Banks across the U.S. participated in an elaborate drill, on July 18, to measure how well their institutions would fare when faced against one of our nation's largest threats - a sophisticated, coordinated cybersecurity attack against U.S. financial institutions. Quantum Dawn 2 - a name that lends itself more toward a summer action blockbuster than a highly coordinated cyberattack - aimed to test the level of cybersecurity protection at small and large banks, should the industry face an attack.
The Quantum Dawn 2 drill is not the first of its kind, but is representative of new cyberattack drills that have not only become more robust and intricate in testing, but also more important due to the changing landscape of cyberattack threats. The recent drill challenged the financial industry's ability to work cohesively to solve a cyberattack, while drills in the past often focused on one company's ability to defend its data.
"This training exercise is indicative of the threats we now face, especially those in critical infrastructure. For example, crowd-sourced cyberattacks have become more organized and have shown a level of success recently," noted Bryan Sartin, Director of the Verizon RISK Team. "An example of this is Operation Ababil, which riddled the U.S. financial sector with large-scale distributed denial of service (DDoS) attacks this year. Based on the growing ability of cyber activists to motivate and coordinate movements, I wouldn't be surprised if we see another large-scale attack in the near future - banks are smart to prepare now."
According to Verizon's 2013 Data Breach Investigations Report (DBIR) 37 percent of breaches affected financial organizations. The banking industry is a prime cyberattack target for many reasons including money theft, opportunity to make a political statements and foreign spies interested in accessing information from U.S. companies. The banking industry faces financial crimes, hactivism and cyber espionage in increasingly equal parts.
Today, the risk of widespread cyberattacks is heightened, especially with the collaboration of activists groups who are now aligned with the support of nation states. Some of our most critical infrastructures like power plants, air traffic control and airlines, oil and gas face threats, too, potentially impacting the way we travel and power our homes.
"In the past two years, cyberattacks like OpAbabil, OpIsrael, and OpUSA are examples of political motivations that led to attacks that posed a widespread threat to select industries," Sartin continued.
Three key groups of actors commit cyberattacks. Each has different motivations and tactics, but the net effect of their actions is disruption, financial loss and damage to reputations. By understanding their characteristics, organizations can be better prepared to reduce risk.
- ACTIVISTS - Activists tend to use very basic methods, but recent years have seen some notable and widely publicized successes. They are opportunistic, but have numbers on their side. Their aim is to maximize disruption, hurt and embarrass their victims. Hacktivism tends to be fully targeted as opposed to opportunistic. Victims are selected and often announced in advance.
- CRIMINALS - Activist Criminals are motivated by financial gain and are more sophisticated and calculated in how they select targets. They often use more complex hacking techniques than activists. Once they've gained access, they take any data that might have financial value.
- SPIES - Often state-sponsored, this group uses the most sophisticated tools to commit the most targeted attacks. They know what they want - be that intellectual property, financial data or insider information - and are relentless and not afraid of prosecution.
The increase in state-level and industrial espionage was one of the most notable trends discovered in the DBIR report. The findings suggest that there's a lot of complacency among organizations about the risk of espionage attacks. The assumption is that these attacks only target government, military and high-profile organizations, but the DBIR data shows that this increasingly isn't true.
In Sartin's view, preparation, alignment and a tailored approach all play an instrumental role when addressing cybersecurity.
"The most pivotal lesson from Quantum Dawn 2, and drills like it, is that industries can no longer take a one-size-fits-all approach to cybersecurity. Industries need to tailor their approaches to become more fluid in open, transparent information sharing with their allies, government and law enforcement officers in order to maintain a high-standard security system. The better prepared, coordinated and synced industries and government officials are, the better our nation's cybersecurity systems will continue to be," Sartin added.
For more information on this year's data breach findings, please visit http://www.verizonenterprise.com/DBIR/2013/. Verizon offers security services to enterprises in more than 50 countries to help safeguard their data and prevent cybercrime from occurring.
