Persistent Cyber Attacks and the 'New Normal'
By Hal M. Bundrick
NEW YORK (MainStreet) Financial institutions are facing persistent threats from cyber attacks -- it's a "new normal" for the industry, according to Booz Allen, the management consulting firm based in McLean, Va. The firm has released a report detailing the top cyber security trends challenging the financial industry in the coming year, warning the biggest threats may be to smaller, regional banks.
The report claims attackers are now moving from large-size banks to regional and mid-tier financial institutions due to their lack of security.
"Unlike their larger cousins, mid-tier and regional banks, wealth management organizations, hedge funds, etc., often lack the financial, technology and manpower to introduce widespread cyber security protections," a Booz Allen statement released with the report says. "When grouped together, these organizations are like a row of dominos that, when attacked, can create a cascade of systemic risks that could impact banks of any size."
Mobile platforms are also seeing an increase in new threats, including the Perkele Trojan and other cross-platform malware that exploit weaknesses in mobile device security. Booz Allen says that although Perkele has not yet spread globally, it is expected to grow rapidly beyond its point of origin in the Middle East during the holiday season, as consumers make more online purchases.
"As financial institutions increasingly deploy mobile and cloud technologies and integrate their partners, suppliers and customers, their data perimeters are becoming much harder to define," says Bill Stewart, senior vice president and head of Booz Allen's commercial finance program. "As a result, some are essentially redefining the concept of a network perimeter. They do this by developing a much more dynamic cyber security approach that includes actionable threat intelligence, advanced adversary hunting as well as data protection and access controls developed at a much greater degree of granularity."
The report says that as operational data is moved to the cloud, enhanced security controls are necessary to ensure that banks not only avoid sharing sensitive data but also defend against "adversaries moving laterally across their data sets."
Developing countries are expected to see a greater number of attacks on their local banks as countries across the Middle East, Latin America and Asia Pacific make great strides in modernizing their economic infrastructures. Such progress increases their profile, putting them on sophisticated attackers' radar.
The Saudi Arabian Monetary Agency says their banks are targeted by fraudulent attacks once every 14 seconds.
--Written by Hal M. Bundrick for MainStreet