Financial Institutions & Cybercrime

Uploaded on 2016-09-14 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial

Recent high-profile cases of financial institutions being targeted by cyber criminals, such as the attack on the Bangladesh Central Bank in February 2016 that resulted in a loss of $81 million, illustrate the dangers posed by cybercrime to the international financial system.

In early 2015, the US Director of National Intelligence, James R Clapper, ranked cybercrime above terrorism and espionage as the greatest threat to national security. GCHQ has also categorised the issue as a Tier 1 threat, indicating that cybercrime is now a high priority on the agenda of governments worldwide.

Governmental and international statistics indicate that the use of information and communication technologies (ICT) to facilitate criminal activity is increasing. In the UK, both Action Fraud and the National Crime Agency (NCA) have recorded an increase in cybercrime. Both large-scale organised crime groups and low-level, non-organised criminals have moved their operations online, creating new avenues for profit and diversifying their activities. In the UK, while there has been an increase in the use of cybercrime by ‘traditional’ organised crime networks, a law enforcement official interviewed for this article said that there has also been an increase in the cyber ‘marketplace’ type of crime, where anyone may purchase tools to carry out fraudulent operations, data theft, ransom and blackmail.

The great advantage of ICT for criminals has been the democratisation of access to tools and thus the ability to carry out relatively small-effort crimes for large profits. Perpetrators range from state-sponsored to members of organised criminal groups, internet hackers, terrorists and small-time offenders. In the UK, law enforcement has identified marketplace criminals as the most prevalent actors in cybercrime, for whom – in contrast to the larger-scale organised crime groups – political and ideological reasons, rather than economic gain, are the motivating factors.

Undoubtedly, the banking sector’s embrace of the digital world has left it more vulnerable to cybercrime. Financial institutions, particularly those operating across different jurisdictions, are particularly at risk as online banking, frequent international transactions, new payment systems (such as PayPal and Apple Wallet, among others) and the significant databases held by banks provide easy targets and high profits. Financier Worldwide magazine suggests that more than half of the world’s top 50 banking websites have been accessed illegally in the last decade, leading to a loss of more than $1 billion. 

Threats to financial institutions include two types of cybercrime. ‘Cyber-dependent’ crimes, such as hacking and DoS attacks, are not possible without the use of the internet. Cyber-enabled (or ‘cyber-assisted’) crimes, by contrast, are ‘traditional’ crimes – such as fraud, robbery and extortion – which are facilitated and made easier by technology, but would still take place if the technology were not available. Financial institutions need to have strategies in place that allow them to respond to and understand both types of threat.

While economic cybercrime is not exclusively directed at financial institutions, recent reports suggest the threat towards them is increasing. For example, the ThreatMetrix Cybercrime Report for Q4 2015 noted that there had been a 40% increase in cyber-criminal activity against banks over the preceding 12 months, including more than 100 million attempts at fraud.

Cybercrime is now the most-reported type of crime by financial institutions, and as providers of national infrastructure through their financial services, the ways in which these businesses respond to and understand threats is of particular importance to a nation’s security and resilience.

A study by the Ponemon Institute, a US-based research centre specialising in data protection and security policy, suggests that it can take over eight months (on average 256 days) before a financial institution detects a malicious attack. By that time, it is likely that high volumes of sensitive corporate information will already have been siphoned off to outside criminal masters. 

Typically, malware spends some time surveying a network, looking for weaknesses and compromising user accounts with high access privileges. This ‘attack timeline’ constitutes a double-edged sword for organisations. On the upside, the delay provides an opportunity for technologies such as data analytics to identify the breach before significant data loss has taken place. On the downside, the fact that such breaches have often lain undiscovered for months illustrates the vulnerabilities of organisations that are unprepared for this type of threat.

There are a number of steps that financial institutions can take to improve the robustness of their defences to cybercrime: better understanding of the problem through partnerships; investing in technology such as analytics platforms; and sharing information that may be relevant to others.

First, there is growing agreement among financial institutions that co-operation should be encouraged between the public and private sectors, and many such initiatives have already been put in place in the UK and abroad. The establishment of initiatives, such as the UK National Computer Emergency Response Team (CERT UK) and the Cyber-Security Information Sharing Partnership (CiSP), as well as the UK’s Cyber Defence Alliance (run in co-operation with the NCA), demonstrates an increased realisation that cyber-security threats cannot be addressed in isolation and that co-operation between stakeholders is key. CiSP, for example, seeks to address the issues leading to under-reporting of cybercrime, although little data are available to demonstrate whether this initiative has been successful. The World Economic Forum has similarly highlighted the importance of co-operation through its ‘Recommendations for Public-Private Partnership against Cybercrime’ and emphasis on information-sharing.

The recent UK Talk Talk breach, where the perpetrator was a teenager with no criminal affiliation, and the HSBC DoS attack, where no culprit or motive has been identified thus far, demonstrate how co-operation with law enforcement before and after attacks is crucial to the management of the problem as well as for future learning and behaviour modification. While acknowledging that economic cybercrime will never be fully controlled, these instances of co-operation strongly indicate that stakeholders are moving towards a more effective and up-to-date strategy to tackle the risk.

Second, supporting investment in technological advances is also crucial for improving the robustness of defences to cybercrime. In an article in the International Business Times a series of coordinated attacks saw criminals steal approximately $1 billion from more than 100 banks through spear-phishing emails sent to the banks’ employees. 

Although appearing legitimate, the emails contained malware that opened remote access to bank computers and allowed criminals to infiltrate the system. In response to these kinds of risks financial institutions are beginning to recruit staff with strong security backgrounds to improve employees’ awareness of threats and reduce reliance on technology to stop breaches.

In recent years the UK financial sector has made significant investment in the fight against cybercrime, with numbers reaching an annual peak of £700 million, according to a 2013 report by the Department for Business, Innovation and Skills. The majority of efforts are being channeled into updating ICT security with innovative software and analytics as well as forensic skills and the means to trace potential attackers. However, a number of experts from the sector recently emphasised that this investment must be better guided and informed by people who understand the specific needs of each business and can therefore identify which technology is most appropriate for it. The type of technology adopted should, in addition, be capable of processing and identifying human factors and their impact on the wider system.

While basic firewall systems are essential for the provision of some level of protection against known security attacks, hackers continue to slip unnoticed into corporate networks and spend days, weeks or months exploring the resources available online. Malware may quietly collect sensitive information as it traverses the network, harvest users’ internet sessions looking for passwords, send corporate documents or databases to cyber criminals outside the target, or simply sit waiting for an external trigger to take particular actions, such as deleting critical business information.

However, many institutions are not up to date with the latest tools and crucially lack the ability to: implement strong cyber-security systems without expert, technological support; profile and investigate attacks so as to develop best practices; and fully co-operate with other financial institutions in order to improve knowledge. As a result, a high proportion of large organisations continue to suffer some form of breach.

If financial institutions are perceived to be vulnerable to cybercrime they risk grave reputational damage, as well as the impact on share prices and the stability of the wider financial market. According to a report published by the British Bankers Association and PwC, this is of considerable concern to most banks and has led to under-reporting of attacks or threats. So, as the NCA has stressed, a key factor in the failure to control some of these breaches appears to be the institutions themselves and their reluctance to communicate.

This culture needs to change. Indeed, the third step that financial institutions need to take if they are to improve the robustness of their defences to cybercrime is to do more to communicate, or share information, with both law enforcement and cyber-security experts. This would improve their response capability and allow them to better understand criminal trends and emerging threats. As economic cybercrime has an ever-evolving nature, there is a corresponding need for ongoing co-operation to identify and share risks and new ways to reduce them.

At the EU level there are plans to expand legislation on cyber-security that will require operators of essential services in the energy, transport, banking and healthcare sectors, and providers of key digital services such as search engines and cloud computing, to take appropriate security measures and report incidents to the national authorities. The hope is that this will in turn lead to the creation of platforms for co-operation not only at a forensic but also at a preventative level. 

As the problem of cybercrime expands and is increasingly being discussed in open forums, financial institutions and other businesses should work towards putting in place robust strategies that address technological difficulties whilst simultaneously understanding the human factors behind the risks and the need to constantly share information with others, and particularly with law enforcement.

RUSI
 

« New Bitcoin Analytics Tool
The White House Has Four Keys To Improving Cybersecurity »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Pluralsight

Pluralsight

Pluralsight helps enterprises build technology skills at scale with expert-authored courses on today’s most important technologies including information and cyber security.

Government Communications Headquarters (GCHQ)

Government Communications Headquarters (GCHQ)

GCHQ defends Government systems from cyber threat, provide support to the Armed Forces and strive to keep the public safe, in real life and online.

Comiq

Comiq

Comiq provide software quality assurance, testing and project management services. Areas of expertise include cybersecurity.

Cyberint

Cyberint

Cyberint, the Impactful Intelligence company, fuses open-deep-and darkweb Threat Intelligence with Attack Surface Management to deliver maximum protection from external threats.

Identify Security Software

Identify Security Software

Our mission is to bring in a new age of autonomous human authentication in the security and identity space.

Identillect Technologies

Identillect Technologies

Identillect Technologies provide a user-friendly secure email solution to protect critical information, with an emphasis on simplicity.

LinOTP

LinOTP

LinOTP is an enterprise level, innovative, flexible and versatile OTP-platform for strong authentication.

Temasoft

Temasoft

TEMASOFT is a software company focused on developing security and infrastructure products.

CSIRT-NQN

CSIRT-NQN

CSIRT-NQN is the Computer Incident Response Team for the Argentine province of Neuquen.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

KDM Analytics

KDM Analytics

KDM Analytics software products automate the NIST risk management framework (RMF) assessment for operational technology (OT) systems.

MyDocSafe

MyDocSafe

MyDocSafe is an all-in-one document security and e-sign software.

Avalanchio Technologies

Avalanchio Technologies

The Avalanchio platform gives you a complete solution to collect, process, and analyze security data to detect threats in real-time and analyze historical data using security DSL or SQL.

HEAL Security

HEAL Security

HEAL Security is the global authority for cybersecurity data, research and insights across the healthcare sector.

Athena7

Athena7

Athena7 is a dedicated assessment practice committed to helping organizations understand how their infrastructure, backups, and security controls will withstand the latest threat actor tactics.

GetReal Security

GetReal Security

GetReal Security is the world’s leading authority on malicious digital content and deepfake protection.