Cybercriminals take largest toll on financial institutions
Losses from cybercrime exceeded $23 million, on average, at U.S. financial services companies in fiscal 2013 — the highest average for any sector, according to a Ponemon Institute survey.
Los Angeles Times
As the FBI and U.S. Secret Service investigated the scope of recent cyberattacks on U.S. financial institutions, the nation’s largest banks said Thursday that they hadn’t seen any unusual fraud activity from their customers’ accounts.
Officials at JPMorgan Chase, Bank of America and Citibank said they didn’t immediately see any customers being victimized.
“Companies of our size unfortunately experience cyberattacks nearly every day,” JPMorgan spokeswoman Patricia Wexler said. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”
Computer hackers constantly sniff around to find an opening into the networks of companies, and financial firms and their wealth of sensitive information have suffered the heaviest damage. Losses from cybercrime exceeded $23 million, on average, at U.S. financial services companies in fiscal 2013 — the highest average for any sector, according to a Ponemon Institute survey.
The attacks on banks have come from many fronts, but who might be behind the latest wave and how they found security holes remained under investigation.
Tom Kellermann, chief cybersecurity officer at Trend Micro, was among those who believe the attacks are linked to sanctions the U.S. levied on Russia over its actions in the Ukraine.
Trend Micro, which counts large financial institutions as clients, recently reported that banks have been enduring an upswing in attacks since those sanctions came down. The most significant was a breach of the European Central Bank’s network in July.
“Geopolitics will serve as a harbinger of cyberattacks in today’s age,” Kellermann said. “For all of these people in Washington — the FBI and Secret Service — to work this hard together ahead of a long weekend suggests something unprecedented is awry.”
Since 2012, hacking groups have repeatedly brought down the websites of major banks by spamming them with visitor traffic. The service disruptions prevent real customers from accessing the websites for brief periods, but lead to little financial damage. Other hackers have found weaknesses in payment applications used to wire money or have altered ATMs to illegally siphon funds.
But many recent significant attacks, including the data breach at Target that affected millions of Americans, have been the result of a company’s vendor having its system compromised.
But despite the rising spending on cybersecurity, companies continue to be victimized because of bureaucracy and a focus on preventing fraud rather than intrusions, said Avivah Litan, a Gartner Research analyst.
“Organizational issues — as opposed to the technology issues — are generally the main impediments to successful defense of the bank’s assets,” Litan said in a statement Thursday.