2018 Cybersecurity Trends You Need to Know Now

It’s clear that financial institutions are prime targets for cyberattacks. According to a recent report from Thales, 42 percent of U.S. financial service institutions have already experienced a breach (that they know of), and 12 percent have been victims of multiple data breaches. The alarming reality is that attacks continue to bypass traditional cybersecurity solutions and go unnoticed for weeks or even months, forcing a frantic scramble to mitigate the damage to customers and operations once found.   Some key industry trends will continue to present challenges for financial institutions as they try to get control of their cybersecurity posture.

The rise of network connected devices and IoT

Financial institutions continue to enhance and evolve the customer experience by allowing users to access account information from anywhere, via any device. This increased use of personal digital access to sensitive data is creating new opportunities for banks to better engage with users, increase customer loyalty, and create business opportunities with new services. A plethora of network connected devices such as ATMs, surveillance systems, and banking kiosks are increasingly interconnected to improve business productivity, drive efficiencies, and reduce operational costs. These are all huge wins for financial institutions and consumers, but at what price to security?

As enterprises increasingly enable direct access to financial operations over the public internet, they in turn, have opened new vulnerabilities that make it easier for attackers to penetrate and exploit critical enterprise operations. In 2018, we predict that these entry points will be attacked more broadly, exposing all parts of the network, even those seemingly far removed from an ATM, mobile device, or customer PC. This will increase enterprise susceptibility to targeted and often undetectable attacks that can create wide-scale disruption.

New, advanced malware targeting endpoints

New and advanced threats targeting financial services organizations are emerging daily, such as file-less code, weaponized documents, memory-based attacks, and stolen signing certificates. One recent example is a phishing attack directed at organizations involved in the upcoming Winter Olympics, named ‘Operation PowerShell Olympics’ by McAfee Labs. This type of malware was brand new to the market, demonstrating how malicious code can be custom-made to hand control of the victim’s device over to the attackers.

Endpoints are especially vulnerable because conventional endpoint security solutions typically attempt to look for a pattern associated with existing malware and attack profiles. Attackers now have tools that allow them to rapidly morph malware code, ensuring it or its effects will not be seen as an anomaly discoverable by traditional security systems. Malware that resides in computer memory, not the hard drive, can be constructed in a running application on the spot with each instance varied, making it frequently impossible to defeat using endpoint detection and response (EDR), breach detection systems (BDS), anti-malware, machine-learning anti-virus, and other detection-based endpoint protection approaches.

Also, consider that any great, new cyber security technology is also available to the ‘bad’ guys.  According to a report by CSO Magazine, cyber criminals steal hundreds of millions of dollars annually with near impunity. For every one that gets caught, 10,000 or more go free. With little risk for these high-value crimes, attackers will continue to devote the time and resources needed to crack firewalls, defeat detection, elude artificial intelligence, or find any other vulnerability to get to the “gold.”

Growing risk from insider threats

A survey by the Ponemon Institute found that 67 percent of respondents believe their company is more likely to fall victim to a cyberattack or data breach in 2018. Over 60 percent are more concerned about a data breach from a third party outside their operations. But insider threats — whether malicious or unintentional — can be just as damaging.  One of the most high-profile examples of this is the Target breach in 2013, when cyber attackers gained access to the company’s computer gateway through legitimate credentials stolen from an authorized vendor, affecting more than 41 million of its customer payment card accounts.

Attackers are masterminds at finding the weakest penetration point into a network, such as poorly managed endpoints or the often neglected underbelly of operational technology infrastructure where partners or vendors are involved. Stronger authentication technology has often been seen as expensive, complex, and poorly tolerated by users. So, the protection of the enterprise’s most sensitive operations is often left reliant on weak authentication alternatives dependent on users’ IDs and passwords. Financial organizations continuing to rely primarily on user-based and software-defined authentication will struggle to maintain authentication effectiveness, continuing to remain exposed to potentially avoidable cyber events.

Adoption of advanced network segmentation and isolation

A common pattern has emerged at the root of nearly every major cybersecurity attack in business and government in the last few years. Attackers start at the lowest common denominator, such as a poorly managed device, and work their way to the core of operations to extract information. A financial organization’s cyber resiliency is no better than its weakest link.

The reality is that there are certain parts of a business which have no reason to be visible to the rest of the world and therefore should not be connected to even a well-defined perimeter. Compartmentalizing the network with a “zero trust architecture” approach is a recognized concept as noted by industry analyst firm, Forrester. But the rapidly evolving sophistication of cyber threats is generating a new emphasis to take network segmentation to the next level. Financial institutions are being driven to explore more comprehensive approaches and practices, such as those used in defense and intelligence agencies. This includes completely isolating operational technology (OT) that supports enterprise operations, which were never intended to be publicly accessible, from vulnerabilities inherent in an IT environment necessarily open to public access to better serve customers.

There are no silver bullets

As the debilitating effects of an enterprise breach are increasingly recognized by corporate officers and directors, we’re finally seeing cybersecurity get the organizational attention it deserves. But, there are no silver bullets that ensure protection. Thus, maintaining resilience to cyber attacks is an on-going process of asking the right questions and making proactive decisions to integrate cybersecurity as an inherent part of enterprise operations. As noted by the industrial pioneer, William Edwards Deming, quality is built-in, not inspected in. The same is true for cybersecurity.

Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Vladimir Putin
What is The Net Worth of Vladimir Putin?
Jane Fonda
How Jane Fonda Achieved a Net Worth of $200 Million
William Burr
How Bill Burr Achieved a Net Worth of $8 Million
Why is Health Insurance So Expensive?
The 20 Most Expensive Stocks in 2019 By Share Price
Advice on Obtaining a Credit Card as a College Student
Takeaways from The 2019 Student Card Survey from Creditcard.com
American Tower
Why American Tower is a Solid Long-Term Dividend Stock
20 ‘Smart’ Technologies That Will Be Available Before We Know It
embedded personal devices
Where are We With Embedded Personal Devices?
20 Smartphone Technologies That Will Blow You Away
bullets that change direction
Where are We With Bullets that Change Direction?
The 20 Worst Airlines in the World in 2019
Swift and Sons
The 20 Best Steakhouses in Chicago
Caladesi Island
The 20 Best Beaches in Florida in 2019
Why La Cosecha Argentinian Steakhouse is One of Miami’s Finest Steakhouses
Land Rover Discovery
The 20 Worst Resale Value Cars of 2019
Hybrid Cars
The 20 Best Hybrid Cars of All-Time
Rolls Royce Silver Seraph
The Rolls Royce Silver Seraph: A Closer Look
The Rolls-Royce Silver Spirit
The Rolls-Royce Silver Spirit: Its History and Its Evolution
A Closer Look at the Hublot Bigger Bang
IWC Big Pilot's Watch Constant-Force Tourbillon Edition Le Petit Prince
A Closer Look at the IWC Big Pilot’s Watch Constant-Force Tourbillon Edition Le Petit Prince
A Closer Look at the Jaeger-LeCoultre Master Ultra Thin Tourbillon
Time Traveling: The Hublot Classic Fusion Zirconium