Financial Institutions Face Increasing Cyber Attacks

p03.jpg

Increasingly sophisticated and devious cyber attacks

Cyber attacks on financial institutions have become so relentless in their frequency and severity, that the Federal Financial Institutions Examination Council (FFIEC) directed banks this past month to enhance their information security programs to better defend against attacks that compromise user credentials and deploy destructive software.
Recent reports indicate that bank information systems have been compromised, resulting in the theft of large volumes of user credentials – such as passwords, usernames, and other forms of authentication information. These attacks have taken several forms, including phishing (social engineering and technical subterfuge), malvertising (injection of malware into legitimate online advertising sites), watering holes (injection of malware into commonly visited web sites), and web-based attacks (targeting of systems and services that contain customer credentials). The stolen user credentials have been sold in online forums and used to commit fraud and identity theft.
The FFIEC also acknowledged that destructive software (malware) has compromised large quantities of data and rendered information systems inoperable. The malware has infiltrated systems through phishing emails, compromised external devices, and from unauthorized parties who have accessed systems without authorization with stolen user credentials. Due the damage caused by malware, the FFIEC stated “In today’s rapidly evolving cyber threat landscape… comprehensive resilience depends on the ability to identify and contain damage, recover data, and restore operations from a broader set of scenarios that include cyber attacks involving destructive malware on critical information systems or the institution’s underlying infrastructure.”
The FFIEC stated that financial institutions should consider taking the following measures to increase the security of their information systems and to better protect the data they process, transmit and store:
    Securely configure systems and services;
    Review, update, and test incident response and business continuity plans;
    Conduct ongoing information security risk assessments;
    Perform security monitoring, prevention, and risk mitigation;
    Protect against unauthorized access;
    Implement and test controls around critical systems regularly;
    Enhance information security awareness and training programs; and
Participate in industry information-sharing forums, such as the Financial Services Information Sharing and Analysis Center.
JD Supra:  http://bit.ly/1LAizTV

 

« The Cybersecurity Company Helping Sony Fend Off Hackers
Cyberwars Between Nations Are Difficult to Prove »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

GE Digital

GE Digital

GE Digital is a leading software company for the Industrial Internet. Products include Industrial Cyber Security for Operational Technology (OT).

Cyber Security Centre - Daffodil International University

Cyber Security Centre - Daffodil International University

Cyber Security Centre, DIU is a non-profitable organization which is focused on applied research in cyber security.

CyberStream

CyberStream

CyberStream, a division of the TechStream Group, is an information & cybersecurity talent acquisition solution provider.

Ledger

Ledger

Ledger is a leader in security and infrastructure solutions for cryptocurrencies and blockchain applications using its proprietary technology.

National CyberWatch Center - USA

National CyberWatch Center - USA

National CyberWatch Center is a cybersecurity consortium working to advance cybersecurity education and strengthen the national workforce.

du

du

du is a telecommunications service provider providing UAE businesses with a vast range of ICT and managed services.

Trellix

Trellix

Trellix is an extended detection and response (XDR) solutions provider created from a merger of McAfee Enterprise and FireEye Products.

AMSYS Innovative Solutions

AMSYS Innovative Solutions

AMSYS is a full-service, 24/7/365 IT solutions, Cybersecurity & Managed Service Provider.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

Digital Security by Design (DSbD)

Digital Security by Design (DSbD)

Digital Security by Design is an initiative supported by the UK government to transform digital technology and create a more resilient, and secure foundation for a safer future.

Neya Systems

Neya Systems

Neya Systems, a leader in advanced off-road autonomy and high-level multi-robot mission planning, provides innovative solutions for uncrewed ground, aerial, and surface vehicles.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.

Mother Technologies

Mother Technologies

From Datacentre to Desktop, Mother Technologies has been delivering IT Support, Telecoms, Cybersecurity and Connectivity services to businesses across Scotland and beyond since 2002.

CompassMSP

CompassMSP

CompassMSP deliver Managed IT and cybersecurity solutions designed to unleash your business's full potential.

Bureau

Bureau

Bureau is a no-code, identity decisioning platform that offers businesses the complete range of risk, compliance and ongoing fraud monitoring solutions innovated with AI.