Cybersecurity in Financial Services: Why It’s Never Been More Important
In the world of security, the month of October has become synonymous with National Cyber Security Awareness Month (NCSAM), which encourages all Internet users to make their online lives safer and more secure. In a recent press release announcing the ninth annual campaign, the National Cyber Security Alliance (NCSA) focused on encouraging and empowering digital citizens to stay safer online and protect digital assets. This year’s theme: “Our Shared Responsibility,” is intended to remind consumers and businesses that the Internet is a shared resource and we all need to do our part to protect it.
As part of this cooperative effort to encourage safer practices and policies on the Internet, Perimeter is launching a four-part blog series during NCSAM that will focus on four of the industries that are most at risk from cyber threats: financial services and banking, healthcare, government, and power and utilities. Our intent is to highlight the potential threats and ramifications of an attack on these sectors and how stronger vigilance can lead to a safer and more productive environment for all.
We will begin the series by taking a look at the financial services sector as it is extremely timely given the events of the past couple weeks. On September 21, we posted a blog discussing how some major US financial institutions experienced website service interruptions possibly due to cyber-attacks. We analyzed that in the wake of these events, the Financial Services Information Sharing and Analysis Center (FS-ISAC) has issued Security Advisory ID 2012-09-037 and raised the cyber threat level from “elevated” to “high” to call for heightened alertness.
The issues were first brought to attention when Bank of America’s website availability was intermittent. The following day the website of JPMorgan Chase suffered similar sporadic problems. Many sources attributed these two incidents to a hacktivist group. Earlier in the day, an alleged representative of this group posted a warning on pastebin.com threatening to attack Bank of America and the New York Stock Exchange. A day later, a second attack occurred against Chase.
In the advisory, FS-ISAC urged financial institutions to “ensure constant diligence in monitoring and quick response to any malicious events.” The advisory also warned that targeted attacks via exploitation of the recent Internet Explorer (IE) zero-day bug are actively circulating in the wild, in the absence of a permanent fix. Microsoft posted temporary workarounds, and provided a patch on Friday, September 21.
There was also an excellent piece by David Goldman in CNNMoney this past week describing what has been the most intensive week of cyber-attacks ever seen on the financial services market. Goldman writes that since September 19, the websites of Bank of America (BAC, Fortune 500), JPMorgan Chase (JPM, Fortune 500), Wells Fargo (WFC, Fortune 500), U.S. Bank (USB, Fortune 500) and PNC Bank have all suffered day-long slowdowns and been sporadically unreachable for many customers.
Now, we know banks and other financial service companies getting hit by attacks is nothing new. In fact, according to Perimeter’s own E-Security 1H 2012 Financial Institution Threat Report issued in August, it has become the expectation, and not the exception. Normally the security procedures put in place are enough to thwart most attacks with little to no disruption to bank operations. In this case however, the security systems became overwhelmed and unable to deal with the massive number of attacks launched against them. This speaks to the increasing levels of coordination and sophistication hackers are able to undertake in today’s cyber battles.
In our first half report for 2012, we summarized security incidents based on data from 861 financial institution customers. During that period, 1,619 likely and confirmed compromises were detected. Of these, 43% targeted small, 38% targeted mid-sized, and 19% targeted large institutions. In total, 483 financial institutions were affected by those incidents. A majority of our financial customers (56%) experienced at least one security incident in the last six months. Large institutions had the highest average number of incidents per institution: six, about one per month. Based on our analysis, Trojan horses and the Blackhole exploit kit are the most common threats facing financial institution customers today. This analysis confirmed the trend of cyberattacks increasing against financial institutions.
Financial institutions are particularly vulnerable to cybercrimes such as phishing and identity theft. We have seen numerous security incidents that have resulted in significant losses to the victim institutions. A common propagation vector is targeted phishing emails addressed to employees with privileged account access. Once the recipient opens the link or the malicious attachment in the email, malware (in most cases, a Trojan) is installed. Sensitive account information is collected, which leads to unauthorized monetary transfers and customer data compromises. Based on the six-month incident data, Trojans turned out to be the major threat category facing financial institutions.
So what does this all mean? The ability of an attacker to take down the systems of any large financial institution has the potential to wreak havoc on the entire market. If systems are frozen, assets are not moving and analysts can become blinded to changing market conditions putting assets and investments at considerable risk. Magnify this out across the entire banking system as well as the exchanges and you create a completely unstable environment. In early August, Knight Capital Group suffered a $440 million pre-tax loss as a result of a computer glitch. Can you imagine for a moment the damage a sophisticated attack against our nation’s largest banks and brokerage houses would cause?
It is unlikely that the tide of attacks against banks and other financial services companies will ever be stemmed, creating increased importance on the security solutions to negate the advances in their attacks. If these past couple weeks are any indication, the level of activity is being brought to a new high and it is incumbent upon the security industry to respond.
Trackback from your site.