July 30, 2010 By Dan Lohrmann
"We need your help to stop online thieves."
This surprising message from many banks to their customer base is becoming more popular as online bank robbers are getting more sophisticated, patient and dangerous. Gone are the days when marketing brochures insisted that online accounts were just as safe as traditional banking with a teller. The new message seems to be: "We're in this battle together, so can you please lend a hand?"
USA Today's headline entitled: Banks seek customers' help to stop online thieves offered a fairly bleak assessment of current abilities to stop the bad guys - unless we all work together.
"Cyberattacks against individual online accounts have become so sophisticated and pervasive that the American Bankers Association (ABA) is now asking consumers to 'partner' with banks to keep cyberrobbers in check.
The banking industry wants consumers to monitor their online accounts for unauthorized transactions on a "continuous, almost daily, basis," says Doug Johnson, the ABA's vice president of risk-management policy. "
The article goes on to offer a scary story to illustrate the point that this has become the new normal in online banking. With 80% of US households now participating in online banking, this issue is very serious. More than that, this call to share the security load is a 90-degree turn, in my opinion. A decade ago, banks and other financial institutions insisted that the online risks were as low (or lower) than conducting your bank transactions at branch offices - with the convenience of staying at home and not waiting in line.
So does this issue affect government? Absolutely! Here's how.
Cybersecurity experts in government have been working with our banking partners for years regarding technology and processes for securing online transactions. We attend many of the same meetings and security conferences. We work with the same vendors. The banking industry has generally been leading cybersecurity activities, and they have often offered the way forward for online government. Bottom line, we are all in the same boat as partners.
I have seen several respected colleagues go back and forth between these two communities, such as Greg Garcia who went from US Cyber Czar at the Department of Homeland Security (DHS) to a senior executive position at the Bank of America working on identity management and cybersecurity. Other banking colleagues participate on the same panels at security and technology conferences such as RSA and GovTech South Africa.
Beyond security community interaction, we all know that more government transactions go online every day - involving citizens, businesses and other governments. For efficiency and customer service reasons, e-government has been hot for a decade and continues to get hotter in tough budget times. This trend is only accelerating online as services ranging from tax preparation for businesses to camp ground reservations for families are placed on the Internet. These services offered are the vital backbone for government technology professionals, and the scope of this issue is rapidly expanding.
So should governments follow the leading of banks? I predict that this will happen over time. In order to ensure the integrity of our online government processes, we will need to work end-to-end to secure online transactions. This means that consumers and providers will need to get involved. [One side note, many governments have offered end-user training for citizens, schools, businesses and more for years - such as Michigan's cybersecurity training .]
How fast will this new trend develop? What will be the next step(s)? How far will the banks go in counting on customers to help? Will government online transactions move to two factor authentication like European banks did years ago?
I'm not sure, but I think that our colleagues at US banks will continue to show us the way - since they are in the hottest part of this cyber battle. I do think that we'll be hearing more lines like "All Aboard!" when it comes to securing online transactions. So yes, it's back to training our children and neighbors.
What are your thoughts on this topic?
Building effective virtual government requires new ideas and hard work. Security professionals need to be enablers of innovation. From helpful Internet training to defending cloud computing architectures to securing mobile devices, Dan Lohrmann will cover what's hot and what's not in protecting your corner of cyberspace.