“If you give a man a fish, he’ll eat for a day. If you teach a man to spearphish, he’ll use your credit card to buy dinner!”
This little tech joke speaks volumes about the impact of cyber threats in today’s computer-dependent economy. Quite obviously, the financial industry is the worst affected by the rising menace of cyber crime.
The reality of computer crime, though far removed from Hollywood's depiction, is still a massive security issue. In fact, cyber threats have also perturbed the White House over the past few months, recently compelling the U.S. Office of the Comptroller of the Currency (OCC) to step in. The regulatory body has promised to help smaller banks defend themselves from cyber attacks in an effort to protect the health of the overall financial system.
The support will be given to smaller financial institutions, primarily those which do not have ample resources or proficiency to counter net-crime. The spate of cyber attacks began last year at JPMorgan Chase & Co. , Citigroup Inc. and Bank of America Corp. . Wells Fargo & Co. , U.S. Bancorp and The PNC Financial Services Group were also hit. What’s more alarming is that the well-defended sites of these banking majors have suffered connection problems under the yoke of the recent attacks.
Unknown perpetrators flooded bank websites with massive data streams, making them unavailable to customers and halting operations for hours. The method used is known as distributed denial-of-service (DDoS), which often directs a huge amount of traffic from hacked computers to the targeted websites. The volume of Internet traffic that has been directed at these sites was such that most caused a breakdown of powerful servers.
For example, last year, security firms supervising Internet traffic noticed a surge of "junk" data directed at BofA’s site, which became a torrent of about 65 gigabytes of information per second. That is roughly 15–30 times more than what is usually seen in cyber attacks. Therefore, smaller banks that have less sophisticated protective walls than their Wall Street counterparts are soft targets.
Moreover, smaller banks are more susceptible to attacks as these are dependent on a third party for online banking facilities. These third party servers are like new connections, offering access points to all connected networks, thus making smaller financial organizations more vulnerable.
Countries and corporations are bracing up Internet security against the terror of cyber crime as well as developing strategies to upgrade government computer systems and expand cooperation with other countries. Efforts to improve coordination within the private sector are also noticeable.
The OCC has appointed a Senior Critical Infrastructure Officer to address cyber issues along with officials of both government and private sector companies.
With increased spending by government and large enterprises, we believe companies such as EMC Corp. , Symantec Corp. and McAfee, a subsidiary of Intel Corp. , will be encouraged to develop innovative products for a secured cyber space. EMC recently announced its intention of spending on acquisitions that will prioritize security apart from storage.
Earlier this month, AT&T, Inc. announced plans to launch an extended managed security solutions (MSS) suit, including mobile security solution, by this year end. The company’s high-end MSS security solution seeks to combine network and device security together with secured virtual private networking, application and a suite of mobile device management solution. This service will provide corporate users with all-inclusive security for their mobile ecosystems regardless of utilization of the AT&T mobile network.
Additionally, the shares of cyber security firm FireEye, Inc. surged almost 80% at its trading debut last Friday, indicating that even Wall Street is keeping its eyes on the cyber security trend. FireEye is a global network security company that provides dynamic malware protection against latest cyber threats.
While mere listing and coding of security loopholes may not be the answer to hacking, it should serve as a stepping stone toward solving the extremely complex issue. Moreover, training and know-how on security matters are crucial since users often unknowingly guide hackers through their actions.