Sadly,
professionals in the financial services sector are well aware and the attacks
keep rising up. The Financial Services Edition of the 2016 Vormetric Data
Threat Report, which surveyed 1,100 senior IT security executives at large
enterprises around the world. The report found that 90 percent (90%) of
respondents feel vulnerable to data threats, and 44 percent (44%) have already
experienced a data breach – with nearly one in five i.e. 19 percent (19%)
indicating they had experienced a breach in the last year.
This
just goes to prove the sentiment, ‘it’s not if you will get hacked, but when’.
To which we can add, ‘and how quickly you learn about it’.
Where should financial
services IT teams start in better defending their networks?
This
strategy can also be highly effective in the business world, specifically for
cybersecurity teams at large financial institutions. Cybersecurity
professionals who are able to step away from the defensive side of security and
think like a cybercriminal will likely be better prepared to put solutions and
strategies in place to protect their data.
#Infosec Received an Award last Night #Cybersecurity #windhoek #Cybercrimes - Felling very Proud & Happy!! @issamichuzi @KKazaura @SANSEMEA pic.twitter.com/4A1eFvShGg— YUSUPH KILEO (@YUSUPHKILEO) October 13, 2016
According
to Forster, Financial services IT professionals should ask themselves the
following questions to put them in the frame of mind of a cybercriminal in
order to better their defense:
What
industries should I attack?
With this information
they are able to pose as an employee to infiltrate the bank and commit theft.
By understanding the industries that are commonly attacked, and the ways
attackers try to get in, cybersecurity teams will be better prepared to put an
effective strategy in place and make the investments where necessary to match
the capabilities used by criminals."
Where are the
vulnerabilities?
As
the network expands, so does the attack surface. “With the proliferation of
mobile devices in the workplace, employees working from remote locations, and
more, today’s cybercriminals have more opportunities than ever before to find
ways into targeted networks. Additionally, when financial institutions acquire
a company to expand their presence, they typically acquire the disparate
technology that comes with it, often adding complexity to the organisation’s
security posture. All of these components equate to challenges that need to be addressed,”
points out Forster.
“However,
nobody knows the network and its vulnerabilities better than those who have put
it together in the first place. IT security professionals in financial services
should look for openings in their own defense via white hat hacking and
penetration testing. Since there isn’t a single piece of technology that will
be able to stop every threat, those cracks in the system that are both easy
access points and lead to sensitive data should be the ones focused on first.
Remember, cybercriminals are just human beings looking for the fastest and most
financially rewarding way to do their jobs.”
He
adds that it is also important to remember that employees are a part of the
system as well. “An employee who is uneducated about security can be just as
dangerous to data as any other digital or physical entry point. One way to test
for employee vulnerabilities is to simply conduct test attacks. Many CIOs will
send out fake phishing attacks to see if their employees will provide login
credentials or click on malicious links. If a high number of employees fail the
test, security teams know it is an area that demands added focus,” he says.
“Cybercriminals are always looking for new ways to penetrate networks. IT
security teams should be doing the same as well. By conducting threat
intelligence research, cybersecurity teams will be able to better monitor existing
vulnerabilities and identify new threats before they take hold within the
network.”
Best
practices for better security
Cybercrime
continues to impact on Africa’s financial sector – It is a plague that needs to
be faced and eliminated. Thinking ‘it won’t happen to me’ is a dangerous and
naïve mindset to have. Cybercrime happens across all industries, yet the
financial services sector in particular remains an attractive target.
Once
IT teams begin to act like cybercriminals they are better prepared to
proactively and offensively implement robust strategies to defeat attempts at
compromising their networks. Meaning :-
Identify weaknesses:
How do you address cloud and IoT vulnerabilities? Have your employees been
trained in safe email management and other everyday security issues? Utilise
penetration-testing services to find out where your greatest liabilities are
and start there.
Focus on compliance,
data privacy and regulations: The financial
services industry is so heavily regulated specifically because of the high
value of its data and dollars and the vulnerability of its customers and
clients. Violations can be expensive and destroy credibility. Conduct regular,
and even automated audits to ensure that all regulations are being met, and if
not, find solutions to quickly shore up these weak points.
Meet with the C-suite:
The role of the C-suite with regards to security has transformed. Cybersecurity
threats put a company’s finances and value at risk, and increase the need for
mature strategies to safeguard a company’s data, resources, reputation, and
brand. As a strategic business and risk management executive, the C-suite
should have significant oversight and guidance in these areas. They can no longer
be IT-only considerations.
Implement an end-to-end
security strategy that provides:-
1. Operational
visibility at scale. An effective solution should provide the ability to run
multiple security applications without degrading performance.
2. The
ability to integrate an adaptive architecture that’s designed to incorporate
multiple security vendors’ products to enable security against threats from IoT
to the perimeter, across the network, and into the data center - both on
premises and in the cloud.
3. Advanced
threat protection, which provides up-to-date defenses against the latest
attacks. Many of the recent data breaches have fooled or evaded legacy security
solutions.
4. Unified
threat intelligence and management. In this way, all components, networks and
other elements of the infrastructure, can be easily managed from one place.
For
the financial services sector, cybersecurity is one of the primary business
imperatives that firms must put front and centre to not only safeguard their
clients’ financial data, but to also serve as a business enabler and drive
innovation to stay ahead of the growing threat landscape.
Financial
services IT teams that think like cybercriminals will be able to take an
offensive approach to security. Understanding what makes the organisation an
attractive target, and how malicious actors will attempt to gain entry will
lead to a more secure network and reduce the number of costly data breaches
that impact the organisation. Implementing these best practices will enable
secure services that deliver the peace of mind that their networks are secure
and protected from even the most sophisticated attacks.
No comments:
Post a Comment