For the past 30 years, the growth in hacking has correlated directly with the proliferation of personal computing and mobile communication devices. And with the world now firmly in the digital age, concerns over “lone wolf” hackers have been re-focused on what are now resilient, complex and sophisticated crime organizations conducting global cyber attacks.
The (simple) cons
Of course, lone wolf attackers and small hacking groups still exist in every corner of the internet, often launching ransomware and Wi-Fi attacks, or implanting malware on PCs. Less technically sophisticated “con” artists may even use social engineering tactics to trick their victims into doing something “stupid” that will make their data/device more vulnerable to hacking. This may include convincing users to install malicious software, wifi certificates or browser extensions (e.g. the WannaCry virus).
The “pros,” on the other hand, commit cybercrime on a global scale. Organized teams of hackers work for sophisticated, complex, sometimes even state funded hacking organizations. According to the Financial Times, organized cybercrime is one of the biggest risks to global banking in 2017, threatening to cripple lenders and defraud customers. In 2016, cybercrime cost the global economy $450 billion.
The problem with the internet
Traditionally, financial services institutions have not had to worry about attacks that come from the internet. But with open banking taking hold both culturally and though regulation, banks, PSPs and other service providers have to start extending their security mindset beyond the firewall.
Any application or device that is continuously exposed to the internet is extremely vulnerable to attack. Not surprisingly, browsers are at the top of the list of vulnerable web applications. In fact, Google/Mozilla recently discovered in research using Firefox that 10-18% of all browser-based internet connections are actively being intercepted by what’s known as “man-in-the-middle” (MitM) attacks.
Until now there has been no way of detecting this type of attack. But it is clear based on the research that browsers and other web applications may act as gateways to larger-scale mayhem and theft. This will potentially become an enormous problem for the financial services industry as it opens up and allows more and more new entrants to act as financial institutions.
What to do about it
Fighting today’s hacking pros and cons requires a multi-layered approach. Existing firewalls and back end security play a critical role, but applications and APIs must be hardened from the client to the server, across all devices, browsers, interfaces and gateways. In addition, measures must be taken to keep damage from spreading across the network if a hack does hit its mark.