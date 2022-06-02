It has been reported that the German financial regulator BaFin issued a fresh cyber security warning on Tuesday to the nation’s financial sector due to the war in Ukraine following a recent increase in cyber attacks. BaFin has repeatedly warned about cyber attacks but Tuesday’s security notice marks an escalation of its concerns. BaFin said the recent events had especially taken the form of ‘distributed denial-of-service (DDoS)’ attacks, in which hackers attempt to flood a network with unusually high volumes of data traffic in order to paralyse it. These warnings should be heeded by all banks across Europe as the war in Ukraine continues.
Full story here: https://www.reuters.com/technology/german-regulator-issues-fresh-warning-banks-cyber-attacks-2022-05-31/
This new advice from BaFin showcases how intertwined cyberwarfare has become with traditional war. At this time, all organisations, not just those in the financial sector need to ensure their cybersecurity controls are effective and their organisation is resilient against attacks and outages.
Good incident response plans are those which are drawn up in advance so that organisations know what alternative services or utilities will need to be used.
While technical security controls are worth investing in, organisations should not ignore the impact a strong security culture can have on reducing risk.
BaFin’s warning on Tuesday to Germany’s financial sector about cyberattacks should come as no surprise, as the number of cyberattacks has been steadily increasing in recent months. The financial sector needs to accept the fact that threat actors are targeting them. They handle, process, and store some of the most sensitive data.
The answer to such warnings and threats? Preparation! Proper preparatory actions should include tightening the internal culture of data privacy and security, but more importantly, companies can help to mitigate future attacks by applying data protections directly to sensitive information. Conventional data security methods focusing on the perimeters around data and user access to data are a good and necessary start, but they don’t fully guarantee against persistent attacks. So organisations need to start protecting the sensitive data itself. Data-centric security methods such as tokenization and format-preserving encryption replace sensitive data with benign representational information, so even if it falls into the wrong hands, threat actors cannot leverage it for financial gain or mischievous purposes. These security methods travel with the data no matter where it goes.