Rise of the cybercriminal leads to security concerns in banking sector

Sony's Playstation 3 network is an example of one of the largest systematic breaches of security in recent years. The reality is that any company that holds financial data is working hard, regardless of their profile, to ensure they can develop new services without creating new opportunities for fraudsters.

"I believe that meeting today's security challenges across the bank's IT infrastructure requires an architecture approach that allows banks to connect anyone, anywhere, anytime, and on any device securely, reliably, and seamlessly," says Hani Nofal, regional manager, Cisco, UAE.

"Cybercriminals, looking for new opportunities outside of the PC environment, are investing more resources toward developing exploits that specifically target users of mobile devices. Taking advantage of the rapidly multiplying number of mobile users worldwide makes business sense."

Virtualisation can increase risk

Virtualisation has also created new opportunities for sensitive data to be intercepted.

"Prior to the Internet and today's borderless networks, if an individual wanted to steal corporate secrets they would first need to gain physical access to where the information was housed. Today, however, sensitive data is no longer limited to physical facilities, and attackers can gain access remotely and anonymously," he adds.

However, Nofal says there are intrinsic security benefits as well.

"If data is not resident on end devices, it is not as easy for criminals who steal employees' equipment to access sensitive enterprise data, such as financial information and intellectual property. Cloud-based data also offers availability in case of a business disruption," he says.

The volume of recent security breaches has raised awareness of security issues among the public, but it's difficult to assess how has it affected their confidence in the institutions holding their sensitive details.

"I believe that consumer confidence in online banking is growing, despite the rise in fraud. Recent surveys show that as increasing numbers are attracted by the convenience and speed of online banking, only half of consumers are concerned by online security," claims Nofal.

Cybercriminals could target Middle East more

Kevin Bocek, product marketing manager with data security vendor IronKey believes the success cyber criminals have enjoyed in Western markets could lead them to expand to the Middle East

"Not surprisingly, criminals are turning their attention to the Middle East," predicts Bocek. "Egypt, Saudi Arabia, Turkey, and Kuwait are favourite targets for criminals to spread malicious software that allows criminals to takeover online banking accounts.

"Criminal activity is leading to increased scrutiny on banks. During the same time, UK banks lost at least $94m to online banking fraudsters," says Bocek. "In the US, the number of account takeover incidents grew over 150% in 2010 and some estimates place online banking fraud losses at over $1bn annually."

Bocek also believes that consumer concern in online security is low, but says this is not necessarily a good thing.

"With losses rising globally, bank customers are increasingly becoming aware of online banking fraud. In the Middle East, this awareness is just starting to grow, among customers and banks alike. Education and awareness, not technology alone, is required to bring this issue to the forefront of banks before criminals are able to turn their campaigns to infect customers into mass financial losses for banks and their customers."

Cybercriminals always evolving threat

With the nature of cyber security threats constantly evolving in step with the dynamics of the market, banks too must consider changes.

"Today's criminal attacks are being launched directly on bank customers. Anti-malware used by bank customers may only be able to detect 25% of these new attacks - leaving bank customers defenceless," says Bocek. "These new attacks are able to easily defeat security measure like one-time passcode tokens or SMS codes. To prevent criminal attacks on customers, a new approach must be taken," he says.

"When users access their sensitive financial data, they need to do so from a dedicated, separate, and isolated environment - a browser that's dedicated to just financial transactions and that's isolated from attacks. This strategy was first purposed by the FBI in December 2009 in response to rising criminal attacks on online banking customer computers."

Research by the Norwich and Peterborough Building Society in the UK found that one in five people check their internet banking every single day. The window of opportunity for the modern day bank robber is wide open.