Financial Institutions Face Increasing Cyber Attacks

Uploaded on 2015-06-30 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

p03.jpg

Increasingly sophisticated and devious cyber attacks

Cyber attacks on financial institutions have become so relentless in their frequency and severity, that the Federal Financial Institutions Examination Council (FFIEC) directed banks this past month to enhance their information security programs to better defend against attacks that compromise user credentials and deploy destructive software.
Recent reports indicate that bank information systems have been compromised, resulting in the theft of large volumes of user credentials – such as passwords, usernames, and other forms of authentication information. These attacks have taken several forms, including phishing (social engineering and technical subterfuge), malvertising (injection of malware into legitimate online advertising sites), watering holes (injection of malware into commonly visited web sites), and web-based attacks (targeting of systems and services that contain customer credentials). The stolen user credentials have been sold in online forums and used to commit fraud and identity theft.
The FFIEC also acknowledged that destructive software (malware) has compromised large quantities of data and rendered information systems inoperable. The malware has infiltrated systems through phishing emails, compromised external devices, and from unauthorized parties who have accessed systems without authorization with stolen user credentials. Due the damage caused by malware, the FFIEC stated “In today’s rapidly evolving cyber threat landscape… comprehensive resilience depends on the ability to identify and contain damage, recover data, and restore operations from a broader set of scenarios that include cyber attacks involving destructive malware on critical information systems or the institution’s underlying infrastructure.”
The FFIEC stated that financial institutions should consider taking the following measures to increase the security of their information systems and to better protect the data they process, transmit and store:
    Securely configure systems and services;
    Review, update, and test incident response and business continuity plans;
    Conduct ongoing information security risk assessments;
    Perform security monitoring, prevention, and risk mitigation;
    Protect against unauthorized access;
    Implement and test controls around critical systems regularly;
    Enhance information security awareness and training programs; and
Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.
JD Supra:  http://bit.ly/1LAizTV

 

« The Cybersecurity Company Helping Sony Fend Off Hackers
Cyberwars Between Nations Are Difficult to Prove »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

UZCERT

UZCERT

UZCERT is the national Computer Emergency Response Team for Uzbekistan.

Immersive Labs

Immersive Labs

Immersive Labs have created a kinesthetic learning platform which identifies gaps in your teams cyber skills.

Hellenic Accreditation System (ESYD)

Hellenic Accreditation System (ESYD)

ESYD is the national accreditation body for Greece. The directory of members provides details of organisations offering certification services for ISO 27001.

Beosin

Beosin

Beosin is a blockchain security company providing cybersecurity services including security audits, on-chain asset investigation, threat intelligence and wallet security.

Red Points

Red Points

Red Points protects your brand and content in the digital environment.

GateKeeper Enterprise

GateKeeper Enterprise

The GateKeeper Enterprise software is an identity access management solution. Automated proximity-based authentication into computers and websites. Passwordless login and auto-lock PCs.

MetaCert

MetaCert

MetaCert’s Zero Trust browser software reduces the risk of organizations being compromised with a phishing-led cyberattack by more than 98%.

HMS Networks

HMS Networks

HMS stands for Hardware meets Software. Our technology enables industrial hardware to communicate and share information with software and systems.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Quartz Network

Quartz Network

Quartz Network is a curated community for change-makers, up-and-comers, and professionals who are ready to grow, adapt, and thrive.

Saiflow

Saiflow

SaiFlow provides a tailor-made cybersecurity solution for Electric Vehicles Charging Infrastructure (EVCI), Distributed Energy Resources (DERs) and energy networks and assets.

Parablu

Parablu

Parablu is a leading provider of data security and resiliency solutions for the digital enterprise.

CloudGuard

CloudGuard

CloudGuard is an AI-driven XDR platform that helps organisations to proactively detect and automatically remediate threats in real-time.

Cytex

Cytex

Cytex is the All-in-One solution for SMB data protection & compliance needs.

Amnet Technology Solutions (Amnet Systems)

Amnet Technology Solutions (Amnet Systems)

Amnet Systems is a technology services organization that provides Managed IT, Cloud Computing, Cyber Security, Data Center and Audio Visual services since 1995.

DeepTempo

DeepTempo

At DeepTempo, we build AI models and related software that protect enterprises and service providers from sophisticated cyber threats.