Tag Archives: VMware

Why Financial Industry Needs To ‘Get Real’ About Cyber Security

Why the Financial Sector?

Within the global sector of cyber security, the two major areas that are constantly under attack are financial and governmental. Financial organizations that hold consumer data, in particular those that provide financial services to retail and commercial customers, including banks, investment companies, real estate firms, retail banking and insurance companies, are an obvious target for the simple fact that this is where the money is. At the end of the day, unless an attack is of a personal nature, in which the reputation of an individual or business is targeted, monetary assets are the endgame.

Now imagine a cyber threat the same as you would a burglar walking down the street. When a thief leaves their home, they do not necessarily know what they are going to target, unless they have done some reconnaissance and are after something specific. In most cases, however, the target itself is not premeditated. And a house which is more vulnerable and has less defences, will always be the first point of call. Given the choice between a house with an open window and lights out, and a house with attack dogs, security cameras and search lights, nine times out of ten a burglar will take the opportunity to infiltrate the house with the open window. Why? Because it is easier and quicker to break into this house successfully.

Image result for cyberattack

The same applies within the finance industry. If there is a vulnerability, it will be the first target. In response, banks and financial institutions require tailored and sophisticated security to support their systems and people, and to defend against an onslaught of complex and aggressive cyber-attacks. Not only must security compliance within the financial sector be tenfold, but it is essential that security precautions evolve, to mirror the growing threat landscape.

But as new cyber threats develop daily, this is easier said than done.

Anti-Fraud Systems 

To uphold compliance, and elements such as GDPR, antifraud systems within the finance industry have developed significantly over the last few years to safeguard credentials. To do this a combination of key codes, two factor authentication, voice ID, behavioral analysis, one-time passcodes, protective messaging, and digital fingerprinting have been widely integrated.

In fact, if you look at the document, ‘Comparison of banking providers’ fraud controls’, from the Financial Conduct Authority (FCA), the majority of banks use a combination of these systems. With organisations including the Bank of Scotland, First Direct, Halifax and HSBC, using touch identification. An element that would seem almost impossible to recreate virtually.

But cyber criminals have a concerningly accurate knowledge of the internal workings of banking and banking systems. And, in 2019, an arena known on the dark web as Genesis Market was uncovered. Within Genesis Market, digital fingerprints, stolen from PC’s, were/are sold. And, with each fingerprint, a user’s digital identity provides the means to bypass security measures and gain access to accounts.

According to darknetstats, Genesis Market is accessible by invitation alone. Once in, not only are fingerprints available, but so are passwords, credit card information, cookies and more.

Captain Kirk eye scanned in Wrath of Khan.
Admiral Kirk retina scan in progress. Star Trek 2: The Wrath of Khan

It is no wonder that retina scanners are developing in the biometrics/banking sphere.

Internal Threats

It can be argued that the reason why many cyber criminals know so much about the inner workings of financial organisations is because, at one point or another, many worked legitimately within the industry. Internal teams pose as much of a threat as external attacks. In every Bond film there is always an insider guy.

Sean Bean Thomas Mason Ludlow Solid Shirt from GoldenEye | TheTake | Sean  bean, Ludlow, Image
The Insider guy in 1995’s James Bond film GoldenEye. Alec Trevelyan (006), aka Janus.

But whether an attack is malicious or accidental, internal security breaches are regular occurrences. Which us why User Behavior Analytics is crucial to understand the actions within a team, and to highlight and stop unusual activity before the damage is done. 

Another element that is important to recognize with regards to internal threats, is that many employees/insiders are completely unaware that they are a threat in the first place. Take, for instance, an employee working remotely. This employee may be sat at a local café where they decide to work on a company device. If this device was unknowingly hacked while using a different Wi-Fi, the user may be completely unaware that they are spreading malicious malware via their device throughout the company.

Ransomware

Say a crime group has gained access to personal accounts. The next logical step is to blackmail the victim/organization via ransomware. Unfortunately, as a public security breach would cause mass panic and many potential lawsuits, banks will often pay off cyber criminals into an anonymous cryptocurrency account, rather than lose client data. Crime groups know this.

Sometimes victims speak out, but this does not always end well.

Take Travelex, the currency exchange company, for instance. Following an attack by a Sodinokibi ransomware in January, $6 million usd was demanded in exchange for 5GB of personal data. Since the attack, Travelex has fallen into administration, with PwC saying that the ‘foreign exchange firm was acutely impacted by COVID and the recent cyber-attack.’

Dubai Airports extends Travelex foreign exchange contract for five years -  The Moodie Davitt Report - The Moodie Davitt Report

For financial organisations, ransomware can and will destroy a whole business. And, if they lock you out of an account, you are finished.

App Developments

Apps surrounding investment and finance have grown substantially in 2020. This, in part, is a good thing, as the ability to invest online is quick and easy, and accessible to all. But due to the demand, many of these apps were developed quickly and are underprepared for cyber-attacks.

For instance, many do not provide two-factor authentication, are not supported by the appropriate regulations, are not patched or maintained properly, and do not have contingency plans in place to mitigate the effects of a cyber-attack. As a result, personal information of app users is relatively easy to steal and sell. This can be done by creating duplicate fraudulent apps to trick the user. On these duplicate apps, the imagery and language of the genuine app is mirrored. And, once the personal information is supplied, both real and virtual money is then accessible. Thus, the circle of ransomware ensues. 

COVID-19

Another element to take into consideration over the past two years and counting is, of course, COVID-19. According to an article by ComputerWeekly, ‘what has been referred to as an “unprecedented anomaly”, cyber criminals were and to some degree still are increasingly targeting the financial services sector during the Covid-19 coronavirus pandemic, with attacks on banks and other financial institutions spiking by 38% between February and March of 2020 to account for 52% of all attacks observed by VMware’s Carbon Black Cloud.’

COVID-19 has altered cyber security on a global scale and in every vertical.

Third-Party Risk

These days, few organisations work on their own. The majority use third parties, including vendors, partners, e-mail providers, service providers, web hosting, law firms, data management companies, subcontractors and so on. With regards to many of these, from IT systems to sensitive information shared with legal teams, these third parties could easily be a backdoor into your financial systems for attackers to infiltrate.

According to Ponemon Institute, ‘53% of organisations have experience one or more data breaches caused by a third party, costing an average of $7.5 million to remediate.’ For a large organisation, this can be crippling. And can wipe out a small organisation in a matter of minutes.

To manage third parties, financial organisations must have the ability to detect threats, and the capability to respond to them. Which requires the right combination of people, processes, and technologies.

But half the battle is locating vulnerabilities in the first place. Which is why cyber resiliency needs to be sharp, and why investing in the best managed security services is essential. From Firewall Management, to Decoy Deception and Honeypots, it is important to know what services will support an organisation best. This will depend on factors including location, company size, current security measures and more.

Considerations

Cyber threats will continue to grow into 2023. That much is clear.

Financial organizations have either already tackled a cyber-attack, will tackle one in the very near future, or may be a target of one currently, but are simply unaware of the fact.

Effective security comes down to three key elements. Processes, people and technology. Processes must run seamlessly alongside the organisation. Security experts must have the capability to detect, react and understand the context of a risk. And the technology must be superior, to keep up with cyber threats.  All elements are equally as important, and you must have all three to ensure security.

In times like these security measures are more crucial than ever. Especially for those within finance. So that our life savings are secure, the security of our loved ones is maintained, and the livelihoods of those employed within the financial world continues. Contact SecurityHQ for a free consultation to learn more. For the Silo, Eleanor Barlow.