BANK SECURITY PART TWO – FIGHTING CYBER-CRIME
Having explored bank branch security last week, Veridin’s blog goes viral this week in taking a look at the fight against financial cyber crime.
And we do so by picking up on a fascinating article currently running in The Economist, called “War on terabytes.”
Banks around the world have invested billions over the last few years in protecting and duplicating their data centres. Spanish banking giant Satander, for example, invested more than £100 million last year to build a new data centre in Leicestershire, northwest of London.
However, overall threats to banks have evolved. Indeed, software running the world’s financial system is exposed to dangerous risks from a network of hackers that have launched a series of attacks on banks over the past few months.
To quote from The Economist:
In that time some 30 large global banks, mostly American, have suffered from a series of assaults designed to shut down their websites.
These attacks are known as distributed denial of service (DDoS) attacks because hackers harness an army of infected computers to bombard the target with internet traffic with the intention of overloading it. They are relatively unsophisticated. But they have periodically frustrated customers trying to use online services at banks including JPMorgan Chase, Wells Fargo, Citigroup and PNC.
The attacks have caused little more than brief inconvenience, mainly because they were targeted at the public face of the affected banks rather than their connections to other banks and to payment systems.
But those attacks have brought to light vulnerabilities in banking and payment systems.
Ross Anderson, a professor of security engineering at the University of Cambridge, is concerned that hackers could cause mayhem if they were to aim DDoS attack at banks’ crucial infrastructure instead of their websites.
“If 20,000 machines started hammering British payment gateways on the last weekend before Christmas, people wouldn’t be able to shop except with cash,” Mr Anderson told The Economist.
Ross quite literally wrote the book on cyber security for banks.
In “Security Engineering – The Book”, he goes into bank-level and system-wide detail about cyber security in an exhaustive chapter of the topic that covers everything from the humnble origins of bank computers to tamper-resistant crytopgraphic processors.
So, in this blog we’ll give Ross the last word cyber security and banking. To quote from his book:
[t]he recent history of attacks on electronic banking systems by means of account takeover — by phishermen, and to a lesser extent using keyloggers — presents a challenge that may over time become deeper and more pervasive than previous challenges.
Up till now, banking folks — from the operations guys up to the regulators and down to the system designers — saw the mission as maintaining the integrity of the financial system.
We may have to come to terms with a world in which perhaps one customer account in ten thousand or so has been compromised at any given time. Instead, we will have to talk about the resilience of the financial system.
Stay tuned for more on cyber security and banking.