Highly sophisticated crime calls for an even smarter, more agile response, says David Ferbrache.
Cyber crime today is eye-wateringly big business. Economies and businesses worldwide are now suffering losses of around $600 billion a year. And that number could be just the tip of the iceberg, given that a high percentage of cyber crime still goes unreported.
Within financial services, the rapid adoption of a range of new technologies has made criminal activities increasingly easy to carry out, the perpetrators’ methods have become more brazen and sophisticated - and businesses defences are all too often not up to the task.
Different methods, same old crimes
In many ways, much of this is nothing new. Cyber crime is effectively an evolution of traditional crimes – extortion, blackmail, fraud and so on – transported online.
It’s the scale of the activity that’s evolved. We’re now facing transnational industrialised crime, where perpetrators structure themselves just like any legitimate business, right through to a C-suite of senior management presiding over a black market economy in tools, services and information.
Modern cyber criminal organisations are fleet of foot, ingenious and highly professional in their approach – run by ruthless, rational entrepreneurs with great ingenuity and a determination to follow the money – which is now in cyberspace.
There are three main types of cyber assault:
- Commoditised attacks, which are indiscriminate and deploy large scale attack software. If millions of accounts worldwide are scammed and just 1% end up paying a ransomware demand of perhaps $100, that’s a very lucrative outcome for the criminals. Crypto coin mining using compromised IT systems has also become increasingly attractive, as criminals follow the market.
- Tailored attacks, identifying companies worth defrauding because they undertake regular payments to, for example, contractors and suppliers. These attacks scrape social media for contacts and connections and then send emails purporting to come from, say, a CEO and CFO, using the correct names and login details. With $150k for the average sting, these attacks have netted at least $3.2 billion dollars in just two years.
- Highly targeted attacks - the most advanced and persistent threats within the banking sector, in which an entire bank’s system may be compromised, with tens of millions of dollars siphoned overseas. There have been several high profile attacks recently, generally on softer targets in developing countries. Were it not for vigilant anti-money laundering and sanctions controls, the criminals would have been successful in transferring over $3 billion over the last three years.
Beating the criminals at their own game
Given these increasingly pervasive risks, the climate has certainly never been more challenging. But there are a range of measures organisations can take to shore up their defences.
And, while technology may be aiding the criminals, it’s also a powerful tool for businesses to second guess and outwit attacks. It’s now far easier to detect unusual behaviour and rapidly contain phishing campaigns, for example, thanks to the enhanced threat intelligence and security responses.
How you can prepare:
- Adopt a holistic approach across your organisation, ensuring all the relevant separate security disciplines are joined up. Look at your fraud controls and how they monitor transactions and collect intelligence – and weigh up the right mix of detection and preventative techniques for your business.
- Step inside the mindset of the criminals to work out what they might want to target and how they would monetise it. Then determine what’s needed to quickly detect, block and respond to those attacks.
- Get the basics right - firewalls, anti-virus, patching, good passwords and other basic security solutions all still work well for many businesses as first line of defence. Then build additional security on top, such as detection and monitoring analytics, with a clear understanding of what’s normal in terms of behaviour and systems activity.
- Ensure you have board level sign off and senior executive involvement across the organisation.
- Join forces with other businesses within the financial services industries, technology providers, law enforcement and Government to share information on the patterns of threats and current best practice. These issues need a coordinated community-based approach if the infrastructure used by organised criminal gangs is to be disrupted.
- Remember, transparency is essential. Firms face mandatory disclosure of any data breaches to information commissioners, shareholders and the wider public.
- Stay vigilant for the long haul: Cyber crime isn’t going anywhere any time soon. But in this complex game of cat and mouse, the more informed, fast and flexible your response, the better.
For more information, contact David Ferbrache.