recommended reading

Cyber breaches at financial firms increasingly are inside jobs

Not surprisingly, the economic downturn is spawning a rise in cyber breaches at financial services firms, but increasingly the culprits are the banks' own employees, academic experts told Congress on Wednesday.

Damages inflicted on financial firms by managers, sales staff and other non-technical personnel averaged about $800,000 per organization, according to the CERT Program, a federally-funded research center at Carnegie Mellon University's Software Engineering Institute.

"The continued stress of the current economy on the workplace is impacting and exacerbating the potential for insider threat," CERT Chief Scientist Gregory Shannon testified at a House Financial Services Financial Institutions and Consumer Credit subcommittee hearing.

Many lawmakers expressed concern that the general public is unaware of all manner of cybercrime, especially small business owners who do not have the resources for corporate-level security reinforcements.

Carnegie Mellon's CERT currently is collaborating with the U.S. Secret Service and Treasury Department, with sponsorship from the Homeland Security Department, to develop an insider threat model aimed at defending the financial sector.

Aiding on the offensive side, the FBI is investigating more than 400 reported cases of corporate account takeovers in which hackers have attempted unauthorized transfers from businesses' bank accounts, Gordon Snow, FBI cyber division assistant director, told lawmakers. The ongoing cases have dealt a collective blow of about $85 million to the victimized companies.

"Organizations are working hard to build walls around their network infrastructure to keep people out but are having a difficult time defending against potential menaces that are already on the inside of the fence," Shannon testified.

Almost half of all inside attackers at financial services firms conspired with outside accomplices on their exploits, while a third consorted with other colleagues to commit the crimes, he added. Employees also have taken to stealing intellectual property and conducting online sabotage.

"One former system administrator wiped out billions of files on a financial institution's servers all over the world at 9 a.m. one morning; and recently an individual copied source code containing proprietary trading algorithms to servers outside the U.S. after submitting his letter of resignation," Shannon testified.

Pilfered code can cost businesses millions of dollars, allow competitors' to make money off the firms' leaked business strategies, or grant rivals a heads-up on their closely-held forthcoming financial decisions, Snow said.

Last year, the Secret Service arrested 1,200 suspected cybercriminals allegedly responsible for more than $500 million in fraud losses, said A.T. Smith, Secret Service assistant director. To nab the crooks, the agency combed through 867 terabytes of data, which agents say is equivalent to nearly four times the amount of data in the archives of the Library of Congress.

The Secret Service last weekend opened an office in Beijing, adding to the 23 overseas outposts the agency has established to forge partnerships with foreign investigators. While it is widely presumed that China sponsors cyber espionage in America, identity thieves located all over the world have become an economic drain on both countries. Federal officials have said that cooperating with China to tackle online fraud could help bridge other digital divides, such as differing views on freedom of expression.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.