The threats these companies are focused upon are not, in themselves, surprising. They cover security of devices, security of information networks, network management and back-up, artificial intelligence and machine learning, and unusual behaviours.
CB Insights notes the latest cybersecurity trends, opportunities, and startups to look out for include deepfake detection, armoured email and cloud native security.
Yet those lessons from the 90s - and earlier - still hold true. Criminal actors constantly change their behaviours and tactics. As financial institutions and their partners improve security at one level, criminals exploit another.
In the early days of payment cards, fraud shifted from “card present” - the use of fake cards - to “card not present” - where a transaction was by telephone or eventually online.
Once again, protocols evolved to better ensure the “not present” user was actually the bona fide owner of the card. This included the introduction of safeguards such as the card-specific card verification code (CVC) and multi-factor identification (such as confirmation by text message.)
Financial crime and prevention is a never ending arms race. As financial institutions, networks and regulators close off one avenue, the criminals - increasingly organised, networked and even state-backed - attack on a new front, typically adopting the latest technology for nefarious means.
It’s pertinent that one of the major hurdles facing Facebook’s proposed Libra cryptocurrency is how it can comply with anti-money laundering and anti-illicit funding regulation.
In the recent independent review of APRA, cyber risk was deemed an area where greater resourcing was necessary.
The review noted APRA’s capability did not match the risk and indeed APRA’s chairman Wayne Byres said on the release of the review “[regarding cybercrime prevention,] the skills are scarce and the risk is large”.
That is also acknowledged globally. Benoît Cœuré, a member of the Executive Board of the European Central Bank, said recently in a discussion of financial system risk the risk linked to cyberattacks was a new front.
“At the ECB, and elsewhere in Europe, we are paying close attention to this issue,” he said in a television interview. “We can't rule out the fact that the next financial crisis may come from a cyberattack on a big financial institution or a financial infrastructure. It's our priority to prevent this risk.
“Ask any company director; there are thousands of cyberattacks every day. We're being tested all the time, including at the ECB. It's part of being a company. But the financial system has weak points - there are systemic infrastructures that could be targeted by cyberattacks.”
Cœuré noted the bank also experienced “thousands of small (attacks) every day”.
But the cyber arms race is only one realm of the never ending battle where sophisticated enemy is pitted against sophisticated institution.
There is also an enormous challenge when the conflict is asymmetrical - when the criminals are smarter and better resourced that the targets.
Just as we have seen through the history of financial crime, criminals adjust their attack to focus on weakness. And one of the new areas of weakness comes not when the criminals manage to breach defences; it is when they are invited in.
Why go to the trouble of assaulting better and better barriers when a victim will invite you around to the back door and just let you in?
Thus fraud is increasingly shifting from unauthorised transactions to authorised ones. These include romance and fishing scams - digital versions of Ponzi schemes - a vast and growing front where the victims (until they finally realise what is happening) are willing.
Andrew Cornell is managing editor of bluenotes