Moody's upgrades Saudi Arabia's credit rating to Aa3 with stable outlook    Riyadh Metro to begin partial operations next Wednesday: Report    Al Okhdood halts Al Shabab's winning streak with a 1-1 draw in Saudi Pro League    Mahrez leads Al Ahli to victory over Al Fayha in Saudi Pro League    Al Qadsiah hands Al Nassr their first defeat in the Saudi Pro League    Saudi musical marvels takes center stage in Tokyo's iconic opera hall    Downing Street indicates Netanyahu faces arrest if he enters UK    London's Gatwick airport reopens terminal after bomb scare evacuation    Civil Defense warns of thunderstorms across Saudi Arabia until Tuesday    Saudi Arabia, Japan strengthen cultural collaboration with new MoU    Slovak president meets Saudi delegation to bolster trade and investment ties    Saudi defense minister meets with Swedish state secretary    Navigating healthcare's future: Solutions for a sustainable system    Al Khaleej qualifies for Asian Men's Club League Handball Championship final    Sixth foreign tourist dies of suspected methanol poisoning in Laos    Katy Perry v Katie Perry: Singer wins right to use name in Australia    Trump picks Pam Bondi as attorney general after Matt Gaetz withdraws    Al-Jasser: Saudi Arabia to expand rail network to over 8,000 km    Sitting too much linked to heart disease –– even if you work out    Denmark's Victoria Kjær Theilvig wins Miss Universe 2024    Order vs. Morality: Lessons from New York's 1977 Blackout    India puts blockbuster Pakistani film on hold    The Vikings and the Islamic world    Filipino pilgrim's incredible evolution from an enemy of Islam to its staunch advocate    Exotic Taif Roses Simulation Performed at Taif Rose Festival    Asian shares mixed Tuesday    Weather Forecast for Tuesday    Saudi Tourism Authority Participates in Arabian Travel Market Exhibition in Dubai    Minister of Industry Announces 50 Investment Opportunities Worth over SAR 96 Billion in Machinery, Equipment Sector    HRH Crown Prince Offers Condolences to Crown Prince of Kuwait on Death of Sheikh Fawaz Salman Abdullah Al-Ali Al-Malek Al-Sabah    HRH Crown Prince Congratulates Santiago Peña on Winning Presidential Election in Paraguay    SDAIA Launches 1st Phase of 'Elevate Program' to Train 1,000 Women on Data, AI    41 Saudi Citizens and 171 Others from Brotherly and Friendly Countries Arrive in Saudi Arabia from Sudan    Saudi Arabia Hosts 1st Meeting of Arab Authorities Controlling Medicines    General Directorate of Narcotics Control Foils Attempt to Smuggle over 5 Million Amphetamine Pills    NAVI Javelins Crowned as Champions of Women's Counter-Strike: Global Offensive (CS:GO) Competitions    Saudi Karate Team Wins Four Medals in World Youth League Championship    Third Edition of FIFA Forward Program Kicks off in Riyadh    Evacuated from Sudan, 187 Nationals from Several Countries Arrive in Jeddah    SPA Documents Thajjud Prayer at Prophet's Mosque in Madinah    SFDA Recommends to Test Blood Sugar at Home Two or Three Hours after Meals    SFDA Offers Various Recommendations for Safe Food Frying    SFDA Provides Five Tips for Using Home Blood Pressure Monitor    SFDA: Instant Soup Contains Large Amounts of Salt    Mawani: New shipping service to connect Jubail Commercial Port to 11 global ports    Custodian of the Two Holy Mosques Delivers Speech to Pilgrims, Citizens, Residents and Muslims around the World    Sheikh Al-Issa in Arafah's Sermon: Allaah Blessed You by Making It Easy for You to Carry out This Obligation. Thus, Ensure Following the Guidance of Your Prophet    Custodian of the Two Holy Mosques addresses citizens and all Muslims on the occasion of the Holy month of Ramadan    







Thank you for reporting!
This image will be automatically disabled when it gets reported by several people.



Banks seek cybershelter with ‘ethical hackers'
ROSS KERBER & MARIA ASPAN
Published in The Saudi Gazette on 19 - 06 - 2011

PROFESSIONAL hacker Nicholas Percoco received an unusual request from a major financial institution this week: How can you help us avoid becoming the next Citigroup Inc?
Amid a wave of cyber attacks on Citi, the International Monetary Fund and other institutions, Percoco and his team at security firm Trustwave Holdings Inc. are fielding more and more calls from banks wanting to stress-test their online defenses.
Trustwave is increasingly being hired for so-called ethical hacking of banking systems to hunt for weaknesses, he said. It is also selling more data loss prevention software, which can freeze a computer network before an intruder can extract sensitive information.
“It's not a new technology, but in the wake of these data losses there's more interest,” Percoco, senior vice president at the Chicago-based firm, told Reuters. Trustwave has filed for an initial public offering of stock.
Some cyber experts fear many financial institutions have inadequate defenses, due to distractions during the financial crisis and after that led them to ignore IT systems as they dealt with more pressing issues, allowing hackers to scale bank firewalls or find other ways to cause mischief, from viewing confidential checking account images online to physically strolling into unsecured data centers. “We'll call the CIO (chief information officer) and tell them, ‘We're standing in the middle of your data center. Do you want to come get us?'” he said.
Still, there are signs of progress. Financial institutions are now keeping a closer eye on their databases and making more use of one-time transaction passwords to customers' mobile phones. Bank of America Corp, for example, has a SafePass service started in 2008. Two-thirds of US banks plan to raise spending on fraud-detection and authentication systems in 2011, including all 14 of those with more than $75 billion in deposits, according to a Gartner Research poll of 76 banks.
“This is an arms race,” said Bill Conner, chief executive of Dallas-based security company Entrust, which sold $35 million worth of security software to financial institutions last year, up 50 percent from 2009. “The risks are out there, the regulators are breathing heavy on this. Now the financial institutions are going to have to spend,” Conner said.
The question is how quickly can this spending make a difference. Banks have always been targeted by cyber criminals but have so far avoided the worst breaches as hackers focused on softer targets, such as stealing credit and debit card data from retailers.
But banks got wake-up calls this month, when the attacks on the IMF and Citi, the third-largest US bank, came to light. Security specialists say Citi suffered the largest direct hit on a financial institution to date.
As stewards of the payment system, banks face an extra burden to keep the confidence of their customers.
Many financial institutions are starting to bulk up security around their treasury services divisions, which can process trillions of dollars daily for large corporate clients, according to the American Bankers Association.
But now a new push toward mobile payments by big banks, from BofA to Wells Fargo, has some cyber experts worried.
On average, only 8 cents of every dollar that banks spend on IT infrastructure goes toward sustaining and securing that infrastructure, according to Tom Kellermann, chief technology officer at AirPatrol Corp in Maryland and a member of the Obama Administration's Commission on Cyber Security.
Bank security chiefs “are always playing second fiddle to the folks that are saying, ‘Let's create the wonderful wireless Web portals with access to financial services through our mobile phones,” he told Reuters Insider. “Most security wonks would say ‘That's a really, really bad idea.'”
“I think there's been an over-emphasis in security on perimeter defenses, on the walls and moats of castles, and not enough attention is being paid on remote access and website security,” he added.
The threats go beyond retail banking. Among the financial system's most vulnerable points are the clearinghouses that act as central counterparties to all traders, security experts speaking at a Reuters-hosted cyberterrorism panel said on Thursday.
Mark Clancy, chief information security officer at the Depository Trust & Clearing Corporation, agreed Friday that clearinghouses are especially attractive targets to hackers — not because their defenses are weaker than other financial institutions but because they house so much concentrated data.
“If you wanted to destroy financial operations, those are the kinds of places you look because they are aggregation points ... they're just more interesting to that kind of bad guy,” he told Reuters.
He said the DTCC's spending on cyber security has “really in the last 12 months ratcheted” up.
Market operators are also vulnerable. Hackers breached Nasdaq OMX Group's systems this year, leaving “suspicious files” on the exchange's servers and sparking an investigation involving the FBI..


Clic here to read the story from its source.