The research, which forms part of NJR’s cyber security report: how real is the threat and how can you reduce your risk, shows that 23 per cent of employees use the same password for different work applications and 17 per cent write down their passwords, 16 per cent work while connected to public wifi networks and 15 per cent access social media sites on their work PCs. Such bad habits and a lack of awareness about security mean that employees are inadvertently leaving companies’ cyber doors wide open to attack.
This research is supported by a report which incorporates the advice from fifteen experts in the field. Here, Tony Berning, OPSWAT, discusses effective threat detection strategies for the financial industry.
“Over the past few years, the financial industry has been moving towards more digitisation and greater accessibility, mostly due to the industry’s competitive nature. In retail banking, customers expect access to their accounts at all times, from any device that has access to the Internet. Banks are also offering more services than ever before, from digital deposits to money transfers, and any bank that does not offer these services will surely lose customers to competitors that do. Unfortunately, these new services provide an easy way for cyber criminals to attack financial institutions. Some of the threats affecting the financial industry have taken advantage of this digitisation trend by using multiple channels to extract funds that they have compromised.
Similar forces are driving commercial banking towards increased automation and connectivity. With the majority of trades of equity, currency and commodities now done via electronic exchange, transaction speed can make or break a trade. Automated algorithms now execute trades so quickly that the physical distance trade orders travel (at the speed of light), to reach trading platforms significantly impacts profitability. This focus on speed has pushed more operations to become automated with less focus on human interaction.
This combination of greater automation with more information being stored on interconnected networks means that financial institutions have more to lose if hit by a cyber attack. Because of the potential for large gains, malware developers have rapidly adapted their methods, creating new types of threats such as banking malware. There are many different attack vectors that need to be considered, as well as various strategies that attackers may use that need to be addressed.
For instance, some attackers may attempt to get information out of financial institutions, such as customer information, account numbers, etc that they can then use for financial gain. An example of this is the recent Shifu attacks on Japanese banks. Other attackers may be looking to compromise systems within an organisation and modify their behaviour to either move cash out or to create conditions that they can profit from. Other attackers may not have a financial motive at all, instead aiming to sabotage critical networks for geopolitical reasons.
When designing a data security policy, threats need to be addressed as part of a comprehensive program. The first step is to ensure that proper authentication is in place before conducting any transactions, such as multi-factor authentication to ensure that customers are who they say they are. After confirming their identity, it is still important to check all data in the transaction to ensure that the user isn’t unknowingly bringing in any malware. This can be done by defining a secure data workflow to detect and eliminate any threats.
Handling sensitive data is best addressed by keeping it within segregated networks that have limited access to outside networks, reducing the likelihood that the data can be extracted by any malware that has managed to compromise the secure network. A combination of secure data workflow policies and unidirectional transfer devices (data diodes) can be used to make sure that high-security networks stay appropriately isolated.
A regular security scan should be part of any financial institution’s security strategy. Advanced Persistent Threats (APTs) can stay in a network for long periods of time, avoiding detection and waiting to carry out an attack. ZeuS, one of the most persistent threats in the financial industry, has been around for almost nine years and is constantly adapting to compromise more systems. The Shifu virus has continued spreading as well, moving from Japan to the UK. Anti-malware engines are always updating their detection techniques and databases, so it is important to perform regular system scans and continue to check files for threats, even in secure networks that have been fully scanned before.
Financial institutions are at risk from cyber threats because of the large amounts of money they handle as well as the technological innovations they are making that leave them vulnerable to new attack vectors. It is crucial that these organisations consider the security implications of any new technology, in order to keep up with the evolving threat landscape.”
To read more useful and practical insights into topics including: How to assess the scale of your risk level; Managing the immediate aftermath of a security breach; How different sectors are affected, download the full report – http://www.norriejohnstonrecruitment.com/downloads/cyber-security/