The fight against cyberattacks is a top priority for financial institutions, and industry insiders are optimistic about President Obama's plan to thwart cyberattacks that lead to corporate account takeover and other forms of fraud.
Earlier this week, the White House issued a plan to fight internationally-funded organized crime. The primary target: transnational cybercrime. [See Obama Vows to Battle Int'l Cybercrime.]
"During the past 15 years, technological innovation and globalization have proven to be an overwhelming force for good," Obama said during his announcement of the strategy. "However, transnational criminal organizations have taken advantage of our increasingly interconnected world to expand their illicit enterprises."
The strategy's 56 priorities include enhancing intelligence and information sharing, as well as protecting the nation's financial system and strategic market against transnational organized crime.
Peter Cassidy of the Anti-Phishing Working Group says government acknowledgment of growing cyberthreats is timely. "The attempt to weave a policy initiative to address transnational organized crime in one package is timely and very useful, placing a lot of elements on the workbench that need to be engaged comprehensively instead of piece by piece," he says. "This is especially important in the case of cybercrime because resources to address it are so remote from each other, much of them in industry and some in government, some spread among NGOs, standards bodies and in academia."
Getting the government involved is the only real way to fight international threats, especially in the financial realm.
Paul Buelens, head of product management and compliance for EastNets, a global banking solutions provider that specializes in anti-fraud and compliance, says international cybercrimes are difficult to fight. Information sharing among financial institutions, international governments and global law enforcement agencies is the problem.
But Beulens says the new Obama initiative shows promise; getting the government's attention is a step in the right direction.
"It's very important that these crimes are recognized and combated at a government level," Buelens says. "The money trail needs to be followed diligently. After every arrest, it's important that a financial investigation on each person be done in order to track the flow of money involved in crimes."
Government's RoleConcerns over cybercrimes in the financial space are in the spotlight. On June 28, the Federal Financial Institutions Examination Council issued its latest authentication guidance, a supplement to its 2005 online authentication guidance, which specifically addresses online banking fraud.
Jeff Kopchik, senior policy analyst with the Federal Deposit Insurance Corp., says layered security and customer education are critical to the fight against financial cybercrimes - crimes that too often result in identity theft and incidents of ACH fraud. But so is regulatory oversight.
"We just want to encourage banks to educate their customers about what they can do to make sure they're secure," Kopchik says.
The FFIEC, which compromises all of the federal banking regulatory agencies, has to date been the only governmental force to actively provide guidance and support for financial-services providers in the fight against cyberattacks.
That, however, changes with Obama's announcement.
The Obama strategy calls for more active involvement from the government in the fight against transnational-organized-crime networks. The administration also calls for the establishment of an international capacity to forensically exploit and judicially process digital evidence.
"The government involvement is key, as privacy laws are now being bypassed," Beulens says. "The governing body chosen for combating cybercrime should surpass local laws and legislation and be linked directly with anti-corruption initiatives."
But here's the challenge, says Cassidy. "The central mystery of making cybercrime as manageable as conventional crime is figuring out how to distill forensic narratives from all the disparate and siloed data resources, most of which are in the hands of industrial actors with no easy way to consolidate them and no clear guidance for routinized multilateral data sharing," he says. "As well, given the current interpretations of data protection laws, privacy directives and industrial conventions there are real and apparent restrictions on this kind of multilateral cybercrime event data sharing."
The Obama plan notes that international cybercrime groups cost U.S. consumers billions every year, and they undermine confidence in the international financial system. Through cybercrime, transnational criminal organizations pose a significant threat to financial and trust systems - banking, stock markets, e-currency and value and credit card services - on which the global economy depends.
"Today's criminal networks are fluid, striking new alliances with other networks around the world and engaging in a wide range of illicit activities, including cybercrime and providing support for terrorism," the strategy states. "Virtually every transnational criminal organization and its enterprises are connected and enabled by information systems technologies, making cybercrime a substantially more important concern."
Central & Eastern Europe: Greatest ThreatThe Obama plan pinpoints cybercrime rings from Central and Eastern European as being the most damaging, costing U.S. citizens and businesses $1 billion in online fraud alone. According to the Secret Service, financial crimes perpetrated by anonymous online fraudsters cost the nation's financial infrastructure billions of dollars in a single year.
APWG has addressed concerns about multilateral treaty organizations and the justice and foreign affairs offices of nations in Europe and North America, Cassidy says. "For its cybercrime component, the Strategy to Combat Transnational Organized Crime could be a venue to address regulatory impedance to multilateral industrial cybercrime event data sharing," he says. "In that, by enabling the systematized and automated sharing and processing of these data, the distillation of forensic narratives - and the ability to act on them - could come closer to the speed of the crimes themselves. At that threshold of response agility, cybercrime could become as manageable as conventional crime."
Buelens says cyberthreat awareness, on the part of the government and the American public, reflects how big the international cybercrime battle has become. "It has been determined that up to 80 percent of these cyber crimes are coming out of Russian-speaking countries - and they have not slowed down with botnets, trojans and other computer viruses," he says. "People need to be cautious about which websites they are giving their payment information to in order to protect credit card transactions, especially. Gaming sites are one example where there is a transnational component and limited visibility, in terms of who you are sharing your information with."