How to keep the bank vault safe in today’s digitally connected world (part 2)
In the first part of this blog, I outlined the growing threat that cybercrime presents to organisations in the financial services sector.
Drawing on the insights provided in the Verizon 2015 Data Breach Investigations Report, I highlighted that there were just three key attack patterns present in two-thirds of attacks against financial services firms and looked closely at the most common of these; Denial of Service. Here, I’ll continue to explore the characteristics of these common attack vectors and provide some more advice on how financial services firms can best protect themselves.
Attack #2 – Crimeware
Crimeware was present in 16 percent of all security incidents in the finance industry last year. In this form of attack, malware is used to compromise systems to gain access to confidential information or sensitive data. These incidents vary in intent and design, but are typically financially motivated; such as the use of keylogging software to capture bank account details entered on a user device. As is so often the case, people are often the weak link in the chain; social engineering techniques like phishing are used to get crimeware on to user devices in 28 percent of incidents. Some basic measures for reducing the risk of falling victim to these attacks include:
- Expect the expected: Chances are that malware will get onto any system at some point, so it’s best to be prepared by monitoring any new programs or executable files that have been introduced and use anti-virus systems to deal with those identified as malicious.
- Monitor traffic: It’s possible to identify command-and-control traffic from malware to known malware servers by using network monitoring.
- Don’t rely on passwords: User credentials account for 30 percent of stolen data. However, by implementing two-factor authentication, this information can be prevented from being used to cause damage.
- Educate staff: Simple procedures and best practices can be implemented, including training staff not to click on links or open attachments in emails from unknown senders, or enter their credentials on untrusted websites.
Attack #3 — Web app attacks
More than 14 percent of incidents in the finance industry fall into the web app attacks pattern. This is when attackers use stolen credentials or exploit vulnerabilities in web apps — such as content management systems (CMS) or e-commerce platforms. Nearly all the web app attacks in 2014 were opportunistic and aimed at easy marks. Most attacks made use of stolen credentials, usually harvested from customers’ devices. Some basic tips for reducing the risks of being hit by a web app attack include:
- Implement quality assurance: Tighten controls around posting documents to websites and regularly scan public-facing sites for sensitive data.
- Consider Data Loss Prevention (DLP): DLP products can catch broken internal processes, and detect or block sensitive information from being sent via email.
- Train your staff: Training staff on how to dispose of sensitive data and assets can have a real impact on reducing security incidents. Documents and computers can’t just be thrown away.
Sometimes it can feel like you’re fighting a losing battle when it comes to defending against malicious attacks – especially given the high-value target that the finance industry presents. However, it’s important to remember that there are many simple and often overlooked steps that can help to even the odds and give defenders a fighting chance. Following the steps above are a good starting point, but ensuring that threats are recognised as soon as possible is key to minimising the damage they cause. With 38 percent of breaches remaining undiscovered for months or longer, financial organisations must put in place processes to monitor IT systems so they become aware of a threat as early possible, or all their efforts will be in vain.