Finextra engaged in a discussion with Google Cloud leaders Nick Godfrey, senior director and global head of the office of the CISO, and Jamie Collier, lead threat intelligence advisor for Europe, to explore the evolution of cybersecurity and the new threats emerging in the financial crime landscape.
Who are the targets of cyberthreats?
With 25 years of experience in cybersecurity, Godfrey emphasized its vital role in society due to our reliance on technology and data. He stated, “The loss of financial data, whether from theft or ransomware, transcends industries. Financial services cannot operate without technology.”
Collier identified banks, insurance companies, and cryptocurrency platforms as primary targets for ransomware and cybercrime groups. He noted an alarming trend where criminals are increasingly targeting supply chains to steal data and access sensitive information. The collaboration among financial organizations has led to more data exchange, potentially exposing vulnerabilities, especially regarding data held by smaller suppliers that could be a weak spot for larger banks. To mitigate supply chain risks, he advocated for implementing more security barriers and suggested that segmented architecture could help prevent a single breach from compromising the entire system.
What is the role of nation-state actors in cybercrime?
Collier discussed the involvement of nation-state actors, citing espionage activities from Russia, Iran, China, and North Korea aimed at financial data. He explained that while many states gather intelligence for strategic reasons—highlighting China and Iran’s theft of intellectual property—North Korea employs cyber tactics not only for intelligence but also to generate revenue for its government.
“North Korea has shifted its focus from targeting the SWIFT network to concentrating more on cryptocurrency entities, even attempting to gain employment within financial services to exploit insider access,” Collier noted. Furthermore, he described how cyber capabilities play a significant role in geopolitical conflicts, such as Russia’s operations against Ukraine, where cyber tactics are used alongside military action.
Details on espionage and targeted cyberattacks by nation-state actors are provided in Google’s cybercrime report.
What strategies can financial institutions employ to combat cyberattacks?
Collier shared that Google’s engineering approach to security emphasizes automation and proactive measures against cybercrime, contrasting with many financial institutions that often react to attacks in a more manual and firefighting manner. Godfrey outlined four essential strategies for financial institutions in developing their cybersecurity frameworks:
- Maintain basic security hygiene, including patching software and addressing vulnerabilities.
- Understand threat intelligence to construct a comprehensive threat profile.
- Test defenses and security protocols using Red Team techniques.
- Ensure the organization is prepared to respond to an attack at all levels, including C-suite executives.
Godfrey also pointed out that Google’s AI service, Gemini, is utilized by various actors in China, Iran, North Korea, and Russia throughout different stages of the attack lifecycle, although it is not employed for producing novel attack techniques. He highlighted that defenders are also leveraging AI, and there is promising progress in its usage for detecting, preventing, and managing security threats.
Looking forward, Godfrey identified AI and quantum computing as significant trends to monitor in the cybersecurity landscape, applicable to both attackers and defenders.