The Fraud Blog with Tracy Kitten

The Call of Hacktivism

Banks Must Respond to Escalation of Attacks
The Call of Hacktivism

Cybersecurity threats waged by groups such as Anonymous pose increasing concern, and they are positioned to garner more attention in 2012 and beyond. [See Anonymous Attacks Citi and Anonymous Brazil Targets Bank Sites.]

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

Why are hacktivist groups like Anonymous finally raising alarms in board rooms among top financial executives? Because it's become increasingly clear that their attacks are being waged for more diverse and far-reaching reasons.

We have this new breed of Anonymous coming in to expose our customer data. It's something we have to take seriously. 

It's not just about humiliation. The seemingly innocuous denial-of-service attacks, like the one last week that hit Citigroup, are the least of our concerns.

Joe Rogalski, who oversees information security for Buffalo-based First Niagara Bank, say the anonymity of the attacks makes them and their motives dangerous. Anyone could be behind today's attacks, some waged for complete corporate takedown and theft, others for political espionage and personal gain. All of which are motivations that fall outside the typical hacktivist ideal of cyberanarchy for the greater good.

During this month's RSA Conference in San Francisco, addressing cybersecurity risks posed by hacktivism will be a key discussion point.

"The risk is not financially motivated anymore," Rogalski says. "Now we have this new breed of Anonymous coming in to expose our customer data. It's something we have to take seriously. With Occupy Wall Street and Anonymous getting behind them, it's just starting to get attention. ... We're now looking at how to defend against it and what we can do."

Damage control is a big piece of that, especially for banks, as identity theft expert Neal O'Farrell is quick to point out. But there is an even darker side that most banks, up until very recently, have not considered.

"It started as a form of protest, but could easily be hijacked by more ruthless criminal elements," O'Farrell says. "There are so many different hacking and hacktivist groups, often offshoots of others, it's getting harder to verify claims of exactly who's behind a specific attack or if it was even sanctioned by the named group."

It's an unknown every financial entity needs to consider.

Fraud detection and analytics can help, but institutions also have to consider the internal risks: say, a rogue employee who compromises corporate and client information for the hacktivist notion of greater good. What are organizations doing to better screen and monitor their own employees?

Education will play an increasing role, not only internally, but from a communications and PR perspective as well. The more consumers understand about how and why banks work, the less suspicious and supportive they may be of groups such as Anonymous. [See Banks Need to Focus on Image.]

The greatest worry now? The direction some of these attacks could take. Who will be the next exposed victim? The best thing banking institutions can do right now is to keep their eyes and ears open, and their security measures in check.



About the Author

Tracy Kitten

Tracy Kitten

Director of Global Events Content and Executive Editor, BankInfoSecurity & CUInfoSecurity

Kitten was director of global events content and an executive editor at ISMG. A veteran journalist with more than 20 years' experience, she covered the financial sector for 10+ years. Before joining Information Security Media Group in 2010, she covered the financial self-service industry as the senior editor of ATMmarketplace, part of Networld Media. Kitten has been a regular speaker at domestic and international conferences, and was the keynote at ATMIA's U.S. and Canadian conferences in 2009. She has been quoted by CNN.com, ABC News, Bankrate.com and MSN Money.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.