Cyberattacks: What’s Keeping Regulators Up at Night?
It’s nearly impossible to escape headlines about the increasing frequency, sophistication and magnitude of cyberattacks taking place around the world. Practically every industry is at risk, from government agencies and multinational banks to healthcare insurance companies and online merchants.
International law firm Paul Hastings published a paper highlighting the critical cybersecurity issues faced by financial institutions, which consists of businesses that are most susceptible to cyberattacks due to the abundance of money and private data that they hold. The growing threat of cybercrime in the financial sector has also drawn the attention of regulators, as losses from cyberattacks continue to rise. As a result, banks are faced with the difficulty of protecting their monetary and data assets from cybercriminals while trying to deal with tougher regulatory requirements and requests from law enforcement at the same time.
What is making cyberattacks a greater threat to financial institutions?
Targeted Attacks More Common
Cyberattacks are typically either targeted or untargeted. Untargeted attacks focus more on casting as a wide a net as possible to trick a large number of unsuspecting victims into divulging their login or other personal information by email or on a bogus website. Targeted attacks, on the other hand, are custom-made for the financial institution using tactics such as email sent to specific employees and direct attacks on the bank’s servers and networks. Consequently, targeted attacks are usually more effective in obtaining greater amounts of money and information by exploiting known or discovered weaknesses in the bank’s computer systems.
Increasingly Sophisticated Strategies
A report released by cybersecurity firm Kaspersky Labs details how an unknown group of cybercriminals infiltrated several financial institutions and stole up to $1 billion. The group took advantage of in-depth knowledge of vulnerabilities in commonly-used office productivity software to send email posing as legitimate bank communications. The email contained malicious software that provided the criminals with access to the victims’ computers and networks. The success of this series of attacks hinged upon the hackers’ ability to leverage several security loopholes to quietly gather enough intelligence from legitimate users and administrators before making their move.
How can banks reduce their cyberattack risk while managing regulators’ expectations?
Create and review cybersecurity plan regularly
Financial institutions should be proactive by putting together a plan to deal with cyberattacks before they occur. By being prepared, they can quickly identify and mitigate threats quickly.
Set up an internal cybersecurity incident response team
Banks should create a team made up of internal staff that has security expertise and knowledge. This team should be given the authority to make key decisions in the event of a cyberattack.
Appoint outside legal counsel
In addition to having internal resources to handle cybersecurity issues, financial institutions also need to secure external counsel with expertise in regulatory compliance, privacy, and consumer protection issues.
Maintain and monitor information security systems
As cybercriminals constantly evolve and adapt their attack methods, financial institutions also need to ensure that their existing security systems are up-to-date and effective. Ongoing monitoring and testing should be carried out on a regular basis.
Provide training to employees
In the ongoing war on cybercrime, bank employees are the first line of defense. Staff need to be provided with the necessary cybersecurity awareness training in order to recognize potential attacks such as suspicious emails and to identify and report unusual transactions quickly.
Be ready to deal with the authorities
An important part of any response to a cyberattack is reporting the incident to both regulators and law enforcement. The internal security team should work closely with the bank’s legal team to collect as much related information as possible, including information about the crime itself as well as the actions taken and the plans to mitigate the damage.
Rehearse the cyberattack response plan and be ready to use it
For a plan to be effective, the financial institution’s entire organization should familiarize itself with the plan by practicing dry runs. When a cyberattack occurs, employees will know what to do and be able to quickly put the plan into action.
While the above measures will certainly help financial institutions manage their cybersecurity risk, they should not be expected to fight the battle alone. Working from the principle of strength in numbers, U.S. President Obama signed an Executive Order in February that encourages stronger collaboration between government and the private sector through the creation of information sharing and analysis organizations (ISAOs).
“Both businesses and consumers clearly stand to gain from closer collaboration between industry and government,” said Anatoly Kvitnitsky, Corporate Development Director at Trulioo. “For example, companies can share ‘watchlists’ containing information on cyber criminals with other companies and the government in order to quickly detect and prevent future attacks.”
Through active participation as ISAO members and the use of watchlists, financial institutions now have new resources at their disposal to bolster their cybersecurity defenses. Given the new approaches being used by criminals, banks can be better prepared to fight cyberattacks using the same strategy.
What else do you think that financial institutions can do to protect themselves from cybercrime?