search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
CYBERSECURITY


IBS Journal January 2018


19


Cybercrime and the case for upping the defence


Risks from external and internal threats have evolved and cybercriminals have become increasingly sophisticated. Banks and corporates need to work together to keep them at bay, says Carsten Fischer, managing director, head of information security operations at Deutsche Bank


B


anks and corporate treasuries have been established as the top targets for cybercriminals, be they individuals, organisations or even those linked to nation-states. The primary motivation to attack is to make money, and cybercriminals invest heavily in developing capabilities to enable this.


It’s easy to see why banks and treasuries are such an attractive target. Once inside, cybercriminals are able to move large amounts of cash fast – as well as tap into rich repositories of valuable and sensitive client data. Cybercrime is now estimated to cost the global economy more than US$400 billion a year and is expected to take out as much as US$2.1 trillion by 2019 .


Attack sophistication is growing. Perpetrators are increasingly well trained, highly professional and equipped with all relevant resources such as computing capacity, exploitation and masking tools. This can be seen in the evolution of attacks from ‘script kiddie’ attacks to well-planned cyberheists that incorporate sophisticated custom malware, persistence, counter-forensics and money-laundering techniques.


In terms of financial institutions, tighter direct relationships between systems, stronger indirect relationships arising from the activities of large financial institutions in multiple systems and broader commonalities, such as the use of common third-party service providers such as SWIFT and real-time gross settlement systems (RTGS) have, according to a World Economic Forum white paper from October 2016: “led to a complex web of interconnections”.


A particular wake-up call for the banking sector was the attempt to steal $951million from Bangladesh’s central bank in February


2016 via 35 different money orders. US$81m was lifted before being blocked – a spelling error in a recipient account sounded the alert. Malware had been inserted into the bank’s computer systems that observed legitimate transactions before generating its own fake, fraudulent transactions, which were then executed via the global financial messaging system.


While there is no 100% security, many breaches are already preventable with good practices. Ronald Dick, hief of the National Infrastructure Protection Centre (NIPC) said that 80% of the issues the NIPC responds to could have been prevented if system administrators had been able to download a patch and repair their systems. Studies from cybersecurity product provider Symantec show that more than a third of data breaches are caused by negligence or human error.


www.ibsintelligence.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44