Risk Management

11:05 AM
Julie Conroy, Aite Group
Julie Conroy, Aite Group

Cyber Threats: Multiplying Like Tribbles

As cyber threats grow at a rapid pace, financial firms need to enhance and adapt a multilayered defensive strategy.

Zeus, OddJob, Gozi-Prinimalka, Citadel. These are just a few of the thousands of known threats. The ever-growing variety of malware actively targeting banks and their customers is having a marked impact on the financial services industry. The malware, which consists of sophisticated, evolving pieces of software designed to compromise online credentials, is deployed by international organized criminal rings that are nimble, innovative and constantly transforming their attacks on financial institutions (FIs) and their customers.

Cybercrime On The StreetWall Street & Technology's July/August 2013 digital issue examines the complex world of cybersecurity. As threats from hacktivists, organized criminal rings and state-sponsored online terrorism grow, financial firms need to remain vigilant while continuing to evolve their methods of threat detection. To read more, download our July/August 2013 digital issue now.

Cyber threats are growing at a frightening pace, with more than 150,000 new strains of malware deployed per day. Add to this the increasing effectiveness of distributed denial-of-service attacks, brute-force attacks and the never-ending threat of corporate espionage backed by nation-states, and it all equals a daunting challenge for FI information security professionals.

Layered Approach

In the face of this threat environment, FIs and their customers need to be more vigilant than ever and continue to deploy their own innovative techniques to protect their financial information. Session- and perimeter-based security is no longer sufficient. Regulators advocate multiple layers of security, a strategy that's already in use at many financial institutions. This approach combines a number of complementary technologies that protect against the wide variety of attack vectors. Because the bad guys have proved adept at compromising in-progress Web sessions, security must take a holistic approach, securing not only the session but also the transaction and the network.

Considering the extent to which cybercriminals study their targets and the pace with which the cyber threats are evolving, financial institutions need to be equally responsive in their defensive strategies. And since the bad guys don't need to make business cases to justify their innovations -- while the good guys at the banks generally do -- it's doubly important that FIs place their bets with the most effective technologies as they develop and evolve their layered defense. Here are a few recommendations:

  • Don't put all your eggs in one basket. Cybercriminals have proved adept at bypassing virtually every form of online fraud mitigation and authentication when deployed as a single point solution. To be effective in the war against cybercriminals, FIs need to adopt a layered approach that protects not only the session but also the transaction itself.

  • Multifactor is still a good bet. For application-level security, multifactor authentication is still a safe bet, but the approach has necessarily come a long way from the early days when multifactor authentication simply consisted of a few challenge questions. Now multifactor also implies multiple channels, blending online and mobile communication, and doing so in a secure manner that isn't susceptible to known forms of compromise.

  • Continue to perform ongoing risk assessments. It's important to stay abreast of the latest malware capabilities and understand how current defenses can (or cannot) be effective against them.

  • Include the ability to detect and interdict anomalous transactions. There are often behavioral clues in the fraudulent transaction, whether it's the transaction size, the timing of the transaction or the way in which the site navigation is being performed. This is applicable for client-facing transactions as well as internal ones.

[10 Financial Services Cyber Security Trends for 2013]

The most important thing to remember is that when it comes to cyber threat mitigation, there is no destination. There's little disincentive for the bad guys and a vast pool of funds fueling their innovation. It is incumbent upon financial institutions to be equally nimble and innovative in their efforts to protect themselves and their clients.

Julie Conroy is a research director for Aite Group's Retail Banking practice and covers fraud, data security, anti-money laundering and compliance issues.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Greg MacSweeney
Greg MacSweeney,
User Rank: Apprentice
7/17/2013 | 6:30:30 PM
re: Cyber Threats: Multiplying Like Tribbles
I think the closest the Star Wars Universe comes to Tribbles is with Ewoks. Cute, furry and cuddly, but so annoying. :)
User Rank: Author
7/17/2013 | 3:59:06 PM
re: Cyber Threats: Multiplying Like Tribbles
I am a Star Wars guy and thus know nothing about Tribbles. Nonetheless, it is scary how cybercrime evolves to keep up with each innovation in financial technology. Financial institutions need to be up-to-the-second aware of these new threats emerging on a daily basis.
Nathan Golia
Nathan Golia,
User Rank: Author
7/12/2013 | 12:09:11 AM
re: Cyber Threats: Multiplying Like Tribbles
In the Star Trek universe, tribbles were born pregnant Gă÷ an interesting metaphor to that could be the fact that so many digital portals into the financial services systems are born with weaknesses. While it's likely impossible to create a completely secure system against all past, present and future threats, FIs must at least cover known weaknesses so that simple attacks can't succeed.
More Commentary
A Wild Ride Comes to an End
Covering the financial services technology space for the past 15 years has been a thrilling ride with many ups as downs.
The End of an Era: Farewell to an Icon
After more than two decades of writing for Wall Street & Technology, I am leaving the media brand. It's time to reflect on our mutual history and the road ahead.
Beyond Bitcoin: Why Counterparty Has Won Support From Overstock's Chairman
The combined excitement over the currency and the Blockchain has kept the market capitalization above $4 billion for more than a year. This has attracted both imitators and innovators.
Asset Managers Set Sights on Defragmenting Back-Office Data
Defragmenting back-office data and technology will be a top focus for asset managers in 2015.
4 Mobile Security Predictions for 2015
As we look ahead, mobility is the perfect breeding ground for attacks in 2015.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.