Battelle helps bank in fighting cybercrime

Tim Feran, The Columbus Dispatch

Banks increasingly have been the targets of criminals whose faces don't show up on security cameras.

Battelle now is being tasked with taking on the fight against cybercrime.

The Columbus-based research institution has landed a three-year contract to help an international bank beef up its cybersecurity, a first step toward commercializing the research giant's capabilities in that area.

Battelle would not divulge financial details nor the name of the financial institution, given the nature of the business, but will assign about seven full-time analysts to serve the client, said Ernie Hampson, Battelle's director of cyberintelligence and counterintelligence.

Under the new contract, Battelle will work closely with the bank's security analysts to identify and assess risks to both the bank's customers and the institution's back office, not only cyberthreats but more-traditional physical threats, Hampson said.

Although such attacks affect the functioning of banks' back offices, and therefore have typically cost them tens of millions of dollars this year, their effect on customers is even more significant, Hampson said.

"There are certain businesses that require frequent and constant online access," Hampson said. "You have real customers losing real money. So the ability to detect and avert those types of attacks has great benefit to their customers."

That point - keeping customers satisfied - has turned out to be a more-important goal for banks than avoiding a loss of money, Hampson said.

"We were with a client last week, and he said he was less concerned with financial loss - because the bank covers that," Hampson said. "They're really more worried about losing customers. Our ability to help shore up customer confidence is what's most important to them."

That confidence has been shaken by the growing number of cyberattacks.

"This past year, there was an increase in the number of cyberattacks and also an increase in the velocity - 10 times the number of denial-of-service attacks from previous years," said Doug Johnson, vice president of risk-management policy at the American Bankers Association.

"Protecting a bank's back office has always been job one, because if we don't have our internal operations secure, then we can't offer safe and secure service to our depositors," Johnson said.

In 2013, such banks as Bank of America, JPMorgan Chase & Co., Wells Fargo & Co., PNC and SunTrust Bank were hit by denial-of-service attacks that flooded their websites with communication requests. Those attacks were designed to cause access delays for legitimate Internet customers.

The contract is important to Battelle as a way to commercialize its cyber-innovations group, which to this point has provided post-9/11 analysis and threat warnings to the government, Hampson said.

Although the financial industry is the first in the private sector to see the fruits of Battelle's expertise, "we're looking at other sectors that have critical infrastructure - oil, gas, electric - and pushing out from there. Really, any enterprise that has a significant cyberthreat against it."