September 26, 2016 | Written by: Kevin Thomsen
Categorized: Banking | IBM RegTech Innovations | Security
Share this post:
The cat is out of the bag. When a new cyberattack occurs that is successful and garners attention in the news cycle, you can almost guarantee it will happen again. Why? It is a combination of several elements. First the author of the original hack is motivated to re-use the tools, techniques and methods because they were successful and there is a shelf life when it comes to cybercrime tools. Unlike conventional weapons such as grenades or bullets that are used once, when a cybertool (malware, for example) is used, a sample is usually recovered. With a copy of the malware, security researchers can determine what vulnerabilities where targeted, including whether a zero day vulnerability was part of the attack. The security researchers will publish their findings, initiating an information sharing process that mitigates the risk to organizations that implement the recommended changes. As the information sharing and remediation process cycle improves, the window of opportunity for malicious actors shrinks. But there are wide differences in vulnerability patch management programs between organizations, so just as the slowest animal in the herd will always be targeted by predators, so too will organizations with poor security hygiene be targeted by cybercriminals.
Another reason why I feel there will be additional attempts is because success breads imitation. Cybercriminals are watching to see what other cybercriminals are doing. When they see other successful attacks, they will determine whether it’s worth their time to invest in planning out a similar attack based on the estimated reward. As mentioned before, once a piece of malware is used in an attack, a copy of the malware will become available and cybercriminals will take that malware and create their own cyberheists following a similar modus operandi as the original but adjusting social engineering techniques and customizing the malware for their targets.
The cybercriminal community possesses a wide spectrum of expertise and abilities, just as in the business and sporting worlds. Some are skilled at X, others at Y. For example, in English football you have Premier League at the top followed by lower divisions. While the cybercriminal community has many more divisions and skill levels, a similar pattern emerges.
The lower level criminal learns from watching the superior players, and copy their techniques and approaches in an effort to gain similar rewards. And the top tier of footballers, businesses and cybercriminals must constantly innovate and change to maintain competitive advantage. New social engineering techniques, new forms of attack (malware, for example) and the ability to take advantage of new technologies, such as cloud and mobile, are all tools to be used by the cybercriminal to gain advantage over their target: you.
Combatting cyberthreats will not be resolved by the invention of a new device or the development of one new technology. In light of the increasing threats, businesses are taking new approaches to respond to these attacks. Powerful, proactive counter-fraud and security programs, new internal processes and procedures, and the development of new industry standards and increased intelligence sharing are required reinforcements. Cognitive computing too, holds great promise as a tool against cybercrime. Regulatory authorities require banks to perform periodic security assessments to confirm an organization’s security program meets its corporate security policy and identify any gaps. Another best practice is to benchmark the security program and capabilities against the industry. Security assessments and benchmarking are components used to create strategic roadmap to address gaps, build new capabilities and improve existing capabilities.
Just as a business must innovate and evolve in order to stay ahead or overtake a competitor, enterprises must innovate and evolve their approaches to cybersecurity to keep their business healthy and functioning effectively. Whether through eliminating information silos, or developments like blockchain and cognitive computing, the business world, and the financial world in particular, are improving and innovating, making life difficult for those who would disrupt the steady flow of business.
My team and I will be at Sibos in Geneva this week and look forward to talking with you about your cybersecurity plans and projects. To learn about IBM activities at Sibos, visit ibm.com/Sibos.
Learn more about cybersecurity in “Financial services cybersecurity defenses: Fighting back and the inoculation of an industry.“
 US FFIEC (http://bit.ly/2ddQLsq), Bank of England (http://reut.rs/25bnfuZ), Hong Kong Monetary Authority (http://bit.ly/2aeH7st), SWIFT (http://bit.ly/1TezgHe)