17 August 2017
Find out more

Bank chiefs frightened by cyber risks - PwC

17 February 2015  |  10274 views  |  2 web spider

The day after reports of a one billion dollar cyber heist at banks around the world, a PwC poll shows bank bosses are growing increasingly concerned about the threats posed by online criminal gangs.

The survey of 175 bank CEOs identified cyber risks as one of the biggest threats to growth prospects over the coming years, second only to over-regulation in the catalogue of banking bugbears.

Interviewed for the report, Beth Mooney, chairman and CEO of US bank KeyCorp described the rising tide of data breaches as "fightening".

"The sources of where these breaches are coming from; it’s no longer two kids in a basement. These are very sophisticated entities doing it for everything from commerce to criminal," she says. "What we are doing to protect data and our clients, in conjunction with other financial institutions and the government, is one of the most important things, because we are into new territory that has significant consequences.”

The PwC poll was released a day after Kaspersky Labs reported that up to a billion dollars may have been plundered from 100 banks worldwide in an unprecedented cyber heist by a gang of unknown hackers.

The attacks, which took place in 30 countries over a two-year timeframe beginning in 2013, were perpetrated by a cybercriminal gang with tentacles in Russia, China and Ukraine.

Kaspersky says at least $300 million has been definitively lost in the spate of attacks, but that number could treble as banks try to pin down a series of $10 million transfers since initiated by the gang.

The crooks used a form of malware dubbed Carbanak, which provided access to bank networks and allowed the gang to overcome internal checks and balances by monitoring bank procedures via video surveillance and keystroke logging.

In some instances, actual customer accounts were artificially inflated and large sums transferred to bogus accounts, while in others the money was dispensed at pre-set times and destinations through cash machines under the control of the hackers.

Comments: (2)

A Finextra member
A Finextra member | 17 February, 2015, 23:40

Cyber Risks do exist for a long time but in recent years there has been a transformation (from PC to mobile & in the nature of attacks) and the losses reached a level that it can not be tolerated. Clients or Users used to be main target (or weakest link of the chain) but this started to change - now corporations & banks became the core targets - as they have something very valuable called DATA. Digital is the future and cyber crime should not overshadow this. As banker and security specialist I am very disturbed with all these recent digital crime news and prepared a presentation to explain the story from banking perspective. If you would like to see it, it can be accessed at: 

http://www.slideshare.net/TolgaTavlasPMP/cyber-crimeandmobilesecurityttavlas

I personally believe that every useful information should be shared and it is everyone's right to know how to protect themselves online. I hope you like and find it useful. If so all the effort and time I spent worth it.

Best regards.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Ed Daniel
Ed Daniel - esdaniel.com - Europe | 18 February, 2015, 05:08

I think an appropriate analogy one might care to use could be taken from history... back when we had bank heists one of the key advantages was a) surprise (no change there) and b) speed of getaway.

Lets look at b) first... banks are so slow when it comes to security hardening it's become a farce, when you compare the speed of modern ecommerce sites under a devops culture that can roll out new code across clusters of production servers worldwide effortlessly you get to see why banks are at the mercy of their legacy investments.

In terms of a) you need to check how many banks actually operate real CERT teams rather than pass the buck and outsource this to 3rd parties. More so, the fact they are so used to 'not sharing' they are making the job even easier for criminals by not pooling the knowledge of shared logs to help identify potential APTs.

They have only themselves to blame, though as one person once reminded me regarding the InfoSec challenges in the porn industry with content leakage, they're making so much money they don't really care that much.

This is just brand damage and they will suffer dearly as more innovative bankers launch banks with technology that is up to date and benefitting from the fastest possible managmement and maintenance stragegies possible. Tomorrow, when you choose your bank you will also be choosing your technology as well, you just don't realise it yet.

A good start would be to send all the infra teams to a DevOpsDays conference, a cheap and worthwhile investment to help them 'get' what it means to do configuration management a la InfoSec in today's world. I'd also highly recommend Kris Buytaert and Martin Simons amongst others in our (DevOps) community who have already been advising banks ready to listen and evolve their antiquated practices.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Hackers nab $1 billion in global cyber heist

Hackers nab $1 billion in global cyber heist

16 February 2015  |  8740 views  |  0 comments | 11 tweets | 12 linkedin
More than one billion records compromised by data breaches in 2014

More than one billion records compromised by data breaches in 2014

12 February 2015  |  8534 views  |  0 comments | 19 tweets | 20 linkedin
Financial sector must improve cyber defences - BofE

Financial sector must improve cyber defences - BofE

23 January 2015  |  10906 views  |  0 comments | 15 tweets | 6 linkedin
US and UK to stage cyber war game against banks

US and UK to stage cyber war game against banks

16 January 2015  |  14116 views  |  0 comments | 20 tweets | 24 linkedin
Russian criminals hack in to bank networks to steal $18 million

Russian criminals hack in to bank networks to steal $18 million

22 December 2014  |  10709 views  |  0 comments | 16 tweets | 19 linkedin
New York regulator probes Wall Street cyber-security

New York regulator probes Wall Street cyber-security

10 December 2014  |  7657 views  |  1 comments | 6 tweets | 5 linkedin
Hackers infiltrating public companies to gain an edge on Wall Street

Hackers infiltrating public companies to gain an edge on Wall Street

02 December 2014  |  4656 views  |  0 comments | 2 tweets | 3 linkedin
Banks accused of failing to report true scale of cybercrime

Banks accused of failing to report true scale of cybercrime

07 November 2014  |  29477 views  |  4 comments | 19 tweets | 12 linkedin
Crook dumps Target card details on Russian forum

Crook dumps Target card details on Russian forum

17 October 2014  |  8075 views  |  0 comments | 6 tweets | 5 linkedin
DTCC and FS-ISAC light a beacon in the fight against cyber-invaders

DTCC and FS-ISAC light a beacon in the fight against cyber-invaders

25 September 2014  |  4781 views  |  1 comments | 8 tweets | 4 linkedin
Home Depot says 56 million payment cards compromised in breach

Home Depot says 56 million payment cards compromised in breach

19 September 2014  |  9611 views  |  9 comments | 19 tweets | 15 linkedin
Nigerian bank falls victim to $40 million insider cyber-heist

Nigerian bank falls victim to $40 million insider cyber-heist

15 September 2014  |  14729 views  |  3 comments | 15 tweets | 10 linkedin
US Treasury calls on financial sector to step up cybersecurity planning

US Treasury calls on financial sector to step up cybersecurity planning

17 July 2014  |  7173 views  |  0 comments | 4 tweets | 5 linkedin
Cybercrooks steal EUR500,000 from European bank

Cybercrooks steal EUR500,000 from European bank

25 June 2014  |  6295 views  |  1 comments | 9 tweets | 2 linkedin
BofE unveils cyber-security framework

BofE unveils cyber-security framework

10 June 2014  |  8017 views  |  0 comments | 6 tweets | 7 linkedin
New York to step up assessment of bank cyber-security plans

New York to step up assessment of bank cyber-security plans

08 May 2014  |  10788 views  |  0 comments | 10 tweets | 8 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.niceactimize.comvisit www.dorsum.eudownload the paper now

Top topics

Most viewed Most shared
Coinbase raises $100mCoinbase raises $100m
10312 views comments | 14 tweets | 14 linkedin
DBS Bank launches online car selling marketplaceDBS Bank launches online car selling marke...
9684 views comments | 13 tweets | 11 linkedin
China preps central clearing house for mobile payments providersChina preps central clearing house for mob...
9558 views comments | 8 tweets | 15 linkedin
HSBC automates documentary trade processing with IBMHSBC automates documentary trade processin...
8513 views comments | 6 tweets | 21 linkedin
Monzo appoints Curve co-founder Foster-Carter COOMonzo appoints Curve co-founder Foster-Car...
7990 views comments | 1 tweets | 2 linkedin

Featured job

Find your next job