Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Technology

WILL WAKING SHARK HAVE TEETH? PREPARING FOR CLOSER SCRUTINY OF SECURITY

stockimage-technology

 By Chris McIntosh, CEO, ViaSat UK

Chris McIntosh, CEO, ViaSat UK

Chris McIntosh, CEO, ViaSat UK

The financial sector’s IT security is under close scrutiny: whilst the Bank of England’s recent revelation that cyber-attacks have put banks at risk of “significant” losses since May 2013 came as a shock to many, the writing has been on the wall for some time. The publication of the Government’s Waking Shark exercise results in 2014 will give some indication of how prepared organisations truly are: more and more the phrase “bank robbery” is likely to conjure up images of electronic, rather than physical, theft. If organisations have any doubts at all about their security, now is the time to act.

Means and Motive:

Financial institutions in the UK are an increasingly attractive target; as financial services become a foundation of the economy, so organisations are seen as part of the critical national infrastructure. A successful attack will not only affect a single organisation, but conceivably an entire nation: giving an added incentive to potential attackers.

Attackers have a growing range of technologies and techniques in their arsenal. Recent attempts to steal financial data from Barclays and Santander branches using simple devices connected directly to the banks’ machines, while uncovered by the police, show how technology can be used to circumvent a firewall. Indeed, when attackers can attempt approaches such as intercepting communications channels that increasingly use the internet; or worming their way in by first compromising customers’ machines, the firewall is no longer the bulletproof shield it was once thought to be.

Partly this is due to one of the age-old rules of security: the easiest way into an organisation is through its people. Using social engineering techniques, whether sophisticated or crude, attackers can potentially siphon a huge amount of sensitive information: from account details to passwords, or even worse. Such techniques can work on anyone: a CEO is just as vulnerable to a scam as workers at a cash desk. Regardless of who falls for the ruse, attackers can still gain information that damages the organisation.

Removing Targets:

When looking to protect themselves, organisations should remember that the majority of attacks are generally opportunistic and aimed at the lowest-hanging fruit. Any obvious vulnerability will be the equivalent of a “Kick Me” sign for potential attackers. To avoid neglecting potential weak points, organisations should take a holistic view: a security strategy should encompass the entire IT network, rather than focusing on particular areas. While it may be impossible to raise every potential access point to the same level of security, making an attack hard enough will deter a large number of potential attackers, who will look for easier pickings.

Sadly, thanks to continually developing new approaches, a sufficiently determined attacker will breach any defences. As a result, another lesson for organisations is to always assume that the network has been penetrated; and to ensure that potential damage is minimised.

Organisations must first spot when attacks have happened. A large part of this is being able to trust the devices and services that compromise the IT network. If a single access point such as a router or program is compromised, then the longer it stays open the longer attackers have to damage the organisation. Instead, all points of the network must be authenticated regularly in order to gauge if they are still trustworthy. Each device or program should exchange security “handshakes” with other parts of the network; if one of these is not returned correctly, alarm bells should ring. There should also be particular devices that the organisation can trust implicitly and that test other sensitive parts of the network. Any inconsistencies raised by these devices should be investigated immediately.

While this will help spot breaches, it is also essential to make sure that a breach produces the minimum of damage. For example, often an attacker will be seeking to steal sensitive data, from financial data to personnel records. By encrypting this information, it becomes worthless to any attacker even if they are able to remove it: the 256-bit encryption used today will often take decades or even centuries to break; if this can be done at all with any confidence.

While humans may still be the weakest link in any such system, there are still many ways to protect both the organisation from human error, and employees themselves from becoming scapegoats for any security breach. Actions such as data storage and transfer should be automated as much as possible, to remove opportunities for people to miss security best practice. For example, if sensitive data can only be saved on authorised, encrypted storage then it can be provided to workers with much more confidence.

Fatalist or Realist?

While this approach to IT security may seem fatalistic, it is also the only way to ensure an organisation is protected. Attacks on IT are simply a way of life in the 21st century. By taking a holistic approach to minimise weak links; regularly authenticating all points of the network; removing the chance of stealing anything of value; and protecting users from their own mistakes, organisations can at least ensure that they have the best possible chance of frustrating potential attackers.

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post