Connect with us

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website. .

Finance

EMAIL-BORNE CYBER-ATTACKS IN THE FINANCIAL SECTOR

Security - Global Banking | Finance

By Patrick Peterson, CEO, Agari

2014 was a banner year for cybercriminals, who targeted consumers with major malware, advanced persistent threats (APTs), and phishing email attacks across a variety of business sectors. Sadly, given today’s hackers have the time, energy and resources needed to design imposter or falsified emails to extract financial information from unsuspecting employees or customers – whether itsaccount numbers, passwords or other personally identifiable data – there can be little doubt that phishing campaigns will continue with fervor to be a primary attack vector in the year ahead.

Industrial-scale espionage cyber-attacks are typified in public memory by huge cases like those that compromised Sony in recent weeks – but, the important thing to note is that each of these campaigns, like many others before and since, began with an email. The unfortunate truth is that email was created with a fundamental flaw – anyone can send an email using someone else’s identity – and perpetrators of cybercrime are exploiting this weakness.

Patrick Peterson CEO Agari

Patrick Peterson CEO Agari

The design flaws in the basic architecture of the internet can be twisted to a hacker’s advantage, manipulated to send email from what looks to be a legitimate domain – usually a “.com” return address that appears to be identical to those used by reputable businesses. To date, there have been considerable technological developments that stop people from impersonating ISPs or domain spoofing, but it still remains relatively easy to do.

The growth of digital marketing is also facilitating the use of email as an attack vector. Indeed, companies are spending record amounts of their marketing budget on reaching their customers via digital channels. However, while this can be hugely successful from a business perspective, customers can struggle to spot phishing emails when, for all intents and purposes, the message that has landed in their inbox looks like the real deal.Basic security intelligence has long been championed as a crucial way of protecting business infrastructure – whether it’s looking for unusual changes in URL hyperlinks or the anomalous use of certain names in email ‘from’ fields – as this can indicate if malicious activity is at work inside a business, or attempting to penetrate it. This is no longer enough.

Built upon the sort of data hackers can only dream of, financial institutions must become proactive protectors of their own reputation and move to the frontline in the fight against cybercrime. As a first step, deploying solutions that enable them to manage and gain visibility into how their domains are used, and by whom, is vital.A big positivecurrently taking place in the security industry, and one that might level out the playing field between hackers and business, is the rise of data analytics. With the ability to collect, store and mine mammoth quantities of data, big data has given the data protection community an unprecedented advantage in the fight against organised cyber-gangs. Now, by continuously analysing email data in real-time and having the capacity to detect malicious IP addresses and URLs, these cyber-attacks can not only be spotted well in advance and taken down, but their point of origin in the world can also be established. Interestingly, Gartner forecasted at the close of 2014 that ‘Context-based systems’ would be a key trend this year too.[1]

The technology to authenticate emails has been around for some time, but some companies have been slow to use it as specialist service providers sought sustainable business models. In our own piece of quarterly research, we discovered that only a select few financial organisations are starting to adopt all three-email security standards available to them – these are SPF, DKIM, and DMARC. SPF allows email senders to specify which IP addresses are allowed to send email from a given domain. DKIM complements SPF by giving email senders a way to digitally sign all the outgoing email, letting email receivers confirm that no changes have been made to the email since it was sent. Lastly, DMARC allows email senders to tell receivers when they should rely on DKIM and SPF for a given domain, and what to do when messages fail those tests. Only companies who implement all three standards can rest assured their brands aren’t been abused by hackers via the email channel. In the Q3 edition of the report, released in December 2014, we found that many European financial organisations are still not taking the necessary steps outlined above to protect their customers from email-borne phishing attacks. Indeed, a number of them are only implementing one or two of the email authentication standards readily available to them. It might come as some surprise to learn that the likes of SKY, Ladbrokes and Deutsche Bank are not progressing with any of the three.

Sustained cyberattacks on banks, retailers and governments will undoubtedly continue to drive investment growth in technologies designed to combat cybercrime, but if email remains one of the most exposed access points in the business network then efforts will ultimately be in vain. And, since email is likely to continue to be one of the most simple and immediate ways of reaching and staying in touch with customers in the future, ownership for defending customers from cyber attacks in this guise must fall to the business. Research time and time again shows that malicious emails damage a brand, erode customer trust, and impact a company’s bottom line. Things have to change. Forrester Research sum it up perfectly in its predictions for 2015: “If your customers don’t trust you to rigorously protect and genuinely respect their sensitive data, they’ll take their business elsewhere.”[2]

[1]http://www.gartner.com/newsroom/id/2867917

[2]https://www.forrester.com/60+Of+Brands+Will+Discover+A+Breach+Of+Sensitive+Data+In+2015/-/E-PRE7425

Global Banking & Finance Review

 

Why waste money on news and opinions when you can access them for free?

Take advantage of our newsletter subscription and stay informed on the go!


By submitting this form, you are consenting to receive marketing emails from: Global Banking & Finance Review │ Banking │ Finance │ Technology. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

Recent Post