recommended reading

Cyber breaches at financial firms increasingly are inside jobs

Not surprisingly, the economic downturn is spawning a rise in cyber breaches at financial services firms, but increasingly the culprits are the banks' own employees, academic experts told Congress on Wednesday.

Damages inflicted on financial firms by managers, sales staff and other non-technical personnel averaged about $800,000 per organization, according to the CERT Program, a federally-funded research center at Carnegie Mellon University's Software Engineering Institute.

"The continued stress of the current economy on the workplace is impacting and exacerbating the potential for insider threat," CERT Chief Scientist Gregory Shannon testified at a House Financial Services Financial Institutions and Consumer Credit subcommittee hearing.

Many lawmakers expressed concern that the general public is unaware of all manner of cybercrime, especially small business owners who do not have the resources for corporate-level security reinforcements.

Carnegie Mellon's CERT currently is collaborating with the U.S. Secret Service and Treasury Department, with sponsorship from the Homeland Security Department, to develop an insider threat model aimed at defending the financial sector.

Aiding on the offensive side, the FBI is investigating more than 400 reported cases of corporate account takeovers in which hackers have attempted unauthorized transfers from businesses' bank accounts, Gordon Snow, FBI cyber division assistant director, told lawmakers. The ongoing cases have dealt a collective blow of about $85 million to the victimized companies.

"Organizations are working hard to build walls around their network infrastructure to keep people out but are having a difficult time defending against potential menaces that are already on the inside of the fence," Shannon testified.

Almost half of all inside attackers at financial services firms conspired with outside accomplices on their exploits, while a third consorted with other colleagues to commit the crimes, he added. Employees also have taken to stealing intellectual property and conducting online sabotage.

"One former system administrator wiped out billions of files on a financial institution's servers all over the world at 9 a.m. one morning; and recently an individual copied source code containing proprietary trading algorithms to servers outside the U.S. after submitting his letter of resignation," Shannon testified.

Pilfered code can cost businesses millions of dollars, allow competitors' to make money off the firms' leaked business strategies, or grant rivals a heads-up on their closely-held forthcoming financial decisions, Snow said.

Last year, the Secret Service arrested 1,200 suspected cybercriminals allegedly responsible for more than $500 million in fraud losses, said A.T. Smith, Secret Service assistant director. To nab the crooks, the agency combed through 867 terabytes of data, which agents say is equivalent to nearly four times the amount of data in the archives of the Library of Congress.

The Secret Service last weekend opened an office in Beijing, adding to the 23 overseas outposts the agency has established to forge partnerships with foreign investigators. While it is widely presumed that China sponsors cyber espionage in America, identity thieves located all over the world have become an economic drain on both countries. Federal officials have said that cooperating with China to tackle online fraud could help bridge other digital divides, such as differing views on freedom of expression.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.