Share the article
twitter-iconcopy-link-iconprint-icon
share-icon

Cybersecurity: work together and be vigilant

Cybercrime is not a new threat but the attacks and ‘precise targeting’ by fraudulent parties are becoming more sophisticated. Marcus Sehr, global head of client management and sales for institutional cash management at Deutsche Bank, highlights the seriousness of cyberfraud and the need to foster awareness, and outlines the steps the banking community should take to defend the financial system’s integrity.
Share the article
twitter-iconcopy-link-iconprint-icon
share-icon
Cybersecurity embedded

The banking industry has traditionally been a favourite target for cybercrime because of the potential rewards on offer if an attack proves successful. The forms these attacks come in are abundant and diverse, including viruses and worms, spam emails, trojans, distributed denial of service (DDoS), scareware, zero-day attacks, phishing and malware.

As cybercriminals become more innovative, banks are being forced to spend substantial time and money on countermeasures, since they know any damage criminals do could potentially be both extensive and permanent. Indeed, as banks increasingly embrace digital, it is crucial that both market infrastructures and client transactions are afforded the highest level of protection possible.

Not surprisingly, international banks are dedicating resources towards fulfilling that goal. According to the Banking and Financial Services Cybersecurity: US Market 2015-2020 Report,published by Homeland Security Research, the financial market is predicted to become the fastest growing non-government cybersecurity sector, exceeding $77bn in cumulative revenues between 2015 and 2020.

International payments

For banks working in the cross-border payments area, recent incidents have highlighted that the global payments industry has to tackle all kinds of threats in its day-to-day business. It also showed that Swift – viewed by the banking community as a reliable network underpinning more than $6000bn of payment transactions per day – could potentially be misused for fraudulent money transfers and theft. Rather than directly attacking the network itself, the criminals may use Swift members as a ‘back door’ to bypass security measures. Banks and other financial institutions, therefore, have to remain highly vigilant and maintain a high level of cybersecurity in every link in the cross-border chain.

Industry response

To its credit, Swift responded quickly to the cyberattacks, even though its network, software and core messaging services were not compromised. In May, it launched a customer security programme, outlining a number of combative measures. The consortium is urging banks to improve information sharing across the financial community. In particular, timely notification of breaches would help banks within the network to revoke fraudulent transfers without loss. Additionally, a quick relay of information could help prevent other financial institutions becoming victims of identical scams. 

Swift is also proposing enhanced guidelines and security audit frameworks. It encourages toughened security requirements for customer-managed software, as well as the introduction of certification requirements for third-party providers. Finally, it urges banks to increase the use of pattern controls to identify suspicious behaviour.

Deutsche Bank fully supports the Swift programme, especially around information sharing. This is vitally important in finding the right balance between detection, prevention and response. To this point, industry bodies such as the Financial Services Information Sharing and Analysis Centre can act as the global financial community’s go-to resource for cyber and physical threat intelligence analysis and information sharing. Many other such organisations already exist and should be used more.

Role of regulators

Going forward, it is in the interest of the banking industry that regulators continue to compel institutions to mitigate the risks posed to the financial system by malicious cyber activities. Such requirements should include:

  • Strong collaboration and data sharing.
  • Improvements in technology infrastructure.
  • Third-party vendor management.
  • Improved control of administrator access through the use of two-factor layered authentication and monitoring the use of administrative accounts.
  • Adequate plans for responding to and recovering from cyber incidents.

However, when there are multiple jurisdictions involved sometimes cross-border transactions can slip through the net. Therefore, it is not enough that just one or a few regulators demand that banks in their jurisdiction implement secure procedures – all of their counterparties across the globe must do the same.

Preparedness and awareness

Compared with other industries, the financial services industry has a superior level of diligence and protection. Banks spend millions of dollars on technology in an attempt to limit the spread of threats that manage to get through the network. They implement controls in multiple layers of their infrastructure and deploy tools such as intrusion prevention systems.

Many banks conduct regular security assessments on infrastructure with penetration tests across all channels, as well as surveillance to ensure early intrusion detection. They also have high security measures in the form of multi-layered login authentication, transaction verification, encryption and time-out features.

However, technology alone cannot solve the problem. Continuous education and awareness play a key role. Banks need to insist that at all times cybersecurity basics are adhered to – such as not clicking on links or attachments in suspicious emails, using browsers correctly, regular patching programmes and being careful when information sharing.

Pulling together 

Cybercrime is now very much at the top of the C-suite agenda. Although banks must comply with the highest level of technological standards in the fight against cybercrime, they must also realise that cyber attacks can never be completely prevented and no matter what technology is deployed, this alone will not suffice. The industry as a whole must intensify its collaborative efforts – and this includes banks, their clients, regulators, market infrastructures and industry bodies.

Methods of attack: internet fraud and cybercrime schemes

The business email compromise, where scams target businesses that regularly perform wire transfers, is rapidly becoming the most commonly used method of attack by cyber criminals. These include:

‘Fake president’

  • The email account of a high-level executive (usually the CEO or chief financial officer) is exploited.
  • A fake email is sent to a company’s controller requesting a significant amount is wired to a foreign bank account.
  • The fraudulent email asks for the transfer to be executed on an urgent basis to facilitate a foreign transaction.

Employee’s personal email hacked

  • An employee of a business has their personal email hacked.
  • Requests for invoice payments to fraudster-controlled bank accounts are sent from this employee’s personal email to multiple vendors identified from the employee’s contact list.
  • The businesses may not become aware of the fraudulent requests until they are contacted by their vendors to follow-up on the status of the invoice payment.

Phishing email with fake links

  • A criminal sends an email to a payment operations employee in the targeted corporation.
  • These emails appear to be from the financial provider asking for information about an update on a payment system software.
  • The phishing email will ask the employee to fill out a form or click on a link or button that takes them to a fraudulent website.
  • The fraudulent website mimics the company referenced in the email and aims to extract the employee’s personal data, including user ID and password, from the targeted online banking application.

Malware

  • This is software designed to gain access or damage a computer without the owner’s knowledge.
  • It can be through a ‘botnet’ – a network of computers controlled remotely by hacker herders to spread viruses. 

Was this article helpful?

Thank you for your feedback!