Nation States Target Bank IT

Susan Nunziata, Director of Editorial | 1/11/2013 | 13 comments

Susan Nunziata
A disturbing new specter in the security of financial IT was identified this week: Nation states launching DDoS attacks on banks and other financial institutions.

Of course, the idea of nation states launching cyber-attacks against one another isn't exactly new. Suspicions abound about the origins of the Stuxnet malware, which targeted Iranian nuclear energy plants, for example. As we've previously reported, there's surely a cyber arms race underway.

What's notable about the latest DDoS attacks is that they were directed specifically at the online banking services of major US financial institutions, and that they appear to have originated in datacenters. According to a January 8, 2013, report in The New York Times, a series of DDoS attacks against US banks that began in September 2012 was notable because "instead of exploiting individual computers, the attackers engineered networks of computers in data centers." This means the scale of the attacks can be far greater than possibly using a network of individual computers.

The New York Times article goes on to state:

"There is no doubt within the U.S. government that Iran is behind these attacks," said James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies in Washington.

Comforting thought.

On the plus side, these types of DDoS attacks do not appear to have targeted customer data per se, but are instead aiming to cause severe disruptions in service. Of course, the level of service available on your website is as important to your customers -- if not more so -- than the level of services available in your brick-and-mortar banks.

Yet, all too often, banking CIOs and IT are not part of the team involved in managing and maintaining the customer-facing websites for banks. These recent discoveries leave no doubt that this dynamic has to change. If you're not already having frequent conversations with your counterparts in charge of online banking services, your governance/risk/compliance executives, and your legal department you've already fallen behind. These conversations need to take place on a constant basis as new risks arise.

You also need to engage your PR and marketing executives and educate them about the potential threats, as well as working with them to plan a rapid response strategy to make sure that your customers are not left out in the cold.

Wondering what's ahead in 2013 when it comes to IT security for financial firms?

Coalfire, an independent IT governance risk and compliance firm in Louisville, Colo., identifies the following five trends that will influence banking IT security in 2013:

  • Mobile operating systems will become known as vulnerabilities by the IT security industry.
  • Government will lead the way in the enterprise migration to "secure" cloud computing.
  • Lawyers have found a new revenue source -- suing negligent companies over data breaches.
  • Critical Infrastructure Protection (CIP) will replace the Payment Card Industry (PCI) standard as the white-hot tip of the compliance security sword.
  • Security technology will start to streamline compliance management.

If these challenges haven't made you dive under the covers with plans to hide until 2014, then tell us how you expect financial organizations, and particularly banking IT, to tackle these issues. We want to know what we've missed, too. Are there other predictions you have for the banking technology world in 2013?

View Comments: Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
singlemud   Nation States Target Bank IT   1/21/2013 9:22:02 PM
Re: what kind of government leadership?
That also surprise. I guess the reason behind this is because private sector usually does not care too much about cloud security stuff. Govement will try to lead the way to regulation.
Susan Nunziata   Nation States Target Bank IT   1/18/2013 12:27:38 AM
Re: what kind of government leadership?
@soozyg: That's fair enough, although there are a number of government agencies that have been working with private industry to research and work on cybersecurity. The work that Verizon does in conjunction with the U.S. Secret Service and other law enforement agencies worldwide to compile the annual Data Breach Investigations Report is just one example of how this could work. I agree, though, such examples are few and far between.
Susan Nunziata   Nation States Target Bank IT   1/17/2013 11:46:19 PM
Re: Re : Nation States Target Bank IT
@stotheco: You're welcome, glad the additional information was helpful. It's a fast-moving environment right now, and there will surely be a host of new challenges in 2013 as the array of smartphone operating systems continues to expand. It's interesting to me that iOS -- once the bane of IT -- is now considered by many to be the more secure mobile choice. What a difference a few years makes, eh?
soozyg   Nation States Target Bank IT   1/15/2013 9:05:45 PM
Re: what kind of government leadership?
I agree with Sara flagging that section as well: "Government will lead the way in the enterprise migration to "secure" cloud computing."

I would just question it another way....government is infamous for it's lagging behind the private sector both in terms of organization and in terms of development/technology. Not sure they're the appropriate party to "lead the way"?
Anand   Nation States Target Bank IT   1/15/2013 1:58:17 PM
Re: Re : Nation States Target Bank IT
@Sara, thanks for sharing that link. This article really helped me to understand the security issues related with Android. It would be interesting to see which OS will be offer the best security to the end user.
stotheco   Nation States Target Bank IT   1/15/2013 5:36:18 AM
Re: Re : Nation States Target Bank IT
Thanks for posting these links for further reading, Susan. I am aware of the debate that has existed when it comes to using Android versus iOS, and it looks like there is another contender in this niche.
Susan Nunziata   Nation States Target Bank IT   1/14/2013 5:13:18 PM
Re: DDoS better or worse?
@Sara: I agree. To the best of my knowledge, these attacks are mainly hitting the customer-facing websites of retail banking establishments, as opposed to brokerage houses. Personally speaking, I'd rather a delay in a stock transaction over having my personal information compromised. But that's just me. Agree, though, on a large scale that level of disruption could do serious damage.
Susan Nunziata   Nation States Target Bank IT   1/14/2013 5:11:08 PM
Re: Re : Nation States Target Bank IT
@Anand: Good question. There has beenn much written in the press about security issues around Android OS in particular. Here's some more information: Android, Cloud Seen As Major Security Concerns in 2013.
Susan Nunziata   Nation States Target Bank IT   1/14/2013 5:07:29 PM
Re: what kind of government leadership?
@Pablo, @Sara: indeed, "secure" cloud seems an oxymoron. Here's how the folks at Coalfire explain that particular prediction:

No entity has more to gain by migrating to the inherent efficiencies of cloud computing than our federal government. Since many agencies are still operating in 1990s-era infrastructure, the payback for adopting shared applications in shared hosting facilities with shared services will be too compelling to delay any longer, especially with ever-increasing pressure to reduce spending.

As a result, Coalfire believes the fledgling FedRAMP program will continue to gain momentum and we will see more than 50 enterprise applications hosted in secure federal clouds by the end of 2013. Additionally, commercial cloud adoption will have to play catch-up to the new benchmark that the government is setting for cloud security and compliance. It is expected that more cloud consumers will want increased visibility into the security and compliance posture of commercially available clouds.
Pablo Valerio   Nation States Target Bank IT   1/14/2013 12:54:11 PM
Re: what kind of government leadership?
""secure" cloud computing"

Where? With the cloud divided worldwide in micro-clouds or, as someone said :"the fuzzy Internet cloud ... of neatly divided gas bubbles." it is impossible for any Nation to "secure" the cloud.

In order for the US to shield the banks against these kind of attachs it is necessary to cooperate with other governments, especially the European Union, to establish a common framework for Cloud Security. Otherwise countires such as Iran can use their hacking knowledge to use cloud services anywhere.
User Ranking: Blogger
Page 1 / 2   >   >>

The blogs and comments posted on do not reflect the views of TechWeb,, or its sponsors., TechWeb, and its sponsors do not assume responsibility for any comments, claims, or opinions made by authors and bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.

More Blogs from Susan Nunziata
Susan Nunziata   5/28/2014   111 comments
For more than four years, (E2) has been the best IT community on the Internet. As with all good things, soon our time together here will end.
Susan Nunziata   5/20/2014   95 comments
Is it time to ask for a raise? If you're a female IT executive, or more than 55 years old, your answer might well be a resounding "Yes!" Let's take a look at highlights of the ...
Susan Nunziata   4/14/2014   15 comments
If you're looking for more than conjecture to back up the point that IT is increasingly crucial to the business, you'll find what you need in the report "The Gartner CEO and Senior ...
Susan Nunziata   4/7/2014   3 comments
Do you know what your CEO really wants from your IT team? Do you have a grasp of what matters most to your organization's chief marketing officer?
Susan Nunziata   4/1/2014   9 comments
There are plenty of challenges involved in leading an IT organization in the era of Bring Your Own Everything (BYOE), but there are also plenty of opportunities.
Latest Archived Broadcast
We talk with Bernard Golden about accelerating application delivery in the cloud.
On-demand Video with Chat
Register for this video discussion to learn how tablets can provide true business usability and productivity.
E2 IT Migration Zones
IT Migration Zone - UK
Why PowerShell Is Important
Reduce the Windows 8 Footprint for VDI
Rethinking Storage Management
IT Migration Zone - FR
SQL Server : 240 To de mémoire flash pour votre data warehouse
Quand Office vient booster les revenus Cloud et Android de Microsoft
Windows Phone : Nokia veut davantage d'applications (et les utilisateurs aussi)
IT Migration Zone - DE
Cloud Computing: Warum Unternehmen trotz NSA auf die „private“ Wolke setzen sollten
Cloud Computing bleibt Wachstumsmarkt – Windows Azure ist Vorreiter
Like Us on Facebook
Twitter Feed
Enterprise Efficiency Twitter Feed
Site Moderators Wanted
Enterprise Efficiency is looking for engaged readers to moderate the message boards on this site. Engage in high-IQ conversations with IT industry leaders; earn kudos and perks. Interested? E-mail:
Dell's Efficiency Modeling Tool
The major problem facing the CIO is how to measure the effectiveness of the IT department. Learn how Dell’s Efficiency Modeling Tool gives the CIO two clear, powerful numbers: Efficiency Quotient and Impact Quotient. These numbers can be transforma¬tive not only to the department, but to the entire enterprise.

Read the full report
The State of Enterprise Efficiency in the Virtual Era: Virtualization – Smart Approaches to Maximize Gains
Virtualization is a presence in nearly all enterprise data centers. But not all companies are using it to its best effect. Learn the common characteristics of success, what barriers companies face, and how to get the most from your efforts.

Read the full report
Informed CIO: Dollars & Sense: Virtual Desktop Infrastructure
Cut through the VDI hype and get the full picture -- including ROI and the impact on your Data Center -- to make an informed decision about your virtual desktop infrastructure deployments.

Read the full report
A Video Case Study – Translational Genomics Research Institute
e2 Video

On the Case
TGen IT: Where We're Going Next

7|11|12   |   08:12   |   10 comments

Now that TGen has broken new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions, the company discusses what will come next for it and for personalized medicine.
On the Case
Better Care Through Better Communications

6|6|12   |   02:24   |   11 comments

The achievements of the TGen/Dell project could improve how all people receive healthcare, because they are creating ways to improve end-to-end communication of medical data.
On the Case
TGen IT: Where We Are Now

5|15|12   |   06:58   |   6 comments

TGen is breaking new ground in genomic research by using Dell's storage, cloud, and high-performance computing solutions.
On the Case
TGen IT: Where We Were

4|27|12   |   06:45   |   10 comments

The Translational Genomics Research Institute wanted to save lives, but its efforts were hobbled by immense computing challenges related to collecting, processing, sharing, and storing enormous amounts of data.
On the Case
1,200% Faster

4|18|12   |   02:27   |   12 comments

Through their partnership, Dell and TGen have increased the speed of TGen’s medical research by 1,200 percent.
On the Case
IT May Improve Children's Chances of Survival

4|17|12   |   02:12   |   8 comments

IT is helping medical researchers reach breakthroughs in a way and pace never seen before.
On the Case
Medical Advances in the Cloud

4|10|12   |   1:25   |   5 comments

TGen and Dell are pushing the boundaries of computing, and harnessing the power of the cloud to improve healthcare.
On the Case
TGen: Living the Mission

4|9|12   |   2:25   |   3 comments

TGen's CIO puts the organizational mission at the heart of everything the IT staff does.
On the Case
TGen Speeding Up Biomedical Research to Save More Lives

4|5|12   |   1:59   |   6 comments

The Translational Genomics Research Institute is revamping its computing to improve speed, storage, and collaboration – and, most importantly, to save lives.
On the Case
Computing Power Helping to Save Children's Lives

3|28|12   |   2:13   |   3 comments

The Translational Genomics Institute’s partnership with Dell is enabling them to treat kids with neuroblastoma more quickly and save more lives.
Tom Nolle
The Big Reason to Use Office

3|18|14   |   02:24   |   46 comments

Office and personal productivity tools come in a first-class and coach flavor set, but what makes the difference is primarily little things that most users won't encounter. What's the big issue in using something other than Office, and can you get around it?
E2 Editors
SPONSORED: Mobile Security — A Use Case

3|4|14   |   04:27   |   16 comments

New mobile security solutions can accommodate a wide array of needs, including those of a complex university environment.
Tom Nolle
Killing Net Neutrality Might Save You Money

1|16|14   |   2:13   |   16 comments

The DC Court of Appeals voided most of the Neutrality Order, and whatever it might mean for the Internet overall, it might mean better and cheaper Internet VPNs for businesses.
Tom Nolle
The Internet of Everythinguseful

1|10|14   |   2:18   |   19 comments

We really don't want an "Internet of Everything" but even building an Internet of Everythinguseful means setting some ground rules to insure there's value in the process and that costs and risks are minimized.
Tom Nolle
Maturing Google Chrome

12|30|13   |   2.18   |   25 comments

Google's Chrome OS has a lot of potential value and a lot of recent press, but it still needs something to make it more than a thin client. It needs cloud integration, it needs extended APIs via web services, and it needs to suck it up and support a hard drive.
Sara Peters
No More Cookie-Cutter IT

12|23|13   |   03.58   |   21 comments

Creating the right combination of technology, people, and processes for your IT organization is a lot like baking Christmas cookies.
Sara Peters
Smart Wigs Not a Smart Idea

12|5|13   |   3:01   |   46 comments

Sony is seeking a patent for wigs that contain computing devices.
Tom Nolle
Cloud in the Wild

12|4|13   |   02:23   |   15 comments

On a recent African trip I saw examples of the value of the cloud in developing nations, for educational and community development programs. We could build on this, but not only in developing economies, because these same programs are often under-supported even in first-world countries.
E2 Editors
SPONSORED: Is Malware Evading Your IPS?

11|18|13   |   03:16   |   4 comments

Intrusion prevention software is supposed to detect and block malware intrusions, but clever malware authors can evade your IPS in these five main ways.
Sara Peters
Where Have All the Mentors Gone?

9|27|13   |   3:15   |   38 comments

A good professional mentor can change your life for the better... but where do you find one?
Tom Nolle
SDN Wars & You Could Win

9|17|13   |   2:10   |   5 comments

VMware's debate with Cisco on SDN might finally create a fusion between an SDN view that's all about software and another that's all about network equipment. That would be good for every enterprise considering the cloud and SDN.
Ivan Schneider
The Future of the Smart Watch

9|12|13   |   3:19   |   39 comments

Wearing a bulky, oversized watch is good training for the next phase in wristwatches: the Internet-enabled, connected watch. Why the smartphone-tethered connected watch makes sense, plus Ivan demos an entirely new concept for the "smart watch."
Tom Nolle
Cutting Your Cloud Storage Costs

9|4|13   |   2:06   |   3 comments

Cloud storage costs are determined primarily by the rate at which files are changed and the possibility of concurrent access/update. If you can structure your storage use to optimize these factors you can cut costs, perhaps to zero.
Sara Peters
Do CIOs Need an IT Background?

8|29|13   |   2:11   |   23 comments

Most of the CIOs interviewed in the How to Become a CIO series did not start their careers as IT professionals. So is an IT background essential?
Ivan Schneider
The Internet Loves Birthdays

8|27|13   |   3:25   |   69 comments

The Internet has evolved into a machine for drumming up a chorus of "Happy Birthday" messages, from family, friends, friends of friends who you added on Facebook, random people that you circled on G+, and increasingly, automated bots. Enough already.