With the surge in hacktivism by politically motivated groups and other cyber threats aimed at banks, financial services firms are taking more aggressive steps to protect themselves against intruders and data breaches.
Whether it's the Google data breaches in 2011 originating in China, hundreds of daily attempts to probe the corporate networks of defense companies such as Boeing and Lockheed Martin, or the $45 million stolen from ATMs in a 2011 hacking operation, the U.S. federal government is sharpening its focus on cybersecurity, especially concerning theft of intellectual property.
"2013 has been the noisiest year ever. We're seeing exponential growth in terms of volumes and numbers of attacks. This is not trending down," says Anthony Belfiore, head of global cybersecurity at J.P. Morgan.
Security experts are seeing a rise in nation-state-sponsored attacks on defense companies and contractors to steal intellectual property. "We went from organized crime, [which are] financially motivated groups who could afford to make an investment, to hacktivists, guys with a social agenda, who are not trying to steal your money," says Lou Steinberg, CTO at TD Ameritrade.
In the last six to 12 months, press reports point to nation-states such as Iran getting involved with cyber attacks, and some suggest there appears to be an expansion in the industries of interest. "While they have been primarily focused on the U.S. government or defense contractors, now they're starting to think of the financial system," notes Steinberg. It's possible that nation-state-sponsored attacks are preparing for cyber war and could aim their attacks at critical infrastructure, including the financial system.
Other threats related to stealing intellectual property have been attributed to China, though the country has claimed its innocence. "While there is nothing proven in court, there is a preponderance of evidence to indicate there has been a broad campaign against the U.S. and Europe in acquiring technological insights and advancements, whether they are in the financial service arena, aerospace, technology in general, political or cultural, … that seems to have been launched from China," says Alex Tabb, partner and COO at Tabb Group, who has a background in operations risk and international relations.
Banks are monitoring the activities of Internet-based hackers because they have the potential to disrupt their businesses and damage their reputations for customer service. "It's a threat to your brand, which his why the banking institutions have to take the threats seriously," says Mark Akass, CTO at BT Banking and Financial Markets.
Categories Of Threats
Three threat categories pose risks to the financial industry, according to Dave Ostertag, global investigation manager and senior analyst for Verizon's data security investigation unit, which produces an annual report on data breaches around the world.
First are the financially motivated organized crime groups, mainly in Eastern Europe from the former Soviet Union. Second comes state-affiliated espionage, of which 30% originates in China. And third are the activist groups, such as Anonymous and WikiLeaks, that are out to publish confidential data for a cause.
"The hacktivists are always going to be there. They're not usually out to steal the money. They're out to do smear campaigns to impact reputations, to do things to impact clients, to annoy more than they are out to destroy us," says Belfiore.
Cybercriminals are constantly trolling the Internet looking for weaknesses in corporate systems. Many still try to trick employees of corporations or their customers into clicking on fake website links that in turn inject viruses and malware onto the user's machine.
All three types -- hacktivists, criminals and state-sponsored actors -- use both static and dynamic methods. Static methods include a phishing exercise to target human weaknesses, such as getting an employee to log on to a fake site to gain access to passwords so the attacker can steal banking or credit card information. More dynamic methods involve distributed denial-of-service attacks against financial services and Trojan horse attacks.
Financial services firms are deploying a range of techniques to stay on top of the various cyber threats as well as prevent break-ins.
"It's an ecosystem of controls that we have to manage. There are so many technology-based attacks," says Belfiore, who oversees teams that build and secure infrastructure and conduct 24/7 monitoring of the infrastructure and networks for bad traffic. There's also a focus on triage, containment and deep investigations to figure out what went on, he adds. But the job is challenging because financial services firms can have hundreds of access points to connect with their customers and counterparties.
Vigilance And Monitoring
Monitoring is probably the most important control, says a cybersecurity leader at a large financial institution. "If we don't have monitoring, we don't know if we have died or have been shot and will bleed out until we die," he says. "So we have to have widely distributed systems to do monitoring at all layers of technology, from the application to the operating system, down to the networking of the firm. It's a very complex ecosystem of controls and monitoring."
Monitoring also includes keeping tabs on what employees do. Firms spend a lot of time training their employees, especially when it comes to security. "I can have the most secure system in the world, but if people are clicking on bad things," it can go against a firm's compliance and risk policies and open the door to intruders, J.P. Morgan's Belfiore adds.
"The way you protect is through vigilance and information sharing and making sure your employees understand what to do on the Internet," says Tabb. "The way that organizations protect against this is through strict controls. You restrict people from having access to applications." Someone who works in the middle office would have access to a particular system and would be monitored, and if he tries to go outside that partition, the system should catch him, he says.
According to Steinberg, TD Ameritrade aims to prevent attacks through a series of increased controls, and it mitigates the impact to clients by essentially insuring them against a loss if they obey some basic policies, such as not sharing their passwords.
In the case of a hacktivist who's trying to make a statement with a series of DDoS attacks, organizations can put up a string of defenses, says Steinberg, noting that TD Ameritrade has invested in this area. "We then do tabletop exercises where somebody pretends to be a hacktivist and tries to design an attack that would circumvent our defenses. We then work to strengthen our defenses," adds Steinberg, who works with a partner in this area. "We start with the actor, we look at their methods and we look at the level of controls, and we are constantly investing." .Ivy is Editor-at-Large for Advanced Trading and Wall Street & Technology. Ivy is responsible for writing in-depth feature articles, daily blogs and news articles with a focus on automated trading in the capital markets. As an industry expert, Ivy has reported on a myriad ... View Full Bio