Q&A: Christopher Fielder on defending against the dark arts of cybercrime

In today’s interconnected world, cybersecurity is a critical concern for organisations globally. The finance industry, in particular, is a prime target for cybercriminals, who are 300 times more likely to attack this sector than any other due to the vast amounts of sensitive information handled, such as personal and financial data.

Cybercrime is growing at an alarming rate, projected to cost the global economy $10.5 trillion by 2025, reflecting a 15% annual increase. With increasingly sophisticated threats, understanding the strategies and measures necessary to protect sensitive information has become paramount for organisations worldwide.

On the sidelines of the Dublin Tech Summit, Bobsguide sat down with Christopher Fielder, Field CTO of Arctic Wolf, to shed light on these issues. With over 24 years of hands-on experience in cybersecurity across organisations such as the United States Air Force, the CIA, and the SANS Institute, Fielder is rightfully considered a veteran in the field. Over the past four years at Arctic Wolf, he has fully embraced the company’s mission to help organisations protect their data and networks around the clock.

Arctic Wolf provides managed cybersecurity services, including threat detection, risk management, and security monitoring. Unlike other cybersecurity firms, the company’s vendor-neutral approach aims to provide comprehensive security solutions across various environments, from endpoints to the cloud.

In this interview, Fielder discusses the key cyber threats in the fintech sector, the methodologies employed by attackers, and the proactive measures financial institutions can adopt. He also explores the dual-edged role of AI in cybersecurity and highlights often-overlooked questions that organisations should be asking to bolster their defences.

Which are some of the cybersecurity threats fintech companies are facing today?

One of the major issues we’re seeing across the board, especially in the financial sector, is related to identity and credential theft. Attackers are highly focused on capturing usernames and passwords because we’re in a transition period where not everyone is using two-factor or multi-factor authentication when they absolutely should.

But even for those who are, it’s not a fool proof solution. Take, for example, the Uber breach—despite having multi-factor authentication in place, they were still compromised because there’s still ways around it. When attackers obtain credentials, they gain access not only to user accounts and financial information but also the potential to set up phishing campaigns targeting others.

Credential harvesting and social engineering are major problems right now, especially in finance, where money is the main motivator for attackers. But how are they going to get access to more money and craft the best story? Here comes artificial intelligence. The rise of AI and tools like ChatGPT makes crafting convincing phishing emails easier, which makes these attacks harder to detect. AI can generate highly realistic emails that can trick users into divulging sensitive information or transferring funds.

What methods would an attacker typically use to carry out a successful cyberattack?

To carry out a successful attack, the attacker would start by identifying key personnel within the bank who have the most access—usually the CIO, the bank president, or an admin. LinkedIn is often used as a starting point because people by nature like to brag, so they often would share details about their roles there. From this information, the attacker might purchase credentials on the dark web or attempt spear phishing. Spear phishing involves crafting targeted emails that appear legitimate to trick individuals into providing their credentials. If direct phishing fails, social engineering techniques might be employed, such as calling the help desk with a convincing story to reset credentials.

For instance, an attacker might pose as an assistant to a high-ranking executive and claim that the executive is unable to access their account, persuading the help desk to reset the password. If these methods fail, attackers might resort to physical means, such as using weaponised USB drives. These drives look like ordinary USB sticks but are programmed to auto-execute and create a tunnel for the attacker when plugged into a computer. The attacker might leave such a device in a place where it’s likely to be found and used, such as a parking lot or near the target’s office.

Another method could be intercepting data over open Wi-Fi networks in places like coffee shops, where individuals might access sensitive accounts. There are many ways to gain initial access, and attackers are constantly innovating. Prevention is important, but it’s not sufficient on its own.

Given these threats, how can financial institutions ensure they don’t have vulnerabilities in their systems?

While prevention is crucial, sometimes it’s not enough. The best practice is to focus on detection and response. This means having a robust detection capability within your system, backed by skilled individuals who can monitor it for you around the clock, 365 days a year.  Hoping to avoid a car accident doesn’t mean I won’t get insurance, right? Similarly, you need people in your corner who can detect and oversee everything happening within your system.

These people should be able to identify and respond to unusual activities quickly. Having a solid response plan is essential because when a breach happens, time is of the essence. Immediate action is needed to prevent further damage, such as locking down systems and terminating network connections to stop data exfiltration. Again, we can hope that nobody gets in, but once they do, rapid response is vital. It’s about having the right people, processes, and technology in place to detect and respond to threats swiftly.

What are your thoughts on the role of AI and machine learning in cybersecurity? Are they more of a help or a threat?

Both. AI isn’t inherently good or bad; it’s merely a tool, and like any tool, it can be used for good or bad purposes. There’s a lot of hype surrounding artificial intelligence at the moment. Everyone seems to be talking about it, but how much of it is actually real? That’s still up for debate.

While AI has indeed tangible benefits in cybersecurity, it has also its downsides. Attackers are using it to find weaknesses more swiftly and to craft more sophisticated phishing emails. Large language models and generative AI, in particular, can also be manipulated to create vulnerable code or code with hidden vulnerabilities. Moreover, once data is fed into them, retrieving it becomes impossible, which additionally raises privacy concerns.

On the flip side, defenders are leveraging AI to detect vulnerabilities more efficiently, devise faster responses, and identify genuine threats amidst the vast amount of noise generated by alerts. Have you heard the term “needle in a haystack”? AI can help find that needle by sifting through the noise to pinpoint real threats.

So, AI’s impact depends on who’s using it and for what purpose. Is AI dangerous? It depends on the user. Is AI beneficial? Again, it depends on the user. It’s a double-edged sword that boosts both defensive and offensive capabilities.

Are there any common questions in cybersecurity you think people should be asking but aren’t?

A question that often comes up lately is about zero-day vulnerabilities. A zero-day is a vulnerability that no one knows about until it’s exploited. Many people are overly concerned about these zero-days, thinking they are the primary threat.

While zero-days are certainly dangerous, the reality is that your company, particularly if it’s a small to medium-sized one, most likely won’t be a zero-day target. Most cyberattacks exploit known vulnerabilities that haven’t been fixed. What we’ve discovered after analysing a year’s worth of attacks is that nearly all of them can be categorised into one of ten common vulnerabilities.

So, instead of worrying too much about a ‘zero-day apocalypse,’ focus on addressing your company’s known, straightforward, and easy-to-fix problems. By tackling these common vulnerabilities, you can significantly reduce your risk. There are no excuses for neglecting these basic security measures, especially nowadays, with so many available services and consultants out there ready to help at any time.

Final thoughts

Cybersecurity is an ever-evolving field that requires continuous vigilance and adaptation. Fielder emphasised the importance of a holistic approach to security—one that integrates advanced technology, skilled people, and proactive strategies to effectively combat the sophisticated threats that organisations face today.

• Read more under:
• BankingTech
• Cybersecurity