News & Commentary

10:37 AM
Bryan Yurcan
Bryan Yurcan
Commentary
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

Q&A: Banks Must Take a Holistic Approach to Cybersecurity

As cybercrime becomes more prevalent, due to the widespread access to technology that criminals now have, banks must remain eternally vigilant, says Booz Allen Hamilton's Bill Stewart.

As the detail's of last week's $45 million ATM heist continue to trickle out, the financial services industry is dealing with the fallout of yet another major security breach.

While banks are often the subject of highly coordinated, sophisticated cyber attacks, this crime was fairly low tech by comparison, as the crime outfit accused of the heist allegedly hacked a credit card processor that handles transactions for prepaid MasterCard debit cards. According to federal prosecutors, the eight defendants and unnamed co-conspirators allegedly withdrew an estimated $2.4 million from nearly 3,000 ATMs in the New York City area from 3 p.m. on Feb 19 and 20, and stole $40 million total during that period.

I asked Bill Stewart, SVP and lead of Booz Allen Hamilton's financial services practice about what this attack means for banks and how the industry can take a holistic approach to protecting against cyber attacks.

Bank Systems & Technology: What does this recent attack mean for banks, who have to combat such a wide range of differing types of cyber attacks?

Stewart: It means that banks must continue to work toward defending against the full range of threats. Even the most sophisticated adversaries typically exploit many of the lesser, well known vulnerabilities and use low-end attacks in combination with higher end exploitations. They do this because it typically works. Mitigating all of these issues is a difficult undertaking that requires constant focus and diligence on the part of the entire institution. Some institutions are putting in this kind of effort, but there remains room for improvement.

Bank Systems & Technology: How has the rise of technology changed cyber crime, with more people having access to advanced technology then ever before?

Stewart: Technology is making the problem much more challenging. As costs have come down, so have barriers to entry. making it easier for more adversaries to enter the game. Also, the Internet in particular is allowing information sharing among potential attackers making it easier than ever to learn about the latest attack techniques.

Bank Systems & Technology: What can banks do that they may not be doing, or what can they do better, to protect critical systems and protect against cyber attacks?

Stewart: Banks, in general terms, are leading many other parts of the industry in their ability to defend against cyber attacks. That said, there is always room for improvement given the difficulty of the problem and the fact that an adversary needs to find only one vulnerability to get in. For these reasons, banks need to ensure that they implement holistic, risk-based programs that look beyond technology but that also consider, the people and the process necessary for success. Also, because the adversaries tend to have the advantage, these banks and others need to assume that the adversaries have gotten into their networks and establish active hunt capabilities to look for and mitigate attacks.

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
EllenJoyner
50%
50%
EllenJoyner,
User Rank: Apprentice
5/17/2013 | 6:32:17 PM
re: Q&A: Banks Must Take a Holistic Approach to Cybersecurity
I agree that banks need to work towards a more holistic, risk-based approach and this will require a greater understanding of behavior characteristics of cyber criminals. Intelligent use of big data, Analytics, and visualization will be necessary to proactively prevent slow and low network intrusions. http://www.sas.com/knowledge-e... #SAS
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.