05:55 PM
Financial Institutions Must Be Prepared for Future Terrorist Attacks
We lived through 9/11. We lived through the London, Madrid and Bali bombings, too. Now al-Qaeda wants to destroy our financial technology infrastructure by launching a cyber attack against our online banking and stock trading infrastructure. Luckily, nothing came of this early December event, but we certainly need to be prepared for future attacks.
There are three major ways to launch a cyber attack against our financial infrastructure now that virtually all financial institutions have online access and many support online banking and brokerage: denial of service, fraud and hacking.
Denial-of-service attacks are the easiest to instigate but also the easiest to defeat. Denial of service involves marshalling computers to simultaneously flood the target site with messages, which clogs a firm's networks and brings them to a halt. These attacks typically do not hurt firms financially; however, they do stop clients from accessing their accounts or conducting transactions online.
Defeating these attacks usually is not a problem. Many firms have firewalls and engage Web hosting firms, such as Akami, to manage their Web site traffic. Akami manages front-end traffic for many financial institutions so that a greater number of Web servers can respond to and block these attacks. Hosting firms also provide a greater level of separation between the front-end and the more critical back-end core systems, adding an additional level of protection.
The second type of attack is fraud based. These phishing or Trojan horse attacks target individuals rather than the firm. They attempt to get unsuspecting individuals to provide their IDs and passwords so nefarious types can break into the account and either drain it or generate fraudulent transactions. While banks and brokers typically cover this type of fraud, and it is serious for the individual, it is a challenging way to "destroy" the institution, as getting individuals to give up their passwords on a large scale is difficult to accomplish.
While hacking is much more difficult, it can truly harm an institution. Hacking involves penetrating a firm's technology defenses and exploiting them. If the hackers are skilled, knowledgeable and successful, they can penetrate firewalls, access core systems and do real damage.
This is the attack that all financial institutions spend heavily to guard against and stay up nights worrying about. It also is the most difficult type of attack to pull off as financial institutions' core technologies are locked down, secure, password protected and complex. And even if hackers penetrate a firm's defenses, they would have to understand how the systems are designed, architected and integrated in order to wire funds, make deposits or loans, or break into their trading systems. The most apt people to navigate these systems are employees, past or present, and very talented and lucky geeks. While we hope none of these folks are al-Qaeda, we as an industry cannot drop our defenses.
It may seem like the extension of our institutions into folks' living rooms enables the easier defalcation of financial enterprises, but the exact opposite is probably true. While electronic thefts can be cleaner, less physical and certainly less bloody, the chance of getting money out of a brokerage and bank illegally is usually greater with a gun than computer. But as the criminals and terrorists get smarter, we too must raise the bar. Otherwise, it will not only be bombs that we will need to fear, but the phone lines as well.
Larry Tabb is the founder and CEO of TABB Group, the financial markets' research and strategic advisory firm focused exclusively on capital markets. Founded in 2003 and based on the interview-based research methodology of "first-person knowledge" he developed, TABB Group ... View Full Bio