Banking Cyber – Crime and the Dangers of Analysis Paralysis


Ted McKendall

In a bid to keep up with the bad guys, banks are turning to threat intelligence solutions – threat intel feeds, providers, platforms, etc. But is the resulting deluge of data actually helping? 


A long-held view is that banks are the most mature sector when it comes to cyber-security. From DLP and NAC solutions to SIEM, IPS, IDS and anti-malware, they have state-of-the-art IT infrastructures designed to detect, remediate and prevent security incidents. 


The reasons for this are clear; banks are where the money is, and it is a sector that is being targeted on a daily basis by a huge variety of highly-skilled (and resourceful) cyber-criminal groups. 


A report last year from consultants at Accenture revealed that on average banks face 85 attempted serious cyber-attacks over the course of a year, with one-third of these successful. It’s perhaps no surprise then that this year, in its annual X-Force report, IBM confirmed that financial services accounts for 27% of all security incidents and had 148m records breached in 2017. 


To counter this, banks are of course investing huge sums of money in new technologies. After its data breach in 2014, JPMorgan Chase reportedly spent half a billion dollars on advancing its cyber-security capabilities, and many other banks have followed suit, with a particular interest recently on emerging technologies like artificial intelligence (AI), machine learning (ML) and blockchain. 


Where does banking security fall down? 

So, among this technology splurge, where does banking security fall down? 


One interesting angle came this week from Bill Winters, the CEO of Standard Chartered. In an opinion piece for the Financial Times, he suggested that there is one key area where they fall down – the much-fabled threat intelligence. 


“…Banks need to raise their technology game. Right now, 99 percent of the financial crime alerts are false positives. Of the remaining 1 percent, Europol estimates that no more than one-tenth are likely to be useful to law enforcement.” 


It is genuinely great to see a business head so well-versed on what is going on in the cyber-crime world, although his findings are not wholly surprising. After all, threat intelligence solutions have long come with a glut of false positives, leaving sys admins and security engineers scratching their heads as to how they find those stealthy attacks, the ‘needle in the haystack’ when combing through waves of data.  


Just look at the Target example of 2013; in an attack that resulted in more than 40 million Target credit cards being compromised, many rightly pointed the finger at numerous deficiencies, including the lack of a chief security officer (CSO), a point of sale (POS) vulnerability and the fact that this compromise started with a third-party supplier (an air conditioning vendor). 


But one key issue, unreported at the time, was that Target supposedly missed internal alerts that showed that the attack happened. They only knew of the attack when they were contacted by the Department of Justice (DOJ). 


Avoiding a state of analysis paralysis 

Modern IT environments are only becoming more complex, and data volumes are rising exponentially. How do you spot an incident from the massive quantities of data flowing to, from and within your systems, without falling into the trap of ‘data paralysis’? 


One key answer is focusing on the right data. Consider this use case: organizations like banks that rely heavily on web applications serving sensitive information (financial transactions) to unmanaged endpoints (those that aren’t owned or managed by the bank). The singular focus should be on threat environment as it pertains to each transaction. This means focusing on full transaction stack protection – from the web application to the part of the transaction that occurs on the endpoint. Trusted Knight’s cloud-based Protector Air offers exactly that. 


Full transaction stack protection means extending protection to the end user devices from the cloud, ensuring the communication channel is resilient against service disruption, and defending the web server from targeted attacks and bots. It also encompasses all layers of the web application including the infrastructure and application layers as well as the transaction layer to defend against fraud. Protector Air has no software to download and zero impact on the user experience, eliminating user frustration and support headaches while still providing protection for 100% of the user base. 


This blog post is an excerpt from the technical white paper Exploring Full Transaction Stack Protection. Click below to register for the upcoming webinar or start your free 90-day trial of Protector Air.  

Request a Free Trial Download Whitepaper Now