Security

12:35 PM
Kathy Burger
Kathy Burger
Commentary
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Russian Hack Attack on Banks: Is This the Big One?

JPMorgan Chase and at least four other US banks have been hit by a series of coordinated attacks on account information. Was it inevitable?

It's likely that the mainstream news media talking heads were the only people who were shocked by the news that at least five US banks -- including JPMorgan Chase, the only institution identified so far -- have been cyberattacked in the past month, apparently by Russian hackers. Financial services industry professionals and industry observers are well aware that banks are ongoing targets for fraud and cybercrime. As JPMorgan Chase spokesperson Patricia Wexler told The New York Times: "Companies of our size unfortunately experience cyberattacks nearly every day. We have multiple layers of defense to counteract any threats and constantly monitor fraud levels."

Right now, it's not clear (well, at least the public statements say it's not clear) whether the motive behind the attacks is theft, disruption, or both, and the FBI reportedly is investigating these options. There's speculation that the Russian government could be sponsoring the attacks in retaliation for US sanctions imposed in response to the crisis in the Ukraine. According to a report from Bloomberg, which broke the news of the attacks:

    The sophistication of the attack and technical indicators extracted from the banks' computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it's cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation, a third person familiar with the probe said.

The scope of the attacks is big enough that they are getting widespread coverage, but it remains to be seen if these are the "big ones" that the financial services industry knows are inevitable. Unlike account theft such as the Target card breach, where it appears that company procedures and protections may not have been as aggressive as they should have been, these kinds of cyberattacks probably have little to do with exploiting suspected weaknesses in bank security. As Wexler said, the banking industry constantly must deal with these kinds of threats, takes them extremely seriously, and has made huge investments in systems, infrastructure, training, and process to fend off these assaults.

However, these latest attacks are likely to fuel more calls and efforts for regulation that requires banks to provide (theoretically) stronger security and improved privacy protections. This has been a topic of discussion on Bank Systems & Technology message boards recently, even before the revelation of this latest round of attacks. As Brian Maccaba, CEO of the application security firm Waratek, observed in a comment on Wednesday:

    Regulation of security for financial institutions is reminiscent of the debate on risk management and capital adequacy over the past decade. Lengthy debates ultimately gave way to a mix of increased regulation for all, together with significantly more sophisticated methodologies being adopted by the leading international players.

    The collapse of Lehman and financial meltdown in 2008 has led to significantly increased and more specific regulatory requirements. A serious cyber security breach at a major financial institution would probably have a similar effect.

[Waratek's Maccaba on why application security means more than just ensuring that developers are writing secure code.]

No doubt there will be an orgy of finger pointing (sorry for the mixed metaphors), at least among politicians and some in the news media, regarding who's to blame for these attacks, what the response should be, and what can be done to prevent assaults. How do you think this will play out?

Are you prepared for a cyberattack? Find out what you must do at the Interop New York session Acknowledge the Inevitable: How to Prepare For, Respond To, and Recover From a Security Incident on Tuesday, Sept. 30.

Katherine Burger is Editorial Director of Bank Systems & Technology and Insurance & Technology, members of UBM TechWeb's InformationWeek Financial Services. She assumed leadership of Bank Systems & Technology in 2003 and of Insurance & Technology in 1991. In addition to ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Byurcan
50%
50%
Byurcan,
User Rank: Author
9/3/2014 | 9:00:44 AM
Re: Cyberattacks
It's true that the media only gets wind of a small percentage of the overall cyber attacks that happen.
KBurger
100%
0%
KBurger,
User Rank: Author
8/31/2014 | 3:47:04 PM
Re: Cyberattacks
I wish I could take credit for having psychic powers, but it's just common sense.
Becca L
50%
50%
Becca L,
User Rank: Author
8/31/2014 | 12:56:41 PM
Re: Cyberattacks
Dr. John Bates made a list of predictions for the financial markets on WS&T and within a month saw nearly all of them fulfilled. Kathy, watch your words, UBM Tech community members are displaying a disturbing fortune telling talents...

You make a good point, and I am sure insurance security teams are paying close attention and getting involved in these reinforcement conversations.

 
Becca L
50%
50%
Becca L,
User Rank: Author
8/31/2014 | 12:56:39 PM
Re: Cyberattacks
Dr. John Bates made a list of predictions for the financial markets on WS&T and within a month saw nearly all of them fulfilled. Kathy, watch your words, UBM Tech community members are displaying a disturbing fortune telling talents...

You make a good point, and I am sure insurance security teams are paying close attention and getting involved in these reinforcement conversations.

 
Becca L
50%
50%
Becca L,
User Rank: Author
8/31/2014 | 12:48:30 PM
Re: Cyberattacks
Great point. I think, on the heels of this "big one," the media will be sniffing around for the next attack to report on, even a minor one that would usually go unmentioned. It will be an interesting next few months.
Kelly22
50%
50%
Kelly22,
User Rank: Author
8/29/2014 | 12:28:42 PM
Re: Cyberattacks
That is scary, but also a great point. Insurers should take note of banks building their defense against cyberattacks and follow suit. 
KBurger
50%
50%
KBurger,
User Rank: Author
8/29/2014 | 9:40:49 AM
Re: Cyberattacks
You'll be even more scared when you consider that insurance companies probably are next in line for cyber attacks. As the banking industry reinforces its defenses, the fraudsters are likely to look for the next "easy" financial services target. Insurers should be taking these development very seriously.
Kelly22
50%
50%
Kelly22,
User Rank: Author
8/29/2014 | 9:38:19 AM
Re: Cyberattacks
That's a scary question to think about. Given the magnitude of the breaches that have been in the news, I'd be terrified to learn that they're hiding even larger ones. 
KBurger
50%
50%
KBurger,
User Rank: Author
8/28/2014 | 1:00:04 PM
Re: Cyberattacks
Right, it makes you wonder: are the attacks that get reported/covered in the media the really bad ones, or are the attacks we never hear about even worse?
Byurcan
50%
50%
Byurcan,
User Rank: Author
8/28/2014 | 12:57:53 PM
Cyberattacks
I remember going to an Ernst & Young summit on cybersecurity in the last couple of years, and one of the security experts said only a fraction of the attacks on banks are actually reported in the news media. They're pretty much being targeted every second of the day, at least the big ones. So this is an issue that will not be going away anytime soon.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.