Connect with us

Top Stories

Deception, Anticipation and Stealth: protecting against new cyber threats in Financial Services

Published

on

Deception, Anticipation and Stealth: protecting against new cyber threats in Financial Services

Rich Turner, VP EMEA at CyberArk

147 million. 150 million. 57 million. Big numbers, in any context. But when you consider that together, this 345 million represents the number of consumers affected by just three recent cyber attacks – on globally renowned names Equifax, Under Armour and Uber respectively – the widespread impact of cyber threats is potentially breathtaking.

Make no mistake, cyber security is now big business. Analysts predict that global spending on enterprise security will top $96 billion this year, an 8% rise from 2017. This is in no small part thanks to a turbulent 12 months which saw hacks on organisations of all shapes and sizes, and three global cyber attacks that were unprecedented in scale: WannaCry, Triton and NotPetya. With the impact of these attacks fresh in the memory, cyber security is finally on almost every company’s agenda.

Yet there is still a perception in many quarters that hacks are an exception to the rule. In fact, they now are the rule. Hackers’ skills are advancing at such a rate that it’s become impossible to completely prevent them from infiltrating a company’s networks. And given 90% of data breaches are motivated by financial gain or espionage, it’s no surprise that the financial services industry is a popular target for cyber attacks, as it handles more currency and transactions than any other sector. [1]

With that in mind, it’s critical organisations do everything they can to understand the new techniques that are evolving, and how they should react in the event of a successful attack. The bottom line: it is a must to think like an attacker if they are to be kept at bay. 

Stealthy intruders

The Bangladesh bank SWIFT hack in 2016 was the first to really demonstrate – on a global scale – the importance of surveillance. In the event, a group of unknown hackers were able to use SWIFT credentials to infiltrate the company’s trading completely undetected, sending dozens of fraudulent money transfer requests.

But they couldn’t siphon off money from the bank’s transactions straightaway – they needed to sit undetected within the network and learn how to conduct them before they could start filling their pockets. Only a simple printer error and a typo prevented the theft of nearly $1 billion, as was their intention. They still got away with $81 million.

The incident demonstrated to hackers across the world that it was possible to steal data and money on a grand scale without an organisation noticing. In recent years financial services firms across the globe have therefore shifted their focus away from how to prevent attacks from penetrating the perimeter, and instead towards how to defeat hackers roaming within networks and protect their ‘crown jewels’. There is an increasing and realistic recognition that attackers can and will get in, with the emphasis now on how to contain them.

 Essential to see red

Traditionally many financial services firms have relied on penetration testing (PT) to discover potentially exploitable vulnerabilities. The theory goes that, by testing particular networks, system or applications, organisations will be able to identify as many vulnerabilities as possible and ‘patch’ them to prevent attackers penetrating their network.

This practice is simply not sufficient to prevent hackers from gaining access to company servers – new techniques are constantly evolving which can discover previously hidden network vulnerabilities. It also presumes that provided organisations react to the latest threats, attackers won’t be able to infiltrate their internal servers.

This is where ‘Red Teaming’ terminology – borrowed from the military – comes in. Put simply, in a cybersecurity context, red teaming means employing a team of ‘ethical hackers’ to simulate cyber attacks. The idea is for these hackers to act like an external attacker, penetrate company networks and remain undetected for as long as possible, while stealing valuable data and learning how to exploit company systems for monetary or intellectual gain. By regularly undertaking this process themselves, organisations not only learn how vulnerable they are to an attack, but also establish how they would react in the event of an attack to lock down privileged accounts and prevent the loss of critical intellectual property (IP), as well as large sums of capital and precious consumer data. This is an exercise that helps organisations think as attackers to – and allows defence strategies to address the threat better and more effectively.

Negating the threat within

According to CyberArk’s Global Advanced Threat Landscape Report, FS firms’ own employees still represent the greatest threat to companies’ IP, as many already possess the credentials to access confidential information.[2] Rather than infiltrating company systems specifically, many hackers are also targeting traders with attack methods such as ransomware and phishing attacks, with a view to stealing their credentials and using them to navigate internal networks undetected.

One of the tools being used to help identify these anonymous hackers is user behaviour analytics. These systems are designed to analyse the historical data logs of each individual user – including network and authentication logs collected and stored in log and information management systems – and identify potentially malicious activity. The insights generated help organisations to regularly review the special privileges for each type of user and ensure that – using privileged access security platforms – each individual is only able to access the information required to perform their role, and no more.

 Machine identities are changing the game

With the introduction of the new Second Payment Services Directive (PSD2) this January, banks are required to open up their payments infrastructures and APIs to third parties to allow major retailers and service providers such as Amazon or John Lewis to liaise directly with them and take payment from consumers’ accounts. This bypassing of payments platforms like PayPal, or even the major credit card providers through machine-to-machine authentication, however, presents a new attack surface for organisations.

Many have therefore adopted either a two-factor authentication or a token model to grant permissions to retail players offering goods and services, which gives them access to a customer’s background and allows them to manage the transaction themselves. However, there are concerns that authenticator apps requesting payments could be compromised, prompting calls for potential suppliers to have a privileged access security strategy in place which is at least equivalent to banks to be in place, in order to prevent compromise.

The threat landscape is always evolving, and it moves faster for financial services than it does for almost every other sector. It’s critical that organisations are attuned to the latest developments in cyber security and understand the new techniques hackers are using to steal IP. Firms must adopt a ‘think like an attacker’ mind-set as failure to do so can not only prove immediately costly, but also cause irrevocable long-term damage to trusted relationships with customers; much more damaging than any one-off theft.

Top Stories

Sterling rises above $1.37 for first time since 2018; UK inflation rises

Published

on

Sterling rises above $1.37 for first time since 2018; UK inflation rises 1

By Elizabeth Howcroft

LONDON (Reuters) – A combination of heightened risk appetite in global markets and UK-specific optimism lifted the pound on Wednesday, as it strengthened to its highest in nearly three years against the dollar and five-month highs against the euro.

The dollar weakened against major currencies for the third straight session, helped by U.S. Treasury Secretary nominee Janet Yellen’s urging lawmakers to “act big” on spending and worry about debt later.

The pound rose above $1.37, hitting $1.3720 — its highest since May 2018 — at 1045 GMT. By 1136 GMT it had eased some gains and changed hands at $1.3687, up 0.4% on the day and up 0.2% so far this year.

Versus the euro, the pound hit a five-month high of 88.38 pence per euro, before easing to 88.51 at 1137 GMT, up around 0.5% on the day.

The pound’s recent strengthening can be attributed in part to relief among investors that the impact of Brexit has not caused the chaos some feared, as well as a lessening of negative rates expectations, said Neil Jones, head of FX sales at Mizuho.

“Going into early 2021, there was a bearish sentiment building into the pound on the Brexit deal, in terms of maybe it had a limited reach, and then secondly an expectation of negative rates and so to some extent the market has been cutting down on sterling shorts because neither of those things have been quite so apparent as they were,” he said.

Bank of England Governor Andrew Bailey said last week that there were “lots of issues” with cutting interest rates below zero – a comment which caused sterling to jump.

The UK’s progress in rolling out vaccines is also seen as a positive for investors, Jones said.

Currently, the United Kingdom has vaccinated 4.27 million people with a first dose of the vaccine, among the best in the world per head of population.

“Further progress in vaccinations (a pick-up in the daily rate) by the time the BoE MPC meeting takes place on 4th February may prove enough to hold off on any additional monetary easing,” wrote Derek Halpenny, head of research for global markets at MUFG.

Inflation data for December showed that prices in the UK picked up by more than expected in December, to a 0.6% annual rate.0.6

Inflation has been below the Bank of England’s 2% target since mid-2019 and the COVID-19 pandemic pushed it close to zero as the economy tanked.

(Graphic: CFTC: https://fingfx.thomsonreuters.com/gfx/mkt/oakpeyayxpr/CFTC.png)

(Reporting by Elizabeth Howcroft, editing by Larry King)

Continue Reading

Top Stories

Euro sinks amid broader risk rally against dollar

Published

on

Euro sinks amid broader risk rally against dollar 2

By Ritvik Carvalho

LONDON (Reuters) – The euro struggled to join a broader risk rally against the dollar on Wednesday as analysts said the risk of extended lockdowns in Europe to combat the spread of COVID-19 and the continent’s lag in a vaccine rollout were weighing on the currency.

Down 0.1% against the dollar at $1.2117 by 1130 GMT, Europe’s shared currency had only the safe-haven Swiss franc and Sweden’s crown for company in resisting a broad rally against the greenback by the G-10 group of currencies.

“We’re getting more headlines that the current lockdowns will be extended further, which could mean that the euro zone would be flirting with a double-dip recession before long,” said Valentin Marinov, head of G10 FX research at Credit Agricole, noting Europe’s lag in rolling out a coronavirus vaccine compared to the United States and Britain.

“So all of that plays into the story that tomorrow’s ECB meeting, while uneventful in terms of policy announcements, could convey a relatively dovish message to the market. On top of that, President Lagarde could once again jawbone the euro, so the euro is kind of lagging behind.”

Marinov also noted price action in the pound, which hit $1.3720 – a 2-1/2-year high – and 88.38 pence – its highest since May 2020 against the euro – as a contributing factor to euro weakness. [GBP/]

There was also focus on a story by Bloomberg News, which reported the European Central Bank was conducting its bond purchases with specific yield spreads in mind, a strategy that would be reminiscent of yield curve control.

Elsewhere, the risk-sensitive Australian dollar gained 0.4% to $0.7727. The New Zealand dollar, also a commodity currency like the Aussie, gained 0.25% to $0.7133.

DOLLAR WEAKNESS

While the world will be watching Joe Biden’s inauguration as U.S. president at noon in Washington (1700 GMT), traders were more focused on his policies than the ceremony.

U.S. Treasury Secretary nominee Janet Yellen urged lawmakers at her confirmation hearing to “act big” on stimulus spending and said she believes in market-determined exchange rates, without expressing a view on the dollar’s direction.

The index that measures the dollar’s strength against a basket of peers was up almost 0.1% at 90.510. The euro forms nearly 60% of the dollar index by weight.

It also fell 0.1% against the Japanese yen to 103.81 yen per dollar.

While the dollar has perked up in recent weeks on the back of a rise in U.S. Treasury yields, investors still expect the currency to weaken.

“We remain bearish U.S. dollar, and expect the downtrend to resume as U.S. real yields top out,” said Ebrahim Rahbari, FX strategist at CitiFX.

“Continued Fed dovishness remains important for our view, in addition to global recovery, so we’ll watch upcoming Fed-speak closely.”

Positioning data shows investors are overwhelmingly short dollars as they figure that budget and current account deficits will weigh on the greenback.

(Graphic: Dollar positioning: https://fingfx.thomsonreuters.com/gfx/mkt/oakveyombvr/Pasted%20image%201611132945366.png)

UBS Global Wealth Management’s chief investment officer Mark Haefele reiterated a bearish view on the dollar, saying that pro-cyclical currencies such as the euro, commodity-producer currencies, and the pound would benefit “from a broadening economic recovery supported by vaccine rollouts”.

The cryptocurrency Bitcoin fell 4%, trading at $34,468.

(Reporting by Ritvik Carvalho; Editing by Angus MacSwan)

Continue Reading

Top Stories

England soccer star Rashford nets younger buyers for Burberry

Published

on

England soccer star Rashford nets younger buyers for Burberry 3

By Sarah Young

LONDON (Reuters) – Burberry stuck to its full-year goals on Wednesday after a media campaign fronted by high-profile English soccer star and social justice advocate Marcus Rashford drew a younger clientele to the British luxury brand.

Higher full-price sales would boost annual margins and Asian demand remained strong, Burberry said, while warning that it could suffer more sales disruption from COVID-19 lockdowns.

Manchester United striker Rashford, 23, has won plaudits for his campaign to help ensure that poorer children do not go hungry with schools closed during the pandemic.

A first coronavirus wave last year cut Burberry’s sales by as much as 45% before a bounce back on strong demand in mainland China and South Korea, which continued in the last few months.

Shares in Burberry were up 5% to 1,825 pence at 0905 GMT, with Citi analysts saying that improved sales quality from fewer markdowns would drive full-year consensus upgrades.

Burberry’s 9% sales decline in its third quarter was worse than the 6% fall in the second, and the company said that 15% of stores were currently closed and 36% operating with restrictions as a result of measures to curb COVID-19’s spread.

“We expect trading will remain susceptible to regional disruptions as we close the financial year,” Burberry said, adding that it was confident of rebounding when the pandemic eases given the brand’s resonance with customers.

In the third quarter, comparable store sales in Europe, the Middle East, India and Africa declined 37%, hit by shops shut in lockdowns and a lack of tourists visiting Europe, but in the same period, it posted sales growth of 11% in Asia Pacific.

Burberry said that Britain’s new relationship with the European Union would cause headwinds, warning of a modest increase in costs to comply with new rules and also the impact of an end to a scheme for VAT refunds for non-EU tourists.

This would make Britain a less attractive destination for luxury shopping when tourism returns after the pandemic, Burberry said, adding that it would try to mitigate the effect.

(Reporting by Sarah Young; Editing by Kate Holton, James Davey and Alexander Smith)

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

Why You Should Take On Debt To Stop Dilution 4 Why You Should Take On Debt To Stop Dilution 5
Finance13 hours ago

Why You Should Take On Debt To Stop Dilution

By Blair Silverberg, CEO of Capital Imagine an exciting space dominated by two major companies, each growing and developing at...

Audi aims to sell one million cars in China in 2023 6 Audi aims to sell one million cars in China in 2023 7
Business13 hours ago

Audi aims to sell one million cars in China in 2023

BEIJING (Reuters) – German premium automaker Audi aims to sell 1 million vehicles in China in 2023, versus 726,000 vehicles...

Netflix forecasts an end to borrowing binge, shares surge 8 Netflix forecasts an end to borrowing binge, shares surge 9
Business13 hours ago

Netflix forecasts an end to borrowing binge, shares surge

By Lisa Richwine and Eva Mathews (Reuters) – Netflix Inc said on Tuesday its global subscriber rolls crossed 200 million...

MGM Resorts drops takeover plan for Ladbrokes-owner Entain 10 MGM Resorts drops takeover plan for Ladbrokes-owner Entain 11
Business13 hours ago

MGM Resorts drops takeover plan for Ladbrokes-owner Entain

By Tanishaa Nadkar (Reuters) – Casino operator MGM Resorts International on Tuesday ditched plans to buy Ladbrokes owner Entain after...

Mike Ashley's Frasers ups stake in Hugo Boss to over 15% 12 Mike Ashley's Frasers ups stake in Hugo Boss to over 15% 13
Business14 hours ago

Mike Ashley’s Frasers ups stake in Hugo Boss to over 15%

(Reuters) – Mike Ashley-led Frasers said on Tuesday it has increased its stake in German luxury fashion house Hugo Boss...

Sterling rises above $1.37 for first time since 2018; UK inflation rises 14 Sterling rises above $1.37 for first time since 2018; UK inflation rises 15
Top Stories14 hours ago

Sterling rises above $1.37 for first time since 2018; UK inflation rises

By Elizabeth Howcroft LONDON (Reuters) – A combination of heightened risk appetite in global markets and UK-specific optimism lifted the...

Euro sinks amid broader risk rally against dollar 16 Euro sinks amid broader risk rally against dollar 17
Top Stories14 hours ago

Euro sinks amid broader risk rally against dollar

By Ritvik Carvalho LONDON (Reuters) – The euro struggled to join a broader risk rally against the dollar on Wednesday...

Britain to publish new weekly consumer spending data 18 Britain to publish new weekly consumer spending data 19
Finance15 hours ago

Britain to publish new weekly consumer spending data

LONDON (Reuters) – Britain’s statistics office said it would publish new weekly consumer spending data from Thursday, based on credit...

Mercedes unveils electric compact SUV in bid to outdo Tesla 20 Mercedes unveils electric compact SUV in bid to outdo Tesla 21
Business15 hours ago

Mercedes unveils electric compact SUV in bid to outdo Tesla

By Nick Carey (Reuters) – Daimler AG’s Mercedes-Benz on Wednesday unveiled the EQA, a new electric compact SUV as part...

England soccer star Rashford nets younger buyers for Burberry 22 England soccer star Rashford nets younger buyers for Burberry 23
Top Stories15 hours ago

England soccer star Rashford nets younger buyers for Burberry

By Sarah Young LONDON (Reuters) – Burberry stuck to its full-year goals on Wednesday after a media campaign fronted by...

Newsletters with Secrets & Analysis. Subscribe Now