It monocultures and a lack of security specialists in the financial world: the invitation to cyber criminals

Marc Wilczek, COO of Link11 warns against IT monocultures

In banking, all signs point to digitalization. But risks to financial stability and systemic vulnerabilities in the security architecture jeopardize the transformation. As digital transformation continues, more companies are opening up their mission-critical services to networking and the Internet. Banking has also undergone radical change over the past few years. The transformation from a brick-and-mortar business to a digitally managed customer relationship is in full swing. Everything is fine – if there weren't IT monocultures and 3.5 million unfilled positions for security specialists worldwide ..

by Marc Wilczek, COO of Link11

T he classic bank counter, as we still know it from the past, is a thing of the past. The branch network is being thinned out, the densification across the entire financial sector is unmistakable. Banking takes place online today. Mobile payments, for example in supermarkets, at toll booths or parking meters, are also increasing significantly. The transformation process offers tremendous opportunities for the industry. But risks can not be denied.

Payment services disrupted after cyber attacks

In addition, dependence on the network and services can also be seen as a vulnerability. The idea of a consistently digital payment system only works if the availability and stability of online services are permanently guaranteed. If there are persistent disruptions and major outages due to cyber attacks, for example, this can lead to chain reactions and widespread crises of confidence given the already nervous underlying mood.

In contrast to the moderate growth of the economy, cybercrime is flourishing and enjoying exponential growth."

The industry association Bitkom puts the damage in Germany alone within the past two years at 43 billion. Euro. Compared to other sectors of the economy, the financial sector is thereby most frequently exposed to cyber attacks. Online attacks on banking systems have a long history. The latest incidents took place in the Netherlands, whose major banks were hit by two waves of attacks in 2018. The first resulted in ABN Amro and ING's online and mobile banking services being partially unavailable over a weekend in early 2018. In early summer it hit again ABN Amro and also Rabobank , whose online and mobile services were down for hours. The World Economic Forum in Davos ranks cybercrime as one of the biggest threats in so-called advanced or mature economies. Namely North America and also quite explicitly Europe. According to economic experts, large-scale cyber attacks even pose a greater potential threat than a new financial crisis or housing bubble.

As Managing Director at Link 11, Marc Wilczek is responsible for strategic business development in Germany and abroad, growth initiatives, and marketing and sales. In addition to management functions within the Deutsche Telekom Group, he was previously Senior Vice President Asia-Pacific/Latin America/Middle East and Africa at the eHealth group CompuGroup Medical and headed u.a. the Asian business at IT security expert Utimaco Safeware (today Sophos).

The danger cyber attacks can pose to an entire country was demonstrated by the nationwide Internet outages in Zimbabwe and Cambodia. In mid-January 2019, the internet went down for several days across the African country. This was preceded by political protests by Anonymous, which u. a. had threatened: ..

Your banking system will also fall soon."

DDoS attacks on Cambodia's largest ISPs had massively impacted the Southeast Asian country's online connectivity in early November 2018. During the up to 150 Gbps attacks on the largest infrastructure providers, Internet connections were cut for half a day. After that, it takes hours before normal service was restored. Without claims of protection money or a confession of a hacker collective to the large-scale attacks, the motive is unclear. Behind the attacks could be a paid DDoS contract, like the one that was tried in a British court in early 2019. BestBuy, the name of the accused hacker, is said to have been purchased by an Internet service provider in Liberia 10.Have received $US 000 to eliminate competitors with DDoS attacks. However, the attacks caused not only the attacked provider, but the whole country to go offline. The provider's customers suffered tens of millions of dollars in lost revenue, according to estimates by the National Crime Agency. The provider itself reported an estimated 600.Spend US$ 000 on defensive measures. The DDoS attacker is now paying for this and other acts with a prison sentence of 2 years and 8 months.

Report criticizes IT monocultures in IT security

Large-scale infrastructure failures are among the loss scenarios in 2019 that must be on the agenda of IT departments of critical operators in particular. Against the backdrop of the banking infrastructure failures in the Netherlands, for example, a regulatory authority also addressed the question for the first time: Where do systemic risks lie within the financial industry?? The CPG Netherlands Bureau for Policy Analysis has explicitly touched on the issue of IT security. Apparently, the three Dutch banks already mentioned, ING, ABN Amro Bank and Rabobank, relied on the same IT security provider, but its protection solution failed in large-scale DDoS attacks.

Of the world's top 30 banks, 56% are protected against overload attacks by this provider, the CPG continues. The regulator therefore questions whether there is not a risk inherent in the system in these IT monocultures."

Domino effect of total protection failure or attacks against the protection provider itself could be felt globally. The authority is therefore calling on the banks there to put their security architecture to the test. In addition to focusing on the bank's own business, it should also be considered with regard to interdependent infrastructures.

IT monocultures in security have always been a perfect target for attacks, they concentrate the risk. Heterogeneous infrastructures are better protected by homogeneous IT landscapes."

Man and machine in IT security

The approach to IT security also needs to be fundamentally rethought. The demand for security expertise is enormous. There will be over 3.5 million vacancies in the cybersecurity sector worldwide by 2021.

Due to the quantity and quality of cyber attacks, it will simply no longer be possible to put a stop to the problem with the human factor alone."

There is excess demand in the market, supply is very tight. This ultimately makes the human factor expensive. In order to stop the price spiral of salaries in IT security, a radical rethink is needed, focusing on factors other than people. In addition, the human factor all too often proves to be a source of error. When it comes to data and its evaluation according to conspicuousness, machine learning could be used consistently. It detects abnormalities reliably due to permanent data readout, is highly automated, can react quickly to threats and anomalies, and is always on. This approach of 100 % availability in securing infrastructures and networks can guarantee the claim of online banking with permanent availability.

In times when there are hardly any alternatives to online banking in view of thinning branch networks and high processing fees for offline transactions, it is all the more important to react to digital threats, detect anomalies and minimize technical and organizational risks as far as possible in real time.