Hacking syndicates threaten banking

The 127-page study details the growing security challenges facing the financial sector as a result of the industry's unprecedented dependence on the public telecommunications system, rapid adoption of wireless systems and outsourcing of operations to third parties.

And the growing dependency on Internet technologies that are linked to sensitive back-end systems, such as customer databases and real-time stock data, has made online extortion a major "safety and soundness issue" for the financial markets, Kellermann said.

80% Go Unreported

Kellermann cited reports from Framingham, Mass.-based IDC and Stamford, Conn.-based Gartner Inc. that indicate that roughly 80% of cybercrime incidents in the financial sector go unreported to law enforcement agencies.

Moreover, he contends that IT employees keep many of these incidents from senior banking executives "due to the reality that they may be fired." Banks don't report these incidents mainly because they want to maintain customer and investor trust, according to Kellermann.

At the same time, massive underreporting has created a vicious catch-22 for an industry that continues to struggle with dwindling budgets. "It has a magnifying effect because there's no actuarial data to justify the extra expense on security," said Kellermann. "We are losing this war."

Budget issues have also led banks and other financial companies to outsource operations. But that can have disastrous consequences for hundreds of banks at once if the hosting company doesn't implement proper security protections, Kellermann said. He cited an incident last year in which hackers penetrated the systems run by S1 Corp., an Atlanta-based provider of electronic finance services to the financial industry. The incident led to the compromise of more than 300 banks, credit unions, insurance providers and investment firms simultaneously.

Coverups Not Common

Security experts and banking officials contacted for this story agreed that the vast majority of incidents go unreported. However, they said they aren't convinced that internal coverups by bank IT personnel are widespread.

"I don't think that security incident coverups are common," said Joe Busa, an IT manager at Citizens Bank in Providence, R.I. "It is very hard to cover a mistake completely from your peers."

According to Gartner analyst John Pescatore, all publicly traded companies are required by the Securities and Exchange Commission to report all events that could have a material effect on the business. However, "there have been very few computer security incidents serious enough to be classified as a material event," said Pescatore.

12 Layers of Adequate Security 1 2 Next » Recommend Digg Twitter ShareThis Email Print Send Feedback Reprints Jump to comments Cybercrime/Hacking Additional Resources Microsoft DirectAccess and UAG: Better Together Here are some of the key reasons why you would want to run Unified Access Gateway with DirectAccess. Microsoft Case Study: Energy Firm Tightens Protection, Simplifies IT Work Review how one energy firm tightened protection and simplified IT work using business-ready security solutions. Sybase NEXT-GENERATION MOBILITY PLATFORMS In this white paper, IDC analyzes the role of next-generation mobile enterprise platforms as organizations seek a more strategic deployment of mobile solutions. Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase. White Papers & Webcasts The Tangled Web: Silent Threats & Invisible Enemies Download Now   Data in Action: Making the Planet Smarter Register Now Email Archiving: A Business-Critical Application Get this paper now!   Hosted Security Services: Why it make budget and security sense in today's economy Watch Now Gene Kim's Practical Steps to Achieve and Maintain NERC Compliance Learn seven steps operators can take to meet IT configuration requirements set forth in the NERC-CIP standards.   The Workday User Experience Video Watch Workday's Creative Director, Scott Lietzke, discuss the business-centered design philosophy at Workday. Not Just Words: Enforce Your Email and Web Acceptable Usage Policies Get this paper now!   Business Process Framework Demo Learn about Configurable Business Processes and Calculated Fields. Watch Now! The New World of eCrime: Targeted Brand Attacks and How to Combat Them Download This Whitepaper Now!   Manager Experience Demo Go beyond self-service solutions to perform more effectively. Watch Now. All White Papers | All Webcasts Computerworld Reports Computerworld Technology Briefing: More than Business Value Computerworld Briefing: Staffing for Intelligence 8 Questions To Ask About Your Intrusion-Security Solution All Computerworld Reports Sign up to receive updates on the latest Security resources IT Jobs See All Jobs Post a job for $295 Go Jobs by SimplyHired   White Papers The Tangled Web: Silent Threats & Invisible Enemies Gene Kim's Practical Steps to Achieve and Maintain NERC Compliance The New World of eCrime: Targeted Brand Attacks and How to Combat Them Eliminate Spam, Gain Productivity Why BI is Ripe - Now! - For Businesses of Any Size Rapid Implementation: The New Age of ERP Faster, Cheaper and Easier to Maintain HP Technology Guide for Scalable Business Solutions Clipper Group Report: HP Provides Enhanced Options for Data Center Ensuring High Service Levels in Cloud Computing Email Archiving: A Business-Critical Application Not Just Words: Enforce Your Email and Web Acceptable Usage Policies Secure Your Domains. Secure Your Business. Oracle Accelerate - Not Just Smart but Timely How Midsize Businesses Are Using ERP To Gain Competitive Advantage in a Tough Economy Leveling the Field: Powerful Software Solutions for Midsize Companies IDC Research Report: The Business Value of Consolidating on Energy-Efficient Servers The Business Case for Virtualization Best Practices for Optimizing Performance and Availability in Virtual Infrastructures Capacity Management in VMWare Virtualized Infrastructures Sponsored Links To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial To get a better view of your entire data center, you need a better vantage point. Improve your vision with Hitachi IT Operations Analyzer - Free 30 day trial Stop malware without grinding performance to a halt with SonicWALL Cisco Unified Computing System: New Levels of Integration Diskeeper prevents fragmentation to boost speed and efficiency. Try Free! Discover the Four Trends Driving the Future of Data Centers Microsoft & Novell Interop-Ability Case Study: VTI Technologies Realizing Cost Savings Through Infrastructure Modernization Turn your desk phone and mobile phone into one with Sprint Mobile Integration. Stay informed with custom newsletters from Tech Dispenser Looking to add Unix/Linux functionality to Windows? Next-generation firewalls control applications and prevent threats. Not All QSAs Are Created Equal: What You Should Know Before You Buy The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability The AMD Virtual Experience Virtual Trade Show Introducing: Project Icebreaker Improve your Modular Cooling System Now with Alcatel-Lucent and Save CA ARCserve r12.5 is More Than Backup! Download Trial Version Today Take the Netezza TwinFin TestDrive! Enterprise search helps employees get more done. Get the facts from Google. Let Progress Software help your business make progress. How Novell & Microsoft interoperability pays off for MoneyGram Now let 1000's access reports themselves with SAP Crystal Reports Server Northwestern Computer Information Systems Program Streamline IT Costs. Boost Performance with WAN Optimization Tolly Performance Report  "Citrix NetScaler with nCore Outperforms F5 BIG-IP" Are you gambling with your data? It is at risk. Find out and protect it. Link to www.trustlto.com ITwhitepapers.com - Access thousands of white papers on 300+ technical topics. Leverage Your Cisco infrastructure for Superior Application Performance Learn about the AMD Virtual Experience Save up to 61% plus Free Cheesecake About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard Copyright © 1994 - 2010 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.