The Cybersecurity Threats That Keep Banks Alert

In the current climate of major data breaches amidst an ever-shifting cyber threat landscape, the people in charge of vast volumes of valuable financial data are under increasing pressure to keep customer data safe from hackers and fraudsters.

Speaking at the SWIFT Business Forum in London at the end of April, a range of senior security professionals at financial services firms and banks told the audience what keeps them up at night when it comes to cyber security and fraud. Here's what they said:

1. A constantly changing threat landscape
JF Legault, global head of cybersecurity operations at JP Morgan, highlighted the way that the threat landscape has changed over the past few years.
He explained: "In late 2014 we saw the advent of malware targeting wholesale banking platforms. Criminals stopped going after simple, low-value monetary amounts and shifted to high-value payment platforms. 
The reason they did that was a lot more yield on the crime they committed. We also saw a shift toward business email compromise. We also saw a number of breaches affecting the financial sector that led to fraudulent messages."
His diplomatic answer to what keeps him up at night was simply: "What the business says keeps it up at night. I am there to help the business innovate and look at the different risks they face."

2. False positives
In the fraud space, the biggest issue for banks is "false positives" in its anti-money laundering (AML) monitoring systems. This means issues being flagged that aren't actually fraudulent activities, taking up valuable analyst time.
Anthony Fenwick, global head of treasury and trade solutions and AML compliance at Citi Group said simply: "Our biggest problem in this industry is false positives."
When asked if artificial intelligence technology could help solve this issue, Fenwick said: "The story is why are we producing so many false positives, not 'let's deploy robots to get rid of the false positives'.
"One of the drivers I am trying to change is that the use of electronics and AI have to go hand-in-hand with the best humans. The idea that we remove all human activity from this process misses the point of what we are trying to do, which is marry these two capabilities to tackle the beast of bad data."

3. The big breach
Royce Curtin, managing director of global intelligence at Barclays, said: "It's the big breach that keeps us awake at night. If and when and that ultimate failure to provide the service customers expect and entrust us to keep safe. So we work very hard and take it very seriously the responsibility of building systems and trust for services that people feel comfortable using."
Last year saw the biggest data breach at a bank in UK history. Tesco Bank was hit by an attack which saw 20,000 compromised users lose money from their accounts. The banking wing of the supermarket giant is in the process of paying back ÂL2.5 million to customers who had their accounts compromised.

4. Missing a breach
Brendan Goode, regional CISO for UK and Ireland at Deutsche Bank said he most fears the feeling of "did we miss something? Where you look back at the logs and it is right there."
This failure of the system to alert to a potential breach is a major part of a modern cyber security strategy, and would keep any CISO worth their salt up at night.

5. Customers
As the February 2016 hack of the Bangladesh Central Bank showed, customer accounts can be the most vulnerable point of entry to a bank's systems. The hackers used stolen privileged credentials to steal $81 million before they were caught.
Matt Middleton-Leal, regional vice-president UK, Ireland and Northern Europe at security software vendor CyberArk, said: "Banks fear attacks which hide behind insider privileges because they allow cybercriminals to appear as legitimate users, giving them unprecedented freedom to work their way up to their most valuable financial assets."

Gottfried Leibbrandt, CEO at the financial messaging vendor SWIFT admitted that the bank's customers "will always be the weakest link, but at the same time the response should not be 'let's fix the weakest link' but you have to take an end-to-end view."

"Yes the weak link will always be the customer at the end of the day," he said, "but in retail banking the banks have been able to put in controls after it gets into the bank to respond to suspect logins, fraudulent transactions and do real risk scoring."

6. Ruthless adversaries
Craig Rice, director of security at Payments UK and the CSO at BACS said that the threat shouldn't be considered a technology problem but more like organised crime.
"They are ruthless shadow operations that work outside of a regulatory regime," he said. "They are quicker than you are, they are more ruthless than you are and they are more willing to be pragmatic than you are. That's a really tough competitor you are dealing with, so stop thinking about this as a technology problem."
So, how do the banks confront these issues?
How do the banks deal with this ever-changing threat landscape?

Communication and intelligence
The main theme of the day regarding cyber security and fraud was a shift from a walled-garden approach to a holistic one, and this comes down to better communication and intelligence sharing.
JF Legault at JP Morgan laid out his approach to contending with the new threat landscape: "I am responsible for collecting threat and fraud intelligence to ensure that we know where adversaries are going and what they are going after."
He said this comes down to not just technology, but people and process: "So how do we go from a cyber security analyst that is very much focused on technology and cyber controls, to an analyst that understands the business and can have a conversation with someone in the payments space?"

This approach can also be seen in the language of modern cyber security vendors. Splunk's-cyber security tools are all marketed with a focus on intelligence and response, and UK cyber startup Darktrace is making good progress in the enterprise market because it is rooted in this approach.

From perimeter security to multiple layers
Gottfried Leibbrandt from SWIFT highlighted the need for a change in thinking from its clients, "from perimeter security where no one gets inside our walls, to in-depth defence."
"Realising that sooner or later someone will get in and catching them when they get in, seeing what they do and being able to respond by having multiple layers of defence," he said.

Cross-industry collaboration
Leibbrandt from SWIFT pointed out that the days of banks keeping their cyber strategy a closely guarded secret are over if there is to be any progress in combating today's cyber threats.
He said: "A lot of the threats we see today exploit the ecosystem, they don't look for an individual link in the chain, they look for weak points in the end-to-end chain, so the response means we have to work together as an ecosystem."
Many of the conference attendees mentioned the Centres a positive step for the private sector towards snuffing out cyber threats.
Goode from Deutsche Bank put it best when he said: "As soon as you make it more difficult, as soon as you start sharing and taking away the different avenues to target any bank and increase awareness, you make it a less enticing environment for adversaries to engage in."

Scenario testing
Despite many admitting it is a pain, scenario testing and exercises are one of the best ways for organisations to protect themselves from cyber threats, especially when they are conducted across the industry. The Bank of England and Financial Conduct Authority have typically taken a pretty progressive and collaborative approach to resiliency benchmarking in the UK.
Legault from JP Morgan said: "Doing exercises, so getting everyone around the table and you simulate scenarios so you understand where your gaps are and what you do well, you understand what you need to build into your cyber process and your resiliency process. It is essential to do that with everyone within your organisation: legal, cyber, compliance, the business, the operations folks, the technology folks and even your peers."

Actionable insights
Banks are increasingly looking to get more actionable insights to not just their security analysts but people within the business units themselves. This means intelligence that can be quickly turned into a response by the most relevant people, especially important in a landscape where breaches can happen in a heartbeat.

Brendan Goode from Deutsche Bank said: "In payments it is important to create intelligence inside the bank and publish it out and disseminate that fast and someone needs to receive it and do something with it, so actionable intelligence. That comes down to speaking a common language. So being able to say: here is a set of accounts and a volume of transactions that you should be mindful of, so that they can set alerts."

CSO

You Might Also Read:

Who’s Stealing The Money? SWIFT Tightens Security As A Fourth Bank Is Attacked:

Cyber Attacks On Banks Prompt New Regulatory Safeguards:

Financial Institutions & Cybercrime:

Strategies For A Cyber Security Culture (£):

 

 

 

« Malware: Eyes On North Korea
NATO Cyber War Games 2017: Czechs Win »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

WhiteHat Security

WhiteHat Security

WhiteHat’s products enable customers to “Hack Yourself First” so that they gain a greater understanding of the actual risk to their business.

Critifence

Critifence

Critifence provides unique Cyber Security solutions designed for Critical Infrastructure, SCADA and Industrial Control Systems.

Trapezoid

Trapezoid

Trapezoid is a cybersecurity company developing Firmware Integrity Management solutions designed to detect unauthorized changes to firmware & BIOS across the entire data center infrastructure.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

adaware

adaware

adaware is an award-winning security and privacy software provider, empowering users to connect with confidence.

DarkLight

DarkLight

DarkLight is a cybersecurity platform that mimics human thinking at scale to build resiliency to Advanced Persistent Threats.

Mendoza Ventures

Mendoza Ventures

Mendoza Ventures is a venture capital fund focusing on pre-seed Artificial Intelligence (AI), Fintech, and Cybersecurity startups.

3wSecurity

3wSecurity

3wSecurity provides visibility to your company’s internet facing systems throughout the security life cycle, allowing for a more thorough approach to vulnerability management.

Semmle

Semmle

Semmle's code analysis platform helps teams find zero-days and automate variant analysis. Secure your code with continuous security analysis and automated code review.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Aegis Security

Aegis Security

Aegis Security helps clients to secure their systems against potential threats through pre-emptive measures, such as security assessments, and cutting-edge solutions to security challenges.

Intel Ignite

Intel Ignite

Intel Ignite is an internationally renowned acceleration program for early-stage deep tech startups.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

SureCloud Cyber Services

SureCloud Cyber Services

Our Cyber Testing capability has been honed since we were founded in 2006 as a disrupter in the penetration testing market.

runZero

runZero

runZero delivers the most complete security visibility possible, providing you the ultimate foundation for successfully managing exposures and compliance.