Tearing Down the Silos

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.jdsupra.com/legalnews/tearing-down-the-silos-47459/

It is no secret that financial institutions have become fat targets for
cyber criminals. Stories of spectacular data breaches — of hacking,
identity theft, and all manner of suspicious financial transactions — are
now as common as they are disconcerting.

Many of these stories involve some form of data intrusion, closely linked
to some form of money-laundering. To a bank, these two types of crime have
traditionally been two separate concerns, each with its own silo. Data
intrusions have fallen under cybersecurity, money-laundering under AML
compliance. Communication between the two silos has generally been minimal.

If financial institutions are to effectively combat these threats, it is
clear that the silos need to be torn down. Going forward, every suspicious
customer activity should be assumed to involve a data breach, while every
data breach should be assumed to be a financial crime in the making.

Cybersecurity and AML, in other words, need to work together. Each group
can dramatically enhance the effectiveness of the other, and there is
simply too much at stake for them to continue working in isolation.

Different cultures, different mindsets

The gaps in communication between the two groups are hardly surprising.
Each has its own personnel and culture. AML is a compliance function, a
natural outgrowth of proliferating financial regulation. Cybersecurity is a
technology function, a confluence of IT and security interests. The
languages, work processes, and mindsets are fundamentally different.

But despite this, both teams now have much to say to each other. As most of
the world’s financial information now moves through cyberspace, most
financial crime now occurs — at least in part — online.

Where compliance professionals once concerned themselves with check kiting
and other quaintly low-tech scams, today’s super-sophisticated global
frauds move money in and out of multiple IT systems, literally, at the
speed of light. It takes a technology mindset — specifically, cybersecurity
expertise — to keep up.

At the same time, cyber crime frequently goes hand-in-hand with suspicious
financial transactions. Bank accounts, credit card accounts, and ATMs are
illegally accessed via “spear-phishing” emails or other “social
engineering” ploys. Often, it takes an anti-money laundering mindset to
detect the crime — or even to understand that a crime has been committed.

Two sides of the same coin

With the bad guys now moving at the speed of light, now the banks must do
so as well. What is needed is a freer, more streamlined sharing of
information between AML and cyber.

There are plenty of opportunities for cross-pollination. The two groups are
both now invested in similar big-data technologies — powerful analytical
tools that are used by the cyber team to investigate data breaches and by
the AML team to scrutinize suspicious transactions. Integrating these into
a single fraud information exchange would go a long way toward making sure
one hand always knows what the other is doing.

Watching the bad guys monetize

Transaction monitoring is a great place to start this integration. A
typical assault on a bank starts with online customer data being stolen.
But that data — account numbers, PIN numbers, social security numbers,
debit and credit card numbers — has no value to the thieves until they can
convert it into cash. This is classic money-laundering, now playing out
online.

The AML team — having set up the rules and triggers that detect fraudulent
transactions — can provide the cyber team with vital information about
dates, times, dollar amounts, and the frequency of all sorts of anomalous
activity. The two groups can then work together to cross-reference this
information with any spikes in wire transfers, online purchases, ATM
withdrawals, or other vulnerable banking activities. In this way,
information flowing from AML to cyber can help detect — and prevent —
attempts to monetize stolen data.

Sounding the alarm

Of course, the information needs to go in the other direction as well.
Whenever the cyber team detects a breach in the bank’s firewall, the AML
team needs to hear the alarm. The sooner they know about the intrusion, the
sooner they can raise alert levels and heighten scrutiny of suspicious
transactions.

Both teams can then walk back the incident to identify any early
indicators. What happened in the preceding days, weeks, or even months? Was
money moved into or out of suspect accounts? Are there patterns to the
suspicious behaviors? While AML works the transaction information, cyber
can track the IP addresses involved in the incident. Working together, the
two groups can accomplish what neither could by itself.

A meeting of the mindsets

Successfully bringing the two cultures together is not automatically given,
and may require the help of a third party. An astute consultancy — one
thoroughly steeped in both cultures — can add value by bridging the gaps in
communication and technology, while providing the big-picture perspective
gained from working with a wide range of financial institutions.

However, the task is clear. With or without help, AML and cybersecurity
must discover what they have in common, identify mutual strengths and
weaknesses, and move toward an effective fusion of functions, processes,
and mindsets.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Need access to data breach details or alerts when new breaches happen? Risk Based Security's Cyber Risk Analytics 
portal, fueled by the RBS breach research team, provides detailed information on how data breaches occur and which 
vendors to trust. Contact us today for a demo.