2018 Cybersecurity Trends You Need to Know Now

Hacker

It’s clear that financial institutions are prime targets for cyberattacks. According to a recent report from Thales, 42 percent of U.S. financial service institutions have already experienced a breach (that they know of), and 12 percent have been victims of multiple data breaches. The alarming reality is that attacks continue to bypass traditional cybersecurity solutions and go unnoticed for weeks or even months, forcing a frantic scramble to mitigate the damage to customers and operations once found.   Some key industry trends will continue to present challenges for financial institutions as they try to get control of their cybersecurity posture.

The rise of network connected devices and IoT

Financial institutions continue to enhance and evolve the customer experience by allowing users to access account information from anywhere, via any device. This increased use of personal digital access to sensitive data is creating new opportunities for banks to better engage with users, increase customer loyalty, and create business opportunities with new services. A plethora of network connected devices such as ATMs, surveillance systems, and banking kiosks are increasingly interconnected to improve business productivity, drive efficiencies, and reduce operational costs. These are all huge wins for financial institutions and consumers, but at what price to security?

As enterprises increasingly enable direct access to financial operations over the public internet, they in turn, have opened new vulnerabilities that make it easier for attackers to penetrate and exploit critical enterprise operations. In 2018, we predict that these entry points will be attacked more broadly, exposing all parts of the network, even those seemingly far removed from an ATM, mobile device, or customer PC. This will increase enterprise susceptibility to targeted and often undetectable attacks that can create wide-scale disruption.

New, advanced malware targeting endpoints

New and advanced threats targeting financial services organizations are emerging daily, such as file-less code, weaponized documents, memory-based attacks, and stolen signing certificates. One recent example is a phishing attack directed at organizations involved in the upcoming Winter Olympics, named ‘Operation PowerShell Olympics’ by McAfee Labs. This type of malware was brand new to the market, demonstrating how malicious code can be custom-made to hand control of the victim’s device over to the attackers.

Endpoints are especially vulnerable because conventional endpoint security solutions typically attempt to look for a pattern associated with existing malware and attack profiles. Attackers now have tools that allow them to rapidly morph malware code, ensuring it or its effects will not be seen as an anomaly discoverable by traditional security systems. Malware that resides in computer memory, not the hard drive, can be constructed in a running application on the spot with each instance varied, making it frequently impossible to defeat using endpoint detection and response (EDR), breach detection systems (BDS), anti-malware, machine-learning anti-virus, and other detection-based endpoint protection approaches.

Also, consider that any great, new cyber security technology is also available to the ‘bad’ guys.  According to a report by CSO Magazine, cyber criminals steal hundreds of millions of dollars annually with near impunity. For every one that gets caught, 10,000 or more go free. With little risk for these high-value crimes, attackers will continue to devote the time and resources needed to crack firewalls, defeat detection, elude artificial intelligence, or find any other vulnerability to get to the “gold.”

Growing risk from insider threats

A survey by the Ponemon Institute found that 67 percent of respondents believe their company is more likely to fall victim to a cyberattack or data breach in 2018. Over 60 percent are more concerned about a data breach from a third party outside their operations. But insider threats — whether malicious or unintentional — can be just as damaging.  One of the most high-profile examples of this is the Target breach in 2013, when cyber attackers gained access to the company’s computer gateway through legitimate credentials stolen from an authorized vendor, affecting more than 41 million of its customer payment card accounts.

Attackers are masterminds at finding the weakest penetration point into a network, such as poorly managed endpoints or the often neglected underbelly of operational technology infrastructure where partners or vendors are involved. Stronger authentication technology has often been seen as expensive, complex, and poorly tolerated by users. So, the protection of the enterprise’s most sensitive operations is often left reliant on weak authentication alternatives dependent on users’ IDs and passwords. Financial organizations continuing to rely primarily on user-based and software-defined authentication will struggle to maintain authentication effectiveness, continuing to remain exposed to potentially avoidable cyber events.

Adoption of advanced network segmentation and isolation

A common pattern has emerged at the root of nearly every major cybersecurity attack in business and government in the last few years. Attackers start at the lowest common denominator, such as a poorly managed device, and work their way to the core of operations to extract information. A financial organization’s cyber resiliency is no better than its weakest link.

The reality is that there are certain parts of a business which have no reason to be visible to the rest of the world and therefore should not be connected to even a well-defined perimeter. Compartmentalizing the network with a “zero trust architecture” approach is a recognized concept as noted by industry analyst firm, Forrester. But the rapidly evolving sophistication of cyber threats is generating a new emphasis to take network segmentation to the next level. Financial institutions are being driven to explore more comprehensive approaches and practices, such as those used in defense and intelligence agencies. This includes completely isolating operational technology (OT) that supports enterprise operations, which were never intended to be publicly accessible, from vulnerabilities inherent in an IT environment necessarily open to public access to better serve customers.

There are no silver bullets

As the debilitating effects of an enterprise breach are increasingly recognized by corporate officers and directors, we’re finally seeing cybersecurity get the organizational attention it deserves. But, there are no silver bullets that ensure protection. Thus, maintaining resilience to cyber attacks is an on-going process of asking the right questions and making proactive decisions to integrate cybersecurity as an inherent part of enterprise operations. As noted by the industrial pioneer, William Edwards Deming, quality is built-in, not inspected in. The same is true for cybersecurity.



Add Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Steven Schonfeld
10 Things You Didn’t Know about Steven Schonfeld
Yves Guillemot
10 Things You Didn’t Know about Yves Guillemot
Jim Rohn
The 20 Best Jim Rohn Quotes That Apply to Business
Gregg Yeutter
10 Things You Didn’t Know About Greg Yeutter
Vermont
How to File for Unemployment in Vermont
Utah
How to File For Unemployment in Utah
Tennessee
How to File for Unemployment in Tennessee
South Dakota
How to File for Unemployment in South Dakota
Lake Catherine State Park
The 20 Best Things To Do in Hot Springs, AR For First-Timers
Newport Pier
The 20 Best Things to Do in Newport Beach, CA for First Timers
The Blind Tiger
The 20 Best Things to Do in Shreveport, LA for First Timers
PNC Field
The 20 Best Things to Do in Scranton, PA for First Timers
2020 Mercedes GLC 43 1
A Closer Look at The 2020 Mercedes GLC 43
2021 Chevy Colorado 5
A Closer Look at the 2021 Chevy Colorado ZR2
2022 Hyundai Tucson 4
A Closer Look at The 2022 Hyundai Tucson
The 2021 Ford Mustang Mach-E 1
The 10 Best Compact Crossover SUVs for 2021
A Closer Look at The Oris Carysfort Reef Limited Edition
MB&F Bulldog
A Closer Look at The The MB&F HM10 Bulldog
A Closer Look at the Favre-Leuba Raider Sea King
A Closer Look at The Casio Pro Trek PRT-B50 Black Titanium
Bella Hadid
How Bella Hadid Achieved a Net Worth of $25 Million
Cyndi Lauper
How Cyndi Lauper Achieved a Net Worth of $50 Million
Robert Pattinson
How Robert Pattinson Achieved a Net Worth of $100 Million
Alyssa Milano
How Alyssa Milano Achieved a Net Worth of $10 Million