Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites.
Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. For avoidance of any doubts and to make it easier, you may consider any links to external websites as sponsored links. Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Finance sector continues to risk breaches while mobiles and tablets remain unprotected

By Dave Waterson, CEO, SentryBay

A report from Accenture last year found that managing the threat and incidence of cyberattacks was higher for the financial services sector than for any other industry. It’s no surprise, therefore, that during the Covid-19 crisis, there has been a huge spike in malicious attacks on banks and finance companies with cyber-criminals determined to exploit every possible vulnerability as companies shift working practices rapidly and with minimum planning.

The virtualised environments and application-centric solutions that are a bi-product of digital transformation will have been advantageous to those finance organisations already embarked on the process. Higher levels of automation and security will deliver resilience and agility, but even with this in place, the proliferation of devices from mobiles through to home PCs now being used to connect with corporate networks, leaves dangerous openings in the security perimeter that are easily targeted.

Such is the threat posed by unprotected mobile devices, all of the UK’s leading mobile operators have joined forces with GCHQ’s National Cyber Security Centre (NCSC) to tackle what are called ‘smishing’ attacks (SMS phishing) created specifically to capitalise on the Covid-19 crisis. Like phishing emails, these are sent as texts designed to trick mobile users into clicking on infected links.

So far, around 50 banks and government organisations have got involved, enabling their text messages to be protected, and over 400 unauthorised text variants are being blocked even as the list grows.

Endpoint security weakness

For those of us working in the IT security industry, the increase in attacks on mobile devices comes as no surprise. As employees started to work from home or from remote locations, accessing corporate data and applications from unmanaged devices including mobiles, tablets, home laptops and PCs became commonplace and necessary. Not every organisation was able to furnish its workers with fully secure technology at such short notice. The easiest way for cyber-criminals to steal sensitive corporate data is by accessing a corporate network remotely from a compromised unmanaged device, so lockdown provided a perfect opportunity.

These devices, or endpoints, are often the weakest link in the security chain, which is why, according to a 2019 report, it was found that 70 per cent of breaches originate at the endpoint.

There are a number of reasons for this. Often these devices have a lower security posture, possibly out-of-date anti-virus or internet security software; they have a higher risk of compromise because they could be running counterfeit or unlicensed solutions; or they are operating from an untrusted network. Banks and financial organisations have very little control over the software that is currently, or has previously been running on the device, and limited options for assessing these deficiencies. On mobiles it is even more unlikely that security solutions will be installed, or up to date.

How does it happen?

Usually unmanaged devices accessing a network remotely are at a higher risk of stolen sensitive data (including corporate login credentials) from attacks involving keylogging, which, along with spyware is ranked the highest global malware, by the NTT Security Threat Intelligence Report. Other attacks to be aware of include screen capture / screen grabbing, man-in-the-browser, saved account detail harvesting, screen mirroring, man-in-the-middle, DLL injection, and RDP double-hop. At the moment, with so few people working within the security of an on-premise network the risk is increased hugely.

Financial and banking organisations need to address their security environment with new approaches. Attacks are increasing by the day, so it’s imperative that steps are taken now, if they haven’t already been, to make sure that unmanaged devices accessing the corporate network carry the same security protocols as managed devices that sit within the corporate perimeter. This includes ensuring that applications accessing the network are isolated from the rest of the potentially-compromised unmanaged mobile or endpoint and protecting against kernel-level threats commonly missed by anti-virus software.

We recommend utilising security solutions that are built for purpose. This means they can protect data entry on mobiles and tablets, particularly into remote access apps like Citrix, VMWare, WVD, web browsers and Microsoft Office applications, including Office365. Browsers that access the corporate network should be locked down, including URL whitelisting, enforced certificate checking and enforced https.

Rapid deployment is also important, so organisations need to identify solutions that can be up and running within 24 hours, without the need for specially configured software or hardware – a straightforward download and install from pre-configured software is the best route to take. Companies can look out for proven anti-key logging software that can protect every keystroke into any application and prevent screen-scraping malware from stealing credentials and sensitive data. Access to a portal that allows simple configuration by administrators will be a bonus.

Of course, one area of great vulnerability is the login, so credentials must be checked and advanced mechanisms to identify malware C2 communication are vital

At the moment, we are intensely focused on the impact of Covid-19, but banking and finance organisations should adopt these security measures permanently. In a survey we carried out last month amongst 1550 employees, 63% said that they would want to spend at least some of their working time at home in the future. That being the case, improved mobile and endpoint security must become an essential element of their total security environment.