While JP Morgan Chase & Co. along with retailers Home Depot, Target and TJX Corporation get all the press attention when their systems are hacked, FX brokers, liquidity providers and traders are no less vulnerable. Cyber attacks are here to stay. That’s how delegates at SIBOS 2014 in Boston see it. During this annual bank technology conference organized by SWIFT, 80% of financial professionals polled during a session on cybercrime believe attacks are unavoidable. When moderator Ben Rooney, co-editor-in-chief of Informal and a former Wall Street Journal financial reporter, asked the group: ‘how likely is it that your institution will be a victim of a cyber crime in the next year?’; 44 per cent voted ‘very likely’ and 26 per cent ‘likely.” In addition to greed as a motivator, especially from Eastern European crime syndicates, cyber attacks emanate from nation states, terrorist groups and activists who see computer hacking as a form of protest. Heather McKenzie writes in her recent article titled Silver Lining in Banking Technology, “Financial institutions are increasingly required to collect, store, analyze and report on ever increasing volumes of data. Cloud computing is an attractive option because it enables firms to bypass sizeable investments in infrastructure, hardware, software and maintenance typically associated with data storage. The convenience and cost effectiveness of cloud computing have to be weighed against the security concerns.” For example, the illegal release of nude photos stored on Apple’s iCloud has turned “the cloud” and its suspected vulnerabilities into grist for the gossip mill. Nonetheless, Jubin Pejman, FCM360’s managing director, believes the cloud is safe, but financial institutions toy with disaster if they rely on a public cloud such as Amazon’s. “It’s the wrong environment, risking exposure of sensitive financial data to everyone from individual criminals to rogue governments like North Korea and even our own government surveillance.” FCM360 specializes in global infrastructure for the forex industry, which includes a specialized Financial Cloud service to ally these risks. Despite worrisome security undercurrents, there are some positive trends. Citi’s Charles Blauner, global head of information security and chair of the Financial Services Sector Coordinating Council, observed the growing use of mobile devices will eliminate vulnerabilities associated with passwords. “I’m big on mobile banking,” he told the SIBOS delegates. “Ten years ago when we talked about biometrics, we would have had to send a video camera to every customer. I have a smartphone now; it has a lens for facial recognition, a mic for voice recognition and the iPhone can record a thumbprint faut il prendre viagra. A breach is a lot harder with this device and it is hard for the criminal to scale. Bringing biometrics into the mass market is a huge game changer.” However, experts tell us, smartphones have prompted a proliferation of applications, any one of which can provide a gateway into a major institution’s computer system. There is no formal system for having new apps reviewed by security experts.
Anders Corr, founder of New York based Corr Analytics, reviewed the current spate of cyber risks for Boston Global Forum members at Harvard University in October as well. Corr noted that the biggest cyber heist in history was in 2013 when Ukrainian and Russian hackers made off with $300 million dollars affecting Nasdaq, Visa, JC Penney, Carrefour SA and Jet Blue. In contrast the average U.S. bank heist nets $7,500 as reported in U.S. News & World Report.
According to Corr, the US Federal government spends about $20 billion per year on cyber security, including both offensive and defensive efforts. Other NATO countries spend approximately another $10 billion per year. But these levels are only 3% of NATO defense spending, and are clearly insufficient for the task of defending against cyber threats emanating from Russia, China, Brazil, South Africa, and other havens for cyber-terrorists and criminals. He believes NATO cyber-security and cyber-warfare spending should rapidly increase to 5-10% of the defense budgets of all member countries.
Despite the vastness of the threat, Kris Lovejoy, general manager of IBM’s security services division, explained that individuals taking security precautions markedly reduces the risk of breaches. “This is much like the way hand-washing reduces the number of classes schoolchildren miss.” She said adding, “Most folks we work with have, at some time, been personally compromised,” and, “90 per cent of the time the bad guy got in because he exploited an individual who double-clicked on the wrong thing.”
Portions of this article appeared in Banking Technology