The Cybersecurity Threats That Keep Banks Alert

Uploaded on 2017-05-10 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

In the current climate of major data breaches amidst an ever-shifting cyber threat landscape, the people in charge of vast volumes of valuable financial data are under increasing pressure to keep customer data safe from hackers and fraudsters.

Speaking at the SWIFT Business Forum in London at the end of April, a range of senior security professionals at financial services firms and banks told the audience what keeps them up at night when it comes to cyber security and fraud. Here's what they said:

1. A constantly changing threat landscape
JF Legault, global head of cybersecurity operations at JP Morgan, highlighted the way that the threat landscape has changed over the past few years.
He explained: "In late 2014 we saw the advent of malware targeting wholesale banking platforms. Criminals stopped going after simple, low-value monetary amounts and shifted to high-value payment platforms. 
The reason they did that was a lot more yield on the crime they committed. We also saw a shift toward business email compromise. We also saw a number of breaches affecting the financial sector that led to fraudulent messages."
His diplomatic answer to what keeps him up at night was simply: "What the business says keeps it up at night. I am there to help the business innovate and look at the different risks they face."

2. False positives
In the fraud space, the biggest issue for banks is "false positives" in its anti-money laundering (AML) monitoring systems. This means issues being flagged that aren't actually fraudulent activities, taking up valuable analyst time.
Anthony Fenwick, global head of treasury and trade solutions and AML compliance at Citi Group said simply: "Our biggest problem in this industry is false positives."
When asked if artificial intelligence technology could help solve this issue, Fenwick said: "The story is why are we producing so many false positives, not 'let's deploy robots to get rid of the false positives'.
"One of the drivers I am trying to change is that the use of electronics and AI have to go hand-in-hand with the best humans. The idea that we remove all human activity from this process misses the point of what we are trying to do, which is marry these two capabilities to tackle the beast of bad data."

3. The big breach
Royce Curtin, managing director of global intelligence at Barclays, said: "It's the big breach that keeps us awake at night. If and when and that ultimate failure to provide the service customers expect and entrust us to keep safe. So we work very hard and take it very seriously the responsibility of building systems and trust for services that people feel comfortable using."
Last year saw the biggest data breach at a bank in UK history. Tesco Bank was hit by an attack which saw 20,000 compromised users lose money from their accounts. The banking wing of the supermarket giant is in the process of paying back ÂL2.5 million to customers who had their accounts compromised.

4. Missing a breach
Brendan Goode, regional CISO for UK and Ireland at Deutsche Bank said he most fears the feeling of "did we miss something? Where you look back at the logs and it is right there."
This failure of the system to alert to a potential breach is a major part of a modern cyber security strategy, and would keep any CISO worth their salt up at night.

5. Customers
As the February 2016 hack of the Bangladesh Central Bank showed, customer accounts can be the most vulnerable point of entry to a bank's systems. The hackers used stolen privileged credentials to steal $81 million before they were caught.
Matt Middleton-Leal, regional vice-president UK, Ireland and Northern Europe at security software vendor CyberArk, said: "Banks fear attacks which hide behind insider privileges because they allow cybercriminals to appear as legitimate users, giving them unprecedented freedom to work their way up to their most valuable financial assets."

Gottfried Leibbrandt, CEO at the financial messaging vendor SWIFT admitted that the bank's customers "will always be the weakest link, but at the same time the response should not be 'let's fix the weakest link' but you have to take an end-to-end view."

"Yes the weak link will always be the customer at the end of the day," he said, "but in retail banking the banks have been able to put in controls after it gets into the bank to respond to suspect logins, fraudulent transactions and do real risk scoring."

6. Ruthless adversaries
Craig Rice, director of security at Payments UK and the CSO at BACS said that the threat shouldn't be considered a technology problem but more like organised crime.
"They are ruthless shadow operations that work outside of a regulatory regime," he said. "They are quicker than you are, they are more ruthless than you are and they are more willing to be pragmatic than you are. That's a really tough competitor you are dealing with, so stop thinking about this as a technology problem."
So, how do the banks confront these issues?
How do the banks deal with this ever-changing threat landscape?

Communication and intelligence
The main theme of the day regarding cyber security and fraud was a shift from a walled-garden approach to a holistic one, and this comes down to better communication and intelligence sharing.
JF Legault at JP Morgan laid out his approach to contending with the new threat landscape: "I am responsible for collecting threat and fraud intelligence to ensure that we know where adversaries are going and what they are going after."
He said this comes down to not just technology, but people and process: "So how do we go from a cyber security analyst that is very much focused on technology and cyber controls, to an analyst that understands the business and can have a conversation with someone in the payments space?"

This approach can also be seen in the language of modern cyber security vendors. Splunk's-cyber security tools are all marketed with a focus on intelligence and response, and UK cyber startup Darktrace is making good progress in the enterprise market because it is rooted in this approach.

From perimeter security to multiple layers
Gottfried Leibbrandt from SWIFT highlighted the need for a change in thinking from its clients, "from perimeter security where no one gets inside our walls, to in-depth defence."
"Realising that sooner or later someone will get in and catching them when they get in, seeing what they do and being able to respond by having multiple layers of defence," he said.

Cross-industry collaboration
Leibbrandt from SWIFT pointed out that the days of banks keeping their cyber strategy a closely guarded secret are over if there is to be any progress in combating today's cyber threats.
He said: "A lot of the threats we see today exploit the ecosystem, they don't look for an individual link in the chain, they look for weak points in the end-to-end chain, so the response means we have to work together as an ecosystem."
Many of the conference attendees mentioned the Centres a positive step for the private sector towards snuffing out cyber threats.
Goode from Deutsche Bank put it best when he said: "As soon as you make it more difficult, as soon as you start sharing and taking away the different avenues to target any bank and increase awareness, you make it a less enticing environment for adversaries to engage in."

Scenario testing
Despite many admitting it is a pain, scenario testing and exercises are one of the best ways for organisations to protect themselves from cyber threats, especially when they are conducted across the industry. The Bank of England and Financial Conduct Authority have typically taken a pretty progressive and collaborative approach to resiliency benchmarking in the UK.
Legault from JP Morgan said: "Doing exercises, so getting everyone around the table and you simulate scenarios so you understand where your gaps are and what you do well, you understand what you need to build into your cyber process and your resiliency process. It is essential to do that with everyone within your organisation: legal, cyber, compliance, the business, the operations folks, the technology folks and even your peers."

Actionable insights
Banks are increasingly looking to get more actionable insights to not just their security analysts but people within the business units themselves. This means intelligence that can be quickly turned into a response by the most relevant people, especially important in a landscape where breaches can happen in a heartbeat.

Brendan Goode from Deutsche Bank said: "In payments it is important to create intelligence inside the bank and publish it out and disseminate that fast and someone needs to receive it and do something with it, so actionable intelligence. That comes down to speaking a common language. So being able to say: here is a set of accounts and a volume of transactions that you should be mindful of, so that they can set alerts."

CSO

You Might Also Read:

Who’s Stealing The Money? SWIFT Tightens Security As A Fourth Bank Is Attacked:

Cyber Attacks On Banks Prompt New Regulatory Safeguards:

Financial Institutions & Cybercrime:

Strategies For A Cyber Security Culture (£):

 

 

 

« Malware: Eyes On North Korea
NATO Cyber War Games 2017: Czechs Win »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Ixia

Ixia

Ixia provides testing, visibility, and security solutions to strengthen applications across physical and virtual networks.

Digital Ship

Digital Ship

Digital Ship provides news, information, conferences and events focused on digital ship systems, information technology and security relating to maritime operations.

CodeSealer

CodeSealer

CodeSealer provide invisible end-to-end user interface protection with a unique web security solution to eliminate Man-in-the-Middle and Man-in-the-Browser vulnerabilties.

CYQUEO

CYQUEO

CYQUEO is your professional partner and system integrator. We secure your organization against advanced cyber threats.

Secure Code Warrior

Secure Code Warrior

Secure your code from the start with gamified, scalable online secure coding training for software developers.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

OnDefend

OnDefend

OnDefend delivers information security solutions that improve overall security posture, reduce risks and defend against continually evolving and persistent cyber adversaries.

Sertainty

Sertainty

Sertainty enables developers to mix intelligence into data files for active risk mitigation and data control. Discover the impact of Data: Empowered.

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP)

Swedish Incubators & Science Parks (SISP) is the Swedish industry association for Swedish incubators and science parks.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

Cisco Networking Academy

Cisco Networking Academy

Cisco Networking Academy is the world's largest classroom, bringing technology education, 21st-century skills, and improved jobs prospects since 1997.

Allurity

Allurity

Allurity is a group of tech-enabled cybersecurity service providers, comprised of best-in-class experts with a common mission to enable a safe digital world.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Aegis Cyber Defense Systems

Aegis Cyber Defense Systems

AEGIS is a powerful cybersecurity tool that can help protect your devices and networks from cyber threats, and increase performance.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.

DataGuard

DataGuard

DataGuard is a security and compliance software company trusted by organisations across the globe.