July 12, 2013

The financial services industry has been victim of some of the largest, and sometimes the most clever, cyber attacks and security breaches in recent years. The losses total into the billions of dollars across the financial services space, but the worst may be yet to come.


Cybercrime On The StreetWall Street & Technology's July/August 2013 digital issue examines the complex world of cybersecurity. As threats from hacktivists, organized criminal rings and state-sponsored online terrorism grow, financial firms need to remain vigilant while continuing to evolve their methods of threat detection. To read more, download our July/August 2013 digital issue now.

To date, most hacks that resulted in security breaches were perpetrated by criminals looking to make a profit. Granted, the profits were often large. There was the 2012 ATM scheme that swiped $45 million in a few hours, and the 2011 hack of Fidelity National Information Services systems that allowed thieves to make off with $13 million in less than a day (also from ATMs).

While these examples made headlines because of the big price tags, thousands of other smaller breaches -- password hacks, phishing attacks, stolen PINs -- added up to huge losses for financial firms. However, the next wave of attacks may not just be for financial gain.

For years, financial firms have basically been dealing with a known adversary when it comes to cybersecurity -- financial cybercriminals looking to make a buck. Experts know at least something about the profile of "typical" financial cybercriminals. While they still exist and banks need to remain vigilant, they must also deal with a relatively unknown and potentially more dangerous foe -- hacktivists and state-sponsored cyber attacks.

Hacktivists have varying reasons to target a bank. Some may not like a new bank fee, while others may take exception to a financial firm's policy. When Visa and MasterCard announced that they would not permit payments to WikiLeaks in 2010, hacktivists launched attacks that took down their websites for a period of time. In short, the unpredictability of hacktivists makes them just as dangerous as traditional cybercrime rings.

Today, various groups fall under the hacktivist label. Most are large networks of hackers who have joined together for a cause. Others may be smaller groups focused on social policy or political matters.

In addition, banks need to be wary of state-sponsored cybercrime, as well as espionage. U.S. government officials have repeatedly mentioned China as a country that sanctions, supports and runs cyber-espionage operations looking to steal corporate secrets. Iran and other countries hostile to Western policies are also said to be beefing up their cyber arsenal, which could be used in an attempt to bring down the financial system.

[Cyber Security – Avoid Prescriptions When Keeping Up With Threats ]

Having corporate secrets -- such as algorithms and trading software -- stolen could be much more costly than a $45 million ATM hack. Or imagine a state-sponsored cyber attack that manages to disrupt trading on the financial markets. The damage to investor confidence, on top of the losses incurred during the attack, would be immeasurable. Banks need to be vigilant on all fronts: cybercrime, hacktivists and state-sponsored cyber attacks.

ABOUT THE AUTHOR
Greg MacSweeney is editorial director of InformationWeek Financial Services, whose brands include Wall Street & Technology, Bank Systems & Technology, Advanced Trading, and Insurance & Technology.