It used to be easy enough to spot a bank robber. With their balaclavas and weapons of choice, the criminals would simply storm in demanding money and everyone knew exactly what was happening. While criminals still occasionally resort to traditional methods, it’s rare to see the dramatic Bonnie and Clyde-style bank heists of the 20th century.
Instead there’s a new form of bank robbery that has the potential to do damage on a much larger scale. Shifting the focus from physically taking funds from a bank, the prize for criminals these days is obtaining a bank’s saleable data by hacking into its network. In fact, a recent report from KPMG suggested that the next major shock to the economy could come from a cyber attack.
Hackers are using a variety of techniques to gain access to data held by banks. One approach is to mask their attacks with a Distributed Denial of Service (or DDoS) event. This essentially floods a bank’s network with requests, until the system becomes overloaded and is even brought to a standstill. Criminals use it as a means to divert attention from an actual attack which is often more focused on infiltrating the network and establishing a beachhead for later data theft..
According to Google’s Digital Attack Map, which reveals information about DDoS attacks based on their country of origin, a significant attack was launched from Australia on August 20 of this year, which resulted in many gigabytes of data per second being sprayed around the world and potentially overloading systems. It was considered to be among one of the worst for 2013.
The key problem for banks is that it is extremely difficult to narrow in on the type of individual who would be responsible for such a crime. Unfortunately, unlike the masked men who used to walk into an unsuspecting branch, hackers are hard to trace, and once they are inside the network, they are often completely indistinguishable from a bank’s employees. Inside the perimeter of the bank’s network, they will impersonate an employee with so-called “privileged access” to critical systems, enabling them to further consolidate their hold on the bank’s systems and making them very hard to track down. This can allow them to access all the data they want and ultimately wreak complete havoc.
In fact, in many cases, banks should already assume that their network perimeters have already been breached and someone on the outside is acting as an insider.
Without a doubt, this has shifted the focus for banks. Online fraud is still a significant concern but it’s also understood that data theft needs to be prevented. Quite simply, if customers find that their private information has been stolen or accessed by a criminal, they are going to take their business elsewhere. If this is done en masse, it could significantly deplete the customer base as a whole.
Given that no solution is ever going to be 100 per cent fool-proof, banks need to not only take preventative measures, but also look at how they can limit the impact of such a breach, should hackers succeed in getting inside their networks. Essentially, the focus needs to be on protecting corporate information and preventing a full-scale shutdown of the bank’s operations.
Savvy banks and businesses generally are realising that the key to protecting themselves from hackers is to better understand hacker’s behaviour and the patterns of cyber activity that could point to their presence. This means taking notice of abnormal data flow and online traffic and monitoring the behaviour of privileged users. Any sort of unusual spike in activity could be a warning sign.
Of course the one true way to limit the risk of an attack is to set controls and limitations around what data can be accessed by employees and other business insiders. Employees should not have access to information that they don’t need and the access they do have needs to be regularly reviewed. If possible, banks should reduce the number of privileged users altogether as the smaller the number of people with access to sensitive or valuable information, the easier it is to manage the risk of a breach. It also means that response procedures can be more easily deployed.
So while it is widely believed that the number of cyber attacks will continue to grow, careful prevention and response planning can work to offer some security to banks by minimising the risks. Quite simply, banks and their IT advisers have an obligation to reduce the chances of attackers successfully accessing data by posing as employees. By simply implementing the required tools for monitoring online activity, banks can spot an attack, or a potential attack, sooner.
Geoff Webb is director, solution strategy at NetIQ.