Under attack, how banks can fight back

In March 2013, the Reserve Bank of Australia confirmed that hackers had penetrated its computers but failed to steal sensitive data or corrupt networks, amid growing alarm that sophisticated cyber attacks may leave banks and other organisations unaware they have been compromised.

There is an industry out there that targets banks, in this way, every single day. Criminals are no longer limited to stealing what cash they can carry from a bank as they can steal far more valuable data by going online. Today’s thieves are robbing banks through customers’ accounts.

According to the Trend Micro 2013 annual threat roundup report released in February, online banking malware more than doubled in Australia from Q1 to Q4 2013, while New Zealand volume increased by 276 per cent over the same period.

One major difficulty for banks is that modern cyber criminals can be almost indistinguishable from genuine employees. Once inside an organisation’s perimeter a cyber criminal will immediately aim to elevate his own authorisation levels to one of a privileged employee and use the clearance to steal data and other assets.

As a result, talking about insider and outside threats to banking security is an increasingly outdated way of thinking. Banks have to assume that they have already been breached and as a result need to act accordingly.

At the same time, however, some hackers have shifted the focus of their attention away from fraud to stealing raw company data which can be even more damaging. A customer’s personal financial information has real value to cyber hackers as it can be sold on to other criminals running sophisticated fraud operations. If a customer’s account is compromised in this way, real damage can be incurred to that institution’s finances and reputation.

So how should banks respond? Some organisations try to identify the tools a hacker is using. This method is flawed as it’s easy to build unidentifiable tools but what can be uncovered is the unusual activity and behaviour a hacker displays. For example, banks should look for an abnormal level of traffic going to a particular area of the bank or data flowing in new ways around the business. Being able to spot and identify these signs gives banks a far greater chance of spotting an attack.

While identifying the irregular signs indicating an intrusion is important, ultimately actions need to be taken to prevent an attacker getting a foothold within the bank to begin with. This comes down to carefully controlling what employees can access and ensuring they can only access the data they need. An individual may move departments and not need the access they previously had, this should be acted upon but in reality many organisations struggle to implement this approach.

Limiting access across an organisation makes it easier to spot hackers masking themselves as employees and better protects resources. Once this is in place it makes it far easier for the IT team to identify the unusual behaviour of a hacker and mitigate their effect.

The final action banks need to take is to put in place a plan of action for when a bad actor is found. What is the response? Who should be informed? Without this in-depth planning which seems obvious to many, organisations can end up struggling to respond effectively, leaving themselves exposed to greater damage.

Banks need to make available the time and resource to manage the access rights of their employees and get back on the front foot in the struggle with cyber criminals. If this is overlooked it will become increasingly difficult for banks to spot irregular behaviour early and mitigate the effects.

Many organisations make the mistake of spending too much time on defence, thinking they’re protected and not enough on detection and response. Cyber attacks aren’t about to go away and banks need to ensure that they have the tools and processes in place to reduce the chances for fraud or a damaging data breach.

Geoff Webb is senior director, solution strategy at NetIQ.

Join the CSO newsletter!

Error: Please check your email address.

More about NetIQNetIQReserve Bank of AustraliaTrend Micro Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Geoff Webb

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts