Incident Response for Data Breaches

Credit EligibleAs a BankInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info

A veteran cybersecurity pro, Shane Sims shares his insights on trends he's seeing as cybercrime continues to hit all companies, including financial institutions. Sims is currently a Director in the Forensic Services practice at PricewaterhouseCoopers, where he provides investigative, forensic technology, security incident response and cyber security services to commercial and government clients. He is a former FBI Supervisory Special Agent who specialized in cybercrime, digital evidence, computer exploitation, and network surveillance.

Listen to this podcast and hear Sims insights on:

LINDA McGLASSON: Hi, I'm Linda McGlasson, Managing Editor for BankInfoSecurity and CUInfoSecurity. Today's Information Security Media Group's Podcast is with Shane Sims, a veteran cyber security professional. Shane is a Director in the Forensic Services Practice at Price Waterhouse Coopers. He is also a former FBI Supervisory Special Agent who specialized in cyber crime, digital evidence, computer exploitation and network surveillance. Welcome Shane.

SHANE SIMS: Thank you. Glad to be here.

McGLASSON: What are the types of cyber threat groups out there now and how are they targeting? Any specific types going after financial institutions?

Click to Get Updates on the Latest Information Security News

Company* Title* Email* Subscription Type: HTML Text Healthcare Enews General Healthcare Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Government Enews General Government Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Banking Enews General Banking Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Credit Union Enews General Credit Union Enews Blogs Enews Careers Enews Training Enews Webinars Enews Podcasts Enews White Papers Enews Need Help?

SIMS: The cyber threat groups are varied and complex and they always seem to be evolving. One common denominator across the groups is that they remain highly motivated. The threat groups from my perspective can be classified as criminals, state sponsors, terrorists or insiders. The insiders and criminals are the primary threat groups to financial institutions and I can describe each of these threat groups in a little more detail.

McGLASSON: That would be great.

SIMS: Criminal enterprises are becoming more sophisticated at compromising private cyber space. They are spending time recruiting technical talent, they are devoting funds to research and development of malware and their breach operations are planned and organized. This threat group's main objective is to convert data into profit primarily; secondarily they attempt to extort organizations by holding IT assets hostage.

I have seen criminal hacker groups actually develop custom malware on the fly while they are in the midst of compromising a target organization. Stated differently, as they infiltrate an environment and begin to learn what hardware and software is alive and active, custom applications are developed to defeat counter measures employed by those victim organizations. This type of malware can't be detected by in house antivirus technology.

Today's sophisticated hacker crews are using data egress methods that really mirror the well-funded techniques of state sponsors. Ten years ago, traditional organized crime families would hire hackers to steal data for them; today hackers and hacker groups operate independently of traditional organized crime and these groups will often team with each other to compromise certain target organizations in order to leverage the skill sets needed based on the target environment. That is my quick assessment of the criminal threat group.

Moving on to the state sponsored threat group, obviously this is the best funded, most organized and most difficult to detect. Foreign intelligence services actively target the U.S. government, its military and its private sector cyber space. The purpose of the foreign government cyber threat is to acquire intelligence and steal intellectual property, so they are not a major threat to financial institutions.

Terrorist organizations, like criminals, can convert stolen data into financial gain, but they need identities to permit the movement of terrorist operators around the globe so that is one of their primary focuses of a cyber attack. The most feared objective of this threat group is the disruption or sabotage of a cyber space of any organizations that have been designated as critical infrastructures by DHS. So the cyber WMD, if you will, is the big fear of the terrorist groups and obviously this type of activity would have serious implications on national security. DHS has designated the banking and financial sector as a critical infrastructure and this sector has nearly 30,000 financial firms I believe.