The war on cybercrime

Alpa Somaiya|25 July 2018
The war on cybercrime

Today’s world is more interconnected than ever. Although this has its advantages, the increased connectivity brings with it an increased risk of theft, fraud and abuse. The more we rely on modern technology, the more vulnerable we are to cyber attacks resulting in mass data breaches, account takeover, and synthetic identity fraud.

In response to the huge growth in cybercrime, banks are now taking a military approach to their online security. Knowing your enemy is a proven war tactic, and this is exactly what financial institutions are focusing on, in what is being called the “war on cybercrime”. This extreme view makes sense when you consider that cybercrime is one of the world’s fastest-growing problems and that the US Treasury Department recently designated cyberattacks as one of the greatest risks to the American financial sector. At least $445 billion was lost in 2014, as reported by McAfee, but this figure is projected to rise to $2.1 trillion by 2019 (Jupiter Research). With these astronomical sums at risk, you can understand that, to the financial sector, this fight feels like they are waging a war: a war not simply against financial loss or even the reputational damage that successful hacks incur, but a systemic threat at a time when so-called “state actors” are increasingly fighting their proxy wars online.

Fighting cybercrime has become the priority for banks, with Alfred F. Kelley Jr, Visa’s chief executive, telling investors that he is “completely paranoid” about it, and Bank of America’s Brian T. Moynihan saying his security team is “the only place in the company that doesn’t have a budget constraint.”

Inspired by the fusion centers established by the US Department of Homeland Security after the 9/11 attacks, banks and other players are opening similar strategic operational facilities. Focusing on monitoring cyberthreats, detecting fraud and fending off attempted breaches, these centers embody the no-holds-barred approach to cybersecurity in the financial industry.

To test tactics and weaponry, and to sharpen soldiers’ skills, the military sends troops into the field. The financial sector is responding to its cyber threat by creating its own military-style drill called Quantum Dawn, which is a simulation of a catastrophic cyberattack. Overseeing these simulations are former government cyberspies, soldiers and counterintelligence officials, who now form the top ranks of banks’ security teams. For example, Matt Nyman, who created Mastercard’s fusion center, is a former Delta Force soldier who fought in Iraq and Afghanistan. His new enemy is represented in popular imagination by a hoodie-wearing figure hunched over a keyboard.

Mastercard joins a number of US financial services companies that have opened fusion centers recently: Citigroup, Wells Fargo, Bank of the West, Fifth Third Bank all have centers across the country. Visa set up its first fusion center in Virginia two years ago, and will be opening one in Singapore and another in the United Kingdom in the near future.

As a testament to how seriously banks are taking the war on cybercrime, in the latest exercise of Quantum Dawn last November, 900 participants from 50 banks, regulators and law enforcement agencies responded to an industry-wide infestation of malicious malware that first corrupted, and then blocked, all outgoing payments from the banks. Over the next two days, new threats were added every few hours.

These tests are essential for exposing potentially fatal gaps. They could prevent attacks such as the one on Sony, in 2014, that exposed sensitive company emails and data, and demolished massive chunks of Sony’s internet structure.

Think about what would happen if something similar happened at a bank, especially a smaller one? The question to ask is “Would it be able to recover?“ This is what everyone in the financial industry is trying to avoid.

In terms of banks’ priorities, EY’s global outlook for 2018 reveals that:

  • 89% of banks view enhancing cybersecurity and data security as a priority
  • 85% of banks regard the implementation of a digital transformation program as a priority.

Conversely, it seems that many UK financial firms do not have any defense against cyber attacks, and the Bank of England (BOE) want to change that. Like any good drill sergeant, the BOE plan to “stress test” banks’ recovery times in “severe but plausible” scenarios, similar to those created in the US fusion centers. Lyndon Nelson, deputy chief executive of the BOE’s Prudential Regulation Authority, said recently that firms need to be on a “WAR footing: withstand, absorb, recover.” It seems that it’s now all hands to battle stations.

Share

About the author

Alpa Somaiya

Alpa Somaiya

Senior copywriter/Editor

Subscribe to our newsletter for our latest news, press releases and events

logo entersekt

Entersekt is an international software development company based just outside of Cape Town, South Africa.

We are leaders in authentication, app security, and payments enablement technology, offering a highly scalable solution set with a track record of success across multiple continents.