After a series of high-profile hacking attacks, many companies are considering more aggressive tactics to fight back against cyber crime, including “active defence” strategies.
The most controversial is “hacking back” against cyber criminals, which is against US law
The economics of hacking
and, according to several bank officials, a bad idea because of the difficulty in definitively identifying culprits. Instead, they are fighting back by bolstering their networks, establishing “fusion centres” that serve as a sort of central command, and creating malware laboratories to try to keep pace with the hackers – reports the FT.
“It’s not enough to build up walls and harden the systems, you need human capital to understand the threat,” says Austin Berglas, the former deputy chief of the New York FBI’s cyber security unit who is now at K2 Intelligence.
The banks created a trade group, the Financial Services Information Sharing and Analysis Center, or FS-ISAC, in 1999 to share information about security threats. It has 5,500 members, including JPMorgan Chase, Citigroup, Wells Fargo and HSBC.
The industry has also created a cyber-attack alert system with the Depository Trust & Clearing Corp, a clearinghouse that processes trillions of dollars in securities transactions for more than 50 US exchanges and trading platforms. Together they created Soltra Edge, software designed to give users timely information in standardised language about potential attacks. There have been about 1,800 installations of the Soltra Edge since it was rolled out in December 2014. “If we don’t protect ourselves, nobody else will,” says Bill Nelson, head of FS-ISAC.
The Soltra system is designed to undermine the economics of hacking. Hackers often use the same tactics to target multiple victims, driving down the cost of an attack while expanding the potential rewards. Soltra, also used by healthcare companies and retailers, is meant to prevent hackers from using the same method for multiple breaches, driving up their costs.
“If an attack that had cost $1,000 now costs $50,000, maybe a hacker will think twice,” says Mark Clancy, who just stepped down as chief information security officer at DTCC to be chief executive of Soltra.
Mr Clancy remembers when he and his fellow data security experts in the financial industry commiserated about how their employers did not understand what they were dealing with. “The security teams were enforcing regulations for a problem nobody understood or heard about,” says Mr Clancy, who left Citi in 2009. “Maybe we did a poor job of articulating the risks. But people obviously get it now.”
Bank officials began to wake up to the risks after Nasdaq and Citi were hacked in 2011. That February Nasdaq said its computer systems — but not its core trading platform — were penetrated by hackers. Four months later Citi’s online credit card website was hacked and 360,000 of its customers’ account details were accessed. The next year, most major banks suffered an onslaught of “denial of service” attacks, which US officials suspect had ties to Iran.
The post The economics of hacking appeared first on Payments Cards & Mobile.
