With cyberattacks becoming more sophisticated and debilitating, Canada’s major banks are choosing to fight fire with fire – by hiring other hackers to advise them on cybersecurity.
According to a 2017 report by Statistics Canada, 21% of Canadian businesses reported that they were affected by a cyber security incident that disrupted their operations. Of the various industries and businesses affected by the attacks, banking institutions reported the highest level of incidents, at 47%.
To combat cyberattacks, several of Canada’s biggest banks are turning to experts for help – specifically those with hacking experience.
“We’re doing it exactly how our adversaries would do it... So if we find a weakness or something like that, we can close it or address it before a real attacker,” TD Bank vice-president of cyber threat management Alex Lovinger told The Canadian Press.
Late last year, TD Bank established an in-house “red team” of ethical hackers. These ethical hackers are cybersecurity professionals who evaluate a computer network’s security by simulating an attack.
Other banks have introduced similar initiatives.
BMO is currently looking for a senior manager with a certification in ethical hacking. The responsibilities of the senior manager include managing a team of “network penetration testing” specialists.
ATB Financial is similarly looking for a “senior penetration tester” with ethical hacking experience.
The Bank of Nova Scotia has also established its own in-house “red team” of hackers as well.
“Scotiabank has used and continues to use third-parties to handle this penetration testing. However, because the volume of global cyber threats has significantly risen, the Bank wanted to have its own capabilities in-house and created its own red team this year,” chief information security officer Steve Hawkins revealed.
RBC has had in-house ethical hackers for some years already, and the bank has been increasing its cybersecurity budget and team each year to keep up with threats.
“We want to make sure that we are testing our defences to make sure they stay relevant,” said RBC vice-president of cyber operations and chief information officer Adam Evans.