Attacks On Financial Services Just Keep Going Up

Uploaded on 2019-08-16 in FREE TO VIEW, BUSINESS-Services-Financial

Cyber attacks being carried out on across an increasing range of ectivities -political campaigns, cities and towns, hospitals and consistently on financial institutions.  What is most interesting about these incidents is two-fold: 

First that organisations are still leveraging traditional or outdated cybersecurity approaches in an era where cyber-attacks have become so incredibly complex. Second how people, organisations and governments respond and aren’t properly learning from them. 

The former can be addressed much more quickly than we all think, but the latter unfortunately seems to be lagging behind.

Don’t blame the Cloud
Several organisations in the financial world have made the transition to the cloud in some way shape or form. And when you hear about high-profile breaches in the industry there are very legitimate and valid reasons to be concerned about taking this step if you’re a key decision-maker. 

But this hasn’t stopped financial institutions from using public cloud due to increased reliability, scalability, and yes, even enhanced cybersecurity.  Many companies now find it easier to meet cybersecurity needs and adhere to compliance than in their own data centers, i.e. a private cloud environment, so while a lot of the attention is on “using the public cloud” as the culprit, it is much more complex than that.

We need Zero Trust
The real issue here is that no organisation, company, business, or government is ever truly safe or able to prevent a breach, the problem lies with somewhat dated approach and mentality. We need to adopt an 'assume breach' mentality, which essentially takes our traditional understanding of cybersecurity and flips it on its head: you must assume that you will be breached, because it’s a when, not an if. When you start from a worst-case scenario and work your way back, you’re better suited to address it when it does eventually happen. 

The bottom line is that you can’t rely on status quo cybersecurity measures within your network. Firewalls are no longer a viable answer to defense, especially in the cloud, as perimeter-based networks operate on the assumption that all systems and users in a network can be trusted. 

This is what the industry refers to as Zero Trust, it’s a concept that’s centered on the belief that nothing inside or outside of your network perimeters should, or can, be trusted. While you may not always be able to stop an attacker from getting in, you must make it incredibly hard for them to move around once they do. 

Decoupling Security Segmentation from the Network
Software-defined networking (SDN) has been all the rage these days and while it does solve a lot of network problems, unfortunately security is not one of them. SDN has limitations in that it is tethered to the infrastructure and is designed for reliable packet delivery, not for enforcing the security of what should and should not be allowed between two points on the network. 

Data and applications need to be secured where they live and in order to do that, security needs to be decoupled from the network and access must move from implicit allow to default deny. 

By decoupling enforcement from the actual network infrastructure, fine-grained policy is achieved within the compute without requiring access to anything except the workload itself, something that is available across all cloud providers.  Because the decoupling approach is completely agnostic to where an organisation runs its applications, bare metal servers, virtual machines, or containers in an on-premise data center or in any public cloud, this presents one micro-segmentation solution that works for all active applications regardless of where they are running. 

Learn from the Past and move Quickly
If organisations continue to focus on outdated cybersecurity methods, approaches, and policies, these types of attacks will undoubtedly happen again.Wwith cyber-attacks on the financial industry happening 300 times more frequently than other industries, Zero Trust is the only way forward. 

Cyber Defense Magazine:               Image: Nick Youngson

You Might Also Read:

The Financial Services Industry Just Does Not Get It:

 

 

 

« Airlines Think Biometrics Will Improve Passengers' Experience
US Releases Malware Linked To N. Korean Hacking Group »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

TBG Security

TBG Security

TBG provides a portfolio of services including cyber security, compliance and continuity solutions.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

Barracuda Networks

Barracuda Networks

Barracuda provides a range of solutions covering network security, data storage, protection and disaster recovery.

Cura Software Solutions

Cura Software Solutions

Cura Software Solutions (formerly Cura Technologies) is a market-leader in Governance, Risk and Compliance (GRC) enterprise applications.

Aviva

Aviva

Aviva provides Cyber Liability cover for small to mid-market customers to help combat the threat of data and privacy breach.

Information Network Security Agency (INSA)

Information Network Security Agency (INSA)

INSA's vision is to realize a globally competent National Cyber capability which plays a key role in protecting the national interests of Ethiopia.

Hedgehog Security

Hedgehog Security

The key objective of Hedgehog is to provide simple, effective and affordable information security improvements that support your drive to increase productivity and profitability.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

Cybersprint

Cybersprint

Cybersprint's Digital Risk Protection platform continuously monitors your digital footprint so you can make informed decisions on exposure to online threats, identify vulnerabilities and take action.

Firedome

Firedome

Firedome's tailormade solution for IoT companies is designed to proactively prevent, detect, and respond to inevitable vulnerabilities in connected devices.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

Cloudsec Asia

Cloudsec Asia

Cloudsec Asia is Thailand's top-ranked cybersecurity consultant company. We offers security services to ensure that all your IT assets are reliable, accessible, and secure.

Josef Ressel Centre for Intelligent & Secure Industrial Automation

Josef Ressel Centre for Intelligent & Secure Industrial Automation

The Josef Ressel Centre for Intelligent and Secure Industrial Automation investigates the fundamentals of digital assistants for industrial machines that enable intelligent and secure operation.

CyberloQ Technologies

CyberloQ Technologies

CyberloQ Secure is a cybersecurity solution that enables clients to implement highly robust Multi-Factor Authentication (MFA) that includes client-defined location-based geofencing constraints.

Resemble AI

Resemble AI

Resemble AI is an innovator in Generative Voice AI technology and tools to combat AI fraud including audio watermarking and deepfake detection.