The number of organized hacking syndicates targeting financial institutions around the world is growing at a disturbingly fast rate. And so is the number of banks willing to pay these high-tech extortionists hush money to protect their reputations, according to a security expert at The World Bank.Cases in which banks, brokerage firms and other financial institutions have quietly paid hacking syndicates extortion money are "extremely widespread," said Tom Kellermann, senior data risk management specialist at The World Bank in Washington. Kellermann, who co-authored a study on the electronic security risks facing the global financial community, presented the findings during an Oct. 29 online seminar sponsored by Cable & Wireless Internet Services Inc. in Vienna, Va.
The 127-page study details the growing security challenges facing the financial sector as a result of the industry's unprecedented dependence on the public telecommunications system, rapid adoption of wireless systems and outsourcing of operations to third parties.
And the growing dependency on Internet technologies that are linked to sensitive back-end systems, such as customer databases and real-time stock data, has made online extortion a major "safety and soundness issue" for the financial markets, Kellermann said.
80% Go Unreported
Kellermann cited reports from Framingham, Mass.-based IDC and Stamford, Conn.-based Gartner Inc. that indicate that roughly 80% of cybercrime incidents in the financial sector go unreported to law enforcement agencies.
Moreover, he contends that IT employees keep many of these incidents from senior banking executives "due to the reality that they may be fired." Banks don't report these incidents mainly because they want to maintain customer and investor trust, according to Kellermann.
At the same time, massive underreporting has created a vicious catch-22 for an industry that continues to struggle with dwindling budgets. "It has a magnifying effect because there's no actuarial data to justify the extra expense on security," said Kellermann. "We are losing this war."
Budget issues have also led banks and other financial companies to outsource operations. But that can have disastrous consequences for hundreds of banks at once if the hosting company doesn't implement proper security protections, Kellermann said. He cited an incident last year in which hackers penetrated the systems run by S1 Corp., an Atlanta-based provider of electronic finance services to the financial industry. The incident led to the compromise of more than 300 banks, credit unions, insurance providers and investment firms simultaneously.
Coverups Not Common
Security experts and banking officials contacted for this story agreed that the vast majority of incidents go unreported. However, they said they aren't convinced that internal coverups by bank IT personnel are widespread.
"I don't think that security incident coverups are common," said Joe Busa, an IT manager at Citizens Bank in Providence, R.I. "It is very hard to cover a mistake completely from your peers."
According to Gartner analyst John Pescatore, all publicly traded companies are required by the Securities and Exchange Commission to report all events that could have a material effect on the business. However, "there have been very few computer security incidents serious enough to be classified as a material event," said Pescatore.
 |
12 Layers of Adequate Security
Continued...
1 |
2 |
NEXT 
|
|
 |
Hacking syndicates threaten banking
|
|
|
|
|
"Welcome to a special IT Blogwatch EXTRA: as Richi Jennings watches bloggers' reactions to the Russian hackers who claim to..."
Read more...
"As if taxpayers needed another reason to scorn the IRS. I read yesterday that the inspector general review of several..."
Read more...
Read more Security posts  or See all Blogs
|
Too much junk food, too little exercise and a 24/7 tether to technology? Your body ain't happy, friend. Let us count the pains.
Instruments on the surface of Mars have detected falling snow that is likely evaporating before it reaches the planet.
One positive development stemming from the collapse of Wall Street may be a boost in interest in computer science and IT careers among students who were previously interested in financial services jobs.
Getting new software installed on Linux doesn't have to be hard, but it can differ depending on what you're installing.
Reviews, analyses, how-tos, visual tours, hot issues and predictions about Microsoft's new OS.
Four years from now, the IT field will be a vastly different place. Will you be ready?
|
 |
| Virtualization: Simplify. Automate. Lower Costs.  Virtualization: Simplify. Automate. Lower Costs.
Watch this complimentary webcast today! Go to the webcast |
|
| Computerworld Executive Bulletin: Building a Robust Antivirus Defense  Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs.
(Source: MessageLabs) Antivirus software alone isn't enough to prevent today's speedy, sophisticated virus attacks. Security managers should consider multitiered approaches that include behavior scanning, appliances that check e-mail for worms, and restricting user access to dangerous Web sites. Download this Executive Bulletin (a $49.95 value) for free, compliments of MessageLabs, to learn more. Download this executive briefing |
|
| White Papers  Read up on the latest ideas and technologies from companies that sell hardware, software and services. | | View more whitepapers |
|
| Quick Sizing Guide for SAS Grid Running on HP BladeSystems and EVA Storage  Download this white paper today!
(Source: HP) Designed for CIOs, IT managers, data center managers and grid computing architects seeking to improve performance, SAS Grid Computing on the HP BladeSystem c-Class helps accelerate growth and mitigate risks with a simplified, consolidated infrastructure that's agile enough to efficiently handle change. SAS Grid Manager on HP BladeSystem can lower costs through automation, virtualization and improved IT efficiency. Download this white paper |
|
|
Go Green with Webroot® Perimeter Security SaaS!
 Webroot Perimeter Security SaaS is a powerful alternative to obsolete on-premise hardware based security solutions. SaaS allows businesses to obtain flexible protection through an expert security provider, solving the problems caused by software, hardware and appliance solutions. Benefits include easier manageability, better protection and guaranteed performance –all at a lower cost. Register for your free copy of the "Why Security SaaS Makes Sense" whitepaper and Go Green with Webroot!
Download this white paper now!
|
 In Security
Stripping away the trappings of applications, systems and networks, information is the core asset of most organizations. Our columnist describes how asserting the importance of information governance is crucial to making that asset tangible, addressable and protected.
Click here to read the latest column by Jon Espenschied |
Protecting Exchange
 While it was once just a convenient way for employees to communicate internally, today e-mail systems like Exchange are tightly integrated with other business applications and are one of the primary methods for communicating with current and prospective customers. Protecting Exchange against costly downtime has become a top priority for more IT departments. So how do you ensure that your Exchange environment is always protected?
Download this
white paper now!
|
 The Spy Files
For Congress to do anything that helps protect consumers and the critical Internet infrastructure as a whole, it must pass laws that require proactive processes to protect computers, not that tell people how to deal with the resulting mess, says Ira Winkler.
Click here to read the latest column by Ira Winkler |
| |
Subscribe to
Computerworld 
