The finance industry is changing, with new opportunities and threats emerging each year. Be it block chain technology, how Artificial Intelligence and automation could benefit the sector or simply the changes in user habits, the finance industry is undergoing an evolution.
Part of this transformation involves the digital side of finance; notably cyber security and its associated threats. Cyber crime specifically is a growing threat to businesses, and it has gone from being a potential threat to an issue UK firms can no longer ignore. Last year, 2.9 million UK businesses were attacked digitally, at a cost of £29.1 billion. Worryingly for those in the finance industry, firms operating in the sector were 65 per cent more likely to be attacked than other specialisms. This resulted in more than 200 million records being breached in 2016, a 937 per cent increase year over year.
HSBC and JP Morgan are notable examples of financial institutions which have been hacked recently, as widely reported in the press, resulting in varying levels of carnage for both the banks and their customers. What cannot be denied, however, is the prestige of the names targeted, with multibillion dollar firms being brought down by hackers, potentially sitting at home in their pyjamas. Whilst the motives behind every hacker will vary, some light was shed by the National Crime Agency (NCA) recently, which revealed the average age of a UK hacker is only 17. Therefore, businesses are under threat from those who have not yet left school – the employees of tomorrow are bringing down some of the UK’s biggest brands one code at a time.
The alarming investigation found that most teenagers fall into hacking after being exposed to the digital world, usually via games consoles or spending time messing around on a computer. By the age of 13 or 14, these web whizzkids have developed the capability and skill to begin utilising their gaming devices and digital expertise for hacking. Among the most common types of crime the NCA referenced were developing and selling hacking toolkits, blackmailing companies and breaking into online accounts.
You would think this would be shocking news. Children, those who legally are not old enough to be tried under adult law, but are responsible for some of the costliest attacks on UK and international businesses. But let’s not forget, this generation has grown up with the web at their fingertips – is it therefore that surprising that they are able to outsmart those who have come to it later? A 15-year-old British boy is alleged to have hacked into the emails of the Director of the CIA, one of the most secure and secretive organisations around, highlighting the exponential threat young bedroom felons now pose.
Digital technology has erupted over the last 15-20 years and we now have a generation of youngsters who don’t know what it’s like to live without it. It’s not unsurprising they live their lives through the online world – social media, banking, communicating – everything is at their fingertips, including entertainment which in this case involves hacking. This is particularly true of British teenagers, who spend more time online than most other teenagers around the world. According to an OECD Pisa survey, British teenagers rank quite highly in terms of dissatisfaction with life, and it seems unsurprising that they are taking out their teenage-inspired angst within the world they understand the most: the digital one.
Whilst a report on teenage hackers might seem a little tenuous or even irrelevant for businesses, it actually shines a light into better understanding cyber security risks for firms in the future. The investigation carried out by the NCA found that the majority of teenage hackers are mostly motivated by ‘building a reputation’.
Like in the finance industry where reputation can help propel a career, young hackers are polishing their egos by proving themselves to be technically great, and pursuing targets on the basis of how challenging the attack will be, rather than how much money they could gain for a potential hack. Much like the more traditional morality-lead hackers who outed adulterers by stealing and publicising user information from the website Ashley Madison, these young people are interested in what they can gain on a reputational and skills-based level instead of what they can actually gain from the data breaches themselves.
Therefore, the better the brand’s level of cyber security (along with its associated prestige) and the more hurdles needed to overcome, the more appealing the target is to young hackers who want to gain a “name” for themselves in the shadowy world of cybercrime and hacking.
Given the lack of concern these young hackers have in the intrinsic value of what is being hacked, any system at any organisation could be a potential target, rather than just those on the frontline of protecting core assets. Despite this, what is worrying for firms, is the rate at which these youngsters are honing their skills, developing new tools and exchanging intelligence. This results in them becoming more competent at a rate which vastly outpaces how quickly most companies in the finance sector are updating and monitoring their cyber security tools.
Thus, a two pronged risk is revealed: the danger of making your firm more desirable to hack due to the prestige associated with breaking the strong protection, and that of being outnumbered by the sheer scale of hackers who collaborate to develop exploitations and share vulnerabilities.
Considering the National Cyber Security Centre recently stated that the UK skills shortage is leaving the country open to cyberattacks, perhaps it’s time we started looking a little closer to home when identifying our next star employee to help guard against cyber crime. Whilst the NCA research is predominantly acting as a warning for firms to wise up to cyber crime and its associated security measures, it gives those working in the finance industry an opportunity to act. Today’s deviant hackers could well be tomorrow’s cyber security experts, and targeting youngsters with an organic interest in computer technology, as well as a known expertise in the world of hacking, could be the secret to finding and recruiting a skilled team of experts. Utilising insider knowledge and tapping into digital literacy, along with experience could ironically make organisations more secure.
Of course, this would not be void of risk. Let’s not forget it would be hard to place faith in new recruits who have a known history of data breaches and hacking. This forms part of the wider debate around hard copy vs digital and if people consider stealing soft copies of data as seriously as if they broke in and stole a hard copy. What cannot be denied, however, is that by taking a bold approach (involving the right approach and training), finance firms could be utilising the future stars of the tech world to protect themselves from threats that they perhaps do not yet understand themselves.
Phil Beckett is Managing Director at Alvarez and Marsal