100 likes | 200 Views
How Cyber Threats Are Changing The Risk Profiles of Banks. AIBA Quarterly Meeting December 5, 2013. Changing risk profiles. Interesting trends Possible solutions. I. Interesting trends. Interesting trends. New technology has changed how consumers approach banking. .
E N D
How Cyber Threats Are Changing The Risk Profiles of Banks AIBA Quarterly Meeting December 5, 2013
Changing risk profiles Interesting trends Possible solutions
Interesting trends New technology has changed how consumers approach banking. • . • “Banking is something I do, not a place I go.” • Selecting a bank based on usability, not on products and services Risks: • Keeping up with technology: the “Red queen” problem • Constant new technology constantly introduces risks
Interesting trends, continued Regulators, firms and courts are shifting risk around. • Regulators have pushed third-party risk back to banks • New OCC third-party guidelines • Courts have pushed customer risk to banks • Patco Construction vOcean Bank • Entrepreneurs have developed a “cyber insurance” market
Interesting trends, continued Cyber attackers have new motives. • New reasons to target banks: • Grievances against an entire industry, e.g. Occupy • Grievances with specific banks, e.g. OP Avenge Assange DDoS • PayPal, Visa and MasterCard targeted for blocking payments to Wikileaks.org • New reasons to use banks to gain access to other targets: • Media attention, e.g. OPUSA DDoS • Customer data • Offshore tax-haven leaks
Possible Solutions Banks need industry-wide cooperation and sharing. • Common set of standards • Pressure for vendors and banks to meet best practices • Do not wait for regulators • Effective information sharing • Threats, responses and outcomes
Possible Solutions IT/IS strategies must shift from reaction to anticipation. • Increase focus on predicting threats • Fighting fires is still important, but leads to burnout, for staff and customers • Encourage IT/IS staff to look further afield What is the bank’s response when: • A competitor gets hit • When the bank receives negative press • When the bank’s name shows up in Pastebin, or other hacker-friendly space
Alex Muentz, principal Prior to joining Promontory, Alex was a senior associate at Picciotti and Schoenberg, where he facilitated internal and external investigations by assessing physical security, networks, systems, computers, smartphones, and other technologies for medium to large companies. Alex frequently advises in litigation matters relating to the information security community, including teaching about computer crime at the Temple University Department of Criminal Justice, where he is an adjunct professor. As an experienced network and system engineer, and white-hat hacker, he is an expert at reverse engineering, penetration testing, electronic discovery, and network intrusion. Alex previously was a contract attorney and team lead at several Philadelphia law firms, where his work included investigations, due diligence, database and connection diagnostics, and review of privilege logs in relation to litigations and subpoenas. Prior to his career in law, Alex was a senior technician at Springboard Media, where he collaborated with customers to perform technical support and design IT solutions. Prior to working at Springboard Media, Alex tested systems for information security and reliability at Vertex Pharmaceuticals where he specialized in data breaches and audits. Alex earned a J.D. at Temple University and a B.S. in economics at Northeastern University.