Risk Management

10:50 AM
Greg MacSweeney
Greg MacSweeney
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Hacktivism: Defending Against The Unknown

In addition to protecting themselves against hacktivists, banks need to be wary of state-sponsored cybercrime as well as espionage.

The financial services industry has been victim of some of the largest, and sometimes the most clever, cyber attacks and security breaches in recent years. The losses total into the billions of dollars across the financial services space, but the worst may be yet to come.


Cybercrime On The StreetWall Street & Technology's July/August 2013 digital issue examines the complex world of cybersecurity. As threats from hacktivists, organized criminal rings and state-sponsored online terrorism grow, financial firms need to remain vigilant while continuing to evolve their methods of threat detection. To read more, download our July/August 2013 digital issue now.

To date, most hacks that resulted in security breaches were perpetrated by criminals looking to make a profit. Granted, the profits were often large. There was the 2012 ATM scheme that swiped $45 million in a few hours, and the 2011 hack of Fidelity National Information Services systems that allowed thieves to make off with $13 million in less than a day (also from ATMs).

While these examples made headlines because of the big price tags, thousands of other smaller breaches -- password hacks, phishing attacks, stolen PINs -- added up to huge losses for financial firms. However, the next wave of attacks may not just be for financial gain.

For years, financial firms have basically been dealing with a known adversary when it comes to cybersecurity -- financial cybercriminals looking to make a buck. Experts know at least something about the profile of "typical" financial cybercriminals. While they still exist and banks need to remain vigilant, they must also deal with a relatively unknown and potentially more dangerous foe -- hacktivists and state-sponsored cyber attacks.

Hacktivists have varying reasons to target a bank. Some may not like a new bank fee, while others may take exception to a financial firm's policy. When Visa and MasterCard announced that they would not permit payments to WikiLeaks in 2010, hacktivists launched attacks that took down their websites for a period of time. In short, the unpredictability of hacktivists makes them just as dangerous as traditional cybercrime rings.

Today, various groups fall under the hacktivist label. Most are large networks of hackers who have joined together for a cause. Others may be smaller groups focused on social policy or political matters.

In addition, banks need to be wary of state-sponsored cybercrime, as well as espionage. U.S. government officials have repeatedly mentioned China as a country that sanctions, supports and runs cyber-espionage operations looking to steal corporate secrets. Iran and other countries hostile to Western policies are also said to be beefing up their cyber arsenal, which could be used in an attempt to bring down the financial system.

[Cyber Security – Avoid Prescriptions When Keeping Up With Threats ]

Having corporate secrets -- such as algorithms and trading software -- stolen could be much more costly than a $45 million ATM hack. Or imagine a state-sponsored cyber attack that manages to disrupt trading on the financial markets. The damage to investor confidence, on top of the losses incurred during the attack, would be immeasurable. Banks need to be vigilant on all fronts: cybercrime, hacktivists and state-sponsored cyber attacks.

Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
7/16/2013 | 4:03:40 PM
re: Hacktivism: Defending Against The Unknown
Yes, a cyber version of "keep your friends close, your enemies even closer."
Becca L
50%
50%
Becca L,
User Rank: Author
7/15/2013 | 4:44:01 PM
re: Hacktivism: Defending Against The Unknown
I certainly see why that information is often kept from the government, but I can't imagine a free flow of information between banks either. Reporting would have to be very simple, secret, and completely consecuence-free. Who can guarantee that - especially with all the hackers?
Becca L
50%
50%
Becca L,
User Rank: Author
7/15/2013 | 4:31:22 PM
re: Hacktivism: Defending Against The Unknown
Hactavists are often trying to prove a point more than seek personal gain. Their actions tend to personify public opinion, and they're often the only ones expressing that opinion in a real and consequential way. Fearing their onslaught, which can never truly be stopped, perhaps firms will think twice before making universally unpopular decisions (such as your WikiLeaks example).

On another note, I think Hackathons are one of the best things financial firms can do to increase their security. Hackers are smart, they will find a way. Better to work with them than against them!
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
7/15/2013 | 4:12:14 PM
re: Hacktivism: Defending Against The Unknown
There has been some movement on sharing cyber threat info between banks. There has also been some progress in getting the private sector to share info with the government, in real time, so everyone can respond quickly to attacks. But the private sector is generally very wary of sharing info with the government, and for good reason.
KBurger
50%
50%
KBurger,
User Rank: Author
7/12/2013 | 5:21:46 PM
re: Hacktivism: Defending Against The Unknown
Part of the challenges is that, to effectively identify, prepare for & respond to these types of attacks and threats, banks need to collaborate and communicate with each other about breaches (actual & suspected), which historically they have not done. Perhaps this is starting to change?
More Commentary
Bankrolling Technical Debt: A Financierís Guide
Technical debt represents the effort required to fix source code or application problems that put the business at risk.
Staying Ahead of the Game With Continuous Delivery
The need to develop better software faster is leading financial organizations to continuous delivery (CD), a practice pioneered by SaaS companies like Salesforce.
Shore Up Cyber Security Now
Knowing that a data breach can and will happen at some point, asset management firms can manage new operational and regulatory risk with a layered approach to cyber security.
Is Big Data a Problem or an Opportunity?
When it comes to data, financial services firms are, as a rule, quite circumspect. They fear cyberattacks, data theft, data loss, security breaches, data privacy, and human error.
Data Integrity: A Necessity, Not an Option
Financial institutions that have taken on the data integrity task in the past now have to spend more money on hardware, software, and people just to keep up with the demand.
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - July 2014
In addition to regular audits, the SEC will start to scrutinize the cyber-security preparedness of market participants.
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.