The Cybersecurity Threats That Keep Banks Alert

Uploaded on 2017-05-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

In the current climate of major data breaches amidst an ever-shifting cyber threat landscape, the people in charge of vast volumes of valuable financial data are under increasing pressure to keep customer data safe from hackers and fraudsters.

Speaking at the SWIFT Business Forum in London at the end of April, a range of senior security professionals at financial services firms and banks told the audience what keeps them up at night when it comes to cyber security and fraud. Here's what they said:

1. A constantly changing threat landscape
JF Legault, global head of cybersecurity operations at JP Morgan, highlighted the way that the threat landscape has changed over the past few years.
He explained: "In late 2014 we saw the advent of malware targeting wholesale banking platforms. Criminals stopped going after simple, low-value monetary amounts and shifted to high-value payment platforms. 
The reason they did that was a lot more yield on the crime they committed. We also saw a shift toward business email compromise. We also saw a number of breaches affecting the financial sector that led to fraudulent messages."
His diplomatic answer to what keeps him up at night was simply: "What the business says keeps it up at night. I am there to help the business innovate and look at the different risks they face."

2. False positives
In the fraud space, the biggest issue for banks is "false positives" in its anti-money laundering (AML) monitoring systems. This means issues being flagged that aren't actually fraudulent activities, taking up valuable analyst time.
Anthony Fenwick, global head of treasury and trade solutions and AML compliance at Citi Group said simply: "Our biggest problem in this industry is false positives."
When asked if artificial intelligence technology could help solve this issue, Fenwick said: "The story is why are we producing so many false positives, not 'let's deploy robots to get rid of the false positives'.
"One of the drivers I am trying to change is that the use of electronics and AI have to go hand-in-hand with the best humans. The idea that we remove all human activity from this process misses the point of what we are trying to do, which is marry these two capabilities to tackle the beast of bad data."

3. The big breach
Royce Curtin, managing director of global intelligence at Barclays, said: "It's the big breach that keeps us awake at night. If and when and that ultimate failure to provide the service customers expect and entrust us to keep safe. So we work very hard and take it very seriously the responsibility of building systems and trust for services that people feel comfortable using."
Last year saw the biggest data breach at a bank in UK history. Tesco Bank was hit by an attack which saw 20,000 compromised users lose money from their accounts. The banking wing of the supermarket giant is in the process of paying back ÂL2.5 million to customers who had their accounts compromised.

4. Missing a breach
Brendan Goode, regional CISO for UK and Ireland at Deutsche Bank said he most fears the feeling of "did we miss something? Where you look back at the logs and it is right there."
This failure of the system to alert to a potential breach is a major part of a modern cyber security strategy, and would keep any CISO worth their salt up at night.

5. Customers
As the February 2016 hack of the Bangladesh Central Bank showed, customer accounts can be the most vulnerable point of entry to a bank's systems. The hackers used stolen privileged credentials to steal $81 million before they were caught.
Matt Middleton-Leal, regional vice-president UK, Ireland and Northern Europe at security software vendor CyberArk, said: "Banks fear attacks which hide behind insider privileges because they allow cybercriminals to appear as legitimate users, giving them unprecedented freedom to work their way up to their most valuable financial assets."

Gottfried Leibbrandt, CEO at the financial messaging vendor SWIFT admitted that the bank's customers "will always be the weakest link, but at the same time the response should not be 'let's fix the weakest link' but you have to take an end-to-end view."

"Yes the weak link will always be the customer at the end of the day," he said, "but in retail banking the banks have been able to put in controls after it gets into the bank to respond to suspect logins, fraudulent transactions and do real risk scoring."

6. Ruthless adversaries
Craig Rice, director of security at Payments UK and the CSO at BACS said that the threat shouldn't be considered a technology problem but more like organised crime.
"They are ruthless shadow operations that work outside of a regulatory regime," he said. "They are quicker than you are, they are more ruthless than you are and they are more willing to be pragmatic than you are. That's a really tough competitor you are dealing with, so stop thinking about this as a technology problem."
So, how do the banks confront these issues?
How do the banks deal with this ever-changing threat landscape?

Communication and intelligence
The main theme of the day regarding cyber security and fraud was a shift from a walled-garden approach to a holistic one, and this comes down to better communication and intelligence sharing.
JF Legault at JP Morgan laid out his approach to contending with the new threat landscape: "I am responsible for collecting threat and fraud intelligence to ensure that we know where adversaries are going and what they are going after."
He said this comes down to not just technology, but people and process: "So how do we go from a cyber security analyst that is very much focused on technology and cyber controls, to an analyst that understands the business and can have a conversation with someone in the payments space?"

This approach can also be seen in the language of modern cyber security vendors. Splunk's-cyber security tools are all marketed with a focus on intelligence and response, and UK cyber startup Darktrace is making good progress in the enterprise market because it is rooted in this approach.

From perimeter security to multiple layers
Gottfried Leibbrandt from SWIFT highlighted the need for a change in thinking from its clients, "from perimeter security where no one gets inside our walls, to in-depth defence."
"Realising that sooner or later someone will get in and catching them when they get in, seeing what they do and being able to respond by having multiple layers of defence," he said.

Cross-industry collaboration
Leibbrandt from SWIFT pointed out that the days of banks keeping their cyber strategy a closely guarded secret are over if there is to be any progress in combating today's cyber threats.
He said: "A lot of the threats we see today exploit the ecosystem, they don't look for an individual link in the chain, they look for weak points in the end-to-end chain, so the response means we have to work together as an ecosystem."
Many of the conference attendees mentioned the Centres a positive step for the private sector towards snuffing out cyber threats.
Goode from Deutsche Bank put it best when he said: "As soon as you make it more difficult, as soon as you start sharing and taking away the different avenues to target any bank and increase awareness, you make it a less enticing environment for adversaries to engage in."

Scenario testing
Despite many admitting it is a pain, scenario testing and exercises are one of the best ways for organisations to protect themselves from cyber threats, especially when they are conducted across the industry. The Bank of England and Financial Conduct Authority have typically taken a pretty progressive and collaborative approach to resiliency benchmarking in the UK.
Legault from JP Morgan said: "Doing exercises, so getting everyone around the table and you simulate scenarios so you understand where your gaps are and what you do well, you understand what you need to build into your cyber process and your resiliency process. It is essential to do that with everyone within your organisation: legal, cyber, compliance, the business, the operations folks, the technology folks and even your peers."

Actionable insights
Banks are increasingly looking to get more actionable insights to not just their security analysts but people within the business units themselves. This means intelligence that can be quickly turned into a response by the most relevant people, especially important in a landscape where breaches can happen in a heartbeat.

Brendan Goode from Deutsche Bank said: "In payments it is important to create intelligence inside the bank and publish it out and disseminate that fast and someone needs to receive it and do something with it, so actionable intelligence. That comes down to speaking a common language. So being able to say: here is a set of accounts and a volume of transactions that you should be mindful of, so that they can set alerts."

CSO

You Might Also Read:

Who’s Stealing The Money? SWIFT Tightens Security As A Fourth Bank Is Attacked:

Cyber Attacks On Banks Prompt New Regulatory Safeguards:

Financial Institutions & Cybercrime:

Strategies For A Cyber Security Culture (£):

 

 

 

« Malware: Eyes On North Korea
NATO Cyber War Games 2017: Czechs Win »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Purdicom

Purdicom

Purdicom (formerly known as Selcoms) is an award winning distributor specialising in Wireless, Cloud & Security technologies.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Texplained

Texplained

Texplained specializes in security audits of microchips to identify vulnerabilities and protect against invasive cyber attacks.

AcceptLocal

AcceptLocal

AcceptLocal is a payments industry consultancy with expertise in payment processing, payment security, anti-money laundering and fraud prevention.

National Cyber Security Agency (NACSA) - Malaysia

National Cyber Security Agency (NACSA) - Malaysia

NACSA is the leading government agency in Malaysia responsible for the development and implementation of national cyber security management policie and strategies.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

Electric Power Research Institute (EPRI)

Electric Power Research Institute (EPRI)

The Electric Power Research Institute’s Cyber Security Research Laboratory (CSRL) addresses the security issues of critical functions of electric utilities.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

Microland

Microland

Microland’s delivery of digital is all about making technology do more and intrude less for global enterprises. Our services include Cloud & Data Center, Networks, Cybersecurity and more.

SecureTech360

SecureTech360

SecureTech360 is a cybersecurity and IT consulting firm whose principals have extensive experience in Cybersecurity and Information Technology.

R-Tech

R-Tech

R-Tech GmbH manages the digital start-up initiative, whose goal is to build a sustainable start-up culture in the field of digitization throughout the Upper Palatinate district of Bavaria.

Artifice Security

Artifice Security

Artifice Security will demonstrate real-world attacks on your network, web applications, infrastructure, and personnel to expose your hidden security risks.

Aite-Novarica Group

Aite-Novarica Group

Aite-Novarica's Cybersecurity practice provides ongoing research and advisory services to chief information security officers focused on protecting their companies’ assets.

Valtix

Valtix

Valtix is the first and only multi-cloud network security platform delivered as a service that enables cloud teams to meet the most stringent security requirements in a cloud-first & simple way.

Colt Technology Services

Colt Technology Services

Colt Technology Services (Colt) is a global digital infrastructure company which creates extraordinary connections to help businesses succeed.

Cyber Dagger

Cyber Dagger

Cyber Dagger is a cybersecurity company driven by a mission to protect digital infrastructures and close the cybersecurity skills gap.