As our nation grapples with the ongoing spread of the coronavirus and its wide-ranging impacts on commerce and social life, criminals have seized the moment to spring new attacks against financial institutions, governments, businesses and citizens alike. Although the payments industry has been plagued by cyberattacks and related wrongdoing for years, the current surge in attempted and successful actions is off the charts and continuing to climb.
EPCOR members know that cybercrime is a rising threat—our Knowledge Community is filled with posts about scammers exploiting weaknesses in state unemployment filing procedures and systems to defraud governments of millions of dollars. In fact, our member support team has fielded over 200 calls since May about this problem alone! The World Economic Forum now estimates that losses and damages associated with cybercrime will total $6 trillion in 2021—a figure that will top the gross domestic product (GDP) of Japan, the world’s third largest economy.[i]
The growth in cybercrime has not gone unnoticed by lawmakers, regulators, cybersecurity professionals and law enforcement. On June 16, the House of Representatives’ Subcommittee on National Security, International Development and Monetary Policy invited some of the industry’s preeminent experts on cybercrime to share insights into the recent spike, and lawmakers used the forum to explore possible legislative solutions to help Americans fight back against fraudsters. Members of the subcommittee expressed alarm at how quickly fraudsters jumped into action as the lockdowns started—the FBI’s Internet Crime Complaint Center (IC3) reported that cybersecurity incidents leaped from a thousand per day prior to the pandemic to upwards of 4,000 per day in recent weeks.[ii] And, if that number is not troubling enough, the surge in reported cybercrime is so great that the number of incidents in the first four months of 2020 was almost higher than the total for 2019![iii]
The hearing focused on the unique threats faced by financial institutions, and lawmakers discussed potential ways Congress may come to the aid of banks and credit unions. Between February and May, cybersecurity firm VMware recorded a 238% increase in cyberattacks against financial institutions and a nine-fold upsurge in ransomware attacks.[iv] Tom Kellermann, VMware’s Head of Cybersecurity, noted in his testimony that criminal tactics are also changing and he illuminated a troubling new scheme called island-hopping. Island-hopping is a term to describe hackers hijacking bank and credit union partners or third-party vendors to gain access to financial institution infrastructure that can serve as a platform to launch against clients![v] Kellerman also urged Congress to do more to act against money laundering facilitated by digital currencies.
What is Congress going to do about the rise in cybercrime? Several bills are currently under consideration to increase research and education efforts or possibly establish restitution assistance for victims of financial crimes. Kellermann urged Congress to bolster law enforcement capabilities by moving the U.S. Secret Service from the Department of Homeland Security to its foundations at the Treasury Department to help focus the agency on its original mission: financial crime.[vi] Other witnesses, notably Kevin Coleman of the National Cybersecurity Alliance, called for enhanced partnerships between the government and private sector to build “community defenses” against common threats.
While Congress debates their next steps, there is plenty that your financial institution can do to protect your organization against cybercriminals and respond to their attacks:
- Stay informed and aware of current developments – Now, perhaps more than ever before, a knowledgeable payments staff is critical to a frontline defense! EPCOR’s resources and payments experts are on-hand to give members the information they need to succeed in battle. Sign up for @Karen Sylvester's Quarterly Compliance and Fraud Review webinars!
- File well-written and highly detailed suspicious activity reports (SARs) – If you see something, say something…but say it with as much detail as you can provide!
- Test your defenses – Work with your IT team to probe and repair weaknesses in your system before hackers can exploit them.
- Consider improvements to your IT budget and capabilities – Extraordinary times in criminal activity call for extraordinary measures, so financial institutions will likely need to dedicate more resources to strengthen their system protections and train employees.
[i] Pg 63, http://www3.weforum.org/docs/WEF_Global_Risk_Report_2020.pdf
[ii] Pg 1, https://financialservices.house.gov/uploadedfiles/hhrg-116-ba10-20200616-sd002.pdf
[iii] Ibid.
[iv] Ibid.
[v] Pg 1, https://financialservices.house.gov/uploadedfiles/hhrg-116-ba10-wstate-kellermannt-20200616.pdf
[vi] Pg 2, https://financialservices.house.gov/uploadedfiles/hhrg-116-ba10-wstate-kellermannt-20200616.pdf