My blogs on big data and cybersecurity in banks
-
Upload
kishore-jethanandani -
Category
Technology
-
view
78 -
download
0
description
Transcript of My blogs on big data and cybersecurity in banks
Revving data engines to chase cyber criminals
By Kishore Jethanandani
Banks are recognizing that speed is of the essence in nabbing cyber criminals. They need to
ferret out lurking dangers on computers and corner criminals before their plots inflict
damage.
Big-data enabled anomalous pattern detection is widely recognized as the best practice for
fraud prevention. The legacy data-warehouses and relational databases, however, were
never designed for rapid storage and querying that is needed for real-time responses to
criminal activity. Data-warehouses are batch processes and they take so long that most
companies wait till after hours to transfer and load data into them.
Relational databases were designed for structured data with an existing schema for
organizing data in columns and rows. As the size of storehouses grows, the queries get
larger and take ever more time to process. Paul Zolfaghar of ParAccel, speaking during a
panel discussion, “Big Data: New Database Paradigms” at the Jefferies Global Technology,
Internet, Media & Telecom Conference, said that some of his clients on Wall Street write
20,000 line SQL statements. In the time that it would take to process a query like that, the
criminals would not only bolt but would be in hiding!
Fraud detection is most effective when it parses both structured and unstructured
information, including video, audio, images, social media feeds, email and more, to
construct a rounded view of events and their relationships. While structured data volumes
are growing slower than unstructured data, the utilization rates of unstructured data are
much lower according to a survey by Freeform Dynamics in late 2012. Experts believe that
unstructured data from social media sites provides a great deal more of insights.
Banks are seeking to greatly increase the speed of data processing with a broader range of
queries to extract information on criminal activity with Hadoop. The cornerstone of the
Hadoop architecture is the use of a cluster of commodity servers and storage devices that
house data without a pre-defined schema. Zion Bancorp, for example, formed a cluster of
30 nodes of servers and switches to process petabytes of data according to a report by
Banktech. The time for queries has been drastically reduced with Big Data from four days
to eight minutes according to Paul Zolfaghar at the conference cited above.
Hadoop clusters are meant for simultaneous processing of multiple queries on as many
data stores. These systems are akin to the Mapreduce architecture, used by search engines
like Google, which sub-divide a larger repository according to a report by The Banker. Each
of these data stores has a category of data that can be queried independent of other data
stores. Since no specific schema is applied when the data is stored, it is possible to store
and query both structured and unstructured data.
Some early data suggests that the emerging architecture for fraud detection and response
to cyber-criminals is effective. According to a survey by Financial Services Information
Sharing and Analysis Center (FS-ISAC), there were an estimated 2.11 cyber-attacks per
1,000 commercial banking customers that compromised computers used for electronic
bank transfers in 2012 compared to 3.42 in 2011. What’s more, in only 9% of the cyber-
attacks the thieves were able to steal money compared to 70% in 2009 and 12% in 2011.
One of the reasons attributed by the survey for the decline in losses from cyber-crime was
the effort that banks are making to continuously track anomalous activity.
The pressure for scrapping legacy bank systems is only going to grow as criminals become
more adept at penetrating them. Banks can benefit from lower losses from crime but also
other payoffs from the analysis of data for product development and customer retention.
Big Brother’s all-seeing eyes for fraud
By Kishore Jethanandani
Big Data will save banks the embarrassment of being informed about security
breaches much too late for their customers! They can now anticipate security
vulnerabilities and respond in real time to prevent a potential loss of data
with help from analytics.
Security analyst Bernt Ostergaard, of industry analyst firm Current Analysis,
reports in an interview to InfoRisk Today that those companies which have
shifted to the new paradigm of security management experienced drops in
losses from security breaches in 2011 compared to those in 2010.
The hallmark of the new paradigm in security management is correlation of
security events, such as an unusual increase in data traffic, with seemingly
unrelated information such as a termination of the employment of a staff
member in the bank. Specialists in data analytics for banks, such as FICO, ID
Analytics, Opera Solutions and Global Analytics, have larger storehouses of
information gathered from inside and outside the bank to find the correlations
that enable them to spot lurking risks to banks.
The traditional methods of securing banks from losses of data, such as
authentication and encryption, have outlived their utility in a world where
malware mutates into new forms before banks deal with known intrusions.
The Anti-Phishing Working Group estimates that 39% of all computers are
infected with financial malware that are typically placed on computers to steal
account information. Identity thieves, masquerading as account holders, have
increased the rate of takeover of online bank accounts at the rate of 150% per
year according to numbers from Financial Services Information Sharing and
Analysis Center and quoted by the American Banker magazine.
A telling statistic, awkward for bank security managers, is the means by which
banks become aware of a security breach. In 2012, banks were alerted to an
intrusion by customers in 82% of the cases. This has increased from 76% of
the cases in 2010 according to the 2012 Faces of Fraud Survey conducted by
the Information Security Media Group. Banks can hardly mitigate losses when
the criminals bolt from the scene of crime much before they even become
aware of it!
As mobile payments grow, banks are more vulnerable to security breaches. A
2011 Aite Group survey of 24 global financial executives found that 75% of
them believe the mobile channel exposes them to fraud and security risks and
88% are convinced it will be the dominant source of fraud risk.
Some of the traits of smart phones lend themselves to fraud. Due to a smaller
screen, some of the telltale signs of a phishing attempt are missed by users.
Mobile users are three times more likely than their PC counterparts to give
away their personal information on suspicious websites according to a report
by Bank Director Magazine. A survey of the Aite Group found that only 37% of
the respondents in the banking industry have a security system that
integrated their online and mobile channels.
In the arms race against the bad guys, banks are better served if they give up
the idea that it is even possible to build a security fortress. The bad guys are
guerrillas who will always find their way inside. Big Data is akin to a counter-
intelligence system able to spy on them and catch them in the act.
Predictive Analytics: an eye for the Black Swan
By Kishore Jethanandani
Recurring outages in October and September of 2012 at Bank of America and
five of the largest banks were a new normal of Bank IT disasters.
Outages of up to 20 hours were experienced as traffic volumes zoomed to 65
Gbps. The distraction of a congested network is also the backdrop for
fraudulent wire transfers.
The symbolism was striking; the nation’s banks, the channel for payments to
government employees and the military, were overwhelmed by the
unprecedented magnitude of the disaster.
Banks are increasingly susceptible to catastrophic disasters as cost-cutting
compulsions drive them to virtualize their infrastructure that includes inter-
connecting their sprawling data centers. In the latest wave of attacks, hackers
created virtual clones of actual machines. They then used the IP addresses and
related identity information of victims to masquerade as genuine customers in
order attempt transfer of funds.
A disruption in any of the servers, storage or cloud networks rapidly cascades
throughout the virtual IT infrastructure. After the fact, banks find themselves
overtaken by the momentum of disastrous events. Their one chance of
minimizing the damage is to predict and pre-empt a disruption before it
begins to snowball.
Complexity has grown in data centers with increasing recourse to
virtualization. More applications can be housed on a single server with
virtualization. A 2012 Symantec survey of data centers found that the level of
complexity in North American organizations is 7.81 (on a scale 1 to 10)
compared to 6.15 for East Asian companies. The contributing factors are
growing numbers of business critical applications, larger volumes of data,
server virtualization, mobile and cloud computing.
Companies have also made progress in switching to management tools that
are more effective in the new world of virtualization. In 2011, there was a
16% increase in management tools, integrated with the virtualization
platform, such as Virtual Machine Manager, Virtual Center Manager or
XenCenter.
These management tools ease the tedium of data gathering and manual
reconfiguration of physical devices that was the norm before virtualization
was widely adopted. Virtualization also enables aggregation of data as it
affords visibility into the entire network.
On the other hand, the ease of reconfiguration encourages companies to
redeploy the physical devices for a variety of functions as needs change. The
likelihood of an error and outages increases as the servers are switched to a
variety of functions. On an average, companies endure a staggering 16 outages
each year at a cost of $5.1 million and 11 of them are due to system failures.
Increasingly, banks like other companies recognize that real-time data
aggregation and predictive analytics is the key to realizing their most valued
goal of increasing availability of their IT. Several companies, IBM-Tivoli,
Netuitive and HP’s Service Health Analyzer among others incorporate
predictive analytic solutions in their management tools.
However, these management tools are not a substitute for the effort
companies have to make to identify key performance indicators. Only they can
extract the relevant data from their systems and choose the models that
predict performance with the greatest degree of accuracy. This is the task that
will preoccupy them in the coming years.