News

10:54 AM
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

7 Security Predictions for 2014 from Booz Allen Hamilton

The consulting group previewed some of the important trends in cyber security that banks need to keep their eye on in 2014.

The sophisticated cyber attacks that banks experienced in 2013 will continue into 2014, Booz Allen Hamilton, a management consulting firm, said in its cyber security predictions for 2014.

Board members and executives have seen the threat landscape evolve with the high profile DDoS attacks this past year, turning cyber security into a bigger concern for all banks, the company said in a statement outlining the predictions, which was released this week.

“Our conversations with clients have significantly evolved from a focus on threats and capabilities to creating a balanced and holistic cyber security program that responds to an institution’s critical business risks,” Bill Stewart, Booz Allen’s senior vice president and head of commercial finance, explained in the statement.

Here are the consultancy’s top trends to watch in cyber security in 2014:

1. Making threat intelligence useful - Big banks have a great deal of data, but sifting through it all to find actionable intelligence and making use of it will be a big challenge next year. Threat intelligence will need to be joined with incident response, fraud and other areas.

2. Mobile threats - Emerging mobile malware threats that take advantage of vulnerabilities in mobile device platforms. One such threat, the Perkele Trojan crimeware kit seen in the Middle East, will likely spread elsewhere this holiday shopping season, Booz Allen predicted.

3. Emerging countries will experience more cyber attacks on banks - The growing wealth of emerging markets will make fraudsters take notice of the new and lucrative opportunities for them there. Countries in Latin America, the Middle East and Asia that are quickly modernizing their technology infrastructures will become more enticing targets for cyber criminals.

4. Attacks will spread to smaller institutions - Mid-tier and regional banks, wealth management firms and hedge funds don’t have the sophisticated cyber security systems and large teams of experts that bigger institutions have. Attackers will begin to shift their efforts to these easier targets over the next year.

5. New strategies for dealing with insider threats - Banks will start to develop new strategies that involve different teams across the organization to improve awareness of cyber security threats and how employees need to respond to them to help deal with social engineering attacks and other such threats.

6. Dealing with challenges created by the NIST framework - The NIST cyber security framework will make private sector businesses liable data destroyed or stolen in breaches. This will open the window for a growing insurance industry in the area of cyber attacks to help banks manage that liability, according to Booz Allen.

7. New needs around data security - More data will be moving to the cloud in the next year, which will require new security controls over the sharing of data. This will provide an opportunity for banks to improve their security architecture and integrate new controls. This will further the use of analytics in cyber security to deal with the volumes of data.

[For More On IT Security Trends, Check Out: Changing The Cloud Security Conversation]

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Becca L
50%
50%
Becca L,
User Rank: Author
1/8/2014 | 10:38:57 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
And as far as realism goes, I hardly remember a word problem that sounded feasible. As I recall, few people buy that many bananas and apples in a single trip to the grocery store. And nobody should eat that many candy bars.
Becca L
50%
50%
Becca L,
User Rank: Author
1/8/2014 | 10:36:02 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Finally! A+, my friend.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
1/8/2014 | 10:35:02 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Ok I got this. Peter earns 50% less per hack, and Sally has hacked 2 banks for $18,000. That she means earns $9000 per hack (making the wild assumption that she somehow earns equal $$$ per hack). That means Peter earns $4500 per hack. And he has conducted 6X as many hacks as Sally, so he's done 12 hacks. 12 hacks X $4,500 = $54,000. Who says crime doesn't pay?
Becca L
50%
50%
Becca L,
User Rank: Author
12/26/2013 | 4:37:41 AM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Seriously... nobody?
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
12/16/2013 | 6:22:36 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Smaller banking institutions, wealth managers and hedge funds may not have the resources to hire in-house cyber security experts. That's where consulting firms can come in to educate them. Insider training (as opposed to trading) is another method of protecting a firm from employees clicking on fraudulent emails. It sounds like banks and other FS firms have tons of intelligence data on cyber threats, and the issue is taking the time and resources to analyze it and extract meaning.
Becca L
50%
50%
Becca L,
User Rank: Author
12/16/2013 | 4:16:42 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
I imagine they would use word problems:

Peter has hacked six times as many firms as Sally, but because the institutions are smaller he earns 50% less per hack. Sally hacked two banks and has $18,000 in profits in her piggy bank

How much profit is in Peter's piggy bank?

Show your work.
Kelly22
50%
50%
Kelly22,
User Rank: Author
12/16/2013 | 2:47:58 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Definitely agree with that. I'm used to weeding out spam on my laptop, but it's harder when that info has to be condensed to fit on a mobile screen. I'm guilty of opening emails I think are from real people, but didn't realize they were spam because I couldn't read the subject line or part of the email's content.
Byurcan
50%
50%
Byurcan,
User Rank: Author
12/16/2013 | 1:21:51 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
I wonder if there's a hacker algebra class that teaches what the optimal ration is for how many small banks you need to target to equal one large one?
Becca L
50%
50%
Becca L,
User Rank: Author
12/16/2013 | 5:40:01 AM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
If smaller institutions are easy targets hackers are going to do the math - several small hacks or one big one?

There are many vendor security solutions for smaller institutions, and I do hope these firms are carefully weighing their options.
Becca L
50%
50%
Becca L,
User Rank: Author
12/16/2013 | 5:37:31 AM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
#2 Mobile threats: great point about holiday shopping. Mobile is definitely the next frontier of consumer spamming, and it's difficult for a consumer to respond. One bad e-mail or unsecured page on a web browser and it can be all over.

On that note, from a consumer standpoint, I think sometimes when you see a spam e-mail on a computer it's easier to identify than on a mobile device. On a full screen I find you get a better sense of the headline or e-mail address being suspicious, but on a phone screen those clues are cut off. For example I might receive an e-mail titled the "Pottery Barn H0lid@y S-+Sale-+*@#", but on my mobile all I see is Pottery Barn... (does that make sense?).
Page 1 / 2   >   >>
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Dec. 2, 2014
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.