Only by breaking down the barriers between the cyber security, fraud and financial crime disciplines can we really hope to counter cybercrime. That is according to the latest report from banking trade association UK Finance and the audit firm KPMG.
The report, “Staying Ahead of Cybercrime” urges greater cooperation both within businesses and between firms, law enforcement and Government to tackle what it calls the growing threat of cyber crime. The 16-page report, ‘Staying Ahead of Cybercrime’ can be accessed free at the UK Finance website. It calls for ‘a community response to cyber crime that matches the agility and market structures employed by cyber criminals’.
The report points to how cyber crime is displacing conventional crime. As our world has become digital, so has our money, and crime follows the money. It suggests that cyber criminals are demonstrating a growing knowledge of financial systems and the potential weaknesses. There is a worrying trend towards more targeted attacks, with a growing knowledge of how these systems work and how to ‘cash out’. The report asks if the criminals are winning, giving the example of the 2016 attack on Bangladesh Bank. A compromise of the central bank’s IT allowed attackers to manipulate the payment gateway connecting the bank to the SWIFT worldwide international financial transaction system. As the report points out, attackers also seek weak points in the financial system, attacking multiple institutions; as the compromise of one may provide an ‘in’ to attack other peers, customers or suppliers.
The report asks if our ‘achilles heel’ is that we don’t think like criminals. It warns of a breakdown in trust, and that without action to address the threat as a community, ‘we risk directed regulatory action that may ultimately prove counter-productive in reinforcing that compliance-driven and risk-averse culture. A culture which will ill prepare us to deal with a rapidly changing cyber threat’.
Stephen Jones, CEO UK Finance says: “Cyber crime has the potential to seriously damage our economy and broader society, so to get one step ahead, the finance industry must revise its approach to cyber security. It’s not just about straight forward governance or risk and control issues as this report demonstrates. Strategic collaboration is needed through close integration with external agencies including the National Cyber Security Centre, National Crime Agency and police forces, to build a robust intelligence sharing model, in order to be more effective about tackling the ever-increasing cybercrime threat.”
And David Ferbrache, CTO, Cyber, KPMG UK says: “Cyber crime is costing UK institutions billions, but more importantly it erodes trust and leaves customers vulnerable. As a community we need to do more to understand the mindset of the criminals, to share intelligence on their actions and be ready to disrupt those operations. Today’s report highlights the challenges institutions face in tackling cyber crime and sets an agenda for action. Collaboration is vital to putting criminals out of business.”
Comments
Mark Weir, Director of Cybersecurity, Cisco UK and Ireland, said the report further highlighted that investment alone will not counter-act the threat posed by cyber-criminals. “It is a collaborative approach that will play a pivotal role in developing cyber capabilities to ensure we don’t just keep up with, but stay ahead of the bad guys. Only by having a greater willingness to share insights, learnings and knowledge will we see greater protection of organisations globally. This type of collaboration can be seen in both the CyberSecurity Tech Accord, a watershed agreement designed to combat cyber threats, and the Cyber Threat Alliance, a not-for-profit which works to improve cyber security of our global digital ecosystem through a transparent approach which sees us work with traditional competitors. Ultimately, cybercriminals are continuing to get more sophisticated and powerful, and we need to join forces if we are to ever regain control of the cyber-storm.”
Kirill Kasavchenko, principal security technologist, EMEA at cloud management and monitoring product company NETSCOUT Arbor, says: “Cyber threats are constantly evolving. To keep pace, the cyber security community must collaborate to cut cybercrime in terms of frequency, severity, and impact. At the heart of this is the drive to stop cybercrime being such a lucrative source of revenue. There’s no one-size-fits-all way to achieve that, but consistently preventing attackers from fulfilling their aims is a key. That consistency can be delivered through collectively applying best practices, opening up availability to specialist tools, and sharing threat intelligence. This creates a far more accurate and actionable view of the threat landscape – nipping emerging threats in the bud and unlocking faster mitigation times.
“Looking forward, we must admit that some aspects of security threats cannot be mitigated by any single organisation alone. Terabit-scale DDoS attacks of 2018 are a good example: if the trend of growing DDoS attack stays, there will be just a few organizations globally being able to handle the threat. Therefore, the industry should be open to collaborate not only on best practices and information exchange, but also on the collective mitigation.
“All organisations should be aiming for this proactive stance, rather than wishing attacks away. This is true for all sectors, but more so for financial services organisations who are particularly at risk due to the amount of sensitive data and money they store. The simple truth is that we can do more together than separately.”
