Banking on risk intelligence to protect the digital vault

Banking on risk intelligence to protect the digital vault

Josh Lefkowitz

CEO at Flashpoint

Views 734

Banking on risk intelligence to protect the digital vault

09.08.2019 11:00 am

There’s no such thing as one size fits all when it comes to the intelligence needed to uncover, specify, and prevent cyberthreats. Each industry faces unique challenges and vulnerabilities as criminals tailor their activities to target prime assets. The financial services sector occupies an undeniable position in the crosshairs of cybercriminal activity. Intelligence analysts and cybersecurity teams tasked with protecting the business need in-depth understanding of the risks and weaknesses of financial institutions so they can mount an effective defence.

Targeting the digital vault

Banks and financial institutions face a complex set of circumstances when it comes to threat management and compliance risk. First, their “product” is the very thing that cybercriminals typically desire most – money – meaning that, unlike many other industries, they are directly targeted on the basis of their core activity. Instead of primarily targeting customers, cybercriminals are also focusing on stealing money directly from the source by attempting to access and maintain a persistent presence on banking networks such as the Society for Worldwide Interbank Financial Telecommunications (SWIFT) network. In 2016, for example, this presence was used in an attack against the Bangladesh Bank, which resulted in more than $850 million in fraudulent transactions initiated through the network.

Second, banks collect and process huge amounts of personally identifiable information (PII) to verify customer identities and protect against fraud. This credential data is a sought-after commodity among criminals who plan to use it to perpetuate the very fraud it’s meant to prevent. The risk here lies on at least two fronts: the data stored on bank networks may be targeted directly, such as through credential theft, credential-stuffing attacks, or insider threats, among other means. Alternatively, the bank’s customers may be hit by phishing and other social engineering schemes as well as banking trojans designed to steal their passwords, other security information and credit/debit card numbers.

In addition to these external threats, financial institutions have to manage insider threat risk, and the regulatory and compliance risks they face if their systems are used for illicit purposes such as money laundering.

Tracking emerging tactics, techniques, and procedures

Faced with this litany of threats via multiple vectors, banks adopt a strong defensive posture to protect systems and customers. From physical security to cybersecurity, the finance sector is probably the most advanced in the world.

Defence is less effective, however, without solid intelligence on specific risks that guide where efforts should be focused. To ensure that financial institutions are marshalling their defences effectively, and prioritising responses to meet current and emerging threats, business risk intelligence (BRI) provides essential context.

The effective use of BRI starts with anti-fraud and cybersecurity teams working together to build a comprehensive picture of business risk and the weaknesses exacerbating that risk. They then map this information to current intelligence about how their adversaries are planning to exploit those weaknesses. This intelligence can be gathered from multiple sources, from illicit deep & dark web (DDW) forums and open web sources, to “card shops” where stolen credit card data is offered for sale – anywhere cybercriminals discuss tactics, plan campaigns, and market their stolen goods. The aim is to utilize the security and anti-fraud teams’ knowledge of the high-level threats the institution faces to hone in on specific indicators of emerging threats directly targeting the company. 

From general risk to specific threat

Take as an example the issue of password security. Passwords are a weakness in the security chain and hackers regularly devise tools to crack them and access accounts. Consequently, banks devote resources to protecting against this general threat. However, when BRI uncovers a DDW actor that has released a new version of a password-cracking tool specifically designed to compromise online accounts of a particular bank, that bank can use this information to act swiftly to mitigate the vulnerability.

Similarly, money laundering is a critical risk for financial institutions who are subject to strict regulation with international jurisdiction and large financial penalties for negligence. All institutions must protect against money laundering through robust policies and compliance checks. However, cybercriminals are always looking for new ways to launder money, so companies must remain alert. As a case in point, our BRI analysts observed discussion of a new criminal technique to launder funds from compromised bank accounts and stolen credit cards by leveraging subscription services offered with business accounts with a major online payment service. Alerted to this risk, clients were able to take corrective measures to protect customer accounts and eliminate that specific money-laundering risk.

Thinking ahead to monitor strategic risk

Risk assessments and threat monitoring cannot be limited to a point-in-time activity. The financial services environment is constantly changing and threats emerge and evolve to match. As fast as the sector devises new ways to serve customers and provide convenient, secure access to banking, the cybercriminal community is working on ways to infiltrate and leverage them. The use of mobile phone text codes, used to provide authorisation for transactions, is one such example. This additional security layer was exploited earlier this year by cybercriminals who intercepted messages by tracking customers’ phones, and used the information gleaned to empty bank accounts.

Financial institutions need to think ahead whenever a new feature or service is introduced and anticipate how it might be breached, because they can be certain that threat actors are doing just that. Our analysts encountered this prior to the launch of chip-based credit cards in the US. They spotted indicators of compromise on the DDW relating to EMV chip recording software and manufacturing techniques that could be used to make fake chip-enabled cards. This intelligence was used to inform rollout strategies and re-evaluate the risk associated with EMV.   

Intelligence analysts need to be fully briefed on the roadmap for financial products and services so that they can keep watch for evidence of emerging threats in the cybercriminal communities that they monitor. Armed with BRI, financial institutions can assess risk and identify specific threats. They can also adjust their risk posture based on valid intelligence and better focus defensive activities. This strengthens their ability to protect the digital vault and keep customers’ money, and data, safer.

Latest blogs

Christian Wiens Getsafe

Why Challenger Insurers Are Doing Better Than Challenger Banks During the Coronavirus Crisis?

The 2009/10 financial crisis hit insurers much less than banks. Challenger banks such as Monzo, Revolut, Starling Bank and N26 took advantage of the increasing scepticism and dissatisfaction of customers. With their promise of "no bullshit banking" Read more »

Sponsored Post

How to Earn on Cryptocurrency?

In 2010 one developer from the USA made a very unprofitable deal. This guy changed 10,000 Bitcoins to one pizza. Imagine how much money he would have today if he didn’t make this deal! And this is, as I think, the best example of a bad Read more »

Mike Kiersey Boomi

Businesses looking at M&A post-Covid-19 need to keep integration in mind

At a time when M&A has the potential to become increasingly strategic, a clear post-merger integration plan becomes vital to maintain business-critical applications, IT systems and data. Both companies involved need to understand the importance Read more »

Doug Brown NCR Digital Banking

Self-Service Banking Has a Defining Moment With COVID-19

Consumers and businesses around the world have increasingly shifted to digital self-service banking due to convenience. The ability to access money and banking services anywhere and anytime has proven essential. For banks and financial institutions Read more »

Joseph Cordahi NeoXam

Covid-19: why volatility stress-testing must extend beyond the banks

Stress-testing has become a common tool of regulators and central banks to assess the readiness of banks to deal with sudden volatility in global markets. With Wall Street suffering its worst day since the 1980’s in March, and Covid-driven Read more »

Related Blogs

Quinn Perrott TRAction

Why further Brexit delay creates greater reporting uncertainty for fund managers

There is a funny sense of déjà vu when it comes to the latest twist in the Brexit saga. The trouble is that whenever the can gets kicked down the road, market participants put Brexit to one side and allocate IT, process management and compliance Read more »

Christian Damour FIME

Flying solo with mobile payments: Why choose HCE?

Smartphones are central to our daily lives. We manage our personal and business affairs, watch movies, track our health and, increasingly, make payments. Adoption of mobile payments is rising considerably worldwide, with predictions estimating it’ll Read more »

Elina Mattila Mobey Forum

The Internet of Things Opportunity for Financial Institutions

Engaging with the Internet of Things (IoT) and the data generated by it, presents a real opportunity for financial institutions (FIs) to innovate and transform their own products and services. On the flipside, failure to do so may, in time, Read more »

Lars Sandtorv MeaWallet

A Star is Born: EMV SRC Takes the Spotlight

With the first implementations of EMVCo’s EMV SRC specification entering the ecosystem, now is the perfect time to ask ‘what is EMV SRC and how will it interact with tokenization?’, not least because the specification has been making waves since its Read more »

Luiz Guimaraes OSPT Alliance

Why consider open standards for ID solutions

Driving licenses, transport cards, employee access control, health services… governments and associated bodies across the world are faced with a number of ID solutions to be developed, managed and delivered. And in an increasing effort to streamline Read more »

Free Newsletter Sign-up
+44 (0) 208 819 32 53 +44 (0) 173 261 71 47
Download Our Mobile App
Financial It Youtube channel