The problem with modern day bank robberies

How banks can fight back and keep the hackers at bay

It used to be easy enough to spot a bank robber. With their balaclavas and weapons of choice, the criminals would simply storm in demanding money and everyone knew exactly what was happening. While criminals still occasionally resort to traditional methods, it’s rare to see the dramatic Bonnie and Clyde-style bank heists of the 20th century.

Instead there’s a new form of bank robbery that has the potential to do damage on a much larger scale. Shifting the focus from physically taking funds from a bank, the prize for criminals these days is obtaining a bank’s saleable data by hacking into its network. In fact, a recent report from KPMG suggested that the next major shock to the economy could come from a cyber attack.

Hackers are using a variety of techniques to gain access to data held by banks. One approach is to mask their attacks with a Distributed Denial of Service (or DDoS) event. This essentially floods a bank’s network with requests, until the system becomes overloaded and is even brought to a standstill. Criminals use it as a means to divert attention from an actual attack which is often more focused on infiltrating the network and establishing a beachhead for later data theft..

According to Google’s Digital Attack Map, which reveals information about DDoS attacks based on their country of origin, a significant attack was launched from Australia on August 20 of this year, which resulted in many gigabytes of data per second being sprayed around the world and potentially overloading systems. It was considered to be among one of the worst for 2013.

The key problem for banks is that it is extremely difficult to narrow in on the type of individual who would be responsible for such a crime. Unfortunately, unlike the masked men who used to walk into an unsuspecting branch, hackers are hard to trace, and once they are inside the network, they are often completely indistinguishable from a bank’s employees. Inside the perimeter of the bank’s network, they will impersonate an employee with so-called “privileged access” to critical systems, enabling them to further consolidate their hold on the bank’s systems and making them very hard to track down. This can allow them to access all the data they want and ultimately wreak complete havoc.

In fact, in many cases, banks should already assume that their network perimeters have already been breached and someone on the outside is acting as an insider.

Without a doubt, this has shifted the focus for banks. Online fraud is still a significant concern but it’s also understood that data theft needs to be prevented. Quite simply, if customers find that their private information has been stolen or accessed by a criminal, they are going to take their business elsewhere. If this is done en masse, it could significantly deplete the customer base as a whole.

Given that no solution is ever going to be 100 per cent fool-proof, banks need to not only take preventative measures, but also look at how they can limit the impact of such a breach, should hackers succeed in getting inside their networks. Essentially, the focus needs to be on protecting corporate information and preventing a full-scale shutdown of the bank’s operations.

Savvy banks and businesses generally are realising that the key to protecting themselves from hackers is to better understand hacker’s behaviour and the patterns of cyber activity that could point to their presence. This means taking notice of abnormal data flow and online traffic and monitoring the behaviour of privileged users. Any sort of unusual spike in activity could be a warning sign.

Of course the one true way to limit the risk of an attack is to set controls and limitations around what data can be accessed by employees and other business insiders. Employees should not have access to information that they don’t need and the access they do have needs to be regularly reviewed. If possible, banks should reduce the number of privileged users altogether as the smaller the number of people with access to sensitive or valuable information, the easier it is to manage the risk of a breach. It also means that response procedures can be more easily deployed.

So while it is widely believed that the number of cyber attacks will continue to grow, careful prevention and response planning can work to offer some security to banks by minimising the risks. Quite simply, banks and their IT advisers have an obligation to reduce the chances of attackers successfully accessing data by posing as employees. By simply implementing the required tools for monitoring online activity, banks can spot an attack, or a potential attack, sooner.

Geoff Webb is director, solution strategy at NetIQ.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber security

More about GoogleKPMGNetIQNetIQ

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Geoff Webb

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts