Financial services now on the 'front line' of Cyber

Financial services are the front lines for a lot of the cyber battles being sparked today, argued Rich Mogull, CEO of information security research firm Securosis. The reason why, according to Mogull, is simple: that’s where the money is. 

During a panel discussion at the Kaspersky Lab enterprise IT summit on Tuesday afternoon, Mogull along with executives from Visa, Wells Fargo, and McKinsey Research took a pulse on the rise and fall of cyber attacks on financial services and retailers.

Looking at the Target breach last winter, amid others that preceded it, Visa’s chief enterprise risk officer Ellen Richey acknowledged that the payments system is often the primary target. But as we see an increasing stream of data breaches, Richey highlighted what might be a silver lining, if there is one: fraud rates are one-third the level they were a few decades ago.
McKinsey Research consultant Chris Rezek concurred that some metrics and trends seem to be stabilizing, but concerns are certainly growing.
Steve Adegbite, senior vice president of enterprise information security oversight and strategy at Wells Fargo, lamented that methodology hasn’t actually changed. The difference now, Adgebite suspected, is that these criminals are casting their nets wider to achieve larger volume by going after softer targets. To mitigate these threats, Adegbite advised setting up a third-party security program looping in supply chain and legal to ensure and encourage the same levels of security all around.
But a big cash grab isn’t the only motivation — even when going after global financial institutions. Richey pointed toward denial-of-service (DoS) attacks, primarily conducted by “hacktivists,” an increasingly common term online for hackers motivated by political causes.
Adegbite predicted that most attackers are going to move where the data is, meaning emerging technologies in the cloud and datacenters could be most at risk. Both Adegbite and Richey reminded that threats are different around the world, by region, making it more complicated and challenging for global payments systems providers. Richey added what worries her more is keeping data onshore as well as secure.
Reflecting on the debilitating Heartbleed bug discovered last week, Rezek stressed it’s not just about preventing breaches but having a good response plan in place, which is often most visible to end users through immediate and informative disclosures.
Related Links:
http://cyberwar.einnews.com/article/200270434/C7rmOlZbQPCRJdxr?n=1&code=Jxdbxrcc-cKQ9hNi

http://en.actu.net/redirect.php?url=http://www.zdnet.com/financial-services-now-the-front-lines-in-cyber-warfare-experts-suggest-7000028461/

 

 

« Worlwide Crackdown on Hackers
Is Big Data the Best Preparation Against Natural Disasters? »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Hague Security Delta (HSD)

Hague Security Delta (HSD)

The Hague Security Delta Campus is home of the leading cyber security cluster in Europe with an Innovation Centre, labs and training facilities.

Global Forum on Cyber Expertise (GFCE)

Global Forum on Cyber Expertise (GFCE)

GFCE is a global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building.

D3 Security

D3 Security

D3's Smart SOAR platform is at the forefront of the security automation revolution, helping clients around the world to rapidly identify, analyze, and resolve advanced threats.

Data Recovery Services (DRS)

Data Recovery Services (DRS)

DRS provides data recovery services from media including hard disk drives, RAID, solid state disks SSD, memory sticks, USB drives, SD cards, tapes and mobile phones.

Braintrace

Braintrace

Braintrace’s services include Managed Detection and Response (MDR), Managed SIEM, SIEM-as-a-Service, SOC-as-a-Service, Advisory Services, and Incident Response.

FraudWatch International

FraudWatch International

FraudWatch has been protecting client brands around the world since 2003, and are the leaders in online brand protection from phishing, malware, social media and mobile apps impersonation.

VeriClouds

VeriClouds

VeriClouds is a password verification service that helps organizations detect compromised passwords and stop account takeover attacks.

Axiado

Axiado

Axiado Corporation is a security processor company redefining hardware root of trust with hardware-based security technologies, including per-system AI.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

Indevtech

Indevtech

Indevtech has been serving Hawaii since 2001, providing end-to-end managed IT services to small- and medium-businesses.

Zenzero

Zenzero

Zenzero simplifies technology adoption and supports our customers through managed and outsourced IT support.

Cybit

Cybit

Cybit is the one-stop-shop for digital transformation that scales in line with your growth.

XONA Systems

XONA Systems

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.

rConfig

rConfig

rConfig is a platform for automated network configuration management and backup. It enables quick rollbacks to prevent outages and ensures easy auditing.

CertifID

CertifID

CertifID is the only company dedicated to fighting fraud for the real estate industry with an identity verification SaaS platform, insurance, and proven recovery services.