As COVID-19 has the financial system more internet-dependent than ever, Congress is worried that the United States’ cyber defenses are not up to the current challenge.
In a May 28 virtual roundtable before the congressional Subcommittee on National Security, International Development and Monetary Policy, witnesses and congresspeople alike feared that they are not keeping up with criminals hacking the financial system.
Criminals have better resumes than government agents
One witness, Guillermo Christensen, a partner at law firm Ice Miller, admired the cyber talent operating illegally:
“We are always playing catch up with the criminals. […] It’s very hard to find people who are as qualified as some of these criminal hackers, frankly, to take apart their schemes and trace them.”
Another issue is the overclassification of government information, presenting a barrier to private-sector security efforts. “The information sharing between the private sector and the public sector is very valuable but it could be better,” saft Naftali Harris, co-founder and CEO of SentiLink, an anti-fraud software company.
Fintech’s vulnerability during the pandemic
In response to a question from subcommittee chairman Emanuel Cleaver (D-MO) as to the vulnerability of fintech to hacking, cybersecurity strategist Tom Kellermann warned that the current system is vulnerable to new developments and increasingly remote workflows:
“Financial institutions have the best security in the world, but because of telework and because of the customized malware or weaponry that are being developed in the darkweb, primarily the Russian-speaking darkweb. […] They’ve learned ways around the perimeter defense of the network security espoused by the standards of regulators around the world.”
Kellerman continued to explain that telework allows hackers easy access to well-defended financial networks via the worse-defended home systems of executives. He further called out APIs as adding another element of risk:
“The greatest vulnerability of fintech is they build out these APIs that allow them to connect to other financial institutions as well as other fintech vendors. Those APIs themselves are being exploited left and right.”
During the hearing, Chairman Cleaver commented that “It seems that we are losing this battle.” His closing remarks were no more optimistic. “Your comments were very informative but also very scary,” the chairman said.