In the current climate of major data breaches amidst an ever-shifting cyber threat landscape, the people in charge of vast volumes of valuable financial data are under increasing pressure to keep customer data safe from hackers and fraudsters.
Speaking at the SWIFT Business Forum in London, a range of senior security professionals at financial services firms and banks told the audience what keeps them up at night when it comes to cyber security and fraud. Here’s what they said:
A constantly changing threat landscape
JF Legault explained: “In late 2014 we saw the advent of malware targeting wholesale banking platforms. Criminals stopped going after simple, low-value monetary amounts and shifted to high-value payment platforms. The reason they did that was a lot more yield on the crime they committed. We also saw a shift toward business email compromise. We also saw a number of breaches affecting the financial sector that led to fraudulent messages.”
In the fraud space, the biggest issue for banks is “false positives” in its anti-money laundering (AML) monitoring systems. This means issues being flagged that aren’t actually fraudulent activities, taking up valuable analyst time.
The big breach
Royce Curtin, managing director of global intelligence at Barclays, said: “It’s the big breach that keeps us awake at night. If and when and that ultimate failure to provide the service customers expect and entrust us to keep safe. So we work very hard and take it very seriously the responsibility of building systems and trust for services that people feel comfortable using.”
Missing a breach
Brendan Goode, regional CISO for UK and Ireland at Deutsche Bank said he most fears the feeling of “did we miss something? Where you look back at the logs and it is right there.” This failure of the system to alert to a potential breach is a major part of a modern cyber security strategy, and would keep any CISO worth their salt up at night.
As the February 2016 hack of the Bangladesh Central Bank showed, customer accounts can be the most vulnerable point of entry to a bank’s systems. The hackers used stolen privileged credentials to steal $81 million before they were caught.
Craig Rice said: “They [criminals] are ruthless shadow operations that work outside of a regulatory regime,” he said. “They are quicker than you are, they are more ruthless than you are and they are more willing to be pragmatic than you are. That’s a really tough competitor you are dealing with, so stop thinking about this as a technology problem.”