Cyber Security and the Art of the Steal

Earlier this month, the FBI’s Internet Crime Complaint Center released its annual report which includes 791,790 complaints of suspected internet crime—an increase of more than 300,000 complaints from 2019—and reported losses exceeding $4.2 billion. It is no wonder that if you ask any risk manager in the world what his/her biggest fear is, 9 out of 10 would say: Cyber Security and Cyber Crimes. Recent events like the cyber intrusion into the Colonial Pipeline, or even past mega-events like the Target, Equifax, and Marriott data breaches remind us that large public corporations with multimillion dollar technology budgets can still be successfully breached.

Financial Services companies—us included—are constantly bombarded with various types of cybercrime activity. Attempts range from trying to intrude inside our internal networks, to phishing scams, to identity theft of our employees, to social engineering efforts and more. That is why as a financial services organization, we are constantly on the watch for anything out of the ordinary and have implemented a rigid set of protocols to protect our infrastructure, our clients and employee data, and our connectivity to the financial markets and third-party service providers.

Trying to prevent a Cyber Crime is often like fighting a heavyweight in the ring with your eyes blindfolded. I use this analogy often in speeches at industry forums to bring a greater sense of urgency and sensitivity to the concept and its fatal effects on people, process, and technology. Many ordinary folks, thanks to Hollywood and TV shows, think that Cyber Crimes are perpetrated by young nerds working on laptops out of basements, college cafeterias, and the local coffee shops. That perception is wrong, despite being widely prevalent. Many nation states, for-profit-entities in certain parts of the world have created highly sophisticated and complex technology infrastructure to try to hack into the US financial markets -- they have turned Cyber Crime into a profession.

"Just imagine... somewhere in the world, mom and dad drive their kids to school, drop them off, and go to an office... then they then spend the next 8 to 10 hours trying to get into your bank accounts."

Just imagine... somewhere in the world, mom and dad drive their kids to school, drop them off, and go to an office—just like you and me. They then spend the next 8 to 10 hours trying to get into your bank accounts, your car & home payments, your savings and investment accounts, or even trying to email your parents and close friends pretending to be you and asking for money. This reality is a far departure from the nerd on a laptop in a basement scenario. These professionals commute to work, have coffee breaks and a world class cafeteria (often with a McDonalds thrown in), go on team outings, and get paid cash bonuses. Such an American corporate culture and yet they are incentivized to steal from you, me, and anyone else they can get their hands on.

Most of these for-profits and organized crime infrastructure focus on the US and other developed financial markets. However, nation state entities, sovereign intelligence agencies, and government organizations aggressively pursue more complex strategies targeting the US military, our intelligence agencies, law enforcement, and even infrastructure components like pipelines, air traffic control, subways, and road signals. It is a new-age digital warfare fought silently on a 24x7x365 basis with very expensive and complex equipment. The United States Cybersecurity and Infrastructure Security Agency (“CISA”) recently put out a report on the aggressive setup and financing of these Cyber Crime Cells by various nation states and warned Americans to be vigilant about potential attacks on our Critical Infrastructure and the people who man them.

So that is the bad news – is there anything good going on? Fortunately, yes. The US Financial System and, of course, our Military and Intelligence Agencies, respond and remediate threats like these with a variety of tools and weapons. Also, unlike certain sovereign states, there is a real and highly active partnership and information sharing between the Government Agencies and Private Corporations. The government learns constantly how mega-banks and global corporations are evolving their technology infrastructure and upgrading defense mechanisms. The corporations learn from the government about various threat scenarios, intel that can be shared, and tools under development. This partnership and information sharing is a vital part of defending our financial infrastructure and preventing Cyber Crimes. Many agencies even put out guidance for financial institutions:

  • The Information Technology-Information Sharing and Analysis Center (“IT-ISAC”) -

  • The Financial Services Information Sharing and Analysis Center (“FS-ISAC”) –

  • The National Cyber-Forensics & Training Alliance (“NCFTA”) –

  • United States Cybersecurity and Infrastructure Security Agency (“CISA”) –

  • United States Cyber Command (USCYBERCOM) –

How does this translate into protection for our clients, their customers, and our strategy to seamlessly provide digital banking services?

At Illume, we are building out a next-generation Banking as a Service (BaaS) technology stack that leverages a comprehensive multi-layer defense mechanism. Our Cyber Security strategy is made from building blocks of core foundational elements – Network defense, three factor authentication, next generation Core, strictly enforced user access, separate environments for each client, a 24x7x365 Securities Operations Center (SOC), an Artificial Intelligence (AI) based Security information, and event management (SIEM) protocols that allow for rapid threat analysis and remediation. We also host our applications and infrastructure in a protected cloud environment with real-time backup and failure cutover to a secondary data center. The networks for internal processing and communication are separated from those used for client and customer transactions, payments processing, and gateways to the financial markets. This enables us to localize any hardware or software failure and fix it quickly. We constantly train, communicate, and test our Cyber defense mechanisms to ensure our clients’ business continues uninterrupted. Every employee at Illume subscribes to our risk culture, and works very hard to put our clients’ best interest as the #1 priority in our technology decisions.

Illume is hyper focused on building a platform to allow FinTechs to offer their services in a simpler and more cost-effective manner, with comprehensive protection around the data and information. Interested in learning more - reach out to us at Illume Financial, we are always happy to chat.