Cyberthreats in the financial sector
Financial services industry has become one of the most targeted sectors by the cybercriminals. Financial institutions are exposed to an increasing number of cybercrime attacks such as financial fraud, identity theft, loss of data – all of it a result from use of more and more sophisticated cybercrime techniques, which are very hard to keep up with. Permian would like to present the most common technology threats to help you understand the risks and implement the right defences for your business. In the following up article, we will focus closely on the most common techniques used by the cybercriminals to gain access to our systems. Stay tuned!
Today, with all the financial institutions and service providers to the financial sector storing and processing a vast amount of confidential data daily; new systems implementation; cloud & mobile computing; Internet usage- it has never been easier for the sensitive data to fall into wrong hands.
Outlined below are the most common technology threats to the financial industry, which companies should be aware of (According to McAfee Lab):
McAfee Lab predicts the top threats in 2017 to be as follows:
- Hardware– It is impossible to operate in today’s business world without a number of electronic devices, which perform critical functions in areas such as telecommunication for example. It is important to keep in mind that any on the devices used in our business (and daily life) could be equipped with a software serving as a backdoor to our servers and databases.
- Ransomware– a major and rapidly growing threat in the business world. Viruses and banking Trojans (a malicious program used to acquire sensitive information about customers and clients using online banking and payment systems), remain the top malware threats.
- Application vulnerabilities- there is a number of software application being used every day by our employees, which can serve as a backdoor to our businesses. According to McAfee Lab’s research, Adobe Flash is one of the most attacked product. Second in line is Adobe Reader, followed by Internet Explorer, Microsoft Office package’s applications, Windows OS and Oracle Java products.
- Payment Systems– Up until now, credit card transactions were the most attacked payment mechanism. Now, however, the game is changing. With the growth in alternative payment methods, such as mobile payments to start with, the array of attack sensitive environment have multiplied, giving cyber criminals many ways to our bank accounts.
- Attacks through employee systems– Getting into the company via employees outside of the protected network is nothing new. Connecting work’s laptop from home, coffee shop or a hotel can give an easy access to your corporate datacentre. Cybercriminals are all aware of these vulnerabilities, and are able to attack your employees at home or while travelling. There are also risks introduced by allowing employees to bring their own devices to the office, which can serve as easy access points to corporate data rooms.
- Cloud services – we all love cloud-based solutions for the convenience of conferencing, cost effective data storage and ability to connect with anyone and anytime. What is alarming, however, is the amount of confidential and sensitive data that is being shared on these services and platforms, which is making them very attractive to the cybercriminals. We should always be aware of the risks of having someone invade our systems and do our utmost to protect them from hacking
- Wearables (Internet-of-Things)– we are living in the times where everything becomes “smart”. Whether it is TV, watches, fridges, or even homes- they can all be a target-rich environment for attackers, who want to get access to our company’s servers. What is especially valuable for the criminals, is the connection of such devices to our mobile phones (often through Bluetooth, which is a very get into line), and from there, to the employees’ mailboxes full of sensitive information.
For many institutions, IT security means an access control policy, a firewall and a stringent anti-virus software. Unfortunately, in the time of a robust technology development (such as wearable devices, cloud computing etc.), firewalls and anti-virus platforms are no longer enough. For the financial institutions, who are handling a lot of sensitive data, this means that there is an increased likelihood of the financial authorities gaining more rights to audit security levels and apply high administrative fines on those who don’t comply with regulatory demands. Firms should now consider having specific and robust policies and procedures to address cybersecurity threats they are exposed to via the new technologies of today’s business world.