Risk Management

11:05 AM
Julie Conroy, Aite Group
Julie Conroy, Aite Group
Commentary
50%
50%

Cyber Threats: Multiplying Like Tribbles

As cyber threats grow at a rapid pace, financial firms need to enhance and adapt a multilayered defensive strategy.

Zeus, OddJob, Gozi-Prinimalka, Citadel. These are just a few of the thousands of known threats. The ever-growing variety of malware actively targeting banks and their customers is having a marked impact on the financial services industry. The malware, which consists of sophisticated, evolving pieces of software designed to compromise online credentials, is deployed by international organized criminal rings that are nimble, innovative and constantly transforming their attacks on financial institutions (FIs) and their customers.


Cybercrime On The StreetWall Street & Technology's July/August 2013 digital issue examines the complex world of cybersecurity. As threats from hacktivists, organized criminal rings and state-sponsored online terrorism grow, financial firms need to remain vigilant while continuing to evolve their methods of threat detection. To read more, download our July/August 2013 digital issue now.

Cyber threats are growing at a frightening pace, with more than 150,000 new strains of malware deployed per day. Add to this the increasing effectiveness of distributed denial-of-service attacks, brute-force attacks and the never-ending threat of corporate espionage backed by nation-states, and it all equals a daunting challenge for FI information security professionals.

Layered Approach

In the face of this threat environment, FIs and their customers need to be more vigilant than ever and continue to deploy their own innovative techniques to protect their financial information. Session- and perimeter-based security is no longer sufficient. Regulators advocate multiple layers of security, a strategy that's already in use at many financial institutions. This approach combines a number of complementary technologies that protect against the wide variety of attack vectors. Because the bad guys have proved adept at compromising in-progress Web sessions, security must take a holistic approach, securing not only the session but also the transaction and the network.

Considering the extent to which cybercriminals study their targets and the pace with which the cyber threats are evolving, financial institutions need to be equally responsive in their defensive strategies. And since the bad guys don't need to make business cases to justify their innovations -- while the good guys at the banks generally do -- it's doubly important that FIs place their bets with the most effective technologies as they develop and evolve their layered defense. Here are a few recommendations:

  • Don't put all your eggs in one basket. Cybercriminals have proved adept at bypassing virtually every form of online fraud mitigation and authentication when deployed as a single point solution. To be effective in the war against cybercriminals, FIs need to adopt a layered approach that protects not only the session but also the transaction itself.

  • Multifactor is still a good bet. For application-level security, multifactor authentication is still a safe bet, but the approach has necessarily come a long way from the early days when multifactor authentication simply consisted of a few challenge questions. Now multifactor also implies multiple channels, blending online and mobile communication, and doing so in a secure manner that isn't susceptible to known forms of compromise.

  • Continue to perform ongoing risk assessments. It's important to stay abreast of the latest malware capabilities and understand how current defenses can (or cannot) be effective against them.

  • Include the ability to detect and interdict anomalous transactions. There are often behavioral clues in the fraudulent transaction, whether it's the transaction size, the timing of the transaction or the way in which the site navigation is being performed. This is applicable for client-facing transactions as well as internal ones.

[10 Financial Services Cyber Security Trends for 2013]

The most important thing to remember is that when it comes to cyber threat mitigation, there is no destination. There's little disincentive for the bad guys and a vast pool of funds fueling their innovation. It is incumbent upon financial institutions to be equally nimble and innovative in their efforts to protect themselves and their clients.

Julie Conroy is a research director for Aite Group's Retail Banking practice and covers fraud, data security, anti-money laundering and compliance issues.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
7/17/2013 | 6:30:30 PM
re: Cyber Threats: Multiplying Like Tribbles
I think the closest the Star Wars Universe comes to Tribbles is with Ewoks. Cute, furry and cuddly, but so annoying. :)
Byurcan
50%
50%
Byurcan,
User Rank: Author
7/17/2013 | 3:59:06 PM
re: Cyber Threats: Multiplying Like Tribbles
I am a Star Wars guy and thus know nothing about Tribbles. Nonetheless, it is scary how cybercrime evolves to keep up with each innovation in financial technology. Financial institutions need to be up-to-the-second aware of these new threats emerging on a daily basis.
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
7/12/2013 | 12:09:11 AM
re: Cyber Threats: Multiplying Like Tribbles
In the Star Trek universe, tribbles were born pregnant G an interesting metaphor to that could be the fact that so many digital portals into the financial services systems are born with weaknesses. While it's likely impossible to create a completely secure system against all past, present and future threats, FIs must at least cover known weaknesses so that simple attacks can't succeed.
More Commentary
Shared Reporting Services on the Horizon, Genpact Predicts
The financial services industry is starting to adopt shared services, resulting in reasonable impacts to the bottom line. Genpact expects a push for reporting efficiency will come next.
Don't Let the Cloud Rain on Your Operations Strategy Parade
Avoid migrating large applications all at once to minimize risk during a cloud project.
Could Intel Lose Data Center Market Share to ARM Chips?
ARM chips could be an alternative for certain purposes in the datacenter, but many questions have to be answered before they pose a threat to Intel's market dominance.
Cost to Trade: Hey, Banks, Its Time to Face the Music
Why is calculating the cost to trade so difficult for banks? The answer is as complex as the calculations themselves.
M&A Activity Will Continue to Grow in 2015
Data shows that the M&A market continues to improve, and forecasts indicate deal making will be healthy in 2015.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.