Congressional Testimony Reveals a Financial Sector Plagued by Cyber-ThreatsBy CIOinsight | Posted 09-16-2011
Cyber-criminals continue to target United States businesses, the country's financial institutions and government agencies in an ongoing effort to steal money and information. Still, despite the best efforts of local, state and federal law enforcement, these cyber-criminals show no signs of slowing down, according to Congressional testimony by some of the country's leading cyber-security experts.
Financial services is "where the money is" so cyber-criminals increasingly target this sector, Greg Schaffer, acting deputy undersecretary at the Department of Homeland Security, told the members of the House of Representatives Financial Services Committee's Subcommittee on Financial Institutions and Consumer Credit on Sept. 14. Officials from the Secret Service and the Federal Bureau of Investigation joined Schaffer to discuss trends in cyber-crime.
The FBI is investigating more than 400 cases of fraudulent wire transfers from business bank accounts that total about $255 million in stolen funds, testified Gordon Snow, the assistant director of the agency's cyber division. There are other types of attacks against financial systems, such as payment processor breaches, stock trading fraud, ATM skimming and mobile banking attacks.
The annual cost of cyber-crime is about $388 billion, including money and time lost, or about $100 billion more than the global black market trade in heroin, cocaine and marijuana, said Brian Tillet, chief security strategist at Symantec.
On the plus side, "Statistics indicate financial institutions are doing a better job of stopping fraudulent transactions from being created and from funds leaving the financial institution," said William Nelson, president of the Financial Services Information Sharing and Analysis Center. According to a recent FSISAC study, only 36 percent of reported commercial account takeovers resulted in funds leaving the financial institution in 2010, compared to 63 percent in 2009.
Mobile banking and Twitter offer new opportunities for cyber-crime, the FBI warned. Criminals are sending malicious text messages and posting specially crafted links on Twitter to gain access to users' online banking accounts.
Cyber-threats are still not being taken seriously enough across the industry, said the FBI's Snow, assistant director of the FBI's cyber division. Industry standards aren't very high and most firms are sending out the "freshman team" to handle security, as opposed to the more experienced and skilled staff.
The hearing is one of many being held in Congress as lawmakers look over the White House's comprehensive cyber-security proposal released in May. The Senate has already held several cyber-security hearings. Both Democrats and Republicans have identified cyber-security as critical to both national security and the economy, and it is likely that a package will reach the floor for full debate in both the Senate and the House of Representatives this fall.
For more, read the eWeek article Cyber-Threats Continue to Target the Financial Industry.