Cyberattacks against the financial industry have jumped by 238 percent in just the first five months of the year, VMware, Inc. Head of Cybersecurity Strategy Tom Kellermann said, testifying before a U.S. House of Representatives subcommittee on Tuesday (June 16).
“Cybercriminals are capitalizing on COVID-19, and they are doing so in tandem with the news cycle,” he said during the virtual hearing.
But Kellerman and other security experts advocated at the hearing for legislative measures, such as modernizing anti-money laundering (AML) and forfeiture rules and moving the Secret Service to the Treasury Department, to help combat the threat. They spoke before the Subcommittee on National Security, International Development, and Monetary Policy Tuesday.
While the sector is, for the most part, more secure than other verticals, it encounters the “world’s elite hackers,” Kellerman said. He recommended that AML and forfeiture rules be updated “to seize the virtual currencies and digital payments which are used in the cybercrime conspiracies.”
He also recommended that the Financial Stability Oversight Council (FSOC) be charged with “the responsibility to create a framework for regulating cryptocurrencies and developing guidelines for strong protections against money laundering and cybersecurity threats to those marketplaces.”
Additionally, Kellerman called for a tax credit to encourage firms in the financial vertical to set aside 10 percent of their information technology (IT) budgets at a minimum toward cybersecurity. The IRS could administer the credit, he noted, and the companies that receive this credit should also be encouraged to follow the NIST Cyber Security Framework.
In her testimony, Amanda Senn, the cybersecurity committee chair of The North American Securities Administrators Association and the chief deputy director of the Alabama Securities Commission, said that “history has shown us that opportunistic fraudsters will use COVID-19, as much as they have used other crises, to fleece mom-and-pop investors.”
Senn said a firm, which was purportedly based in California, “concocted account statements, promised significant returns, and failed to disclose its preposterous fee schedule, which the company claimed were being assessed due to the COVID-19 pandemic.”
In terms of legislation, Senn said NASAA supports the proposed Senior Investor Pandemic and Fraud Protection Act and the COVID-19 Restitution Assistance Fund for Victims of Securities Violations Act.
In addition, National Security Institute Founder and Executive Director Jamil Jaffer suggested that the Secret Service be moved to the Treasury Department from the Department of Homeland Security (DHS) and to give it further investigative authorities and resources, among other recommendations.
Jaffer cited reports that a Secret Service Internet feasibility study noted the move would bolster joint work in the Treasury and could reinvigorate its stature as a law-enforcement body. However, he noted that the move could negatively impact morale at DHS.
A similar view was shared by VMWare’s Kellerman, who had advocated for the passage of U.S. Secret Service Mission Improvement and Realignment Act of 2020 that “moves the Secret Service back to its original home at the Department of Treasury.”
Kellerman noted that the agency is renowned mainly for protection, but he pointed out that it also “performs financial, counterfeit currency and cybercrime investigations.”
A memo included with the subcommittee’s documents also pointed to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) work with the FBI and other agencies to pursue fraudsters looking to cash in on the pandemic — successfully recovering $300 million in COVID-19 related fraud — as an example of the widespread issue.
In addition, National Cyber Security Alliance Executive Director Kelvin Coleman said in his testimony that Congress “should consider making game-changing investments in cybersecurity awareness and education.” As those in the United States start to depend on telecommuting more, he noted that “bad actors will increase their malicious activities and target those working from home.” As a result, he said, Americans need to have information to keep themselves and their communities safe.
Earlier in June, the FBI warned the public to be cautious of cyberattacks as the use of banking apps rises because of restricted access to banks during the pandemic. It advised the public to be “cautious when downloading apps on smartphones and tablets, as some could be concealing malicious intent.” As of January, over 75 percent of Americans have utilized mobile banking to transfer money and cash checks.