IBM X-Force report details a dramatic increase in financial services cyber attacks and records breaches. IT security experts from CipherCloud, Cyphort, Inc., Cyphort Labs, NuData Security and Prevoty commented below.
Pravin Kothari, Founder, Chairman & CEO at CipherCloud:
At the same time, financial services applications are increasingly in the cloud, outside of the organization’s direct visibility and control, and beyond the reach of firewalls and other legacy cybersecurity defenses.
Organizations must fully embrace a data-centric security model, including persistent encryption that gives them a level of control over data wherever it goes – including on the most vulnerable and easily lost mobile devices. We recommend these best practices:
1) Protect the data – not just the network, systems and applications – whether it’s in the network, in the cloud or on mobile devices.
2) Always encrypt sensitive data that’s outside your network – even if it’s on a leading cloud storage platform.
3) Never share encryption keys with any third-party, including cloud providers or their administrators. Encryption is tremendously effective, provide keys are closely controlled.”
Nick Bilogorskiy, Senior Director of Threat Operations at Cyphort, Inc.:
“It’s said that JP Morgan alone spent 500 million dollars on security last year, and that was double from 2015. Collectively J.P. Morgan, Bank of America, Citibank And Wells Fargo spent $1.5 billion to battle cyber crime.
“Our banks and financial institutions are all interconnected today which creates major risks, and international groups of criminals in various countries are monetizing these risks. For example, last year hackers stole 81 million dollars from Bangladesh Central Bank via SWIFT using Odinaff malware on a long weekend. The initial attack vector in such attacks is usually spear-phishing. An employee of a bank gets an email with an MS Office document which has a macro that downloads Odinaff malware. Attackers then try to achieve lateral spread, using tools already on the computer – Windows components like Powershell or WMI or PsExec. By using Microsoft tools, they are effectively circumventing endpoint security solutions.
“In another similar case, hackers attempted to steal $170 million from Union Bank of India via SWIFT – the vast messaging network used by banks to send and receive money transfer instructions.
The entire financial system’s stability is threatened by such attacks, and they – like the IBM X-Force Report – should serve as a call to action for international law enforcement cooperation on defending our global financial system.”
Mounir Hahad, Ph.D., Senior Director at Cyphort Labs:
It is also worth noting that size and fame of an institution is not necessarily a draw for cyber criminals. Even smaller regional bank and investment firms are regular targets. Cyber criminals are aware that well established financial institutions have a very good security posture and therefore rely less on malware to breach their networks and more on stolen credentials. This also explains the large increase in Email phishing attacks many verticals are experiencing these days.
From a tooling perspective, it is important for financial organizations of any size to invest in a multi-pronged approach to security, involving several tools that share intelligence and correlate events to identify malicious activity with high accuracy without overloading their SOC teams with non actionable alerts.”
Robert Capps, VP of Business Development at NuData Security:
Kunal Anand, CTO and Co-Founder at Prevoty:
– Overall, attackers are going directly at applications as they are becoming the weakest point. Legacy applications remain large targets for these exploits and require a degree of security hand-holding that most organizations aren’t prepared to do.
– Additionally, perimeter-based controls, including the web application firewalls, lack context and are blind to these zero-days without virtual patches. The latest Struts 2 issue is a fine example of allowing remote code execution in a popular framework.”