US prosecutors have just indicted a Russian hacker group called “Evil Corp” for stealing $100 million from institutional and individual bank accounts over the course of a decade.
The group deployed malware – “Bugat” – that used keylogging software to harvest personal and financial information and created fake banking web pages where victims unwittingly entered their passwords. While some transactions were frozen after banks noticed they were unusual, many were not.
It’s clear that banks are lagging behind when it comes to cybersecurity, and their bureaucratic nature makes it difficult for them to keep up with the ever-changing nature of cybercrime.
So should banks hire hackers?
“There is a clear need to have protective measures and contingency plans in place with these ‘experts’ to reduce a company’s exposure, but many of them have been extremely helpful to many of our clients , including regulators.
Hackers bring a wealth of expertise that is often lacking in larger institutions and can be a valuable tool in determining weaknesses in cybersecurity infrastructure.
But even though it sounds good, it’s not that simple.
In many parts of the world, regulations prevent banks from hiring convicted criminals, and hackers with the most in-depth knowledge of cybercrime are those most likely to have engaged in it. This eliminates a fair amount of useful expertise.
Hiring hackers also poses a number of reputational risks and could raise difficult questions in the event of a security breach.
That said, many hackers do not have criminal records. Some banks have internal teams of penetration testers responsible for simulating attacks, and several groups offer “ethical hacker” certification.
But if banks decide to hire hackers, they should only do so on a temporary basis.
“My personal view is that the value of this type of expertise will diminish over time as more modern financial crime platforms are deployed into production,” Dr. Harmon said.
Dr. Harmon believes that these financial crime platforms will be heavily data-driven and will use the latest advances in machine learning and artificial intelligence to monitor, detect and prevent criminal activity.
“Criminals are also constantly innovating, and criminal networks are pervasive in their determination to identify and exploit business vulnerabilities,” Dr. Harmon said.
“Their ability to constantly evolve means that dynamic new approaches are needed to disrupt the cycle of financial crime. »