Risk Management

10:50 AM
Greg MacSweeney
Greg MacSweeney
Commentary
Connect Directly
Facebook
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Hacktivism: Defending Against The Unknown

In addition to protecting themselves against hacktivists, banks need to be wary of state-sponsored cybercrime as well as espionage.

The financial services industry has been victim of some of the largest, and sometimes the most clever, cyber attacks and security breaches in recent years. The losses total into the billions of dollars across the financial services space, but the worst may be yet to come.


Cybercrime On The StreetWall Street & Technology's July/August 2013 digital issue examines the complex world of cybersecurity. As threats from hacktivists, organized criminal rings and state-sponsored online terrorism grow, financial firms need to remain vigilant while continuing to evolve their methods of threat detection. To read more, download our July/August 2013 digital issue now.

To date, most hacks that resulted in security breaches were perpetrated by criminals looking to make a profit. Granted, the profits were often large. There was the 2012 ATM scheme that swiped $45 million in a few hours, and the 2011 hack of Fidelity National Information Services systems that allowed thieves to make off with $13 million in less than a day (also from ATMs).

While these examples made headlines because of the big price tags, thousands of other smaller breaches -- password hacks, phishing attacks, stolen PINs -- added up to huge losses for financial firms. However, the next wave of attacks may not just be for financial gain.

For years, financial firms have basically been dealing with a known adversary when it comes to cybersecurity -- financial cybercriminals looking to make a buck. Experts know at least something about the profile of "typical" financial cybercriminals. While they still exist and banks need to remain vigilant, they must also deal with a relatively unknown and potentially more dangerous foe -- hacktivists and state-sponsored cyber attacks.

Hacktivists have varying reasons to target a bank. Some may not like a new bank fee, while others may take exception to a financial firm's policy. When Visa and MasterCard announced that they would not permit payments to WikiLeaks in 2010, hacktivists launched attacks that took down their websites for a period of time. In short, the unpredictability of hacktivists makes them just as dangerous as traditional cybercrime rings.

Today, various groups fall under the hacktivist label. Most are large networks of hackers who have joined together for a cause. Others may be smaller groups focused on social policy or political matters.

In addition, banks need to be wary of state-sponsored cybercrime, as well as espionage. U.S. government officials have repeatedly mentioned China as a country that sanctions, supports and runs cyber-espionage operations looking to steal corporate secrets. Iran and other countries hostile to Western policies are also said to be beefing up their cyber arsenal, which could be used in an attempt to bring down the financial system.

[Cyber Security – Avoid Prescriptions When Keeping Up With Threats ]

Having corporate secrets -- such as algorithms and trading software -- stolen could be much more costly than a $45 million ATM hack. Or imagine a state-sponsored cyber attack that manages to disrupt trading on the financial markets. The damage to investor confidence, on top of the losses incurred during the attack, would be immeasurable. Banks need to be vigilant on all fronts: cybercrime, hacktivists and state-sponsored cyber attacks.

Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology. View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
7/16/2013 | 4:03:40 PM
re: Hacktivism: Defending Against The Unknown
Yes, a cyber version of "keep your friends close, your enemies even closer."
Becca L
50%
50%
Becca L,
User Rank: Author
7/15/2013 | 4:44:01 PM
re: Hacktivism: Defending Against The Unknown
I certainly see why that information is often kept from the government, but I can't imagine a free flow of information between banks either. Reporting would have to be very simple, secret, and completely consecuence-free. Who can guarantee that - especially with all the hackers?
Becca L
50%
50%
Becca L,
User Rank: Author
7/15/2013 | 4:31:22 PM
re: Hacktivism: Defending Against The Unknown
Hactavists are often trying to prove a point more than seek personal gain. Their actions tend to personify public opinion, and they're often the only ones expressing that opinion in a real and consequential way. Fearing their onslaught, which can never truly be stopped, perhaps firms will think twice before making universally unpopular decisions (such as your WikiLeaks example).

On another note, I think Hackathons are one of the best things financial firms can do to increase their security. Hackers are smart, they will find a way. Better to work with them than against them!
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
7/15/2013 | 4:12:14 PM
re: Hacktivism: Defending Against The Unknown
There has been some movement on sharing cyber threat info between banks. There has also been some progress in getting the private sector to share info with the government, in real time, so everyone can respond quickly to attacks. But the private sector is generally very wary of sharing info with the government, and for good reason.
KBurger
50%
50%
KBurger,
User Rank: Author
7/12/2013 | 5:21:46 PM
re: Hacktivism: Defending Against The Unknown
Part of the challenges is that, to effectively identify, prepare for & respond to these types of attacks and threats, banks need to collaborate and communicate with each other about breaches (actual & suspected), which historically they have not done. Perhaps this is starting to change?
More Commentary
5 Tips On How To Prepare For A Data Breach
If you are a financial institution your cyber security defenses will be breached -- again and again. Here are five tips to respond quickly and minimize damage.
Wall Street CIOs Have a Vendor Management Problem
If Wall Street CIOs want to stay ahead of competition and ensure high-speed trading software doesn't start the next flash crash, they need better insight into vendor delivered software.
Technology Innovation Returns to Financial Services
Capital Markets Outlook 2015: Following a few years dominated by regulatory compliance and cost saving technology initiatives, financial organizations are finally investing in innovative technology and tools.
Voice Biometrics Improve Transaction Monitoring Fraud Detection
Why voice biometrics should be a part of your fraud prevention strategy in the call center.
Fintech Fast Forward 2015
What will shape the future of Fintech in 2015 and beyond?
Register for Wall Street & Technology Newsletters
White Papers
Current Issue
Wall Street & Technology - Elite 8, October 2014
The in-depth profiles of this year's Elite 8 honorees focus on leadership, talent recruitment, big data, analytics, mobile, and more.
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.