Finextra spoke to leaders at Google Cloud: Nick Godfrey, senior director and global head, office of the CISO, and Jamie Collier, lead threat intelligence advisor (Europe), on how cybersecurity has evolved an what new threats are emerging in the financial crime landscape.
Who are the targets of cyberthreats?
Having worked in the cybersecurity space for 25 years and witnessing firsthand how it has evolved, Godfrey highlighted how cybersecurity is a critical part of society because of our inherent dependency on technology and data: “The loss of financial data, be it from theft or ransomware or whatever else, is a problem that transcends industries. Financial services simply doesn't operate without technology.”
While there are cyberattacks firing across countless industries, Collier outlined banks, insurance, and cryptocurrency as the main targets for ransomware and cybercrime groups.
Collier continued that there has been an increase in criminals targeting the supply-chain to steal data and gain access to sensitive information. As more financial organisations have engaged in cross-industry collaboration in recent years, there is a lot of sensitive data moving between parties. Collier said that data held by smaller suppliers “may be a weak underbelly for some of the larger banks”.
To combat supply chain compromise, he noted that there needs to be more “hurdles in place” to stop the attackers in their tracks; this is where segmented architecture could make a difference and ensure that one breach does not mean that the entire system is compromised.
What is the role of nation-state actors in cybercrime?
Touching on how nation-state actors are entering the cybercrime space, Collier stated that there has been espionage activity from Russia, Iran, China, and North Korean actors targeting financial data.
Collier explained that most states are gathering intelligence for strategic or geopolitical reasons, citing theft of intellectual property in China and Iran, where financial services are involved in national strategic initiatives. North Korea, however, uses cyber-capabilities not only to gather intelligence, but also to generate revenue for the North Korean government.
“There has been a shift from North Korea, where they were previously going after a SWIFT network quite a few years ago, and are now much more interested in cryptocurrency entities conducting a lot of supply chain compromise against those and also trying to get hired at financial services entities,” Collier explained. “We are seeing North Korean operators being hired remotely for jobs and using that inside access to compromise organisations with a big concentration on cryptocurrency entities.”
Collier outlined the connection between financial institutions and critical economic infrastructure that is key to broader geopolitical situations: “We've seen a significant role of cyber in Russia and Ukraine, for instance. As Russia is invading Ukraine, they're also mobilising various government intelligence agencies cyber capabilities to conduct operations as well. So whether that is trying to destabilise the population, or trying to gather intelligence on Ukrainian soldiers on the front lines. We see similar moves from China trying to collect strategic intelligence against Taiwan.”
Details of espionage and specific targeted cyberattacks carried out by nation-state actors are detailed in Google’s cybercrime report.
What strategies can financial institutions employ to combat cyberattacks?
Collier explained that Google applies its engineering culture to security, where they focus on automation and preventative strategies to combat cybercrime, whereas many financial institutions struggle with firefighting attacks as they come manually.
Godfrey outlined four key strategies that financial institutions should consider when forming cybersecurity frameworks:
- Maintain basic security hygiene of patching software and vulnerabilities;
- Have a good understanding of threat intelligence to form a threat profile;
- Test your defenses and security protocol using the Red Team technique; and
- Ensure your company is ready to deal with an attack across the board, from c-suite employees to high level executives.
Google’s AI service, Gemini, is being used by actors in China, Iran, North Korea, and Russia across various stages of the attack lifecycle to perform common tasks, but not for developing novel attack capabilities, says Godfrey. He emphasises that AI is being used by defenders too, and there is positive progress for its use in detecting, preventing, and managing security threats.
Looking to the future of cybersecurity in the industry, Godfrey points to the emergence of AI and quantum computing as key trends to watch, both from the perspective of attackers and defenders.