Highlights from the 2021 RSA conference - The modern day bank heists
When I ask you to imagine a bank robber, you probably are thinking about someone in a ski mask storming into a bank with a gun demanding bills, and not someone from behind a computer. But the world of bank robberies has drastically changed, not just how bank robberies are conducted but also who is conducting them.
I attended a truly insightful presentation by Tom Kellerman from Vmware which is based on the Vmware report Modern day bank heists. Tom sits on many advisory boards and even consults with the American secret service so we are fortunate that he also works in the team that interviews hundreds of CISOs within the financial services industry to understand the trends, concerns and movements within this sector.
As Tom himself explains, the financial sector is the most secure industry sector on the internet, however, it is also facing the most sophisticated adversaries in the world. It is not low-level criminals that are today robbing banks, nor it is highly organized crime. In fact, the largest bank robbery in the world was conducted by (allegedly) North Korea hackers. They successfully stole over a billion dollars and while a lot was recovered, $80 million dollars still managed to disappear not to be recovered making it the largest heist by value ever. In fact as Tom stated, “These criminals are treated like patriotic heroes in their country and can operate without fear of repercussions”.
Key takeaways
There were some truly eye-opening and jaw-dropping statements from this presentation. But if I had to leave with just a few that really stood out to me it would be these:
A 400% increase in cybersecurity incidents in the financial sector when compared to previous years
51% of security executives experienced attacks against high-level strategic personnel - This was truly a crazy statistic to consider, this means that attackers are not just targeting the financial assets, but they are targeting the personnel of companies to gain insider knowledge. This shows another level of sophistication, attackers are essentially trying to hack access to information that would give them an edge within the financial sector. This level of insider trading proves how far from a ski mask-wearing thug we truly are.
The Pandemic changed the criminal hierarchy - Organized crime syndicates were at the top of the food chain before the pandemic with cybercriminals second-class citizens comparatively. But along with businesses, the pandemic hurt organized crime as well which resulted in a huge increase in cybercrime during the last year. We not only saw organized crime moving into cybercrime but also saw cybercriminals increase activities and their position within the criminal networks.
Protecting the financial sector
Tom’s most interesting section of the presentation however was his insights into how we need to change our thinking to protect the financial sector. We are all familiar with the fort and moat analogy in cybersecurity, building a fort with a moat around our infrastructure. Tom took this much further by talking about building a supermax prison.
When talking about how the supermax prison was built, he mentions it was not only prison architects, but it was built with cognitive and social psychologists. Why? Because nearly all prison takeovers start from the inside. This is how he suggested we need to think about security in the same way.
Tom also talked about the concept of Intruder suppression: can you hunt, track and contain an attacker exploiting your systems without them knowing.
All of these present high-level concepts around security which promote a change in how we think about security, build defense systems and react to active threats. Even though all these concepts are difficult to deploy, what was very apparent from Tom’s presentation is that they are very much needed.