Hacking syndicates threaten banking

The 127-page study details the growing security challenges facing the financial sector as a result of the industry's unprecedented dependence on the public telecommunications system, rapid adoption of wireless systems and outsourcing of operations to third parties.

And the growing dependency on Internet technologies that are linked to sensitive back-end systems, such as customer databases and real-time stock data, has made online extortion a major "safety and soundness issue" for the financial markets, Kellermann said.

80% Go Unreported

Kellermann cited reports from Framingham, Mass.-based IDC and Stamford, Conn.-based Gartner Inc. that indicate that roughly 80% of cybercrime incidents in the financial sector go unreported to law enforcement agencies.

Moreover, he contends that IT employees keep many of these incidents from senior banking executives "due to the reality that they may be fired." Banks don't report these incidents mainly because they want to maintain customer and investor trust, according to Kellermann.

At the same time, massive underreporting has created a vicious catch-22 for an industry that continues to struggle with dwindling budgets. "It has a magnifying effect because there's no actuarial data to justify the extra expense on security," said Kellermann. "We are losing this war."

Budget issues have also led banks and other financial companies to outsource operations. But that can have disastrous consequences for hundreds of banks at once if the hosting company doesn't implement proper security protections, Kellermann said. He cited an incident last year in which hackers penetrated the systems run by S1 Corp., an Atlanta-based provider of electronic finance services to the financial industry. The incident led to the compromise of more than 300 banks, credit unions, insurance providers and investment firms simultaneously.

Coverups Not Common

Security experts and banking officials contacted for this story agreed that the vast majority of incidents go unreported. However, they said they aren't convinced that internal coverups by bank IT personnel are widespread.

"I don't think that security incident coverups are common," said Joe Busa, an IT manager at Citizens Bank in Providence, R.I. "It is very hard to cover a mistake completely from your peers."

According to Gartner analyst John Pescatore, all publicly traded companies are required by the Securities and Exchange Commission to report all events that could have a material effect on the business. However, "there have been very few computer security incidents serious enough to be classified as a material event," said Pescatore.

12 Layers of Adequate Security 1 2 Next » Recommend Digg Twitter ShareThis Email Print Send Feedback Reprints Additional Resources POLL RESULTS Leading IT Pros Weigh In on Top IT Issues Accelerate your knowledge of the IT world you inhabit by viewing the results of a series of polls taken by your IT peers. These polls of 100+ IT professionals each are available for full viewing. They cover key topics such as virtualization, processor performance, green IT, cloud computing and many others. Be a part of the buzz. WHITE PAPER For Best Results, Think Beyond the Box Technology is complex. Keeping it running productively shouldn't be. To that end, you want to minimize the number of solutions needed in-house to simplify operations, maintenance, and support. Kodak offers a best-practices model. One company provides support for both scanner and software, for fast problem resolution without vendor finger-pointing. Download now! WHITE PAPER Accelerating the Path to Demand Intelligence with a Demand Signal Repository Utilizing demand intelligence improves the precision of pricing, product assortments, channel/store placement, and promotion, which are all essential for sustainable revenue management performance. Learn more, download this free whitepaper today. White Papers & Webcasts How Controlling Access to Privileged Accounts Can Keep Insider Threat from Hurting Your Bottom Line This white paper explores insider attacks and insider risk, and shows how to control them by controlling and monitoring access. The paper describes...   Usability Is Everything Learn what sets Workday's HR and Payroll solutions apart from the competition.... Military Uses Bit9 Parity to Defend Against New Generation Attacks When a military organization faced an exercise, in which there was an attempt to breach and infect the network, they decided to use...   The Value of Real SaaS at Workday Cost savings, speed to value, and innovation brought to the enterprise by Workday's software-as-a-service solutions for HR and Payroll.... Eliminate Spam, Gain Productivity In this exclusive whitepaper, learn all about the dangers of spam and the cost to your business....   SaaS at Flextronics, Inc. Dave Smoley, CIO of Flextronics, discusses the real value of software-as-a-service and why he chose Workday for his HR solution.... Accelerate SSL Encrypted Applications The amount of SSL traffic is growing in the enterprise. Because it is encrypted, it cannot be properly controlled and accelerated. Blue Coat...   Why Compliance Pays This OnDemand webcast explores the relationship that firms with best compliance records have higher revenue, greater customer retention, lower financial losses from data... ESG Lab Field Audit Many companies have successfully implemented Riverbed WAN optimization solutions within their Cisco networks. This ESG Lab Field Audit document explores the success that...   Agile Enterprise Content Management (ECM) for Rapid ROI Find out how combining ECM and BPM will help adress issues about content rich business processes.... All White Papers | All Webcasts Computerworld Reports An Interactive eBook: Enterprise Security The Business Case for Server Virtualization Computerworld Technology Briefing: Intelligent Users Use Business Intelligence All Computerworld Reports Sign up to receive updates on the latest Security resources   Symantec Report on the Underground Economy The Symantec Report on the Underground Economy examines activity on underground economy servers observed by Symantec between July 1st, 2007 and June 30th, 2008. It includes analysis and discussion of the goods and services advertised, advertisers participating in the economy, the servers and channels that host the trading, and a snapshot of piracy activity observed. Download this white paper  Data Loss Risks During Downsizing With the dramatic increase in lost jobs, companies should be aware of the possibility that these employees may be walking off with their sensitive and confidential data. An independent study done by the Ponemon Institute surveyed employees leaving their jobs and taking company data with them. This type of data loss problem may be putting companies at risk for a potential data breach. This study will help you to understand what employees are doing with the data on the laptops their employers provided them. Download this white paper  3 Steps to Protect Confidential Data on Laptops Learn how to avoid being part of the one-third of security breaches that occur due to laptop theft. This report outlines specific steps to help you secure confidential data and minimize the impact of data loss resulting from stolen or missing laptops. Download this white paper  Managing Spend on Information Security and Audit for Better Results The benchmarks conducted by the IT Policy Compliance Group show almost all organizations have financial incentives exceeding 100 percent to make improvements to reduce financial risk from data loss, downtime and regulatory audit. This report includes findings covering the principal operational outcomes being experienced by organizations, financial risks, losses and returns, and the practices making the most difference to control risks, reduce costs, and improve results. Download this Report!  White Papers How Controlling Access to Privileged Accounts Can Keep Insider Threat from Hurting Your Bottom Line Eliminate Spam, Gain Productivity ESG Lab Field Audit Natural User Interface for Enterprise Applications Craft a Strategy to Lower Your Total Cost of Ownership The Shortcut Guide to Managing Certificate Lifecycles Differentiating With Technical Support: JBoss Customer Support Study The JBoss SOA Assessment Tool: Spend Less, Do More 2007 Gartner Magic Quadrant Report Microsoft SharePoint Performance Brief Military Uses Bit9 Parity to Defend Against New Generation Attacks Accelerate SSL Encrypted Applications Shape Your Apps Strategy to Reflect New SaaS Licensing and Pricing Trends A Truly Global HCM System Moving Beyond Monolithic - What's Next for Enterprise Application Architectures? MarketVibe: Communications and Collaboration Needs at Business Organizations The Value of Network and Application Visibility by Aberdeen The CIO's New Guide to Design of Global IT Infrastructure Five Steps to Successful IT Consolidation IBM Lotus Notes Performance Brief Sponsored Links HP StorageWorks products-control, consolidation and confidence. 64-page prescriptive guide to security, compliance, and IT operations. Looking to add Unix/Linux functionality to Windows? FREE guide to saving up to 95% on network hardware costs. Start saving today! Enhance your career with a Boston University online Master's in CIS Find IT jobs in the Healthcare industry on Dice.com Network Tools Made By Engineers for Engineers Live Webcast: Building a More Productive Organization  A User Perspective With the NEW KODAK i700 Series Scanners get full speed at 300dpi! ITwhitepapers.com - Access thousands of white papers on 300+ technical topics. Leverage Your Cisco infrastructure for Superior Application Performance Learn about the AMD Virtual Experience Introducing: Project Icebreaker Introducing the new HP ProLiant G6 server family Wait for the upturn, or get ready for it with Capgemini's Technovision study. Download it here. Instantly know your IT service state - anytime, anywhere @ AccelOps.net Try the best rules engine free! Decisions.FICO.com Learn How to Create a High Performance Workplace Thrill Dad this Fathers Day and save up to 66% plus 4 FREE Caramel Apple Tartlets from Omaha Steaks. ESET NOD32 with ThreatSense(R) - Get your free trial now! Join the conversation about the hottest IT trends with Computerworld on Twitter. Create business data you can believe in with data governance Not All QSAs Are Created Equal: What You Should Know Before You Buy The arrival of Serial Attached SCSI (SAS) marks a new era in storage scalability The AMD Virtual Experience Virtual Trade Show About Us Advertise Contacts Editorial Calendar Help Desk Jobs at IDG Privacy Policy Reprints Site Map CIO Computerworld CSO DEMO GamePro Games.net IDC IDG IDG Connect IDG Knowledge Hub IDG TechNetwork IDG Ventures IDG.net InfoWorld ITwhitepapers ITworld JavaWorld LinuxWorld Macworld Network World PC World The Industry Standard Copyright © 1994 - 2009 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.