Hackers have their gaze fixed upon the financial sector. This year in particular has left many banks, credit unions, brokers, insurance companies, stock traders, payment processing firms and other such entities with that feeling of staring down the barrel of a loaded gun.
According to research from ThreatMetrix released in early 2016, banks and other financial organizations faced the highest number of organized cyberthreats of any industry. The report predicted that a major financial institution breach was imminent for the year ahead. Not a month later, it was announced that Bangladesh Bank had been breached, resulting in the theft of $81 million by cybercriminals.
Breaches of financial institutions take weeks, sometimes months, of planning. It’s not like any old lone-wolf cybercriminal can purchase malware on the dark web, and expect any measure of success. These attacks take cunning. They take time. They take planning, and above all, they take stealth. Unfortunately, not all organizations are in a position to defend against attacks that employ these attributes.
A huge challenge for small and mid-sized organizations
“They often don’t have the detective tools they need.”
Hackers will typically use a mix of social engineering schemes and surveillance malware to orchestrate breaches of financial institutions. Ransomware and other showy threats that announce themselves won’t necessarily reap the substantial gains that cyberattackers are after when they target finance. The goal is to get in quietly, scope out the network, monitor activities so as to be able to mimic them and avoid setting off any red flags, and finally, to slowly siphon the information – or money – that they’re after. These cybercriminals might use some form of phishing scam to get an insider to divulge login information. They might scour the deep web for disgruntled former employees looking to do harm. They might simply get lucky and exploit the carelessness of an employee.
The problem is that many credit unions and mid-market institutions don’t always have access to the same resources as big banks. So while they can fend off the low-hanging fruit of cyberthreats, they often don’t have the detective tools they need to identify the less noticeable traces of a cybercriminal mastermind.
In fact, many banks may not even be able to immediately detect that funds have been moved. This is because cyber heists typically entail the theft of smaller amounts of money that are gradually pilfered from multiple institutions so as to avoid bringing attention to their nefarious activities. In this way, the Bangladesh Bank incident is sort of an anomalous event.
A more apt example of a cyber-robbery scenario is the one that occurred in 2013. According to The New York Times, cybercriminals managed to steal a known minimum of $300 million dollars by infiltrating 100 banks in more than 30 countries. Bear in mind that this amount is only what the officials were able to identity. Because the hackers responsible never stole more than $10 million from a single institution, it’s hard to account for each and every incident of theft. According to USA Today, the actual amount stolen could have been closer to a whopping $1 billion, which would make it the largest heist in history.
Better cybersecurity starts with stronger cyberthreat detection
In a forthcoming white paper produced by Arctic Wolf Networks, cybersecurity researchers will address the nature of the sophisticated cyberthreats facing banks in greater detail. The white paper will also delve into the key component that so many mid-market financial organizations are missing: stronger detective capabilities.
While big banks typically own and operate their own security operation centers, too many mid-market firms are lacking the expertise, and in some cases, the resources necessary to identify the earliest signs of an intrusion. When you consider that the information and assets of regional banks is no less valuable to cybercriminals than that of a larger bank, it seems nonsensical that one would have a better detective defense strategy than the other – especially when you consider the example mentioned above.
AWN’s research will look at some of the reasons for why mid-market financial firms struggle with cyberthreat detection, and more importantly, how they can overcome these challenges once and for all, cost affordably.