Why cybercrime is a banker’s nightmare

It is not the world recession or Eurozone meltdown that bankers fear the most but cybercrimes above anything else. In Britain alone, it was reported that four out of five of Britain's biggest banks had identified cyber attack as their biggest threat today.

Cybercrimes can be executed in a variety of ways, ranging from virus attacks and small security breaches to the likes of high profile massive bank robberies. The latter brings to mind a recent case involving a global cybercriminal organization, which has since been recognized as one of the biggest bank heists in history.

Comprised of eight individuals, the organization had hacked into prepaid debit card databases in two Middle Eastern banks, and drained a total of $45 million from cash machines in 27 countries worldwide within a matter of hours.

The sheer sophistication and scale at which the heist had been executed sheds light onto the evolving nature of crime in today’s society.

Laptops and the Internet are now powerful, new-age weapons for criminal organizations. This has severe implications for banks and all other institutions, which now require much stronger security measures to prevent and ward off such attacks.

This has also become an issue of increasing concern among banks in the Asia-Pacific. The Shanghai Higher People’s Court reported 2,030 cases of financial crime in 2012, with credit card fraud making up 88% of those numbers. Closer to home, Singaporeans are likely to recollect the DBS skimming incidents in early 2012, which affected 700 account holders and involved an estimated loss of SGD$1 million.

Southeast Asia is equally as vulnerable with regard to cybercrime, largely due to the surge of economic activity in recent years. For instance, emerging markets such as the Philippines are currently experiencing a rise in disposable income and online banking activities, which may render them as potential targets for cyber criminals worldwide.

As such, the challenge for bankers worldwide is not if it happens, but rather a question of when it will happen.
The problem for the hard-pressed banks' Chief Information Security Officers is that today's attacks are not simply noisy, ego-driven dares by bored youngsters.

Rather, they are well funded, intricate, and highly motivated attacks by criminal gangs that are harnessing the full power of the Internet to resource and carry them out. It is also all about money rather than fame as the motivation for such hacks and attacks. The motivation for such hacks is also money rather than fame.

Generally, these attacks use social engineering to target the unwary and find a stealthy way into a corporate network. Once inside, they can remain hidden and undisturbed for months or even years, spreading their way around the network safely behind the cyber defenses that the bank has built up.

Given that some attacks will inevitably get into the corporate environment, bankers (and those from any other institution for that matter) will see an increasing need to shift the focus of their security systems.

Instead of purely looking to protect the connection to the outside world from their networks, they will also need to monitor and track the trajectory of malicious activities occurring on their own networks so as to deal with the attack quickly and before any real damage is caused.

Of course, we will always need to ensure that we continue to protect our networks and devices from cyber attacks, but doing just that is no longer sufficient. Today we also need to ensure there is full visibility across the network - before, during and after an attack, and only then can we hope to protect against the inevitability of attacks.

This is the reality of the world we now live in – a world where criminals continue to target the unwary and make millions of dollars through their cybercrime activities.