Connect with us

Top Stories

HOW SANDBOXING CAN HELP FINANCIAL INSTITUTIONS STAY AHEAD OF ATTACKERS IN THE CYBER-SECURITY ARMS RACE

Published

on

HOW SANDBOXING CAN HELP FINANCIAL INSTITUTIONS STAY AHEAD OF ATTACKERS IN THE CYBER-SECURITY ARMS RACE

Florian Malecki, International Product Marketing Director, SonicWall, EMEA

Florian Malecki

Florian Malecki

From reading about the most prominent cyber-attacks of 2017 so far, you would be forgiven for thinking that hackers have targeted organisations indiscriminately, both geographically and in terms of industry verticals. But this assumption is inherently flawed. Financial institutions, along with manufacturers and healthcare providers are among the organisations most frequently targeted by cyber-criminals. Given the importance of data to the day-to-day functioning of these industries, it is perhaps no surprise. Financial data, for example, is hugely appealing to cyber-criminals. Not only can it be used to steal funds directly from accounts, the withholding of access to mission-critical data can bring an institution to its knees, providing a lucrative opportunity for extortion. Furthermore, the interconnected nature of financial institutions’ operations leaves these organisations particularly vulnerable, enabling rapid cross-infection during incoming attacks.

Data security has risen from a fringe concern for IT, to a board level priority in just a few years. This is because of both the dramatic increase in the gravity and the frequency of attacks. Data from SonicWall’s International Threat Networks hows sizable increases in ransomware attacks; from 3.8 million attempts in 2015 to more than 638 million in 2016, in other words,a 167-fold increase! And it’s not just about the rising frequency of attacks, modern cyber-attacks cost companies millions. Today’s cyber-criminals leverage the threat of reputational damage, service disruption and revenue loss to demand large sums of money from victims. In fact, it has been estimated by Lloyd’s of London that a major global cyber-attack could cost the worldwide economy up to £40 billion. This would make the recent WannaCry (£6 billion) and NotPetya (£647 million) attacks look miniscule by comparison.

Another important point is that cyber-threats are continually evolving to overcome existing security measures and cyber-criminals consistently refine their means and methods to exploit new and old vulnerabilities. No-one is safe –criminals are an ever-present threat and can action their attacks from anywhere in the world. Banks and financial institutions present high-profile targets with the potential for a considerable bounty should an attack prove successful. With this in mind, cyber-security should be a number one consideration for any business, but particularly financial institutions where service disruptions can generate even greater losses during an incident.

How should IT managers at financial institutions protect their organisations?

Given the negative impacts of cyber-crime and data-breaches on financial organisations, detecting malicious code before it can impact the network is critical for their IT teams. Though global ransomware attacks, such as the ones that took down the NHS dominate the headlines, the most significant challenge comes from the highly targeted – often zero-day –attacks that are becoming increasingly common. Such attacks involve never-before-seen code packages, uniquely targeted at enterprises sometimes down to the branch level. These tend to have a much higher success rate than generic attacks as financial organisations are often under prepared for such an event.

With cyber-criminals and security experts effectively locked into a cyber-arms race, featuring ever more sophisticated strategies and vectors, IT managers must ensure modern protection for their networks. This includes next-generation firewall technology, which can identify traditional and new threat types and must be capable of decrypting standard encrypted traffic to ensure that malicious code cannot infiltrate the network from personal web-based accounts, applications and web-pages.It also requires comprehensive wireless device security, with per-device and user-specific access rights and application VPN to enable mobile working whilst maintaining complete security.

These solutions fall into the endpoint security camp; where malicious code is detected and destroyed at the security endpoint within the network. However, with bandwidth and productivity playing an important part in achieving a competitive edge, some businesses require offsite security expertise.

How sandboxing can prevent security breaches

Sandboxing should be the best friend of every IT security professional. It not only provides a secure environment in which to ‘detonate’ the malicious code, it ensures that advanced threats – ones capable of lying dormant during security checks – are captured and isolated. The more engines that the security sandbox has at its disposal to analyse and quarantine threats, the harder it is for new variants to fool the system and escape into the network. All businesses should be looking to adopt sandboxing technology that monitors for the following behaviours:

  • OS calls: Including monitoring system calls and API functions
  • File system changes: Any kind of action, including creating, modifying, deleting and encrypting files Network changes: Any kind of abnormal establishment of outbound connections
  • Registry changes: Any modifications to establish persistence or changes to security or network settings
  • Beyond and between: Monitoring of instructions that a program executes between OS calls, to supplement context of other observations

Critically, sandboxing is the best method for avoiding zero-day attacks that employ new/unencountered coding and which do not have previously developed signatures available to allow onsite firewalls to identify them.

Invest in confidence

The modern cyber-security landscape requires intelligent security technologies to combat the sophisticated threats emerging from the global cyber-criminal community. Onsite firewalls can shield business networks from much of the onslaught, however, with hackers developing innovative delivery mechanisms for augmented malware strains and identifying new zero-day vulnerabilities in software platforms, more powerful systems are becoming integral to maintaining secure networks.

In the wake of WannaCry and NotPetya, many organisations will be reflecting on their investment in cyber-security. One thing is for certain, there will be many more attacks like these ones and the question remains, are businesses willing to invest in security now to avoid potentially devastating losses in the future?

Top Stories

Sunak to use budget to expand apprenticeships in England

Published

on

Sunak to use budget to expand apprenticeships in England 1

LONDON (Reuters) – British finance minister Rishi Sunak will announce more funding for apprenticeships in England when he unveils his budget next week, the government said on Friday.

Employers taking part in the Apprenticeship Initiative Scheme will from April 1 receive 3,000 pounds ($4,179) for each apprentice hired, regardless of age – an increase on current grants of between 1,500 and 2,000 pounds depending on age.

The scheme will extended by six months until the end of September, the finance ministry said.

Sunak will also announce an extra 126 million pounds for traineeships for up to 43,000 placements.

Sunak’s March 3 budget will likely include a new round of spending to prop up the economy during what he hopes will be the last phase of lockdown, but he will also probably signal tax rises ahead to plug the huge hole in the public finances.

Sunak is also expected to announce a “flexi-job” apprenticeship scheme, whereby apprentices can join an agency and work for multiple employers in one sector, the finance ministry said.

“We know there’s more to do and it’s vital this continues throughout the next stage of our recovery, which is why I’m boosting support for these programmes, helping jobseekers and employers alike,” Sunak said in a statement.

(Reporting by Andy Bruce, editing by David Milliken)

Continue Reading

Top Stories

UK seeks G7 consensus on digital competition after Facebook blackout

Published

on

UK seeks G7 consensus on digital competition after Facebook blackout 2

LONDON (Reuters) – Britain is seeking to build a consensus among G7 nations on how to stop large technology companies exploiting their dominance, warning that there can be no repeat of Facebook’s one-week media blackout in Australia.

Facebook’s row with the Australian government over payment for local news, although now resolved, has increased international focus on the power wielded by tech corporations.

“We will hold these companies to account and bridge the gap between what they say they do and what happens in practice,” Britain’s digital minister Oliver Dowden said on Friday.

“We will prevent these firms from exploiting their dominance to the detriment of people and the businesses that rely on them.”

Dowden said recent events had strengthened his view that digital markets did not currently function properly.

He spoke after a meeting with Facebook’s Vice-President for Global Affairs, Nick Clegg, a former British deputy prime minister.

“I put these concerns to Facebook and set out our interest in levelling the playing field to enable proper commercial relationships to be formed. We must avoid such nuclear options being taken again,” Dowden said in a statement.

Facebook said in a statement that the call had been constructive, and that it had already struck commercial deals with most major publishers in Britain.

“Nick strongly agreed with the Secretary of State’s (Dowden’s) assertion that the government’s general preference is for companies to enter freely into proper commercial relationships with each other,” a Facebook spokesman said.

Britain will host a meeting of G7 leaders in June.

It is seeking to build consensus there for coordinated action toward “promoting competitive, innovative digital markets while protecting the free speech and journalism that underpin our democracy and precious liberties,” Dowden said.

The G7 comprises the United States, Japan, Britain, Germany, France, Italy and Canada, but Australia has also been invited.

Britain is working on a new competition regime aimed at giving consumers more control over their data, and introducing legislation that could regulate social media platforms to prevent the spread of illegal or extremist content and bullying.

(Reporting by William James; Editing by Gareth Jones and John Stonestreet)

 

Continue Reading

Top Stories

Britain to offer fast-track visas to bolster fintechs after Brexit

Published

on

Britain to offer fast-track visas to bolster fintechs after Brexit 3

By Huw Jones

LONDON (Reuters) – Britain said on Friday it would offer a fast-track visa scheme for jobs at high-growth companies after a government-backed review warned that financial technology firms will struggle with Brexit and tougher competition for global talent.

Finance minister Rishi Sunak said that now Britain has left the European Union, it wants to make sure its immigration system helps businesses attract the best hires.

“This new fast-track scale-up stream will make it easier for fintech firms to recruit innovators and job creators, who will help them grow,” Sunak said in a statement.

Over 40% of fintech staff in Britain come from overseas, and the new visa scheme, open to migrants with job offers at high-growth firms that are scaling up, will start in March 2022.

Brexit cut fintechs’ access to the EU single market and made it far harder to employ staff from the bloc, leaving Britain less attractive for the industry.

The review published on Friday and headed by Ron Kalifa, former CEO of payments fintech Worldpay, set out a “strategy and delivery model” that also includes a new 1 billion pound ($1.39 billion) start-up fund.

“It’s about underpinning financial services and our place in the world, and bringing innovation into mainstream banking,” Kalifa told Reuters.

Britain has a 10% share of the global fintech market, generating 11 billion pounds ($15.6 billion) in revenue.

The review said Brexit, heavy investment in fintech by Australia, Canada and Singapore, and the need to be nimbler as COVID-19 accelerates digitalisation of finance, all mean the sector’s future in Britain is not assured.

It also recommends more flexible listing rules for fintechs to catch up with New York.

“We recognise the need to make the UK attractive a more attractive location for IPOs,” said Britain’s financial services minister John Glen, adding that a separate review on listings rules would be published shortly.

“Those findings, along with Ron’s report today, should provide an excellent evidence base for further reform.”

SCALING UP

Britain pioneered “sandboxes” to allow fintechs to test products on real consumers under supervision, and the review says regulators should move to the next stage and set up “scale-boxes” to help fintechs navigate red tape to grow.

“It’s a question of knowing who to call when there’s a problem,” said Kay Swinburne, vice chair of financial services at consultants KPMG and a contributor to the review.

A UK fintech wanting to serve EU clients would have to open a hub in the bloc, an expensive undertaking for a start-up.

“Leaving the EU and access to the single market going away is a big deal, so the UK has to do something significant to make fintechs stay here,” Swinburne said.

The review seeks to join the dots on fintech policy across government departments and regulators, and marshal private sector efforts under a new Centre for Finance, Innovation and Technology (CFIT).

“There is no framework but bits of individual policies, and nowhere does it come together,” said Rachel Kent, a lawyer at Hogan Lovells and contributor to the review.

($1 = 0.7064 pounds)

(Reporting by Huw Jones; editing by Jane Merriman and John Stonestreet)

 

Continue Reading
Editorial & Advertiser disclosureOur website provides you with information, news, press releases, Opinion and advertorials on various financial products and services. This is not to be considered as financial advice and should be considered only for information purposes. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third party websites, affiliate sales networks, and may link to our advertising partners websites. Though we are tied up with various advertising and affiliate networks, this does not affect our analysis or opinion. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you, or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish sponsored articles or links, you may consider all articles or links hosted on our site as a partner endorsed link.

Call For Entries

Global Banking and Finance Review Awards Nominations 2021
2021 Awards now open. Click Here to Nominate

Latest Articles

Newsletters with Secrets & Analysis. Subscribe Now