Financial Institutions Face Increasing Cyber Attacks

Uploaded on 2015-06-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

p03.jpg

Increasingly sophisticated and devious cyber attacks

Cyber attacks on financial institutions have become so relentless in their frequency and severity, that the Federal Financial Institutions Examination Council (FFIEC) directed banks this past month to enhance their information security programs to better defend against attacks that compromise user credentials and deploy destructive software.
Recent reports indicate that bank information systems have been compromised, resulting in the theft of large volumes of user credentials – such as passwords, usernames, and other forms of authentication information. These attacks have taken several forms, including phishing (social engineering and technical subterfuge), malvertising (injection of malware into legitimate online advertising sites), watering holes (injection of malware into commonly visited web sites), and web-based attacks (targeting of systems and services that contain customer credentials). The stolen user credentials have been sold in online forums and used to commit fraud and identity theft.
The FFIEC also acknowledged that destructive software (malware) has compromised large quantities of data and rendered information systems inoperable. The malware has infiltrated systems through phishing emails, compromised external devices, and from unauthorized parties who have accessed systems without authorization with stolen user credentials. Due the damage caused by malware, the FFIEC stated “In today’s rapidly evolving cyber threat landscape… comprehensive resilience depends on the ability to identify and contain damage, recover data, and restore operations from a broader set of scenarios that include cyber attacks involving destructive malware on critical information systems or the institution’s underlying infrastructure.”
The FFIEC stated that financial institutions should consider taking the following measures to increase the security of their information systems and to better protect the data they process, transmit and store:
    Securely configure systems and services;
    Review, update, and test incident response and business continuity plans;
    Conduct ongoing information security risk assessments;
    Perform security monitoring, prevention, and risk mitigation;
    Protect against unauthorized access;
    Implement and test controls around critical systems regularly;
    Enhance information security awareness and training programs; and
Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.
JD Supra:  http://bit.ly/1LAizTV

 

« The Cybersecurity Company Helping Sony Fend Off Hackers
Cyberwars Between Nations Are Difficult to Prove »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IOActive

IOActive

IOActive serves as a trusted security advisor to the Global 500 and other progressive enterprises, helping to safeguard their most important assets and improve their overall security posture.

USNA Center for Cyber Security Studies

USNA Center for Cyber Security Studies

The mission of the Center for Cyber Security Studies is to enhance the education of midshipmen in all areas of cyber warfare.

Cyber Defense Media Group (CDMG)

Cyber Defense Media Group (CDMG)

CDMG is the leading global media group for all things cyber defense.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

CANVAS Consortium

CANVAS Consortium

The CANVAS Consortium aims to unify technology developers with legal and ethical scholar and social scientists to approach the challenges of cybersecurity.

Precise Biometrics

Precise Biometrics

Precise Biometrics develop and sell fingerprint software for convenient and secure authentication of people’s identity in mobile devices, smart cards and other products with fingerprint sensors.

Cyber Academy

Cyber Academy

Cyber Academy is one of the first institutions in the SE Europe region that provides a hands-on program in cyber security, blockchain and AI.

M2SYS

M2SYS

M2SYS is a worldwide leader in identification and authentication solutions.

Smart Protection

Smart Protection

Smart Protection are experts in brand and trademark protection - we fight against counterfeits and unauthorized usages of brands with machine learning technology.

ActZero

ActZero

ActZero’s security platform leverages proprietary AI-based systems and full-stack visibility to detect, analyze, contain, and disrupt threats.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

Badge

Badge

Badge authenticates you on-demand for every application, on any device, without storing any secrets.

Velotix

Velotix

Velotix empowers organizations to maximize the value of their data while ensuring security and compliance in a rapidly evolving regulatory landscape.

Vivid Computing Solutions

Vivid Computing Solutions

At Vivid Computing Solutions we provide comprehensive solutions that keep your business running efficiently and securely.

Cyber Solutions Inc

Cyber Solutions Inc

Cyber Solutions has been providing professional IT Support for businesses since 1998.