May 2018

Cyber-crime: Are you ready to tackle one of the biggest challenges of our time?

Every working day, corporates and financial institutions come under the threat of attack from cyber-criminals. It’s a growing problem and as business continues to digitalise, threats multiply and organisations become more vulnerable. Discussions around cyber-security have become more commonplace with clients who are concerned about the integrity of systems and their overall safety. Well-publicised attacks and hacks have raised awareness of this global challenge facing everyone who enters the online world – it is not just companies that are the target, individuals are also at risk. Naturally, as a major global bank with clients all over the world, it is in Deutsche Bank’s interest to work with customers to help them mitigate their risks and protect themselves from cyber-criminals.

Need for heightened awareness

Not everyone is aware of the global threat of online crime and fraud. But while some people might shrug their shoulders and say, “It won’t happen to me”, the more unsuspecting the victim, the easier it is for criminals to exploit a situation. The consequences can be disastrous, not just for corporates, but also for individuals.

According to Norton’s 2017 Cyber Insights report, published in January 2018, 998 million people in 20 countries experienced some form of cyber-crime in 2017, a significant increase on 2016’s 689 million and 400m more than 2015. Furthermore, the source of crime can be very simplistic. Most network intrusions, in excess of 60%, are the result of compromised user passwords (source: Microsoft). When Symantec conducted a survey on cyber fraud, they discovered that 76% of consumers in 21 countries acknowledged the importance of keeping account information secure, yet many still shared their passwords.

This is a cause for great concern as in 2016, cyber-crime was the second most reported economic crime (source: PwC). In the UK, for example, cyber-crime accounts for more than 50% of all offences. Equally disconcerting, a study by University of Maryland in the US discovered that hackers are launching assaults on computers and networks on a near-constant rate (every 39 seconds).

Against this backdrop, it is logical and prudent to ensure people are aware of the threats and the consequences of cyber-crime, either through sharing industry information, training or by making sure the right practices and tools are in place to provide appropriate protection.

There’s no shortage of information available, but the challenge is to navigate through the conflicting opinions and to keep abreast of the constantly-evolving threats. Needless to say, the response to cyber-crime varies across the globe.

Cyber-crime – global and costly

Cyber-crime impacts profitability and stock prices and has no boundaries and the following snapshot of just some of the research findings make for worrying reading:

Malware, ransomware, anywhere

Development of malware by criminals is also expanding. It is an umbrella term, but includes computer viruses, worms, Trojan horses and ransomware.

A particular wake-up call for the banking sector came in early-2016 when malware was inserted into the Bangladeshi central bank which resulted in an attempt to steal US$951m. This was mostly stopped but it prompted SWIFT to launch a customer security programme, which aims to improve information sharing and provide enhanced tools to facilitate better customer security.

One of the most significant developments in cyber-crime in 2017 was the introduction of blackmailing techniques through ransomware, which has moved beyond mere financial gain and has been used in nation-state attacks and corporate espionage.

The most high profile cases of ransomware causing major disruption were the so-called WannaCry and Petya attacks. WannaCry took place in May 2017 and was a ransomware cryptoworm which targeted computers running the Microsoft operating system (see also the flow article, ‘Combating cybercrime’). Similarly, the Petya ransomware attack, first discovered in 2016, also honed in on Microsoft Windows-based systems.

The WannaCry attack of May 2017 by the WannaCry ransomware cryptoworm, targeted computers running Microsoft Windows by encrypting data and demanding ransom payments in Bitcoin crypto-currency. It propagated through EternalBlue, an exploit in older Windows systems. Much of WannaCry's spread was from organisations that had not applied these, or were using older Windows systems past their end-of-life. The attack was stopped within a few days of its discovery due to emergency patches released by Microsoft but it was estimated to have affected more than 200,000 computers worldwide, with total damages ranging from hundreds of millions to billions of dollars.

Combating the criminals

Attackers can be ingenious in attempting to break into an organisation, using phishing and spam campaigns as a way to break open the door.

Most attacks on critical and strategic systems have not succeeded. The European Aviation Safety Agency has revealed that aviation systems are subject to an average of 1,000 attacks per month, but this sector has developed a common approach to risk management and information sharing mechanisms that have been successful in thwarting attacks. However, the number of isolated successes and a growing catalogue of attempted attacks suggests the risks are increasing.

Organisations can better prepare and protect themselves by creating layers of security, often referred to as ‘Defence in Depth’. The intent is to avoid relying on a single solution or approach to security, but instead to reduce the potential effectiveness of an attack by disrupting a threat actor at different stages during an attack.

Led by our cyber intelligence team, Deutsche Bank helps to promote information sharing communities, the development of stronger firewalls – both human and technical- and cooperation with national and supranational initiatives and associations.

Official

Click below to download the pdf of the cyber security factsheet

This article is from www.db.com/flow. To ensure you don’t miss out on regular updates and articles, please share your preferences with us now (and this is a genuine request, and not a phishing ploy!). Here is the registration page

You might be interested in

This website uses cookies in order to improve user experience. If you close this box or continue browsing, we will assume you agree with this. For more information about the cookies we use or to find out how you can disable cookies, click here.