ACS19: Banks still face cybersecurity challenges despite improvements
The cybersecurity controls and measures put in place by financial services firms and banks have experienced significant improvement over the past few years, according to detective superintendent Andrew Gould, national cybercrime programme lead for the National Police Chiefs’ Counsel in the UK.
“Banks have made big steps forwards in their relationship with cybercrime,” he tells an audience at ATM and Cyber Security 2019 in London. “They’re sharing intelligence and communications, yet challenges remain.”
“These are multinational organisations and they are having to deal with the size and scale that comes with it, with tens of thousands of staff and different legacy systems deployed all over the world.”
Gould says that the biggest threat today still comes from hostile states, giving Russia, China, Iran and North Korea as examples.
“Anything that undermines our way of doing things is good for Russia. China is looking at intellectual property to boost its economy and North Korea seeks money due to the sanctions placed upon it.”
Most concerning for authorities, he adds, is when high-level sovereign state tools have been leaked “into the wild” and are picked up by cyber-criminal groups.
The proliferation of “cybercrime-as-a-service” operations within the dark web has made the task for law enforcement much harder, adds Gould.
“If you’re an armed robber you need a team. You need a driver, people to control the crowd in the bank. That kind of criminality is pretty much gone in the UK because there are significant vulnerabilities and plenty of opportunities for police to identify it and disrupt it.”
Gould notes people online come together, often finding a connection with others that they don’t really know, living in a different country, who can provide an automated service that can be deployed at scale.
He argues that the first and often best point of defence is getting the basics right. “Ten years ago the most popular password in the world was ‘password’, ten years later and now it is ‘password1’, which demonstrates the type of progress that’s been made.”
Well-known malware like WannaCry exploited a known vulnerability for which a patch had been available for months.
“Every time I see a company stand up and say ‘this is too complex, it must have been a foreign state’, 99 times out of 100 it is a cybercriminal who has exploited poor patching and poor passwords.”