An Effective Way to Combat Cyber Breaches
Banks have always been in the
business of risk management, but the risks they face aren’t stagnant; they
migrate with time.
Traditionally, banks have faced
two types of risk: interest rate and credit risk. Today, however, given the
growth of digital banking and transactions, these two risks have been
supplanted by another: cybersecurity.
The biggest challenge when it comes to cybersecurity risk is that it constantly evolves, as the threats, actors and attacks increase in sophistication. Banks that prepare for one method of intrusion may find themselves the victim of a different strategy.
Earlier this year, H. Rodgin
Cohen, a partner at Sullivan & Cromwell and one of the industry’s most
trusted advisors, commented on this change.
“I think the biggest risk in the [financial] system today is a successful cyberattack,” Cohen said. “That is a very serious risk, but I think the more likely [danger] is that a single bank – or a group of banks – are hit with a massive denial of service for a period of time, or a massive scrambling of records.”
Banks of all sizes feel pressure to keep their systems secure from intruders, according to Bank Director’s 2019 Risk Survey, which found that cybersecurity concerns among bankers have increased over the previous year.
Twenty percent of survey
respondents say they address cybersecurity as a full board rather than
delegating it to a committee, and slightly more than a third say at least one
director is a cybersecurity expert.
The concern is ever present, and
for some banks, very real: 18% of respondents, excluding chief lending officers
and chief credit officers, reported that their bank experienced a data breach
or other cyberattack within the last two years.
Concerns like these are why Bank Director created the “Best Solution for Protecting the Bank” category for its 2019 Best of FinXTech Awards. Judges selected winners from the most innovative solutions found in the FinXTech Connect platform.
The finalists for this year’s award were Rippleshot, which helps banks to identify credit and debit card fraud; IDEMIA, which works to prevent card-not-present fraud; and Illusive Networks, which helps banks detect when their networks have been infiltrated.
This year’s winner was Illusive
Networks, based in part on its work to secure the network of Israel Discount
Bank, the third biggest bank in Israel.
Illusive approaches cybersecurity from a hackers’ point of view in order to beat them at their own game. Its strategy isn’t to stop an intrusion per se – a feat that seems increasingly impossible with the number of entry points into a system and the scores of malicious actors.
Rather, it detects and remediates an attack once it has happened. Intruders breaking into a bank’s system must persistently monitor the network for bits of information or credentials that will help them move from machine to machine and gradually close in on the data they want. Illusive plants false information across the bank’s network so that, when attackers act on it, the bank can catch them red-handed.
Illusive calls this
“endpoint-focused deception.” The deceptive information is only visible to
malicious actors and triggers an alert within Illusive. The technology then
captures details about the bad actor directly from the machine they were using,
which the bank then uses to track and stop the attack.
One of the main selling points of
Illusive’s solution is the short implementation period. In Israel Discount
Bank’s case, it took a matter of weeks to implement the solution.
The net result is that, not only is the solution
harder to detect for potential cyber criminals, but it’s also fast and easy to
implement.