Thebanking industry lags other sectors in the fight against hackers, as lendersare too fiercely secretive to share crucial information about breaches, expertshave warned.
"Weobserve within that industry — the financial services industry — stillrelatively low levels of digital hygiene," Europol director Rob Wainwrighttold the Sibos banking conference in Geneva on Sept. 27. Without naming names,he said the EU's law enforcement agency has found that many banks continue touse outdated computer applications with known vulnerabilities and delayreporting attacks to police longer than they should.
Ransomware,the technique by which hackers demand that banks pay large amounts of moneyunder threat of suffering irretrievable data losses, is "the number onethreat to the banking industry," he said.
Anotherfashionable cybercrime is CEO impersonation, or "whaling" in hackerparlance, according to George Robbins, a director at the IT defense arm ofBritish weapons manufacturer BAE Systems. He explained in an interview withS&P Global Market Intelligence that fraudsters send money transferinstructions to bank employees from an email address that closely resemblesthat of the CEO, making employees think the request came from the actual headof the company.
"Ifyou think how much public data is out there, it's very easy to find the namesof those CEOs," Robbins said. "[Hackers] show an understanding of theorganization's business profile, systems and facilities."
Hesaid the hackers do very careful research over a long period of time, withnation-states being suspected as the perpetrators in some cases.
Butunlike the retail industry, which, after a series of high-profile and costlyattacks, has created cross-sector bodies to share information and prevent fraudand data theft, banks have been much slower to react, despite recentmulti-million dollar online heists. One factor driving the change in retail wasthe CEOs of these firms losing their jobs after the breaches became public,Robbins suggested.
MarcoGercke, director at the Cybercrime Research Institute, noted that the U.S.retail industry was badly hit several times in the last few years, andparticipants have come together and formed groups to exchange information. Butbecause of the culture of secrecy that still dominates financial services, thisindustry is unlikely to "get there anytime soon," he said.
Somebanks, however, have recently started working together. , , and have formed theCyberdefense Alliance in 2016, in order to give a joint response to hackers,StanChart's Cheri McGuire told the audience.