Cyber threats pose a particular difficulty to the online financial services sector, the target of a substantial portion of high-tech crime attacks. Online banking is a service that is cost-effective for the institutions involved and is convenient for the customer. As a result, the majority of banks keenly promote the facility, urging their customers to make the move to electronic banking. However, as the proportion of customers using the online banking channel increases, attacks against this channel continue to escalate in frequency, severity and technical sophistication.
To maintain consumer confidence and a cost effective business model, industries providing online services need to adopt a defensive approach to managing this aspect of their business. They must conduct ongoing threat analysis, develop preparedness strategies, and build technical solutions to mitigate against attacks.
Committing staff resources and expertise to this work can be costly. Furthermore, addressing individual organisational issues is neglecting the key point that cybercrime typically impacts across an industry sector, affecting more than one business and more than one brand. In Ireland however, the financial services sector has come up with a unique solution to managing this problem.
In 2008, the Irish Banking Federation Hi-Tech Crime Forum formed a partnership with the University College Dublin’s Centre for Cybersecurity & Cybercrime Investigation. This partnership brought together two entities that for a number of years had been formulating innovative responses to the online challenges facing both industry and law enforcement.
Strengthening the defence network
The Irish Banking Federation (IBF) is the principal voice for the banking and financial services sector in Ireland. Its Hi-Tech Crime Forum (HTCF) was set up as a community based approach to exploring means through which the financial services sector could defend against cyber attacks. The forum brings together representatives from Irish banks, the Garda Computer Crime Investigation Unit, Internet Service Providers and the Irish Payment Services Organisation. In 2008, also joining this group were members of the UCD Centre for Cybersecurity & Cybercrime Investigation (CCI).
CCI is unique within Europe in terms of its practical approach to addressing cybercrime challenges. CCI was formally established in 2006 following nearly ten years of close partnership with An Garda Síochána Computer Crime Investigation Unit. Since that time, its collaborations have grown substantially to include working partnerships with Interpol, Europol and many other international agencies holding an interest in preventing and investigating cyber criminality.
The underlying philosophy of CCI is simple: to assist in the fight against and the prevention of cybercrime. This is achieved via a number of channels and mechanisms such as the development and delivery of education and training programmes to help build investigative capacity and the design of forensic software tools to strengthen investigative capability. Furthermore, technical experts provide a scientific support service to law enforcement in the analysis of hardware and software used in technology related crimes. Professor Joe Carthy, CCI Director, is keenly aware of where CCI strengths lie.
“Cybercrime is a community problem and as such requires community solutions. CCI utilises relationships developed with international law enforcement agencies and industry partners to create collaborations around specific cybercrime ‘themes’, pulling together the best experts from various corners of the globe. It is this innovative and imaginative approach to interactions with other cybercrime entities that has played such a large part in our success. The depth and breadth of knowledge and the diversity of output produced from such a large body of cyber specialists is what makes CCI a particularly rich and unique source of cutting edge research and expert opinion.”
Keeping one step ahead
A recent demonstration of this approach in action was a simulated cyber attack, held for the benefit of HTCF members. The scenario, involving a sector-wide distributed denial of service (Ddos) attack, was developed by CCI analysts with contributions from industry malware experts and police cybercrime investigators. In addition to HTCF members, participating at the event were members of the police, government, military, Crown Prosecution Service and Data Protection Commission. Assembling all relevant actors together in a single space created an event that added real strategic value.
Paul O’Connor, IBF Director of Capital Markets and Risk and Chairman of the HTCF, stresses the importance of events such as these to forum members. “Serious cybercrime threats present a significant systemic risk for the banking sector. The nature of these threats is such that an industry-wide response can often be more effective than many individual responses. Simulating serious cybercrime incidents gives financial institutions the opportunity to exercise their internal processes as well as identify ways in which responses can be effectively coordinated.”
Further advantages can be seen in the interrelationship between strategic and technical offerings. Following a similar event held earlier, CCI analysts developed an Incident Management & Reporting Centre (IMRC), currently being piloted by several banks. The IMRC will allow CCI staff to gather quantitative data on the number of attacks and cybercrime losses for the Irish financial services sector. A quantitative understanding of losses, particularly in context of the funds successfully defended, can provide powerful data to support applications for, and justification of, investment in anti-cybercrime initiatives.
A collaborative approach
Furthermore, a central repository of incident reports is uniquely placed to identify correlations that could suggest a coordinated, or simultaneous, attack against multiple financial institutions. The risks and threats to online banking will not go away. In the war against cyber criminals, institutions are presented with an arsenal of different solutions designed to secure access, detect fraud, and authenticate users. These solutions may individually address specific threats, but on their own are likely to be defeated by tomorrow’s new and improved attacks.
To make matters worse, eCrime follows the user. New technologies, such as mobile banking and cloud computing, will initiate new crimes. New technologies are at their most vulnerable in early implementation phases, and criminals are aware of this. The need for institutions such as CCI has never been so necessary. However, CCI is a self-funding agency, reliant upon external revenue to continue its work.
Cheryl Baker, CCI Manager, is responsible for sourcing funding initiatives. “CCI are a not-for-profit organisation and much of the work we do with law enforcement is undertaken free of charge. The university supports CCI by providing infrastructural support, but in the current economic climate we need external partnerships to support a staff resource, and to ensure that the expertise accumulated within CCI remains. The CCI/IBF relationship is a perfect example of a collaboration that is a win-win for all parties concerned.”
If you would like more information about the work of CCI, email cci.info@ucd.ie