The Intersection of Financial Institutions and Technology Leaders

An Expert in the Dark Web Describes How to Manage the Risk

December 19, 2024

By Kiah Lau Haslett

Cybersecurity concerns have increased for directors and senior leaders in the past year, according to Bank Director’s 2024 Risk Survey, sponsored by Moss Adams. Eighty-six percent of respondents said their concerns increased “somewhat” or “significantly” in the last 12 months — more than any other risk. 

And it’s no wonder executives are worried. A major trend in cybercrime is its continued “commodification,” where bad actors increasingly opt to purchase malware software from specialists rather than build it themselves, says Trevor Hilligoss, senior vice president of SpyCloud Labs at SpyCloud, in a conversation with Banking & Fintech Editor Kiah Lau Haslett for Reinventing Banking. SpyCloud helps security teams act on exposures stemming from malware that steals information, as well as third-party breaches and successful phishes. Hilligoss has a background in federal law enforcement and is a member of the Joint Ransomware Task Force. His work at SpyCloud includes researching threat actors operating on the dark web. 

The commodification of malware is a serious and growing threat for financial institutions. These enablement services lower the barriers to entry for would-be bad actors, increasing the potential number of threats a financial institution could face. That’s just one development in the nebulous, ever-evolving risk area for financial institutions as they try to keep bad actors out of their perimeter and keep customer information and funds safe. 

Managing third- and fourth-party cyber risk — ranging from due diligence upfront to breach notifications after an incident — also poses a big challenge for executives. Sixty-eight percent of respondents to the risk survey said they assess the cybersecurity practices for vendors in “critical and high-risk functions.” But only 34% say they assess the cybersecurity practices of their vendors’ vendors. SpyCloud has seen numerous instances where a firm’s third or fourth party has been breached, and the firm may not know its data has been stolen from that party. Sometimes, the only thing companies can do is be aware of their vendors and the connections to the institution so they can cut off further access and stop the breach from moving into its network.

“We see this time and time again with these ransomware events that happen, where it’s a … company nobody’s ever heard of,” he says.

Still, there are steps that financial institutions can take to shore up their defenses against intrusions. One area for executives to focus on is doing the simple things well, he says, like enforcing multifactor and device-based authentication and setting short timeouts for cookies on web browsers. While cybersecurity may seem overwhelming at times, small steps do help.

Kiah Lau Haslett is the Banking & Fintech Editor for Bank Director. Kiah is responsible for editing web content and works with other members of the editorial team to produce articles featured online and published in the magazine. Her areas of focus include bank accounting policy, operations, strategy, and trends in mergers and acquisitions.