In Fight Against Hacktivists, Financial Firms Need Layers of Security

Financial services firms eyeing the world of cybercrime and hacktivists may think the chances of this happening to them are remote. Most businesses, certainly banks and Wall Street firms, are investing in security through technologies to protect against threats. In fact, according to experts, security is a board-level responsibility. However, some companies are lulled into a false sense of security.

“By and large, the sad truth is that the biggest obstacle to doing anything is they don’t think it can happen to them,” says A.N. Ananth, CEO of EventTracker, a provider of log management solutions focused on the security information and event management space (SIEM). “But they are also trying from the outside to get through your firewall,” says Ananth. “They attack the place where you have your weakest defense,” he adds. His firm’s solution is to record audit logs and to send out notifications when there are abnormal patterns.

Businesses need to “go back to basics and have a full risk management regime,” advises Karl Smith, head of Cyber Security Assurance Services at British Telecom in an interview. As attacks become more sophisticated, it’s important for financial firms patch their systems and install the latest firewall technologies, experts said. Information Assurance, a UK security organization, found that businesses were not patching systems effectively and were not monitoring and were looking at the logs, noted Smith. Also, firms need to install next generation firewalls and proxy servers. “As threats become more persistent and agile and targeted, they can bypass traditional controls,” added Smith. He cites Fire Eye, a new defensive technology that blocks Internet-born malware. It looks at the threat, unpacks the threat and blocks outbound communications.

“It’s all about layers of security,” comments Steve Schoener, VP of Client Technology at Eze Castle Integration, an IT consulting firm that hosts applications in a private cloud for hedge funds and other investment firms. Intrusion detection and intrusion prevention software can be installed on the network. “The most dangerous hacker isn’t the one that takes down your web site, but implants a virus and very quietly sits there and watches your data,” said Schoener. Today’s hackers are more sophisticated and more targeted. If they wanted to specifically go after a hedge fund or a specific firm, they would do research to figure out who the people are inside. “They would seek their email addresses, hunt information ahead of time,” according to Schoener.

ECI partners with a third party to run intrusion detection and intrusion prevention. Schoener contends that hedge funds are better off outsourcing the security to a third party. “We’re able to provide a higher level of security on our platforms than individual firms are doing themselves,” claimed Schoener.

The two most frequent ways of getting into an organization are by manipulating employees to click on a link or an attachment that infects the employee’s computer and give the hacktivist access, according to Joram Borenstein, VP of NICE Actimize, the financial crime, risk and compliance solutions provider. The second way is from machines that aren’t patched. “Vulnerabilities exist such as unpatched desktops and unpatched severs which are the underbellies of the organization,” said Bernstein.

Insider threats such the disgruntled employee also need to be considered, said Ananth. As examples, he cites the cases of Bradley Manning, a U.S. Army soldier who was arrested in May 2010 on suspicion of passing classified information the web site Wikileaks , and more recently that of Edward Snowden, a private contractor for the National Security Agency (NSA) who disclosed the intelligence agency’s top-secret data mining activities, both of which had privileges. Manning was able to download large amounts of data onto blank CDs and when he walked pasted the security guy he called it “Lady Gaga,” said Ananth. Wall Street firms, which have downsized since the crisis of 2008, are not immune from disgruntled network administrators who try devious methods to get revenge, said Ananth.