[BreachExchange] How banks fight back against cyberattacks

Tue Oct 18 19:21:22 EDT 2016

http://www.techrepublic.com/article/how-banks-fight-back-
against-cyberattacks/

2016 is the year of the digital bank heist. Earlier this year a security
hole allowed hackers to swipe nearly $80 million from Bangladesh's largest
bank. In April, the Qatar National Bank was hacked, resulting in the loss
of thousands of sensitive documents. This summer Anonymous pounded banks in
South Korea and Indonesia with a massive DDoS attack.

Your bank could be next.

Financial services companies are vulnerable to an ever-changing and opaque
landscape of cybersecurity threats because banks are lucrative targets,
said Ertem Osmanoglu, Cybersecurity and Risk Management Executive for
professional services firm Ernst & Young. "Cyber criminals are looking for
ways to turn a profit," he said.

As data breaches become routine, banks also need to have a nimble recovery
and communications plan to stave off reputational disruption. "Financial
institutions must prepare accordingly while managing [internal and
external] expectations," Osmanoglu said. "100 percent security is
impossible. Therefore, organizations must be capable of immediately dealing
with incidents to minimize loss."

According to Osmanoglu, Hackers targeting financial services companies
typically seek out four types of information:

Access credentials and tunnels to systems to send money from home equity
line of credit, money transfer systems, and the SWIFT network.

Intelligence about money movement, specifically bank and market activity,
and access to customer accounts and information to target customer systems.

Specific financial data that can be altered and used for trading in
financial markets
Account data like personally identifiable information, account information,
credit and debit information, and sensitive transaction data.

Hacking a bank is complex, and after a successful intrusion and
exfiltration hackers possess valuable knowledge about the process,
Osmanoglu said. A successful raid will result in a comprehension of how the
network was compromised, data stored on the network, and competitive
intelligence, like access to confidential email and trading strategies.

"Each piece of information typically has a different buyer and methods for
selling," Osmanoglu said. "Many forums and dark web sites exist for this
purpose. Cyber black markets allow cyber criminals to pay through bartering
of other data or services or in exchange for digital currency."

The best way to fend off and respond to an attack is to internalize
cyber-resiliency and cyber-agility tactics. "Looking at their end-to-end
business workflow, many banks only cover about half of what really
matters," Osmanoglu said. "[Cybersecurity] is truly a business issue that
needs to be a bigger part of the end-to-end business workflow."

Additionally, financial services companies must prioritize the value of
information assets. "Allocating additional dollars towards company crown
jewels is a [good] place to start." Osmanoglu added, "Leading technologies
are only as effective as the company's cyber-risk culture. Financial
institutions must be aware of evolving risks and establish a plan for
continuity."

To prepare for a hack, companies should build a response protocol that
includes:

Consulting with legal counsel around the details of the breach.
Engaging a qualified, experienced breach response firm to help investigate
the root cause of the breach and ensure that the problem is addressed and
the attacker is contained.
Establishing an internal and external communications plan about the breach.
Learning from the breach to ensure controls are updated and processes are
improved.

Osmanoglu forecasts an increase of successful cyberattacks against banks
and financial institutions driven by technological diversity in the near
future. Innovations like new mobile payment methods are likely to be
accompanied by new types of threats.

"The traditional attack patterns banks face will continue to impact the
security of intellectual property and money transfer systems," Osmanoglu
explained. "But we can expect more severe online banking and other
financially motivated attacks to surface as well."

The manipulation of financial data is has recently materialized as a
meaningful threat because it undermines institutional confidence. "This
type of attack not only impacts reputation and brand," Osmanoglu said, "but
also potentially the stock price. Internal cyber-controls are mainly
focused on breach origins and the impact to intellectual property. The
actual perpetrators' agenda is not always considered. When money is stolen,
you can detect something is missing. But when a small bit of information
was changed in a system, it is not so easy to detect the downstream effects
of that."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161018/b133de0b/attachment.html>