The financial sector has increasing embraced digital technologies but with it, the threat of crippling cyber attacks has become a major concern.
Banks and other major financial institutions have significant resources in the digital space. More money exists as data in a computer than in physical form. Cyber security has become increasingly important in protecting people and the entire financial sector against digital threats from around the globe.
“You have to realize 98 percent of capital is digital,” Strategic Cyber Ventures President Tom Kellermann told InsideSources. “Roughly only about two percent of the world’s capital is in cash or gold and all of that capital that is gold, its value is based on time due to liquidity.”
Kellermann previously worked as a senior data risk management specialist for the World Bank. There he wrote on how digital financing opens the door to cyber attacks. He has also done numerous talks on digital security. He warns the financial sector faces threats from other countries, non-state actors and organized crime.
“It’s not just a question that all major crime syndicates have made a business modeled after hacking people’s wealth through cyber,” Kellermann said. “But you also have to realize there are nation states and non-state actor groups who are trying to disrupt the financial sector and affect trust and confidence.”
Kellermann notes most bank heists don’t occur in the physical world with 98 percent happening in cyber-space. Criminals are likely to steal more and less likely to be caught when robbing a bank digitally. The decreased risks and the potential award are a huge incentive for criminals.
“Yet only five percent of those bank heists are successfully prosecuted–where the majority of physical world bank heists are prosecuted successfully,” Kellermann said. “$6,000 on average is what’s stolen from a physical bank robbery and the average cyber bank robbery is over two million.”
The financial sector also faces threats from world leaders and other foreign groups. Those like North Korean Leader Kim Jong-un and Russian President Vladimir Putin have a lot to gain by deploying cyber attacks against the financial sector in the United States.
“Think about non-state actor groups or people like oligarchs, cult of personality leaders around the world,” Kellermann said. “[They] might want to disrupt or destroy the U.S. financial sector in order to create capital flight out of the economy and create hyperinflation.”
There has been a huge spike over the past couple of years in fraud and intrusions into the financial sector. The Financial Crimes Enforcement Network, for instance, has tracked an increase in what is known as wire transfer fraud. Such fraud involves fake emails or websites to trick people into sending money or personal information.
“That’s why you are seeing a tremendous spike in wire transfer fraud and intrusions into financial institutions due to cyber attacks,” Kellermann said. “Most of this fraud now can be initiated by cyber.”
The financial sector being the subject of attacks is nothing new. September 11th wasn’t just a terrorist attack as it specifically targeted the financial infrastructure of the United States. Nevertheless, utilizing digital technologies has opened new doors for cyber attacks.
“The application of technology to the financial infrastructure in the U.S. in a terrorist fashion has already occurred a number of times,” Kellermann said. “But now cyber allows it to be done completely remotely, anonymously, and the risk/reward is in the balance of favor to thieves and the criminally minded.”
Kellermann adds that as a whole, financial institutions are not doing enough to safeguard against attacks. He notes that while some banks are, other are not. He also notes bank customers tend not to appreciate how serious the threats are because digital attacks are invisible and abstract.
“Some are and some aren’t,” Kellermann said. “There are a couple institutions that have done a lot more than others. I’m very impressed with what Bank of America, Citigroup and J.P. Morgan have done. I know J.P. Morgan suffered a massive breach, but as a result of that, they righted the ship.”
Kellermann has several suggestions to help both banks and their customers protect their assets. He notes financial institutions should change their corporate governance structure so that whoever is the chief information security officer is reporting directly to the CFO or CEO. They should also have a budget that is 20 percent of the total IT budget.
Banks and other financial institutions should also invest in new digital security methods. Kellermann argues classic system perimeter defenses are no longer enough. Companies should also deploy deceptive technology, behavior analytics and next generation authentication. Deceptive technology could involve fake accounts to trick hackers into taking a decoy that could be easily tracked.
Companies should also make sure advanced security is being deployed for all employees. Employee security could involve biometrics, passphrases and something they physically hold like a security card. Kellermann notes it’s best if employees are subject to at least two of those security safeguards.
Kellermann states bank customers also have several options to protect themselves against cyber attacks. He argues they should never use debit cards, they use passphrases instead of passwords and make sure their computer is updated and has adequate anti-virus software if they do banking online.