Nearly half of financial services respondents (46 per cent) cited cyber risk as the single biggest threat to the financial industry, and 80 per cent listed it as one of the top five risks, according to a recent study from the Depository Trust & Clearing Corporation (DTCC). Cyber risk was listed far ahead of other concerns such as geopolitical risk, the impact of new regulations, and the US economic slowdown, writes Deborah Galea, manager at OPSWAT.
With all the data breaches and cyber attacks that the financial sector has suffered recently, it is no surprise that cyber security is now seen as the top concern. Last year, the JP Morgan Chase breach compromised account information for 83 million households and small businesses. Earlier this year, Kaspersky Lab uncovered a cyber attack on more than 100 banks across 30 countries that resulted in financial losses of up to one billion dollars. According to the report Threats to the Financial Sector from consultancy firm PwC, 39 per cent of the financial services respondents had been hit by cyber attacks in 2014, compared to 17 per cent from other industries.
Many of these attacks, including the cyber attacks that Kaspersky discovered, start with a spear phishing attack. The attackers gain entry by sending out a targeted email to selected individuals with a malicious link or attachment. In the banking hack that Kaspersky uncovered, the email attachment was an infected Microsoft Word document. Once the attachment was opened the attackers were able to obtain access to the system and proceed in stealth to analyze, monitor and ultimately steal large sums from the banks they infiltrated.
Financial organizations are an especially attractive target for cyber criminals. Not only for stealing money, but also to obtain sensitive customer data that can be sold for copious amounts on the black market (according to the Ponemon Institute, on average, each data record yields $217 in the US). What should financial organizations be doing to protect themselves against these data breaches?
Detection
Financial organizations need to improve their ability to detect malware threats, both known and unknown. Many companies only use one or two antivirus engines. With the sheer number of new malware released each day, this will not provide sufficient protection. When combining the detection algorithms and heuristics of different engines, the chance of catching threats increases exponentially, including zero-day and targeted attacks. Multi-scanning with multiple anti-malware engines needs to be applied to all data workflows of the organization, including email, servers, clients, browsing, portable media and file transfer.
Threat prevention
In the event that a threat is not detected by anti-virus engines, there are a number of additional precautions that can be taken to prevent malware infection by undetected threats. By converting files to a different format, data sanitization can ensure that any possible embedded threats are removed. For instance in the attack that Kaspersky uncovered, the spear phishing email included a malicious Word document. If data sanitization had been applied, the Word document could have been rendered harmless before it was delivered to the recipient.
File type and email attachment control, such as limiting the types of email attachments that are allowed in as well as intercepting spoofed files by verifying the file format, can also help prevent any possible malicious files circumventing filters.
By ensuring that devices and endpoints are up to date with the latest patches and anti-virus updates, the chance that malware is able to infect the computer is decreased. In the financial breach that Kaspersky discovered, only the Word installations that were not up to date were vulnerable to the malware in the email attachment. In order to properly monitor devices, financial institutions require a central monitoring system that can detect compromised machines.
Keeping data secure
Sensitive information must be segregated and encrypted. When sensitive data must be shared externally, a secure file transfer system must be used to ensure confidentiality and prevent data theft. For high security environments, networks containing sensitive data are even entirely disconnected from the Internet and other networks, in so called ‘air-gapped networks’. Limited connectivity is possible using a cross-domain solution or data diode that enables one-way traffic only, from the lower security network to the higher security network. This ensures that for productivity purposes it is possible to connect to the Internet from the secure network, however it is impossible for any data to leave the network. By implementing such measures, even if a cyber attack is successful, the data will always remain secure.
