Banks need to be active and use intelligence gathered in-house or by security intelligence providers to take on nimble cyber-criminals, according to Thomson Reuters. Thomson Reuters, in its special report titled: “Cyber Crime: The fast-moving menace” identifies current trends in cyber-crime and the regulatory response in various countries.
Cyber-criminals: 99% of breaches relate to banks’ old vulnerabilities
Citing PwC’s 2014 Global Economic Crime Survey, the Thomson Reuters report points out that a clear majority of financial services organizations (especially retail banks) have taken hits from cyber-crime. The PwC survey also highlighted that though financial services organizations believe cyber-crime is becoming a greater threat than ever before, many don’t believe it will happen to them.
The Thomson Reuters report points out that criminals are focusing attacks on specific organizations, especially banks, and working to break banks’ networks, thereby staying several steps ahead of their security. The report notes also that many banks are failing to do some of the basics to protect themselves from cyber-criminals.
Highlighting that banks are slow to respond to nimble criminals, the report notes that some banks’ legacy technology and applications are 25 or 30 years old, and are hence difficult to fix and protect. Interestingly, the Thomson Reuters report highlights that 99% of breaches involved old vulnerabilities that governments, banks and companies failed to patch.
Underscoring the importance of intelligence-led security, the report states there is a huge amount of data, which means banks need to understand which threats should be prioritized. The report points out that banks can gain such an edge through analysis, expertise and contextualized information.
Most banks are still in defense mode
The Thomson Reuters report highlights that only a handful of banks have invested in intelligence-led cyber-security teams, with most banks still in defense mode. Highlighting firms’ slow response time, the report points out that Mandiant’s research reveals the median time between breach and discovery is 229 days. The report also states that although some breaches are detected and addressed immediately by companies’ security systems, those that go undetected can stay undetected for months.
Turning its focus on regulatory response to cyber-threats, the Thomson Reuters report points out that following high-profile attacks on JPMorgan and Fidelity, U.S. lawmakers and regulators are working together to bolster the finance industry’s defenses against cyber-attacks. For instance, in April, the SEC’s Office of Compliance Inspections and Examinations published a set of questions that compliance officers could use to assess how ready their organization was to deal with a cyber-attack. On the broker-dealer side, the Financial Industry Regulatory Authority is working on guidelines that are based on a cyber-security survey it sent to firms in January. The report indicates that lawmakers are as keen as regulators to tighten up cyber-security, as a U.S. Senate bill would facilitate the sharing of information on cyber-threats among companies, individuals, and the government.
The Thomson Reuters report notes also that hedge funds are implementing stronger cyber-security defenses under the U.S. regulatory spotlight. For instance, the SEC launched a program last April, which is being overseen by the Office of Compliance Inspections and Examinations, outlining several key areas on which registered broker-dealers and investment advisers need to focus.
Striking a cautionary note, the Thomson Reuters report emphasizes that Asian financial firms are paying insufficient regard to the cyber-crime risk and hence should initiate more steps to detect and prevent cyber-crime given the region’s higher degree of political volatility.
Emphasizing the importance of corporate governance relating to cyber-security, the Thomson Reuters report suggests that boards should work harder to ensure that their corporate governance structure is fully aligned and that the measures they adopt to counter attacks are constantly updated and designed to deal with the risks unique to them.