sensitive corporate information will already have been siphoned off to outside criminal masters. 

Typically, malware spends some time surveying a network, looking for weaknesses and compromising user accounts with high access privileges. This ‘attack timeline’ constitutes a double-edged sword for organisations. On the upside, the delay provides an opportunity for technologies such as data analytics to identify the breach before significant data loss has taken place. On the downside, the fact that such breaches have often lain undiscovered for months illustrates the vulnerabilities of organisations that are unprepared for this type of threat.

There are a number of steps that financial institutions can take to improve the robustness of their defences to cybercrime: better understanding of the problem through partnerships; investing in technology such as analytics platforms; and sharing information that may be relevant to others.

First, there is growing agreement among financial institutions that co-operation should be encouraged between the public and private sectors, and many such initiatives have already been put in place in the UK and abroad. The establishment of initiatives, such as the UK National Computer Emergency Response Team (CERT UK) and the Cyber-Security Information Sharing Partnership (CiSP), as well as the UK’s Cyber Defence Alliance (run in co-operation with the NCA), demonstrates an increased realisation that cyber-security threats cannot be addressed in isolation and that co-operation between stakeholders is key. CiSP, for example, seeks to address the issues leading to under-reporting of cybercrime, although little data are available to demonstrate whether this initiative has been successful. The World Economic Forum has similarly highlighted the importance of co-operation through its ‘Recommendations for Public-Private Partnership against Cybercrime’ and emphasis on information-sharing.

The recent UK Talk Talk breach, where the perpetrator was a teenager with no criminal affiliation, and the HSBC DoS attack, where no culprit or motive has been identified thus far, demonstrate how co-operation with law enforcement before and after attacks is crucial to the management of the problem as well as for future learning and behaviour modification. While acknowledging that economic cybercrime will never be fully controlled, these instances of co-operation strongly indicate that stakeholders are moving towards a more effective and up-to-date strategy to tackle the risk.

Second, supporting investment in technological advances is also crucial for improving the robustness of defences to cybercrime. In an article in the International Business Times a series of coordinated attacks saw criminals steal approximately $1 billion from more than 100 banks through spear-phishing emails sent to the banks’ employees. 

Although appearing legitimate, the emails contained malware that opened remote access to bank computers and allowed criminals to infiltrate the system. In response to these kinds of risks financial institutions are beginning to recruit staff with strong security backgrounds to improve employees’ awareness of threats and reduce reliance on technology to stop breaches.

In recent years the UK financial sector has made significant investment in the fight against cybercrime, with numbers reaching an annual peak of £700 million, according to a 2013 report by the Department for Business, Innovation and Skills. The majority of efforts are being channeled into updating ICT security with innovative software and analytics as well as forensic skills and the means to trace potential attackers. However, a number of experts from the sector recently emphasised that this investment must be better guided and informed by people who understand the specific needs of each business and can therefore identify which technology is most appropriate for it. The type of technology adopted should, in addition, be capable of processing and identifying human factors and their impact on the wider system.

While basic firewall systems are essential for the provision of some level of protection against known security attacks, hackers continue to slip unnoticed into corporate networks and spend days, weeks or months exploring the resources available online. Malware may quietly collect sensitive information as it traverses the network, harvest users’ internet sessions looking for passwords, send corporate documents or databases to cyber criminals outside the target, or simply sit waiting for an external trigger to take particular actions, such as deleting critical business information.

However, many institutions are not up to date with the latest tools and crucially lack the ability to: implement strong cyber-security systems without expert, technological support; profile and investigate attacks so as to develop best practices; and fully co-operate with other financial institutions in order to improve knowledge. As a result, a high proportion of large organisations continue to suffer some form of breach.

If financial institutions are perceived to be vulnerable to cybercrime they risk grave reputational damage, as well as the impact on share prices and the stability of the wider financial market. According to a report published by the British Bankers Association and PwC, this is of considerable concern to most banks and has led to under-reporting of attacks or threats. So, as the NCA has stressed, a key factor in the failure to control some of these breaches appears to be the institutions themselves and their reluctance to communicate.

This culture needs to change. Indeed, the third step that financial institutions need to take if they are to improve the robustness of their defences to cybercrime is to do more to communicate, or share information, with both law enforcement and cyber-security experts. This would improve their response capability and allow them to better understand criminal trends and emerging threats. As economic cybercrime has an ever-evolving nature, there is a corresponding need for ongoing co-operation to identify and share risks and new ways to reduce them.

At the EU level there are plans to expand legislation on cyber-security that will require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services such as search engines and cloud computing, to take appropriate security measures and report incidents to the national authorities. The hope is that this will in turn lead to the creation of platforms for co-operation not only at a forensic but also at a preventative level. 

As the problem of cybercrime expands and is increasingly being discussed in open forums, financial institutions and other businesses should work towards putting in place robust strategies that address technological difficulties whilst simultaneously understanding the human factors behind the risks and the need to constantly share information with others, and particularly with law enforcement.

RUSI
 

« New Bitcoin Analytics Tool
The White House Has Four Keys To Improving Cybersecurity »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

NetExtend

NetExtend

NetExtend services include backup and recovery, endpoint protection, network monitoring, cloud portal and billing and payment solutions.

TechGuard Security

TechGuard Security

TechGuard Security was founded to address national cyber defense initiatives and US critical infrastructure security.

SQN Banking Systems

SQN Banking Systems

SQN Banking Systems fraud detection software products are a critical step towards overcoming the growing problem of fraud across the various payment channels.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Phosphorous Cybersecurity

Phosphorous Cybersecurity

Phosphorus has fully automated remediation of the two biggest IoT vulnerabilities, out of date firmware and default credentials.

Inpher

Inpher

Inpher has pioneered cryptographic Secret Computing® that enables advanced analytics and machine learning while keeping data private, secure, and distributed.

ImpactQA

ImpactQA

ImpactQA is a global leading software testing & QA consulting company. Ten years of excellence. Delivering unmatched services & digital transformation to SMEs & Fortune 500 companies.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Robo Shadow

Robo Shadow

Robo Shadow are trying to bridge the gap between the top tier organisations that can afford everything and everyone else who has to “Make it up as they go along” when it comes to Cyber.

Shield Capital

Shield Capital

Shield Capital helps founders build frontier solutions in cybersecurity, artificial intelligence, space & autonomy for commercial and government enterprises.

Feroot Security

Feroot Security

Feroot Security secures client-side web applications so that businesses can deliver a flawless user experience to their customers. Our products help organizations protect their client-side surface.

Data Pie Cybersecurity

Data Pie Cybersecurity

The Data Pie Cybersecurity Consulting offers a 360° around protection for your IT security. Security awareness solutions and consulting.

HYCU

HYCU

HYCU was born of the need to simplify data protection and provide equivalent levels of backup and recovery support across on premises, public cloud, and SaaS workloads.

Amnet Technology Solutions (Amnet Systems)

Amnet Technology Solutions (Amnet Systems)

Amnet Systems is a technology services organization that provides Managed IT, Cloud Computing, Cyber Security, Data Center and Audio Visual services since 1995.