U.S. banks, already troubled to put in place the alliances necessary to operate in Asia and other parts of the world, have even more to worry about in light of investigators' allegations that North Korea played a role in the cyber attacks on Swift partner banks throughout Southeast Asia as well as the Bangladesh account at the New York Federal Reserve Bank.
Even though banks in the U.S. and Europe have not been direct targets of this particular incident so far, they must put their global partnerships under the microscope to make sure they are not vulnerable to government-backed attacks.
Banks are in a particularly sticky situation because nation-state attacks are difficult to police, with slim chances of someone being brought to justice for the damage, said Adam Laub, senior vice president of product marketing for financial security vendor STEALTHbits Technologies.
"This latest event is just another example of how handcuffed everyone involved in the equation actually is," Laub said. "Nation-states are fighting a cyber war against each other, as well as against private institutions. The nation-states can barely defend themselves against each other, so what chance do private institutions really have?"
The best option is for banks to "fortify" by going beyond protecting their perimeters by focusing more intently on protecting the data and privileged credentials, and educating end users on how to recognize and avoid the most common points of compromise, Laub added.
There was speculation about North Korea's involvement in a nation-sponsored attack on financial institutions for weeks, but more firm evidence comes into focus at the same time the Society for Worldwide Interbank Financial Telecommunication, or Swift, is encouraging partner banks to individually bolster their security. Swift operates as the international financial messaging and standards cooperative.
Symantec researchers reported finding evidence that an attack on a bank in the Philippines is linked to another on the Tien Phong Bank in Vietnam, both of which occurred late last year. The same type of coding used in these attacks was seen only in the Sony Pictures breach of December of 2014 — attributed to North Korea — and again in the Bangladesh account hack, the researchers told The New York Times.
"This situation is alarming," said Nancy Atkinson, wholesale banking expert and senior analyst with Aite Group. "Because all banks are systemically connected in order to facilitate exchange of funds globally, the weakest link endangers all banks, which is why Swift acknowledges responsibility to ensure that banks connecting with them are adequately secure."
U.S. banks seeking to do business in Asia may do so through correspondent relationships with some of the larger banks in that region. They also enter smaller partnerships for specific products or access to certain markets. Banks can be "systematically connected" through correspondent banking relationships, service bureaus or — eventually — blockchain platforms, Atkinson said.
Given the current climate for global cybercrime, banks seeking smaller bank partners in other countries "will increase their level of due diligence," Atkinson added.
The troubling events will "absolutely affect" how larger banks deal with the smaller, less mature banks in Asian markets, said Ryan Stolte, chief technology officer and founder of financial security vendor Bay Dynamics.
"The North Korea connection is just a catalyst at best," Stolte said. "If that is true, soon enough all potential adversaries will pick up on the trend."
That trend is one of more powerful adversaries attacking more vulnerable connections to bank networks, often using the supply chain as an entry point, Stolte said.
"This has been a very big emphasis for financial services organizations to address, but until now it has been localized to some degree," he added.
Rather than focusing on attacking companies to obtain consumer data, attackers are now seeing the gold mine that exists in infiltrating the business-to-business ecosystem through financial partners and networks, Stolte said.
In introducing its new five-step security plan this week, Swift called for banks to improve information sharing amongst global banks, stronger security requirements for customer-managed software, developing security audit frameworks, supporting payment pattern controls and incorporating certification requirements for third-party providers.
Since the breaches occurred, Swift CEO Gottfried Leibbrandt has assured banks that the Swift platform and messaging framework have not been compromised.
Still, the Brussels-based cooperative has been under scrutiny regarding the breaches and what role it should have in helping global banks engage in stronger security measures.
Swift did not respond by deadline to the allegation that North Korea is responsible for the hacks into Swift member banks, and how it might affect banks' future interactions.
"We are living in interesting times, indeed," Aite's Atkinson said. "I expect alliance and partnership formations will slow dramatically and take extended periods of time for the extra due diligence required."