[BreachExchange] A cyber attack which should serve as a warning to the financial service industry

[Audrey McNeil]

http://dofonline.co.uk/2017/12/05/cyber-attack-serve-
warning-financial-service-industry/

The Financial Conduct Authority (FCA) has announced plans to investigate
Equifax following the recent cyber attack on the business. As many as
694,000 UK users were affected, a number that rises beyond 143 million when
US customers are included. Although Equifax has welcomed the investigation
to “learn the lessons from this criminal cyber attack”, the incident serves
as a warning to the financial services industry that cyber criminals are
implementing increasingly intelligent ways of outsmarting IT systems.

The truth is that firms in this sector have been facing cyber-attacks for
decades, as this industry is especially attractive for criminals who are
looking to access financial data. After all, the data being held on these
systems not only includes client’s financial and personal details, but also
information about the firms as well. It is undoubtedly difficult for banks
and financial institutions to continually defend against the constant cyber
attacks they face, but IT security must be considered a priority when it
comes to budgets.

Why are banks such easy targets?

The biggest reason that criminals target banks is obvious: money.
Financially-motivated cybercrimes account for three quarters of all
reported security breaches. This is an issue, with many firms
underestimating the importance of cybersecurity. With budgets being
evaluated more critically than ever in an effort to reduce costs, financial
firms can find themselves working with substandard defences.

In addition, the computing systems of financial firms are not only
incredibly complex, but can include outdated legacy systems. This creates a
good opportunity for cyber criminals to target various parts of the
communication and transactional systems within these organisations. The
individuals behind these attacks understand that bypassing standard
controls can provide them with access to the back-end systems, which can
lead to a huge loss for the firm and a major gain for the fraudsters.

Without a doubt, cyber criminals have become more patient and more
intelligent over the years, especially when they’re financially motivated.
Some hackers will watch an organisation for months, sometimes even years,
to establish where the vulnerabilities are in its systems are.

What methods should be used to improve cyber security?

Ensuring that IT systems are up to date with the latest software is crucial
for any firm, but for banks and other organisations that hold enormous
amounts of data, this is even more important. It is still common practice
in many companies to allow access to their systems via a password alone,
which is unacceptable from a security standpoint. The weakness in
password-only protection is widely known, yet it is still being ignored.
Whatever the reasoning behind this decision, it is dangerous and leaves
organisations highly vulnerable to cyber-attacks.

ISO 27001 is a global and solid standard that can help greatly in relation
to IT security in general, as it enables financial institutions and any
other businesses to identify what risks there are to their operations and
then assign controls to prevent or minimise the likelihood of them from
occurring. The assets, risks and controls are then reviewed continually,
creating a living standard that ensures continuous improvement.

The senior leadership also plays a huge role when it comes to cyber
security. Rather than placing blame solely on the IT team, the C-level must
take full responsibility both when determining a cyber security strategy
and in the event of a security breach. Senior management also needs to
communicate with employees at all levels in order to understand what the
risks are and how the firm can work together to prevent these attacks from
happening.

How can staff help to keep IT systems safe?

All members of staff need to know the IT basics as a minimum, no matter
what part of the business they may be working in. Most data breaches often
occur internally because an employee failed to notice a potential threat to
the firm, such as not knowing they were opening an email that contained a
virus or a dangerous website link.

Social engineering has always been one of the most effective way to breach
a system at its core. It’s not uncommon for a fraudster to ring up a
company pretending to be an IT technician in order to convince the employee
to handover their login details. In this scenario, the employee who
provides these details will essentially be giving the attacker full access
to the firm’s network and confidential files. It is therefore vital to
train staff in how to identify and handle these communications.

This first line of defence is essential for the financial services industry
to protect their data. These individuals are the ones who will be able to
spot, block and prevent a security breach in the future. Equifax is a
wakeup call, and it’s time for firms to start responding.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171207/ac2c2494/attachment.html>