Financial Institutions Face Increasing Cyber Attacks

p03.jpg

Increasingly sophisticated and devious cyber attacks

Cyber attacks on financial institutions have become so relentless in their frequency and severity, that the Federal Financial Institutions Examination Council (FFIEC) directed banks this past month to enhance their information security programs to better defend against attacks that compromise user credentials and deploy destructive software.
Recent reports indicate that bank information systems have been compromised, resulting in the theft of large volumes of user credentials – such as passwords, usernames, and other forms of authentication information. These attacks have taken several forms, including phishing (social engineering and technical subterfuge), malvertising (injection of malware into legitimate online advertising sites), watering holes (injection of malware into commonly visited web sites), and web-based attacks (targeting of systems and services that contain customer credentials). The stolen user credentials have been sold in online forums and used to commit fraud and identity theft.
The FFIEC also acknowledged that destructive software (malware) has compromised large quantities of data and rendered information systems inoperable. The malware has infiltrated systems through phishing emails, compromised external devices, and from unauthorized parties who have accessed systems without authorization with stolen user credentials. Due the damage caused by malware, the FFIEC stated “In today’s rapidly evolving cyber threat landscape… comprehensive resilience depends on the ability to identify and contain damage, recover data, and restore operations from a broader set of scenarios that include cyber attacks involving destructive malware on critical information systems or the institution’s underlying infrastructure.”
The FFIEC stated that financial institutions should consider taking the following measures to increase the security of their information systems and to better protect the data they process, transmit and store:
    Securely configure systems and services;
    Review, update, and test incident response and business continuity plans;
    Conduct ongoing information security risk assessments;
    Perform security monitoring, prevention, and risk mitigation;
    Protect against unauthorized access;
    Implement and test controls around critical systems regularly;
    Enhance information security awareness and training programs; and
Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.
JD Supra:  http://bit.ly/1LAizTV

 

« The Cybersecurity Company Helping Sony Fend Off Hackers
Cyberwars Between Nations Are Difficult to Prove »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

BackBox Software

BackBox Software

BackBox is a leading provider of solutions for automated backup and recovery software for security and network devices.

VNT Software

VNT Software

VNT's vision is to change the way complex IT problems are resolved by predicting business disruptions before they occur.

Sompo International

Sompo International

Sompo International is a global specialty provider of property and casualty insurance and reinsurance services including Cyber & Network Risk.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

Cyemptive Technologies

Cyemptive Technologies

Cyemptive's CyberSlice technology preempts and remove threats before they take hold, in seconds, compared to other’s hours, days, weeks and even months.

Nokia

Nokia

Nokia is a proven leader in fixed, mobile and IoT security offering capabilities that range from systems design to integration and support.

Phoenix Cybersecurity

Phoenix Cybersecurity

Phoenix Cybersecurity Services and Managed Security Services help clients just like you take full advantage of leading cybersecurity technologies and industry best practices.

ScienceSoft

ScienceSoft

ScienceSoft is a provider of software development and IT consulting services including Information Security.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Diaplous Group

Diaplous Group

Diaplous Group is a leading Maritime Risk Management (MRM) provider, delivering specialized services to an ever-broadening portfolio of shipping, oil & gas, energy and construction industries.

Cyber Defence Solutions (CDS)

Cyber Defence Solutions (CDS)

Cyber Defence Solutions is a cyber and privacy Consultancy with extensive experience in the development and implementation of cyber and data security solutions to your assets.

Riskonnect

Riskonnect

Riskonnect technology empowers organizations with the ability to anticipate, manage, and respond in real-time to strategic, operational, and digital risks across the extended enterprise.

Exalens

Exalens

With deep roots in AI-driven cyber-physical security research and intrusion detection, at Exalens, we are enhancing operational resilience for cyber-physical systems at the OT edge.

Anametric

Anametric

Anametric is developing new technologies and devices for chip scale quantum photonics, with a focus on cybersecurity.

KTrust

KTrust

KTrust provides Continuous Threat Exposure Management for Kubernetes environments.