Network Critical - The Window to your Network

Cyber Skills Gap

Are the bad guys better than the good guys? The Financial Times Cyber Security Summit Europe was held in September. The presentations focused on cyber crime against financial institutions and their vulnerabilities to such attacks. Obviously, this is a lucrative target for criminals because billions of dollars pass through inter-bank transactions and clearing systems. At risk is catastrophic failure of our digital financial system.

First, lets look at our modern global financial system.

Money is an imaginary system of mutual trust. In fact, money is the most universal and most efficient system of mutual trust ever devised. Throughout human progress in history, we went from bartering a sheep for seed, to trading gold coins for various products and services. Eventually paper currency was developed and backed by empires and governments. Now most of our currency is electronic bits backed by governments and financial institutions. Just as cash money has no intrinsic value, neither does an electronic debit. They are just bits of information stored on a server. However, our trust in the institutions that manage these bits is the foundation of the entire global economic system.

The sum total of money in the world today is about $60 Trillion. The sum total of actual currency in circulation in the world is about $6 Trillion. More than 90% of the money in the world today exists only as bits on computer servers. So, now, how important is managing and securing the servers that maintain this currency? The very survival of our economic system depends on our trust that the underlying currency information is safe and available.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) provides a network that enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized and reliable environment. A significant breach of inter-bank transactions sent alarms through the industry.

SWIFT transactions were manipulated in February and August of 2016 by a group called Ordinaff. In the February breach, the Bank of Bangladesh lost $81 Million. The SWIFT system is constantly under attack and the skills of the attackers seem to be very sophisticated. Alain Desausoi, CISO at SWIFT commented at the summit, “We were surprised by the gap between the skills of the attackers and the cyber security practices in the banking industry.” One of the problems discussed is that while the threat is the same worldwide, the necessary skills to manage them are not the same in all countries. The February attack was caught by an alert manager who noticed a typo in a transaction message. If not for that catch, this breach could have been in the billions of dollars.

Back to the skills gap. The financial industry is under attack and will continue to be under persistent attack by cyber criminals who want to steal money, data, identities and more. In order to maintain trust in the system, the industry must close the skills gap between it’s employees and those of the enormous and well financed hacking industry. The Financial Times summit is a cooperative effort to work through these issues and develop practices to protect our financial systems.

Some of the resolutions that came out of the summit include improved information sharing, more resilient software, improved security practices, traffic pattern detection to identify anomalies, and ensuring banks have the right security partners. The banks understand the enormity of this problem and are working towards solutions to thwart cyber aggression against our most trusted global institution.

Intelligent network monitoring devices coupled with Data Loss Protection, Intrusion Prevention and abnormal activity search and block appliances are being deployed by financial networks around the world. Multiple security appliances are being connected by TAPs and Packet Brokers to provide robust protection without impacting network reliability or availability.

These network protection technologies coupled with consistent employee training, cooperation with local law enforcement and strict access policies will help manage the cyber aggressors for now. Ultimately, upgrading international law enforcement cyber skills, inter-agency cooperation, stiff penalties and ruthless tracking of cyber criminals will be required to maintain our global digital monetary system. We must close the skills gap between the good guys and the bad guys before faith and trust in the system erodes.

Posted: 19/01/2017 16:56:23 by Network Critical with 0 comments
Trackback URL:


Blog post currently doesn't have any comments.