Attacks On Financial Services Just Keep Going Up

Uploaded on 2019-08-16 in FREE TO VIEW, BUSINESS-Services-Financial

Cyber attacks being carried out on across an increasing range of ectivities -political campaigns, cities and towns, hospitals and consistently on financial institutions.  What is most interesting about these incidents is two-fold: 

First that organisations are still leveraging traditional or outdated cybersecurity approaches in an era where cyber-attacks have become so incredibly complex. Second how people, organisations and governments respond and aren’t properly learning from them. 

The former can be addressed much more quickly than we all think, but the latter unfortunately seems to be lagging behind.

Don’t blame the Cloud
Several organisations in the financial world have made the transition to the cloud in some way shape or form. And when you hear about high-profile breaches in the industry there are very legitimate and valid reasons to be concerned about taking this step if you’re a key decision-maker. 

But this hasn’t stopped financial institutions from using public cloud due to increased reliability, scalability, and yes, even enhanced cybersecurity.  Many companies now find it easier to meet cybersecurity needs and adhere to compliance than in their own data centers, i.e. a private cloud environment, so while a lot of the attention is on “using the public cloud” as the culprit, it is much more complex than that.

We need Zero Trust
The real issue here is that no organisation, company, business, or government is ever truly safe or able to prevent a breach, the problem lies with somewhat dated approach and mentality. We need to adopt an 'assume breach' mentality, which essentially takes our traditional understanding of cybersecurity and flips it on its head: you must assume that you will be breached, because it’s a when, not an if. When you start from a worst-case scenario and work your way back, you’re better suited to address it when it does eventually happen. 

The bottom line is that you can’t rely on status quo cybersecurity measures within your network. Firewalls are no longer a viable answer to defense, especially in the cloud, as perimeter-based networks operate on the assumption that all systems and users in a network can be trusted. 

This is what the industry refers to as Zero Trust, it’s a concept that’s centered on the belief that nothing inside or outside of your network perimeters should, or can, be trusted. While you may not always be able to stop an attacker from getting in, you must make it incredibly hard for them to move around once they do. 

Decoupling Security Segmentation from the Network
Software-defined networking (SDN) has been all the rage these days and while it does solve a lot of network problems, unfortunately security is not one of them. SDN has limitations in that it is tethered to the infrastructure and is designed for reliable packet delivery, not for enforcing the security of what should and should not be allowed between two points on the network. 

Data and applications need to be secured where they live and in order to do that, security needs to be decoupled from the network and access must move from implicit allow to default deny. 

By decoupling enforcement from the actual network infrastructure, fine-grained policy is achieved within the compute without requiring access to anything except the workload itself, something that is available across all cloud providers.  Because the decoupling approach is completely agnostic to where an organisation runs its applications, bare metal servers, virtual machines, or containers in an on-premise data center or in any public cloud, this presents one micro-segmentation solution that works for all active applications regardless of where they are running. 

Learn from the Past and move Quickly
If organisations continue to focus on outdated cybersecurity methods, approaches, and policies, these types of attacks will undoubtedly happen again.Wwith cyber-attacks on the financial industry happening 300 times more frequently than other industries, Zero Trust is the only way forward. 

Cyber Defense Magazine:               Image: Nick Youngson

You Might Also Read:

The Financial Services Industry Just Does Not Get It:

 

 

 

« Airlines Think Biometrics Will Improve Passengers' Experience
US Releases Malware Linked To N. Korean Hacking Group »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

International Organization for Standardization (ISO)

International Organization for Standardization (ISO)

ISO is an independent, non-governmental international standards organization. The ISO/IEC 27001 is the standard for information security management systems.

CERT.GOV.AZ

CERT.GOV.AZ

Azerbaijan Government Computer Incident Response Team

ISTQB

ISTQB

ISTQB has defined the "ISTQB Certified Tester" scheme that has become the world-wide leader in the certification of competences in software testing.

Spanish National Cybersecurity Institute (INCIBE)

Spanish National Cybersecurity Institute (INCIBE)

INCIBE undertakes research, service delivery and coordination for building cybersecurity at the national and international levels.

Atomicorp

Atomicorp

Atomicorp, the leader in Secure Linux, is a developer of solutions for the protection and support of cloud, virtual, shared, and dedicated web hosting environments.

Bugcrowd

Bugcrowd

As leaders in crowdsourced security testing, Bugcrowd connects companies and their applications to a crowd of tens of thousands of security researchers to identify critical software vulnerabilities.

Teramind

Teramind

Teramind provides a user-centric security approach to monitor employee behavior in order to identify suspicious activity, detect possible threats, monitor efficiency, and ensure industry compliance.

Entel CyberSecure

Entel CyberSecure

Entel CyberSecure is a portfolio of Cybersecurity solutions and services for the protection, defense, risk management and regulatory compliance of ICT Systems for corporations and Government.

Maximus Consulting (MX)

Maximus Consulting (MX)

Maximus designs and delivers corporate-wide information security management system with our full-time IRCA Accredited consulting team.

Ziroh Labs

Ziroh Labs

Ziroh Labs leverages advanced cryptography to keep your highly sensitive, private data safe throughout the lifecycle of data.

SpyCloud

SpyCloud

SpyCloud is a leader in account takeover (ATO) prevention, protecting billions of consumer and employee accounts either directly or through product integrations.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

Globant

Globant

Globant is an It and software development company. We leverage the latest technologies and methodologies to help organizations transform in every aspect, including software security.

Sydeco

Sydeco

Sydeco offer a complete range of products that secure computer and industrial networks, servers, programs and data against any type of computer attack.

SecZone

SecZone

SecZone is a Chinese enterprise with a mission to "Make It Secure." We are dedicated to driving software security innovation globally.

Security Solutions Services (S-3)

Security Solutions Services (S-3)

S-3 specialize in crafting tailored network design, security hardware, software, and storage solutions for businesses of all sizes.