Financial Giants Adopt Military-Style Defense Tactics to Fight Cybercrime

citibank citigroup

One of the world’s most lucrative industries, cybercrime has cost over $445 billion in 2017 alone, up 30% in the last three years alone. Financial giants like Mastercard are paying attention and are proactively taking measures to combat the threat.

Mastercard, like Citigroup and Wells Fargo, have now deployed and are operating fusion centers, a concept taken from the Department of Homeland Security. The DHS established fusion centers following the September 11 attacks, coordinating federal, state and local intelligence-gathering efforts while combating threats like disease outbreaks, sex trafficking and wildfires.

As intelligence hives, the banks hope their own fusion centers detect threat patterns in the data they amass.

Going a step further, the banks simulate a catastrophic cyberstrike called Quantum Dawn. Over 900 participants from 50 banks, regulators, agencies and law enforcement authorities roleplayed a scenario of an industrywide infestation of malicious malware that corrupted, then entirely blocked all outgoing payments from the participating banks. Through the two-day test, the organizers triggered new threats every few hours like distributed denial of service attacks to render the banks’ websites offline.

The Hamilton Series is another set of cyber drills coordinated by the Treasury Department. The results were worrying.

“There was a recognition that we needed to add an additional layer of resilience,” said John Carlson, the chief of staff for the Financial Services Information Sharing and Analysis Center, the industry’s primary cybersecurity coordination group.

It wasn’t long before the group began building Sheltered Harbor, a new fail-safe which went into operation in 2017. If any member on the network has its data compromised or destroyed, the other participants can help retrieve its archived records to restore account access within a single day or two. Nearly 70 percent of America’s deposit accounts are now under coverage.

Citigroup’s chief information security officer Thomas J.Harrington, a 28-year FBI veteran who now runs Citigroup’s cybersecurity wing sums it up as “muscle memory”.

The industry is looking to avoid any scenario similar to the Equifax data breach last year. The embattled credit bureau has spent some $243 million in the aftermath of the attack which has cost the company’s CEO and four other top managers their jobs while the personal data of over 146 million people is in the wind.

Image credit: Flickr.