Julian Wragg, EMEA Director, Pluralsight
Cyber-crime is reportedly one of the fastest growing crimes out there, and the financial services sector is a natural target for exploitation. HSBC is one of the most recent examples of this; the banking giant experienced multiple breaches at the start of this year. These threats are predicted to become commonplace as denial of service (DDoS) attacks grow in sophistication. A recent report highlighted that 57 per cent of financial sector institutions have experienced an attack of this nature, putting them at the centre of the bullseye for cyber-attackers. While the headlines and victims may vary, all findings conclude that the criminals are developing complex attack vectors at an astonishing rate. Whilst there’s no single solution to the problem, there is one common defence mechanism companies need to consider: equipping their employees with the knowledge and insight needed to provide a first (and second, and third) layer of defence.
More often than not, the easiest way to breach any company’s cyber defences is through its employees. Whether this is by exploiting a piece of software on a laptop that hasn’t been recently updated, or by gaining unauthorised access to an employee’s mobile phone or tablet, the means of access into a corporate network is wider than ever before. Even simple things like logging onto public Wi-Fi networks with your company laptop or smartphone to stream the latest episode of Homeland, employees could potentially be putting an entire organisation’s IT infrastructure at risk. IT security shouldn’t just be the priority of the CSO or IT department; it should be a priority for all, from the CEO through to the most junior assistant.
This is where the skillset of ethical hacking can make a real difference, especially to the financial sector. Ethical hacking is essentially where someone uses the techniques of a malicious hacker to identify the weak points in an organisation’s cybersecurity, and uses that knowledge to help its employer improve its defences. In the financial services sector in particular, the applications IT and DevOps teams delivers have to be as safe as possible. However, simply retrofitting security capabilities on top of pre-existing code can compromise functionality. Ethical hacking skills can be used during the application development process to test for flaws and weak points in the software, which can be invaluable when it comes to protecting the business.
The financial services industry is starting to sit up and take notice but there’s certainly more work to be done. Pluralsight cyber security course author and industry expert Dale Meredith said there is currently a massive skills gap in this space, citing an Information Systems Security Certification Consortium (ISC2) claim that there will be a shortage of 1.5 million trained professionals by 2020. Clearly, given the growing importance of security, this is a worrying trend for financial services, and could leave many organisations exposed to attacks. However, as ethical hacking as a concept becomes more widely known, there are greater opportunities for upskilling IT staff across financial services, and recruiting new employees that have these skills.
This is where the IT department can empower all staff to protect the wider business. The first step is ensuring IT staff and network administrators have the right tools and techniques available to understand hacking attacks on their business and where they might be vulnerable. While there are a number of training courses out there, it’s not enough to just send someone on a day long course. Ethical hacking is a constantly changing area, and it is far more effective for learners to have access to an online course when they can keep refreshing their knowledge as new threats emerge. At the same time, this on-demand approach much more closely matches how IT professionals want to learn – learning at their own pace in any location.
The problem of cyberattacks isn’t going away and 2016 looks set to be just as challenging, with ThreatMatrix reporting a 40% increase in financial cybercrime over the last 12 months. It’s only by fully understanding the threat and ensuring everyone has the necessary skills and knowledge to mitigate them that the financial services sector can protect itself from the threats that cyberattacks represent, and focus on its core business objectives.