The big theme of the day today was cyber security. Along with the fear of potentially losing their livelihood to the likes of Google and Amazon, the other thing to keep bankers up at night is cybercrime.
And it comes in a variety of forms. There are the attacks you hear about in the media on a weekly basis. Distributed Denial of Service (DDoS) attacks are one kind. DDoS attacks are what the papers like to call ‘the end of the internet’. But it’s really just a flooding of data to a website or network to basically jam it up.
And then there are Hacktivists. We’ll get on to Hacktivists shortly. But they’re all about ‘taking down the man’, so to speak.
And interestingly the number one type of cyber security concern the chief technology officers had was internal threats and rogue employees.
That’s right, the Syrian Electronic Army can bombard major banks all they like. Anonymous or LulzSec can go to town on a bank’s core systems. But the biggest worry boards around the world have is from their very own employees.
Of course the kinds of boards most worried about internal threats are indeed from the banks. So let me ask you this…
Do you think the number one cyber security worry Google, Facebook or Twitter has is an internal rogue employees?
I doubt it. It seems internal threat is at epidemic proportions in the big banks of the world. Here’s what Nigel Hayward, CIO at J.P. Morgan had to say about it,
‘You’ve got to take a multi-faceted approach.
‘At J.P. Morgan you cannot plug in a USB device.
‘Employees and contractors have patterns and you can track those patterns.‘
Track patterns? Can’t plug in a USB device? Wow, sounds like the big bank is a really fun place to work.
Oh and in case you were unaware, J.P. Morgan reaped $5.77 billion in banking fees in 2012. And the average (yes, average) pay for Managing Directors in J.P’s Mergers Advisory arm was $1.7 million.
With 258,000 employees across the business, I’m pretty sure not everyone is sharing in the wealth there. It’s no wonder they have a rogue employee crisis. I’d go rogue too with that kind of inequality within the one organisation.
The More You Make The More They’ll Hack
The bigger they are the bigger a target that sits on their head. The annual security spend of these big banks runs into the hundreds of millions of dollars. And the price is going up.
J.P. is planning to increase cyber security spend by over 10% next year. And an audience poll had 52% of the crowd planning on spending over 10% more on cyber security too.
Beware of The Pimply Faced Teenager
You could almost smell the fear permeate through the audience when the term ‘Hacktivist’ was brought up.
I could imagine the reaction if a pimply 15 year old walked in the room with ‘Beats’ headphones hanging round his neck and an Alienware laptop by his side. I think the whole room would have evacuated.
There was one thing in particular the crowd didn’t understand when it came to Hacktivists. It’s the premise they operate without monetary motivation. This was beyond many of the bankers in the room. I could hear internal monologues throughout the room…’Without monetary motivation? Is that possible?’
A cyber criminal will typically steal data to sell in order to make money (i.e. Romanian ATM scammers). Hacktivists are motivated by other means. It’s really not that hard to understand.
It could be political motivation. It could just be because they can. It could even be because they’ve had a bad day.
Regardless of the reason, the Hacktivist operates with a unique set of ideological beliefs. Often they contradict the very existence of everything a bank stands for. And as such, a bank becomes a target.
Whether the banks like it or not they’re fighting an uphill battle. Whether it’s internal or external, cyber security is high on the agenda now.
And the best way to combat this threat is obviously to throw money at it. Now they’re starting to bring on board external companies to help manage their issues.
All Out Cyber Warfare
It’s an environment of all out cyber warfare right now. It’s not just geo-political issues. China spying on America and vice versa isn’t the real cyber warfare underway. It’s the daily attacks and ambushes of networks across the global financial system that we should be most worried about.
Dave Gray, author of The Connected Company calls it ‘network centric warfare‘. He says, ‘The small and agile organization that understands networks has an advantage unless the incumbents can organize themselves.‘
What he means is it’s the ones who get how a network works that will hold the gun to the head of those that don’t. So the young, tech savvy computer scientists and engineers that want to make an impact in the world will enter the market in two forms.
One, as legitimate start-up companies dedicated to shake the system up. Or they’ll take the path following ideology that favours hacktivists and troublemakers.
Either way it’s a new era of digital warfare. There are battles everywhere. State vs. state, hacktivist vs. banks, hacktivist vs. state…maybe soon enough state vs. bank?
I’ve said before that we can’t predict the future, but after the sessions and discussion from today we’re getting a clearer view of what’s likely to happen.
The trend is of increasing cyber security attacks. They’re not stopping, they’re on a parabolic curve upwards. Spending on defence is increasing, and the ‘generals’ are getting worried.
It feels like a crescendo to all out warfare. The feeling I got from today is it’s not a matter of if it will happen, just a matter of when.
Sam Volkering+
Technology Analyst, Revolutionary Tech Investor
Ed note: You can follow Sam at SIBOS on his Google+ page here…
