Monitoring digital footprint across all of the web can mitigate attack risk, says financial tech start-up
Big data analytics can help banks protect themselves from cybercriminals accessing confidential information appearing across the web, financial tech start-up Digital Shadows has claimed.
Like all companies, financial institutions are seeing increasing amounts of data appear online as their digital footprint grows. With the rise of social media and mobile computing, banks are seeing more company information posted online than ever, running the risk of employees publishing details deemed to be confidential. This could lead to reputational damage, or, more worryingly, the publication of information that could lead to a security breach, and has led to concerns from US bank regulators.
Using information from the bank or its suppliers, which can reach tens of thousands for some major companies, there is potential for criminals to collate information to support an attack on a bank's IT infrastructure.
"In particular from a hacker's point of view, they are getting more and more sophisticated and targeted in their attacks, and to do that they have to perform reconnaissance. It is the first stage of the attack where they begin to research the attack," Digital Shadows CEO, Alastair Paterson, told Computerworld UK.
"It's a bit like 'casing the joint'. If you are a cyber criminal you have to case the joint looking at all the little bits of information that companies expose, trying to find user names or passwords, or the technology that they run so that you can design an attack that will succeed from the outside. So the whole model [of bank security] has gone inside-out."
While banks previously had to concentrate on keeping information securely inside the organisations, the avenues for data to permeate through its defences have increased. As Paterson highlights, a quick Google search of '"confidential not for distribution" file type:PDF' unearths a flood of results that were not intended to be publically available.
He adds that, in addition to confidential material leaving a bank's clutches, the discussion of a particular bank in the far flung reaches of the 'dark web', which acts as a criminal underground, could contain information that may relate to an imminent attack.
Paterson said that gaining an overview of the vast amount of information appearing on various parts of the seen web, from Chinese blogs to Russian forums, as well as the unseen web, is of great value to financial institutions.
In order to help address these problems, the start-up software company has developed an analytics platform that sorts through unstructured or semi-structured data from 60 million sources in 25 languages, using an algorithm to determine what information might present a risk.