IBM X-Force report details a dramatic increase in financial services cyber attacks and records breaches. IT security experts from CipherCloud, Cyphort, Inc., Cyphort Labs, NuData Security and Prevoty commented below.
Pravin Kothari, Founder, Chairman & CEO at CipherCloud:
“The new IBM X Force report once again demonstrates the escalating threat of data breaches that every organization is now facing, and underscores that the financial services industry is essentially under siege from bad actors.
At the same time, financial services applications are increasingly in the cloud, outside of the organization’s direct visibility and control, and beyond the reach of firewalls and other legacy cybersecurity defenses.
Organizations must fully embrace a data-centric security model, including persistent encryption that gives them a level of control over data wherever it goes – including on the most vulnerable and easily lost mobile devices. We recommend these best practices:
1) Protect the data – not just the network, systems and applications – whether it’s in the network, in the cloud or on mobile devices.
2) Always encrypt sensitive data that’s outside your network – even if it’s on a leading cloud storage platform.
3) Never share encryption keys with any third-party, including cloud providers or their administrators. Encryption is tremendously effective, provide keys are closely controlled.”
Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, Inc.:
“Financials are the most targeted vertical, because most cyberattacks today are financially motivated – cybercriminals “rob banks because that’s where the money is.” Banks know this and spend heavily on countermeasures and security response.
“It’s said that JP Morgan alone spent 500 million dollars on security last year, and that was double from 2015. Collectively J.P. Morgan, Bank of America, Citibank And Wells Fargo spent $1.5 billion to battle cyber crime.
“Our banks and financial institutions are all interconnected today which creates major risks, and international groups of criminals in various countries are monetizing these risks. For example, last year hackers stole 81 million dollars from Bangladesh Central Bank via SWIFT using Odinaff malware on a long weekend. The initial attack vector in such attacks is usually spear-phishing. An employee of a bank gets an email with an MS Office document which has a macro that downloads Odinaff malware. Attackers then try to achieve lateral spread, using tools already on the computer – Windows components like Powershell or WMI or PsExec. By using Microsoft tools, they are effectively circumventing endpoint security solutions.
“In another similar case, hackers attempted to steal $170 million from Union Bank of India via SWIFT – the vast messaging network used by banks to send and receive money transfer instructions.
The entire financial system’s stability is threatened by such attacks, and they – like the IBM X-Force Report – should serve as a call to action for international law enforcement cooperation on defending our global financial system.”
Mounir Hahad, Ph.D., Senior Director at Cyphort Labs:
“Other industry reports corroborate that financial institutions bear a larger share of the burden when it comes to fending off cyber attacks. According to Verizon’s 2017 DBIR report, financial institutions get breached almost twice as much as the next most breached vertical, healthcare.
It is also worth noting that size and fame of an institution is not necessarily a draw for cyber criminals. Even smaller regional bank and investment firms are regular targets. Cyber criminals are aware that well established financial institutions have a very good security posture and therefore rely less on malware to breach their networks and more on stolen credentials. This also explains the large increase in Email phishing attacks many verticals are experiencing these days.
From a tooling perspective, it is important for financial organizations of any size to invest in a multi-pronged approach to security, involving several tools that share intelligence and correlate events to identify malicious activity with high accuracy without overloading their SOC teams with non actionable alerts.”
Robert Capps, VP of Business Development at NuData Security:
“The sheer number of records compromised according to IBM Force X findings is yet another clear reminder that traditional security methods simply aren’t sufficient to combat breaches. Security-driven organizations must take a layered, continuous and more advanced approach to authentication to successfully combat cyber fraud. Through a combination of behavioral biometrics identification and analytics, device location, and entity linking, the organization can continuously authenticate a user’s online identity with unprecedented accuracy, speed, and frictionless user experience. A consumer’s natural interactions can be continuously analyzed to confirm identity, and such behaviors form a unique pattern that can’t be stolen, replayed or reused.”
Kunal Anand, CTO and Co-Founder at Prevoty:
“- It’s unsurprising to see this number inflated in the financial services sector. Our customers have told us that they are seeing more malicious input attacks coming in through side channels via partner feeds and third party ingestion – contrary to the conventional vectors.
– Overall, attackers are going directly at applications as they are becoming the weakest point. Legacy applications remain large targets for these exploits and require a degree of security hand-holding that most organizations aren’t prepared to do.
– Additionally, perimeter-based controls, including the web application firewalls, lack context and are blind to these zero-days without virtual patches. The latest Struts 2 issue is a fine example of allowing remote code execution in a popular framework.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.