Local banks eye measures to counter online attacks

MANILA, Philippines – In the past, the banks’ principal security worry was that their individual branches would be robbed even if the money stolen would be relatively small compared to their overall resources.

The recent billion dollar Bangladesh Bank heist shows that the game has changed and exposed the real threat banks now face from increasingly sophisticated cyber attacks.

A 2014 study done by the Center for Strategic and International Studies (CISS) estimates that cybercrime is costing the global economy more than $445 billion (P20.64 trillion) annually.

A recent report by IBM Security Intelligence also found that over 20 million financial records were breached in 2015. The cost of these data breaches in finance is significant, costing financial institutions $215 (P9,973) per stolen record on average.

There is a paradigm shift happening in financial cybercrime. Overall, cyber attackers have gotten a lot more sophisticated and are almost exclusively focused on attacking online, said IBM Global Executive Security Advisor Diane Kelley.

“It’s like the old saying: Why do banks robbers rob banks? Because that’s where the money is. Well, now all that money is online,” she said

IBM Security Intelligence observed a 55% increase in financial breaches involving currency theft and extortion.

All the various digital financial platforms that banks now use, from online banking to mobile use have given attackers multiple points to attack.

The scary thing is that these attackers are getting really sophisticated at hacking and its in part because they are sharing information with each other, Kelley pointed out.

“One of them finds a loophole to exploit and they share it with each other which spreads the risk. A hacker doesn’t even have to be particular good, he can just go on to the dark web and buy a really sophisticated attack from another attacker,” she said.

Local banks coming together

This is why banks in the country need to come together and collaborate on knowledge and security, said Joey Regala, head of IT operation at United Coconut Planters Bank UPCB and President of Information Security Officers Group or ISOG.

ISOG a non-profit organization created in 2014 and made up of IT security officials from some of the biggest banks in the Philippines including UPCB, China Bank, Philippine Savings Bank, Land Bank of the Philippines and Rizal Banking Corporation (RCBC).  It aims to strengthen information security among financial institutions in the country.

Right now it’s focused on launching the Bank’s Incident Reporting System (BIRS), a way for banks to share information about attacks anonymously (without identifying the bank that was attacked) as well as provide recommendations for other banks to combat attacks in real time.

Smart information sharing and fraud monitoring

At the moment, banks in the country have no such formal information sharing system in place. Any information on attacks is done informally, so BIRS aims to plug that gap, Regala explained.

“If hackers have the deep web we will have the BIRS network which serves the same purpose. Banks, from the smallest to the biggest, will now be able to know the right solution to an attack in the fastest possible time because that’s what the hackers are doing,” he said.

Regala said that ISOG is in the process of getting approved by the Bankers Association of the Philippines (BAP) with the aim of launching on ISOG’s second anniversary on July 16.

Another way to strengthen banks security in the country is to institute a smart fraud management system. One that will constantly monitor customers behavior everywhere; from ATM withdrawals to credit card use to use mobile and online banking, to guard against possible fraud.

“If a bank has such a system in place, then no type of attack will be able to override the system. Its strengthening the defense in a more intelligent way,” he said.

At the moment banks rely on a relatively simple algorithm that only looks at numbers to monitor potential red flags.

Regala pointed out that it would take time, given the vast amount of customers that banks have to track and the behavioral analytics systems that have to be put in place. – Rappler.com

$1 = P 46.39