Cyberthreats continue to go forth and multiply at financial institutions says Aite Group

Banks and merchants are struggling to keep pace with the threat environment, but collaboration is a way to get an edge.

  • Thursday, 10th October 2013 Posted 11 years ago in by Phil Alsop

Cyberthreats come in the form of malicious software code, hacking attacks, waves of denial-of-service attacks, and insidious corporate espionage. All are designed to provide financial or political benefit to criminals and are still multiplying at a phenomenal rate, according to a new report released today from financial and technology analyst house, Aite Group—Cyberthreats: Multiplying Like Tribbles.

Aite Group's research report, which draws analogies between cyberthreats and the rapidly multiplying furry little Tribbles of Star Trek lore, focuses on two of the most lucrative targets for the organizations behind the attacks: financial institutions and merchants. The research shows that threats are escalating more quickly than banks or businesses can deploy defenses against them. With more than 150,000 unique new strains of malware deployed each day in Q1 2013, it’s very difficult for the good guys to keep pace.


The username/password combination as an authenticator is now officially broken, Aite Group finds. Myriad database breaches over the last year compromised tens of millions of usernames and passwords; combined with the fact that consumers reuse these passwords across the Internet, the sole relevant use for this combination is now that of a database look-up mechanism.


The key challenge in defending against the onslaught of attacks is that there are so many different players and attack vectors. International organized crime rings are in search of financial gain; nation-states, individuals, and crime rings are engaged in espionage against governments and businesses; and hacktivists aim to get into the headlines. The dividing lines between the players and their causes are not now clear.


"Threats are escalating more quickly than banks or businesses can deploy their defenses, so rather than bulletproof security, organizations should focus on ways to make the cost of breaching their security more expensive than the underlying data that could be obtained," says Julie Conroy, research director in Retail Banking at Aite Group. "Merchants need to take steps to eliminate the sensitive data from their environments altogether through technologies such as tokenization or point-to-point encryption. As fast as the threats are moving, security needs to be built with the assumption that the endpoint is already compromised—or will be soon."