Analyst Reports October 01, 2013

Financial Institutions, Merchants, and the Race Against Cyberthreats

The cyberthreats that menace the global economy are multiplying at an alarming rate. These threats come in the form of malicious software code, waves of distributed denial of service (DDoS) attacks, and insidious corporate espionage, all designed to provide financial or political benefit to criminals. While no aspect of the global economy is immune to attack—everyone from government entities to utilities to e-commerce merchants has hit the headlines with big breaches over the last year—this white paper will focus on two of the most lucrative targets for the organizations behind the attacks: financial institutions (FIs) and merchants.

Download

The cyberthreats that menace the global economy are multiplying at an alarming rate. These threats come in the form of malicious software code, waves of distributed denial of service (DDoS) attacks, and insidious corporate espionage, all designed to provide financial or political benefit to criminals. While no aspect of the global economy is immune to attack—everyone from government entities to utilities to e-commerce merchants has hit the headlines with big breaches over the last year—this white paper will focus on two of the most lucrative targets for the organizations behind the attacks: financial institutions (FIs) and merchants.

One of the challenges in defending against the onslaught of attacks is the many different players and attack vectors. International organized crime rings seek financial gain; nation-states, individuals, and crime rings are engaged in espionage against governments and businesses; and hacktivists hope to make headlines. There are no clear dividing lines between players' causes, either; many times, the place where hacktivists leave off and fraudsters begin is none too clear.

There are a few common elements in the threats and the defenses employed by FIs and merchants, however.

  • The threats are escalating more quickly than banks or businesses can deploy defenses against them. The bad guys don't have to make a business case in order to innovate and deploy new technology, whereas the forces of good usually do. With new malware being deployed constantly (more than 150,000 unique new strains each day in Q1 2013), it's very difficult for the good guys to keep pace.
  • The username/password combination as an authenticator is officially broken. With myriad database breaches over the last year compromising tens of millions of usernames and passwords, and consumers exercising very little care or caution, the sole relevant use of this combination is now that of a database look-up mechanism.
  • Nobody is ever 100% secure. The threat environment is simply moving too fast. Rather than bulletproof security, organizations need to focus on ways to make the cost of breaching their security more trouble than the data that could be obtained is worth, using a layered, risk-based approach to maintain the balance between security and customer experience.

financial-institutions-merchants-race-against-cyberthreats-thumb