Cybercrime is big business and the greater the financial rewards, the more targeted and persistent attackers are likely to be. Unsurprisingly, cybercrime is considered to be one of, if not the most serious threats currently facing the banking industry. Financial institutions are not entirely risk averse of course. I would argue that the increasing popularity of mobile and online banking in recent years inevitably brings with it some level of potential danger, however well measured by security defences and the education of its customers. However, the wealth of highly sensitive data held within these institutions and the potential theft of vast sums of money, is inevitably high and a breach can cause a catastrophic fall-out if it were to reach the consciousness of anxious customers and shareholders. The issue has clearly reached the top of the agenda within all organisations, judging by the conversations I am having with concerned executives.
The risks facing our banks are rapidly growing and so too are the pressures being placed on them by the authorities to up their game when it comes to security. Indeed, The Bank of England is so concerned by the threat level that it has announced plans to launch a simulated online attack next month, to test how prepared organisations are for a severe assault on their networks. I, along with many, welcome this news, particularly if it identifies areas of weakness and ensures that robust controls are in place around the most valuable assets within any organisation – privileged accounts. These access rights provide powerful access and control and are found in each and every business. In fact, they frequently outnumber the headcount, by as much as three to four times according to our research. Yet these accounts are often woefully neglected, with lax or non-existent control and monitoring of privileged user activities and access – a weakness that has not gone unnoticed by attackers.
Indeed, only recently the Metropolitan Police charged a group of individuals with conspiring to hack a Santander branch in London, using a keyboard video mouse (KVM) device, which would have allowed the group to remotely control the bank’s computer systems. Luckily, their efforts to extract funds from the branch failed. However, in my view, the case demonstrates that today’s criminals are all too aware of the potential breach points within an organisation.
The criminals in this case had the opportunity to physically attach the hardware device, however, IT privileged accounts are all too often the breach point. Therefore, these privileged accounts – which grant the most powerful access to users – must be firmly locked down, as they are actively targeted by criminals looking to steal money or information, or to leverage their advantage in other malicious ways, for instance, by imbedding malware in a target system. Additionally, physical security controls need improving around access to IT equipment.
Quite simply, banks must now focus their attention on guarding the heart of the enterprise in order to ensure the best possible protection for their business. This means identifying, managing and monitoring the internal privileged accounts of employees, with the ability to terminate any suspicious activity in an instant if necessary. I cannot stress enough that the immense power of these accounts must not be underestimated. With the stakes higher than ever before, privileged accounts must take centre stage in any organisation’s security strategy.