Connect with us

Banking

Twenty-first Century bank heists – more ransomware than romance as cybercriminals go for the digital vault

Published

on

Twenty-first Century bank heists – more ransomware than romance as cybercriminals go for the digital vault

By Rick McElroy, Security Strategist, Carbon Black

There used to be a certain romance about a classic bank robbery – the outlandish plots, the intricate planning and the ingenious strategies (often involving digging tunnels) designed to get criminals into the vault and out with the cash. In the 21st century, though, the digital banking revolution means that instead of cracking the vault, cybercriminals are concentrating on cracking the network and moving laterally within it to get their hands on the goods. This doesn’t make for such great movie plots but it does mean that banks are facing a far more relentless threat to their security systems. We talked to CISOs at leading financial institutions to find out how today’s would-be bank robbers are targeting the digital vault.

It’s no surprise that the financial sector is constantly under attack as criminals pursue financial gain directly, or via the theft and sale of valuable customer data. The number of material cyber incidents reported to the Financial Conduct Authority rose 80% in 2017 and that trend is only likely to continue.

More specifically, what we found when talking to CISOs is that the threat has undergone considerable evolution in the past three years and the last six months have seen still greater innovation from cybercriminals as they adopt new techniques, tactics and procedures to thwart banks’ attempts to keep them at bay.

The invisible invasion – fileless attacks on the rise

Instead of leaving a gaping hole in the door of the vault, cybercriminals would rather banks didn’t know they’d got in at all. Fileless or non-malware attacks are increasing as actors “hide in plain sight” using legitimate tools, such as PowerShell and Windows Management instrumentation, to gain illegitimate access to networks and facilitate lateral movement without detection. 90% of the CISOs we talked to had seen PowerShell being used during an attempted attack on their network. This awareness is actually a good thing, because with 97% of Carbon Black customers suffering non-malware attacks in the last year, if our CISOs hadn’t spotted an attack of this kind it would simply have meant that the attacker had succeeded in getting in unseen.

Ransomware remains a tactic of choice for cybercriminals with 90% of financial institutions reporting that they were targeted by a ransomware attack in 2017. The commoditisation of ransomware, which now sees it offered on an “as-a-service” basis, and the lack of expertise needed to carry out attacks means that it has become the lowest common denominator of cybercriminal activity and with financial gain being the primary motivation of most cybercriminals, it’s not surprising that banks are a regular target.

Criminal masterminds are getting smarter

So far, so familiar, but a most interesting and concerning development uncovered by our survey was that a quarter of CISOs had experienced counter-incident responses when defending their networks. Attackers have realised that network defence is often based on simple indicators of compromise that launch an automated or manual incident response playbook. By going off-script after their initial attempt, they can find another way in while security teams think they have thwarted the original threat.  Tactics include mutating code, targeting security analysts and engineers in separate but coordinated attacks, deleting logs from endpoints to obscure their activities and launching DDoS attacks on critical defence systems. As attacks grow in sophistication, cyber security becomes a high stakes game of digital chess, where the attacker only has to be lucky once, but defenders need to get it right every time.

The weakest link – third party providers

It’s not just their own security banks need to consider. The security of third party technology service providers is becoming an increasing concern as attackers seek out the weakest link in the chain. They use suppliers’ privileged credentials with the banks’ networks as a stepping stone to gain access to their real target. 44% of CISOs at financial institutions said they’re concerned about this issue and as more incidents come to light the scale of the problem will be more clearly revealed.

To combat the twenty-first century thief, we need to remember that we’re talking about human assailants here. It’s logical that attacks will grow more sophisticated as attackers learn more about companies’ defences – the potential loot is well worth the effort of innovation. Security teams are locked in a cycle of reactivity which needs to be broken if they are to gain the upper hand. So far, only 37% of financial institutions say that they have established threat hunting teams which means that, far from keeping thieves out of the building, 63% are still having to wait until they hear them knocking on the door of the vault before they can act. With an average of 220 days between intrusion and detection a lot of digital gold can leave the building before anything is done about it!

By actively threat hunting, teams look for signs of abnormal activity on endpoints that could indicate compromise well before any alerts are generated. To quickly detect and respond to threats, suppress intrusion and prevent lateral movement, financial institutions need to collect and analyse endpoint data in near-real-time. By doing this they can build up a ‘sight picture’ of attacker behaviour relating to internal movement and external command and control channels. Once these anomalies have been detected and analysed they can be communicated to existing control mechanisms and action taken to disrupt and contain the attacker’s kill chain.

In the age of the digital heist a proactive threat hunting strategy is far more effective at stemming the network invasion, capable of evolving alongside the TTPs used by assailants and stopping their digital tunnelling towards the vault. It won’t make such a classic heist movie, but it will put a bit of star power in the hands of CISOs and security teams who really are the lead actors in the fight against cybercrime.

Banking

The Next Evolution in Banking

Published

on

The Next Evolution in Banking 1

By Young Pham, Chief Strategy Officer at CI&T

Everything we know about banking is about to change. A new industry around the sharing of financial data is primed to give birth to a host of new consumer services, all thanks to Application Programming Interface (API) technology. Already known for being the safest place for money, there are opportunities for banks to expand that relationship to other aspects of the customer relationship. Banks will no longer simply be just a place to deposit and withdraw your cash, but a one-stop-shop for a range of data-sensitive services.

The passing of GDPR and the Payment Services Directive (PSD2) were the first steps in this process of banks modernising how they handled their customer data. However, incumbent institutions have so far not engaged enthusiastically. Rather, it was only after growing pressure from fintech challengers and government regulation that they were forced to open up and share their data. This should not be treated as a regulatory challenge, but rather a way to grasp the unique opportunities that banks have to reposition themselves as the most trusted resource for their customers.

Expanding offerings

It is hard to overestimate the breadth of possibilities arising from open banking, should banks choose to take advantage of this evolution. While the public rarely holds bankers in high regard, it still puts a high level of trust in banking institutions. People are more willing to hand over their sensitive data than they would be to almost any other private entity. Furthermore, banks have a unique perspective into their customers’ behaviours, needs and desires. Spending habits, income streams and risk appetites are just a few examples of the data that no other institution can tap in to.

There is certainly appetite to expand offerings. In our recent study of business banking customers, over 68% of respondents indicated that they were open to their financial institution providing digital non-banking services.  This includes services such as tax support, managing payroll, or invoicing to help them with their day-to-day businesses.

More banks should consider how open banking can maximise their digital capabilities and create a greater range of services for customers to enjoy. Such offerings could be tailored according to each bank and their particular customer audience. For instance, banks could offer everyday services for most users, such as insurance for individuals or business management tools for business accounts. Alternatively, banks could offer more exclusive and specialised services for high net worth individuals to meet their specific needs, such as art appraisal and investment management.

The idea that a firm can expand its offering into new verticals is hardly new. Many of the world’s largest tech companies, such as Apple and Amazon, already offer diverse products including hardware, software, entertainment and cloud services. They are able to do this thanks to the vast quantities of data they have gathered, which provide invaluable insights into consumer behaviour and demand. Banks are in prime position to follow the example of these top tier tech companies thanks to their monopoly on key financial data.

Disruptors vs incumbents

The business model described above is already being adopted by numerous challenger banks. These firms have led the innovative charge thus far, thanks largely to their agility afforded by their smaller size. Indeed, some fintech banks already provide a range of non-banking services to their customers. Revolut, for instance, offers users several types of travel insurance as well as access to airport lounges as part of its premium service for a monthly subscription.

These offerings are not a sign that the challenger banks are about to topple the large incumbents. Rather, these disruptors have always flagged the gaps in the market that larger institutions have been too slow to fill. It is now up to the established banks to learn from their example.

While challenger banks may have a first-mover advantage for these services, the incumbents have two key advantages: capital and credibility. Firstly, the top banks have enough cash to fund this overhaul of their business models. While the challengers have been able to afford to do so in recent years, they lack the reserves to tide them over during economic downturns such as the current pandemic.

Secondly, even though challenger banks are perceived as more convenient and are less vilified than traditional banks, the public still trusts the latter. Many of these large banks can point to their extended histories and long-term investment success – accolades young challengers simply cannot match. In short, people don’t have to like their bank to trust them with their cash and their data. These two advantages strongly suggest that large banks are better positioned to take advantage of the open banking business model in the long term, despite being slower to adopt and adapt.

What’s next?

All this opportunity is within reach. We already have the technical capabilities for data sharing, and the regulatory framework is not insurmountable. Rather, the key for this evolution of the sector lies in banks’ appetite for risk and willingness to reinvent their business model.

Banks need to take a leap of faith and leave behind the business paradigm to which they’ve become accustomed. They should embrace transparency, run towards regulation and take advantage of opportunities to invest in these areas or collaborate with outside technology firms. Only then will banks be able to make the most of their data assets, creating value for the customer and further strengthening the relationship.

Continue Reading

Banking

Banks talk a good game, but are bankrupt when it comes to change and innovation

Published

on

Banks talk a good game, but are bankrupt when it comes to change and innovation 2

By Erich Gerber, SVP EMEA & APJ, TIBCO Software

You hear all the time about the incredible pace of change in technology and the way that it affects business, but sometimes we kid ourselves about the real speed of that change and the depth of its effects. Retail banking is a perfect example to illustrate the yawning chasm between the illusion and the less attractive reality. In this article, I want to provide a critique of the banking sector and its failure to change fundamentally and to modernise.

Banking is an old sector: the Banca Monte dei Paschi di Siena has its roots in the 15th century and the oldest UK banks go back to the 17th century. We often talk about legacy holding companies back, restricting their speed of operations and hampering their ability to adapt. Well, established banks have legacy in spades.

They also have cultural challenges. The old saying has it that something is “safe as the Bank of England” and that is a standard for security. But today we need banks to be more dynamic and represent something more than being a deposit box for our wealth. Consumers are accustomed to the superb customer experiences in entertainment (Spotify), devices (Apple), retail (Amazon), travel (Uber) and much else. Surveys show that they want their banks to be responsive, easy to use and available across multiple channels. They’d like banks to be secure but also to be advisors, enable flexible movement of assets between accounts, provide useful data analytics, be cloud- and mobile-friendly and offer deals that are specifically targeted at their interests.

S-l-o-w progress

At their core, banks now must become digital enterprises but, frankly, it has been slow going. As Deloitte observed: “While many banks are experimenting with digital, most have yet to make consistent, sustained and bold moves toward thorough, technology-enabled transformation.”

Erich Gerber

Erich Gerber

We all know that retail banking has changed significantly: you can see that in the proliferation of apps and the fact that, in pre-pandemic times, the morning and evening commute are peak times for transactions as people arrange their finances while sitting in trains, buses and subways. Banking has become a virtual, often mobile business, thanks to new tech-literate consumers pushing banks in that direction. But my fear is that the banks aren’t moving even nearly fast enough and that’s bad for us as consumers and bad for the banks themselves.

Banks are under pressure to change because challengers don’t have the legacy constraints of incumbents and because PSD2 and open banking regulations are having the intended effect of promoting banking as a service, delivering transparency and greater competition.

Attend any business technology conference and banks will talk about their digital transformations and customer experience breakthroughs, but it’s my contention that a lot of this work is more window-dressing than platform building. Or, to put it another way, banks are injecting Botox, rather than undergoing the open-heart surgery that they really need. It’s a case of ‘look: fluffy kittens and shiny baubles’ in the form of apps and websites, but the underlying platforms remain old and creaking and that means that the banking incumbents are hampered.

To be fair, I have lots of sympathy here. They simply can’t move as fast as the challenger banks that have had the luxury of starting their infrastructure from scratch and sooner or later that will come back and bite them. Look, for example, at cloud platforms where only 10 or 20 percent of infrastructure has been migrated despite promises of cloud-first strategies and the banking data centres where monolithic on-prem hardware still reigns.

You feel that slowness of action in your interactions with banks that communicate only via issued statements, letters notifying you of changes to Ts and Cs, and threats when you go into the red. Inertia is nothing new in banking either: we like to think that technology change happens in the blink of an eye but in banking contactless NFC took the best part of 20 years to go mainstream.

This is the dirty secret of banks. They see the need to change but remain shackled. Why are the banks so slow? Historically, because it was hard for competitors to gain banking licences and the capital to really challenge so there was no catalyst or mandate for change. Also, because change is tough and fear of downtime or a security compromise to critical systems is very real. More recently, because internal wars in organisations set roundheads against cavaliers, the risk-averse against the bold, resulting in impasse and frustration.

I said change is tough and that’s why banks need to power through on the basis of Winston Churchill’s wisdom that ‘if you’re going through hell, keep going.” How? By a combination of maniacal focus on expunging legacy systems, placing maximum emphasis on superb customer interaction experiences and digitally enabling anything that moves.

Right now, the banks are surviving, not thriving; they’re rabbits blinking into the headlights of approaching traffic, frozen in the moment. But they need to disrupt themselves before others do it to them: change is painful but not as painful as the alternative. They have to do much more or they will see a decline in their fortunes due to their bankrupt capacity for innovation and their inflexible infrastructures.

Continue Reading

Banking

Vietnamese National Citizen Bank Rises to Excellence with Three Global Financial Awards

Published

on

Hanoi, Vietnam – Global Banking & Finance Review is proud to announce the sweeping victory of National Citizen Bank in the 2020 Global Banking & Finance Awards®. The bank was recently presented with three prestigious global financial awards: Best Place to Work Vietnam 2020, Fastest Growing Retail Bank Vietnam 2020, and Best Investor Relations Bank Vietnam 2020. The Global Banking & Finance Awards® recognize the innovation, enterprise, method, progressive and influential transformations that transpire every year within the global finance community. National Citizen Bank would like to extend their thanks and appreciation to the community and their customers for their continuous loyalty and support throughout the last 25 years.

Vietnamese National Citizen Bank Rises to Excellence with Three Global Financial Awards 3

 

The National Citizen Bank was recognized for its all-inclusive professional working environment and ongoing staff development that enhances its internal communications and employee relations. Throughout the last 25 years, National Citizen Bank has focused on the core fundamentals of regulatory modifications with the underlying goal of dividing the volume of both business and administrative tasks. As a result of this, the bank has successfully strengthened its staff’s capacity to obtain, manage outstanding liabilities, and acquire assets to negotiate and retrieve capital efficiently and reliably.

When asked what allowed the bank to triumph against the fierce competition, Wanda Rich, Editor for Global Banking & Finance vocalized, “one of the key factors that stood out to the committee is that National Citizen Bank strives to maintain and maximize profit to shareholders through the implementation of stable, sustainable business operations and advanced production methods. The bank has also remained stable, positive, and had a high growth rate in all of its activities, which is not often seen; however, it clearly indicates how prestigious and overall accomplished they are. They should be exceptionally proud of all three awards.”

About National Citizen Bank

The National Citizen Bank was initially established as a rural bank in 1995 under the name Bank of Kien River. The bank optimized its competitive standing within the global financial industry, later transforming into an urban banking institution where they reinstated their name as the National Citizens Bank. With a team of highly professional financial experts and customer service representatives, the bank embraces each customer’s diverse needs to ensure customary, efficient, and trustworthy experiences from start to finish. Over the years, the bank has prided itself on its continued emphasis on risk management and global business relations with investors, customers, and partners. For more information, please visit the National Citizen Bank.

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2020
2020 Global Banking & Finance Awards now open. Click Here

Latest Articles

Time for financial institutions to Take Back Control of market data costs 4 Time for financial institutions to Take Back Control of market data costs 5
Top Stories3 mins ago

Time for financial institutions to Take Back Control of market data costs

By Yann Bloch, Vice President of Product Management at NeoXam Brexit may well be just around the corner, but it is...

An outlook on equities and bonds 6 An outlook on equities and bonds 7
Investing8 mins ago

An outlook on equities and bonds

By Rupert Thompson, Chief Investment Officer at Kingswood The equity market rally paused last week with global equities little changed...

Optimising tax reclaim through tech: What wealth managers need to know in trying times 8 Optimising tax reclaim through tech: What wealth managers need to know in trying times 9
Investing59 mins ago

Optimising tax reclaim through tech: What wealth managers need to know in trying times

By Christophe Lapaire, Head Advanced Tax Services, Swiss Stock Exchange This has been a year of trials: first, a global...

Young adults lean towards ‘on-the-job’ learning as 6 in 10 say pandemic has impacted educational plans   10 Young adults lean towards ‘on-the-job’ learning as 6 in 10 say pandemic has impacted educational plans   11
Business1 hour ago

Young adults lean towards ‘on-the-job’ learning as 6 in 10 say pandemic has impacted educational plans  

Six in 10 (61%) of 16-25s agree learning ‘on-the-job’ is the best way to get on the jobs ladder in the current environment 59%...

Five things to consider when organising a remote work Christmas party 12 Five things to consider when organising a remote work Christmas party 13
Business1 hour ago

Five things to consider when organising a remote work Christmas party

By Kate Palmer, HR Advice and Consultancy Director at Peninsula Christmas is usually a time of cheer and celebration, and...

Reasons to remote manage in a socially distanced world 14 Reasons to remote manage in a socially distanced world 15
Business2 hours ago

Reasons to remote manage in a socially distanced world

By Paul Routledge Country Manager D-Link UK and Ireland As the world continues to adapt in varying degrees to the...

Barclays announces new trade finance platform for corporate clients 16 Barclays announces new trade finance platform for corporate clients 17
Trading15 hours ago

Barclays announces new trade finance platform for corporate clients

Barclays Corporate Banking has today announced that it is working with CGI to implement the CGI Trade360 platform. This new...

An unprecedented Black Friday: How can retailers prepare? 18 An unprecedented Black Friday: How can retailers prepare? 19
Business15 hours ago

An unprecedented Black Friday: How can retailers prepare?

Retailers must invest heavily in their online presence and fight hard to remain competitive as a second lockdown stirs greater...

What’s the current deal with commodities trading? 20 What’s the current deal with commodities trading? 21
Trading15 hours ago

What’s the current deal with commodities trading?

By Sylvain Thieullent, CEO of Horizon Software The London Metal Exchange (LME) trading ring has been the noisy home of...

Optimistic outlook for 2021 public M&A 22 Optimistic outlook for 2021 public M&A 23
Business16 hours ago

Optimistic outlook for 2021 public M&A

Optimism is returning and the outlook is positive for the Australian M&A market in 2021 after a COVID-induced crash in...

Newsletters with Secrets & Analysis. Subscribe Now