Attacks On Financial Services Are Increasingly Sophisticated

Uploaded on 2020-07-14 in TECHNOLOGY-Hackers, NEWS-News Analysis, FREE TO VIEW

Phishing attacks, in which carefully targeted digital messages are transmitted to fool people into clicking on a link that can then install malware or expose sensitive data, are becoming more sophisticated, but the other main reason UK businesses are ‘up at night’ in terms of cyber security is because of untrained and malicious users. 

IT security has become more highly prioritised by organisations, due in some cases to increased threats and in other cases, tougher legislation and cyber attacks were found to be the joint second most cited risk to the stability of the UK financial system in a recent survey by the Bank of England.

Maintaining organisational security against cyber threats is a unique challenge of trying to hit an always moving target with a Tool kit that’s trying to keep up. Cyber criminals are focused on the targeted game; identifying specific industry verticals, organisations, and even individuals, and devising tailored scams and attacks to maximise success.

In addition, there are notable increases in frequency, sophistication, and scope of ransomware, phishing, business email compromise, and malware attacks.
 
Ransomware has grown to include data theft and extortion to increase the chances of successful attack. The use of deepfake audio is now being used to trick users over the ‘phone, and attackers are no longer satisfied with raking in thousands of dollars when millions are plausible.

The challenge for Information Security leaders is to establish and maintain a layered security strategy that protects the organisation and its users. But the ever-changing landscape of threats, attacks, and malware has some of them deeply worried.

Ransomware, phishing, business email compromise, and malware attacks are becoming greater in frequency, sophistication and scope.

As for compliance with data and related security regulations, the survey of some 200 UK organisations found US-based regulations HIPAA and SOX that have both been around for decades appear to be as much an issue for UK firms as newer regulations, such as the 2018 GDPR Which is the EU-wide new data protection law.

Almost every initial attack vector, emails, links, attachments, webpages, requires the interaction of a user, whether malicious and either negligent or unwitting.

As the survey put it, the executive management of UK firms is more concerned with strategy and any business disruption that may keep those initiatives from succeeding, while IT professionals generally concern themselves with a more tactical perspective around keeping the business running; hence by and large, IT staff concerns are misaligned with those of their executives.

Bank of England:     Professional Security:     KnowB4:         ITProportal:

You Might Also Read: 

Financial Executives Are Out Of Touch With Cyber Threats:

 

« US Companies Hit With A New Ransomware Campaign
Australia To Spend Another A$1billion On Cyber Security »

Go Cyber

Training that transforms behaviours
Click for a demo

Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

WEBINAR: How to improve threat detection and hunting in the AWS Cloud

Thursday, August 20, 2020 - Join SANS and AWS Marketplace to learn the exercise of applying MITRE’s ATT&CK Matrix to the AWS Cloud and how to enhance threat detection and hunting in an AWS environment

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tenable Network Security

Tenable Network Security

Tenable Network Security - Don't rely only on CVSS to prioritize. Use machine learning to predict what is most likely to be exploited.

BackupVault

BackupVault

BackupVault is a leading provider of completely automatic, fully encrypted online, cloud backup.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Optimal Risk

Optimal Risk

Optimal Risk is a specialist risk and security consultancy. Services include information security, cyber security and advanced cyber defence.

HackLabs

HackLabs

HackLabs is a penetration testing company providing services for network security, web application security and social engineering testing.

BeCyberSure

BeCyberSure

BeCyberSure is an independent cyber security consultancy working across the full spectrum of the ‘Information Security’ threat.

Bugcrowd

Bugcrowd

As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.

Asoftnet

Asoftnet

Asoftnet are specialists in IT security, IT forensics, IT service, websites, applications and mobile solutions.

Yaana Technologies

Yaana Technologies

Yaana is a leading provider of intelligent compliance solutions including lawful interception, data retention & disclosure, and advanced security analytics.

MarkMonitor

MarkMonitor

MarkMonitor is a leading enterprise-level domain registrar trusted by organizations globally to establish an online presence and protect domain portfolios.

Krypsis

Krypsis

Krypsys is an information security company with a focus on helping you defend your information and data against emerging security threats.