By Charley Brooke Barnett (Digital Editor)
It’s an ongoing pursuit for financial institutions to counter the threat of cyber attacks. There’s no formula for immunity. A process of constant refinement, learning and testing of security protocols is required to ensure the fraudster remains in your rearview mirror instead of hijacking the driver’s seat.
Today’s cyber criminal demands more than just your lunch money. With advanced tools at their disposal, the entire network is up for grabs.
A recent Carnegie Endowment paper by BAE systems titled: “The Cyber Threat Landscape: Confronting Challenges to the Financial System” highlights the predicament:
“Attackers have taken advantage of technological enablers (connectivity, complexity) and have developed new tools and techniques (capabilities) to conduct their attacks. These three key factors, and their importance to the threat landscape, present critical challenges for the sector in the battle to combat the threat.”
Hackers aren’t limited by geographical location. As long as they have the necessary skill sets and a computer with an internet connection, they have the potential to create chaos from their living room. Physical bank robberies have become redundant.
Today’s cyber criminal demands more than just your lunch money. With advanced tools at their disposal, the entire network is up for grabs.
There’s the danger of cyber criminal groups forming like businesses and generating healthy revenues in the process, aiding the facilitation of money laundering. Some groups even have round the clock customer service lines, because even in this business, the customer comes first!
Nation-state groups pose an additional security challenge. Take for example, the recent 5G debate. Huawei are currently one of the world leaders in high-speed technology, however the firm’s connection to the Chinese state is raising questions over espionage.
Theoretically, spies could tap into communications or shut a network down altogether. But is this a likely scenario or just something out of a James Bond film?
Woody Johnson, the US ambassador, warns:
“If we let untrustworthy countries in the heart of our economies, and infrastructure, what could they do? We have to decide that.
I’ve always said it’s like letting a kleptomaniac into your house, and then you’ve got to hire three people to follow them around all day.”
Some groups even have round the clock customer service lines, because even in this business, the customer comes first!
Huawei recently filed a lawsuit against the US government, who have placed restrictions on the Chinese firms products. Ren Zhengfei, Huawei Founder, told the BBC he’s unfazed by a US power cut:
“If the lights go out in the West, the East will still shine.”
The genie is out the bottle though, and failure to embrace the technology could have unfavourable consequences.
In June 2019, Future of Finance published a review on the outlook for the UK financial system. The report states one of the greatest weaknesses of UK cyber defence is “an industry response to a data wipe at an institution.”
In the US, Sheltered Harbor was set up to handle such a scenario to ensure financial organisations and customers are protected with a critical back up. The not-for-profit is only available for US firms right now, but it’s an encouraging initiative to see.
Whether the attacker wants user data or money, ransomware is one method that has the potential to catapult company’s into despair. This is the practice of commandeering a computer system and demanding a ransom be paid in order to regain access.
Norsk Hydro became victim to ransomware earlier this year, when 22,000 computers were compromised in 170 sites across 40 different countries.
The aluminium producer refused to entertain the perpetrators’ demands and carried on, business as usual. Although the firm lost millions, they’ve earnt tremendous respect for their show of strength and integrity.
Jo De Vliegher, Norsk Hydro CIO, commented:
“I think in general it’s a very bad idea to pay…it fuels an industry and it’s probably financing other sorts of crime. It goes against our company values and we have good foundations and good people.”
For some however, paying up can seem like the only option for survival. It’s a dirty secret where organisations pay off the hackers, and remain silent in order to save face.
This head-in-the-sand approach is detrimental to, not only the organisation (who’s to say a repeat attack is off the cards?), but also to the industry, which deserves transparency.
Financial institutions face significant obstacles on the cyber security battlefield, which shouldn’t be underestimated. Encouraging a collaborative culture, where incidents are reported, shared and learned from, is critical for the sector to build resilience.
