Attacks On Financial Services Just Keep Going Up

Cyber attacks being carried out on across an increasing range of ectivities -political campaigns, cities and towns, hospitals and consistently on financial institutions.  What is most interesting about these incidents is two-fold: 

First that organisations are still leveraging traditional or outdated cybersecurity approaches in an era where cyber-attacks have become so incredibly complex. Second how people, organisations and governments respond and aren’t properly learning from them. 

The former can be addressed much more quickly than we all think, but the latter unfortunately seems to be lagging behind.

Don’t blame the Cloud
Several organisations in the financial world have made the transition to the cloud in some way shape or form. And when you hear about high-profile breaches in the industry there are very legitimate and valid reasons to be concerned about taking this step if you’re a key decision-maker. 

But this hasn’t stopped financial institutions from using public cloud due to increased reliability, scalability, and yes, even enhanced cybersecurity.  Many companies now find it easier to meet cybersecurity needs and adhere to compliance than in their own data centers, i.e. a private cloud environment, so while a lot of the attention is on “using the public cloud” as the culprit, it is much more complex than that.

We need Zero Trust
The real issue here is that no organisation, company, business, or government is ever truly safe or able to prevent a breach, the problem lies with somewhat dated approach and mentality. We need to adopt an 'assume breach' mentality, which essentially takes our traditional understanding of cybersecurity and flips it on its head: you must assume that you will be breached, because it’s a when, not an if. When you start from a worst-case scenario and work your way back, you’re better suited to address it when it does eventually happen. 

The bottom line is that you can’t rely on status quo cybersecurity measures within your network. Firewalls are no longer a viable answer to defense, especially in the cloud, as perimeter-based networks operate on the assumption that all systems and users in a network can be trusted. 

This is what the industry refers to as Zero Trust, it’s a concept that’s centered on the belief that nothing inside or outside of your network perimeters should, or can, be trusted. While you may not always be able to stop an attacker from getting in, you must make it incredibly hard for them to move around once they do. 

Decoupling Security Segmentation from the Network
Software-defined networking (SDN) has been all the rage these days and while it does solve a lot of network problems, unfortunately security is not one of them. SDN has limitations in that it is tethered to the infrastructure and is designed for reliable packet delivery, not for enforcing the security of what should and should not be allowed between two points on the network. 

Data and applications need to be secured where they live and in order to do that, security needs to be decoupled from the network and access must move from implicit allow to default deny. 

By decoupling enforcement from the actual network infrastructure, fine-grained policy is achieved within the compute without requiring access to anything except the workload itself, something that is available across all cloud providers.  Because the decoupling approach is completely agnostic to where an organisation runs its applications, bare metal servers, virtual machines, or containers in an on-premise data center or in any public cloud, this presents one micro-segmentation solution that works for all active applications regardless of where they are running. 

Learn from the Past and move Quickly
If organisations continue to focus on outdated cybersecurity methods, approaches, and policies, these types of attacks will undoubtedly happen again.Wwith cyber-attacks on the financial industry happening 300 times more frequently than other industries, Zero Trust is the only way forward. 

Cyber Defense Magazine:               Image: Nick Youngson

You Might Also Read:

The Financial Services Industry Just Does Not Get It:

 

 

 

« Airlines Think Biometrics Will Improve Passengers' Experience
US Releases Malware Linked To N. Korean Hacking Group »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Malta Information Technology Agency (MITA)

Malta Information Technology Agency (MITA)

MITA is the central driver of Government Information and Communications Technology (ICT) policy, programmes and initiatives in Malta.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

The Data Privacy Group

The Data Privacy Group

The Data Privacy Group provide expert professional services underpinned by world leading automation tools and a consulting team specialized in privacy and data protection.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

ForAllSecure

ForAllSecure

ForAllSecure’s mission is to make the world’s software safe by pioneering autonomous cybersecurity tools that automatically find and fix vulnerabilities in run-time executable software.

Open Raven

Open Raven

Open Raven is the cloud native data security platform that prevents breaches driven by modern speed and sprawl. Restore full visibility and regain control within minutes, without agents.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

Privacera

Privacera

Privacera enables consistent data governance, security, and compliance across all your data services - on-premises and in the cloud - so you can maximize the value of your data.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Virtue Security

Virtue Security

Virtue Security are specialists in web application penetration testing.

Winbond Electronics

Winbond Electronics

Winbond is a Specialty memory IC company. Product lines include Code Storage Flash Memory, TrustME® Secure Flash, Specialty DRAM and Mobile DRAM.

HEQA Security

HEQA Security

HEQA Security (formerly QuantLR) offer the world’s most cost-effective, easy-to-integrate, and secure Quantum Key Distribution (QKD) solution

PhishProtection

PhishProtection

We created Phish Protection to prevent all types of phishing including spear phishing protection and office 365 email protection for your small business.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.

Foghorn Consulting

Foghorn Consulting

Foghorn can analyze your cloud to enhance performance and security, while reducing costs. Based on AWS’ 6 Pillars, our AWS WAFR Certified Engineers Will Identify Areas of Improvement.