Another week, another major cyber threat to the financial world and what do we hear from our national media? There is nothing you can do. This week it was Gery Shalon in the news. The 31-year-old from the Republic of Georgia was indicted Tuesday, November 10th on charges of breaching banks and other financial firms of the personal information of up to 100 million customers. Say that again, 100 million customers; that is 1/3 of the population of the United States.
Gery Shalon is accused of being the head of a cyber-crime syndicate that has been involved in breaches of several Fortune 100 companies such as JP Morgan, E*Trade, Scottrade Financial Services Inc., Fidelity Investments Ltd, and more. “The conduct alleged in this case showcases the brave new world of hacking for profit,” U.S Attorney Preet Bharara said of the indictments. “It is no longer hacking merely for a quick payout; it is hacking as a business model.”
Starting with illegal on-line gambling sites, Shalon and his associates exact total profits are unknown, but suspected to be well over $100 million. From the gambling sites, Shalon moved to such illegal activities ranging from fake e-mail investment scams to stealing personally identifiable information to credit-card and stock schemes to pump-and-dump stock schemes.
Although this is one of the biggest stories of cyber-crime in recent history, it is nothing new in the landscape of 21st-century heists. No longer are the days of stick-up men in ski masks at the bank counter. In today’s landscape, the criminal is thousands of miles away behind a screen working with a team of hackers to find your weaknesses. It’s organized, it’s professional, it’s easier to get away with, and most importantly it’s working.
The most frightening aspect of these crimes is we continue to hear, “There is nothing we could have done to prevent this” from the companies getting hacked. The national media perpetuates that story, “There is nothing you can do about it.” We keep hearing these stories, yet we never hear of a solution on how to keep us protected. We have anti-virus, we have firewalls, but these solutions are not working. Symantec V.P. Brian Dye has even stated these methods are only 45% effective. This obviously leads the general
What are those measures? There is not just one thing we must do to ensure our security; it is a multi-layered approach.
First, although Anti-Virus and Firewall are only 45% effective, it is the first step in keeping predators at bay. Intruders are looking for the path of least resistance, and without these tools you are leaving the front door wide open.
Second, you need a management system in place that automatically updates and patches your software daily. The days of updating your software once a month are long gone. These updates need to be done as soon as they are available. Updates and patching do not happen automatically like most people believe. Are you doing this on your own? Is your IT team doing this every day? If so, how do you know for sure? There is software available today that can do this for you.
Third, you need to be alerted to threats that circumvent your network in real time. The goal of malware is to get into your network and slowly siphon off data. This can require very specific software and a managed security service provider, but it is the most effective way to minimize any threat that intrudes your network.
A more rigorous prevention approach, along with a real-time response team is vital in saving your financial information and the personally identifiable information of your customer base.