Janet Yellen, the Federal Reserve Board Chair, warned yesterday that cyber security was an important influence on the financial community. In Fed terms, that is not big news, since financial services are under attack every day. Looming in the background of that statement, however was the undermining of SWIFT, the basic infrastructure of transactions from one institution to another. This is a trillion dollar daily transfer system that the big banks rely on. When there is even a whif of trouble in that area, people come running from everywhere.
At Yellen's level of financial management, cyber security is one of hundreds of elements like inflation, recession, employment, wage growth, and teutonic shifts in other countries' economies, like China's shift to a consumption model instead of export driven economy. In that mix, cyber security usually doesn't get honorable mention. This time, it did.
We are at a point that hackers have been near a few times in the past, when they could do damage to our infrastructure by undermining the safety of transactions from one country to another. The credit card industry was at that point before chips were added to cards. Europe made that change long before the US. Even the Internet has faced that kind of attack against the DNS system. In the past, the hackers knew there were limits because new systems and controls would make it harder for them to do their job. The reaction would not benefit them. This new crop of thieves doens't seem to care.
The cyber security industry, particularly the malware defenses for major systems, need a revolutionary change in the way they do detection and erratication of malware. The current state of the profession is not good enough to stop intrusions that use e-mail as the delivery method, targeting a specific user. All those security features are bypassed in one swoop. The intruders have even faked internal email asking a CEO for authority to transfer funds to a third party. For at least the last eight years, we have known the detection systems didn't work very well, but have done almost nothing about it. It is going to take some drastic policy changes that are going to be unpopular, and innovation from the vendors who do this kind of work. We would think the e-mail providers would have an interest in stopping that kind of attack. Don't they?
No comments:
Post a Comment