US prosecutors have just charged a Russian hacking group called “Evil Corp” with stealing $100 million from institutional and individual bank accounts over a decade.

The group uses malware – ‘Bugat’ – which uses keylogger software to collect personal and financial information and creates fake banking web pages where victims unwittingly enter their passwords. While some of the transactions were frozen after banks noticed they were unusual, many were not.

It is clear that banks are lagging behind in cyber security and their large, bureaucratic nature makes it difficult for them to keep up with the ever-evolving nature of cybercrime.

Should banks hire hackers?

"It's always important to have expertise in identifying, developing and implementing new approaches to fight financial crime," Dr. Richard Harmon, managing director of financial services at Cloudera, told Investor Daily.

"Obviously it is necessary to have safeguards and contingency plans in place with these 'experts' to reduce the firm's exposure, but many have been extremely helpful with several of our clients – including regulators."

Hackers bring a wealth of experience to the table that is often lacking in large institutions and can be an invaluable tool for identifying weaknesses in cybersecurity infrastructure.

But even though it sounds good, it's not that simple.

Regulations prevent banks in many parts of the world from hiring convicted criminals, and the hackers with the most in-depth knowledge of cybercrime are the ones most likely to have engaged in it. This eliminates a good amount of useful experience.

Hiring hackers also carries a number of reputational risks and can raise difficult questions if a security breach occurs.

However, there are many hackers who do not have criminal records. Some banks maintain in-house teams of penetration testers tasked with simulating attacks, and several groups offer an "ethical hacker" certification.

But if banks take the step of hiring hackers, they should only do so as a temporary measure.

"My personal view is that the value of this type of expertise will diminish over time as more advanced financial crime platforms are put into production," Dr Harmon said.

Dr. Harmon believes these financial crime platforms will be highly data-driven and use the latest advances in machine learning and artificial intelligence to monitor, detect and prevent criminal activity.

"Criminals are also constantly innovating, and criminal networks are widespread in their determination to identify and exploit business vulnerabilities," Dr Harmon said.

"Their ability to constantly evolve means new, dynamic approaches are needed to break the cycle of financial crime."