Posted by Tony Berning / October 12, 2015
Previously, I discussed the unique challenges facing the energy industry, with regards to designing an appropriate data security strategy. Now I will be taking a look at the financial industry, where there is also a need for appropriate cyber security measures, although differing from that of the energy industry.
Digital Evolution in Finance
Over the past few years, the financial industry has been moving towards more digitization and greater accessibility. This has been mostly driven by the industries' competitive nature. In retail banking, customers now expect to have access to their accounts at any time, from any device that has access to the Internet. Banks are also offering more services to users than ever before, from digital check deposits to money transfers, removing the need to interact with bank officials. Any bank that does not offer these services will surely lose customers to competitors that do. Unfortunately, these new services provide an easy way for cyber criminals to attack financial institutions. Some of the threats affecting the financial industry, such as Carabank, have taken advantage of this digitization trend by using multiple channels to extract funds from banks that they have compromised.
Similar forces are driving commercial banking towards increased automation and connectivity. The majority of trades of equity, currency and commodities, are now done via electronic exchange, where transaction speed can make or break a trade. Automated algorithms now execute trades so quickly that the physical distance that trade orders need to travel (at the speed of light), to reach trading platforms significantly impacts profitability. This focus on speed has pushed more and more operations to become automated and less focus on transactions involving human interaction.
Different Malware Motives
This combination of greater automation with more information being stored on interconnected networks means that financial institutions have a lot more to lose if hit by a cyber attack. Because of the potential for large gains, malware developers have rapidly adapted the methods they use, creating new types of threats such as banking malware. There are many different attack vectors that need to be considered, as well as various strategies that attackers may be using that need to be addressed. For instance, some attackers may attempt to get information out of financial institutions, such as customer information, account numbers, etc that they can then use for financial gain. An example of this can be seen with the recent Shifu attacks on Japanese banks. Other attackers may be looking to compromise systems within an organization and modify their behavior to either move cash out or to create conditions that they can then profit from. In contrast, other attackers may not have a financial motive at all, instead aiming to sabotage critical financial networks for geopolitical reasons. Financial institutions need to protect themselves from a wide variety of attacks, which differs from the energy industry which focuses primarily on preventing sabotage.
Authentication and Sanitization
When designing a data security policy, financial institutions need to address threats as part of a comprehensive program. The first step is to make sure that proper authentication is in place before conducting any transactions. Most banks are now are using multi-factor authentication to ensure that the customers using their online services are who they say they are. After confirming the identity of the party performing a transaction, it is still important to check all data in the transaction to make sure that the user isn’t unknowingly bringing in any malware. This can be done by defining a secure data workflow, preferably one that incorporates multiple anti-malware engines and data sanitization, to detect and eliminate any threats.
Segregating Sensitive Data in Isolated Networks
Handling sensitive data is best addressed by keeping that data in segregated networks that have limited access to outside, less secure networks. This reduces the likelihood that the data can be extracted by any malware that has managed to compromise the secure network. A combination of secure data workflow policies and unidirectional transfer devices (data diodes) can be used to make sure that high-security networks stay appropriately isolated.
Performing Regular Scans
A regular security scan should be part of any financial institution’s security strategy. Advanced Persistent Threats (APTs) can stay in a network for long periods of time, mutating to avoid detection and waiting for an opportunity to carry out an attack. One of the most persistent threats in the financial industry, ZeuS, has been around for almost 9 years and is still constantly adapting in order to compromise more systems. The Shifu virus, mentioned above, has continued spreading as well, moving from Japan to the UK, even though its existence is already known within the financial industry. Anti-malware engines are always updating their detection techniques and databases, so it is important to perform regular system scans and check files for threats that may have gone previously undetected. This is even true for secure networks that have been fully scanned before.
Financial institutions are at risk from cyber threats because of the large amounts of money they handle as well as the technological innovations they are making that leave them vulnerable to new attack vectors. It is crucial that these organizations consider the security implications of any new technology, in order to keep up with the evolving threat landscape.