WASHINGTON (8/29/14)--Cybercrime is a "sleeper issue" with the potential for huge impact on markets, says Greg Medcraft, chairman of the board of the International Organisation of Securities Commissions (IOSCO), according to a report this Monday in the Financial Times.
Medcraft predicted that the next major financial shock will come from cyberspace, following attacks on large players in the financial marketplace.
According to the Financial Times, Medcraft believes there needs to be consistency around the world when it comes to identifying and mitigating cyberthreats. This would include a global "toolbox" that would identify risk-management standards for detecting and responding to cyberattacks.
JPMorganChase, and at least four other banks, were struck by coordinated attacks by hackers earlier this month, according to a report from The New York Times. The article states that hackers siphoned "gigabytes of data, including checking and savings account information, in what security experts described as a sophisticated cyberattack."
A report from Bloomberg cites unnamed sources that say Russian hackers likely perpetrated the attacks, and that authorities are investigating whether recent attacks on major European banks using a similar vulnerability could be linked. The Bloomberg report cites experts who contend the attacks, which "plowed through layers of elaborate security to steal the data," appear "far beyond the capability of ordinary criminal hackers."
Businesses have been the target of attacks as well. Last week the U.S. Secret Service issued a bulletin about malware known as "Backoff" that has been associated with several point-of-sale data breaches. The bulletin estimated that more than 1,000 businesses are affected with the malware, which accesses a businesses' administrator account remotely to exfiltrate consumer payment data.
According to the Secret Service, Backoff was not recognized by antivirus software until this month, but bas been detected as far back as October 2013. This means that even computers with the latest antivirus updates and security patches did not recognize Backoff as malicious.
A recent Ponemon Institute study of data breaches showed that that average financial cost to victims of a data breach averages $157 per consumer, when the breach is a result of malicious criminal intent. For companies that are hit with such attacks, the average cost is $3.5 million (News Now Aug. 21).
And as Charles Lybrand, an information security analyst with TraceSecurity, points out, for any target of a cyberattack financial losses are just the beginning of the damage. There are reputational losses, a possible loss of business, and other costs, such as reimbursement and legal fees. TraceSecurity is a CUNA Strategic Services alliance provider.
U.S. financial regulators, as well as the Congress, are grappling with policy issues involving cybersecurity. There is apparent agreement that the cost and effort required to prevent an attack is lower, and seems more manageable, than the cost and effort to react to one. Beyond that, there is much debate.
However, financial regulators are working to give resources and guidance to financial institutions. For instance, in March the National Credit Union Administration launched a new resource for credit unions--a webpage that provides links to cybersecurity and data security resources. (Use the resource link.)
The Credit Union National Association is pressing federal lawmakers to address data security relative to merchants, who are not held to the same standards of security as credit union and other financial institutions. CUNA is a strong proponent that all payments system participants must be held to comparable levels of federal data security requirements; those responsible for the data breach should be responsible for the costs of helping consumers; and those responsible should ensure consumers know where their information was breached.
Use the resource links below for more information.