Cyberattacks on financial services institutions are becoming increasingly sophisticated and frequent, but where should IT teams start in better defending their networks? BRIAN FORSTER, senior director of Marketing at Fortinet shares his advice.
Cyberattacks on financial services institutions are becoming increasingly sophisticated and frequent. By using stolen legitimate credentials and malware to disguise criminal activity, these breaches can remain undetected for some time, making the financial impact irreparable.
Professionals in the financial services sector are well aware of such risks. The Financial Services Edition of the 2016 Vormetric Data Threat Report surveyed 1,100 senior IT security executives at large enterprises around the world, including over 100 U.S. financial services organisations. The report found that 90 percent of respondents feel vulnerable to data threats, and 44 percent have already experienced a data breach – with nearly one in five (19 percent) indicating they had experienced a breach in the last year. This just goes to prove the sentiment, “it’s not if you will get hacked, but when”. To which we can add, “and how quickly you learn about it”.
So, where should financial services IT teams start in better defending their networks? From sports fields to battlefields, there’s an adage that has been used for centuries that states: “the best defence is a good offence”. The idea behind this theory is that having a proactive offensive attitude (rather than a reactive defensive posture) is the best way to keep the opposition occupied and limit their ability to conduct an attack.
This strategy can also be highly effective in the business world, specifically for cybersecurity teams at large financial institutions. Cybersecurity professionals who are able to step away from the defensive side of security and think like a cybercriminal will likely be better prepared to put solutions and strategies in place to protect their data.
Here are some questions financial services IT professionals should ask themselves to put them in the frame of mind of a cybercriminal in order to better their defence:
Which industries should I attack?
Before an attack is launched, cybercriminals will evaluate the landscape and identify areas where they can prosper the most. The financial services industry is consistently at or near the top of cybercriminals’ lists because, quite literally, it’s where the money is.
However, aside from seeking out customer information to commit fraud, cybercriminals see value in stealing data like bank employee e-mail addresses and passwords. With this information they are able to pose as an employee to infiltrate the bank and commit theft. By understanding the industries that are commonly attacked, and the ways attackers try to get in, cybersecurity teams will be better prepared to put an effective strategy in place and make the investments where necessary to match the capabilities used by criminals.
Where are the vulnerabilities?
As the network expands, so does the attack surface. With the proliferation of mobile devices in the workplace, for instance employees working from remote locations, today’s cybercriminals have more opportunities than ever before to find ways into targeted networks. Additionally, when financial institutions acquire a company to expand their presence, they typically acquire the disparate technology that comes with it, often adding complexity to the organisation’s security posture. All of these components equate to challenges that need to be addressed.
However, nobody knows the network and its vulnerabilities better than those who have put it together in the first place.
IT security professionals in financial services should look for openings in their own defence via white hat hacking and penetration testing. Since there isn’t a single piece of technology that will be able to stop every threat, those cracks in the system that are both easy access points and lead to sensitive data should be the ones focused on first. Remember, cybercriminals are just human beings looking for the fastest and most financially rewarding way to do their jobs.
It’s also important to remember that employees are a part of the system as well. An employee who is uneducated about security can be just as dangerous to data as any other digital or physical entry point. One way to test for employee vulnerabilities is to simply conduct test attacks. Many CIOs will send out fake phishing attacks to see if their employees will provide login credentials or click on malicious links. If a high number of employees fail the test, security teams know it is an area that demands added focus.
Cybercriminals are always looking for new ways to penetrate networks. IT security teams should be doing the same as well. By conducting threat intelligence research, cybersecurity teams will be able to better monitor existing vulnerabilities and identify new threats before they take hold within the network.
Best practices for better security
Once IT teams begin to like cybercriminals they are better prepared to pro-actively and offensively implement robust strategies to defeat attempts at compromising their networks:
- Identify weaknesses: How do you address cloud and IoT vulnerabilities? Have your employees been trained in safe e-mail management and other everyday security issues? Utilise penetration-testing services to find out where your greatest liabilities are and start there.
- Focus on compliance, data privacy and regulations: The financial services industry is so heavily regulated specifically because of the high value of its data and dollars and the vulnerability of its customers and clients. Violations can be expensive and destroy credibility. Conduct regular, and even automated audits to ensure that all regulations are being met, and if not, find solutions to quickly shore up these weak points.
- Meet with the C-suite: The role of the C-suite with regards to security has transformed. Cybersecurity threats put a company’s finances and value at risk, and increase the need for mature strategies to safeguard a company’s data, resources, reputation, and brand. As a strategic business and risk management executive, the C-suite should have significant oversight and guidance in these areas. They can no longer be IT-only considerations.
- Implement an end-to-end security strategy that provides:
- Operational visibility at scale; an effective solution should provide the ability to run multiple security applications without degrading performance.
- The ability to integrate an adaptive architecture that’s designed to incorporate multiple security vendors’ products to enable security against threats from IoT to the perimeter, across the network, and into the data centre – both on premises and in the cloud.
- Advanced threat protection, which provides up-to-date defences against the latest attacks. Many of the recent data breaches have fooled or evaded legacy security solutions.
- Unified threat intelligence and management. In this way, all components – networks and other elements of the infrastructure – can be easily managed from one place.
For the financial services sector, cybersecurity is one of the primary business imperatives that firms must put front and centre to not only safeguard their clients’ financial data, but to also serve as a business enabler and drive innovation to stay ahead of the growing threat landscape.
Financial services IT teams that think like cybercriminals will be able to take an offensive approach to security. Understanding what makes the organisation an attractive target and how malicious actors will attempt to gain entry, will lead to a more secure network and reduce the number of costly data breaches that impact the organisation. Implementing these best practices will enable secure services that deliver the peace of mind that their networks are secure and protected from even the most sophisticated attacks.
Huawei goes ultra-premium
Porsche Design and Huawei have launched the Porsche Design Huawei Mate RS in South Africa exclusive to MTN and retailing for R 26 459.
The Porsche Design Huawei Mate RS boasts features like the world’s first dual fingerprint design, including an in-screen fingerprint sensor, the world’s first Artificial Intelligence (AI) processor and Leica triple camera with 40MP image capture.
“After the overwhelming success of the Porsche Design Huawei Mate 10 Pro in South Africa, we now bring you our latest offering, a perfect blend of innovation in a smartphone and luxury design,” said Likun Zhao, Vice President of Huawei Consumer Business Group Southern Africa. “From three-point security feature including facial recognition, rear fingerprint scanner and the new innovative in-screen fingerprint to the Leica triple camera system. it culminates in an unprecedented experience for our customers.”
The device incorporates Porsche Design’s signature design language and Huawei’s breakthrough technology. The phone has a 6” 2K curved OLED screen and symmetrical look, minimalist feel and 8-edged 3D curved glass body.
High performance is symbolised by the naming of the smartphone: the term “RS” in the world of Porsche motorsport stands for outstanding racing performance.
Huawei provided the following information on The Porsche Design Huawei Mate RS benefits and features :
· The world’s first dual fingerprint scanner for enhanced convenience, allowing users to wake and unlock the device simply, thanks to an in-screen fingerprint sensor. Hover to wake the device, touch to unlock it
· The winning combination of Leica triple camera with 40MP RGB sensor technology and exceptional photography powered by Master AI. This combination puts effortless, eye-catching photography at the fingertips of those looking to immortalise their favourite moments. Combined with 5 x hybrid zoom, and the world’s first AI image stabilisation on a smartphone camera ensures photography lovers can capture the best shots with exceptional clarity in almost any situation
· The Porsche Design Huawei Mate RS is the first Huawei handset to allow quick wireless charging, making it even easier to keep the phone topped up and ready to go and, thanks to its long lasting battery, users will easily be powered through the busiest of days
· An ‘intelligent’ smartphone, the powerful AI processor automatically tailors the performance of the phone according to how it is used – constantly learning, understanding and anticipating needs, it is the perfect personal assistant for the pocket
· 256GB of internal storage means those constantly on the go and constantly on their phone can be worry free
· Dual SLS (super linear system) speakers with DOLBY ATMOS enable users to have a superior experience, with the best immersive surround sound and entertainment on the go
· Splash, water and dust resistant, which means there is no need to worry about damaging the device in the rain or accidentally dropping it in water
Jan Becker, CEO Porsche Design Group, said: “Both Porsche Design and Huawei seek to imagine and develop products that stand for precision and perfection, intelligent functionality and highly sophisticated design. Our aim was to create an outstanding device that goes one step further. We believe we have reached this goal by taking our partnership to the next level.”
Porsche Design and Huawei have worked in tandem to develop a smartphone that fuses together the two brands’ DNA, wealth of experience in design and technology, industry-leading expertise and exceptional performance. Through the use of colour in the device’s body, software themes and accessories, the new handset is accentuated with Porsche Design’s distinguished aesthetic and purist, minimalist feel.
The Porsche Design Huawei Mate RS will be available to purchase exclusively from MTN at R 26 459.
Cross-channel chat launched
Clickatell has launched a cross-channel live chat service, Touch Go, that transforms omni-channel customer care.
It enables live chat across a company’s website as well as social platforms (Twitter and Facebook) and mobile apps, bringing customer care and engagement into a single business platform.
“Today’s consumers expect to engage with your brand on the digital channel of their choosing,” says Deon van Heerden, Clickatell Engage CEO and Group CFO. “They want to message your business and instantly have queries resolved, find the information and services they are looking for, without the need for a voice call. Clickatell’s Touch Go makes that happen with the right level of capabilities for businesses of all sizes.”
Businesses can start using Touch Go immediately, with a free Starter option. Touch Go requires no credit card for sign-up and is fully featured with a simple setup process. It offers customisable branding, a unified chat desk business application as well as reports and analytics.
As the business scales up its digital customer care, it can opt-in for the Touch Enterprise offering. Touch Enterprise is designed for scaling up customer care efforts through advanced capabilities including AI driven virtual agents, sentiment analysis, automated workflows, enterprise integrations and in-channel mini-applications.
“Customer care has become a defining factor for sustained business success ” says Nirmal Nair, Clickatell Engage EVP Product & Marketing. “In an ever-increasing mobile native world, customers often choose to interact digitally, but they also expect to be able to reach a human immediately, should they need. Monitoring multiple channels and providing immediate action becomes challenging with siloed deployments. Touch’s unified solution allows businesses of all sizes to provide the customer delight in a simple modular approach.”