SPECIAL REPORT | Cyber Security he Financial T
Conduct Authority (FCA) has announced plans to investigate Equifax following
the recent cyber attack on the business. As many as 694,000 UK users were affected, a number that rises beyond 143 million when US customers are included. Although Equifax has welcomed the
investigation to “learn the lessons from this criminal cyber attack”, the incident serves as a warning to the financial services industry that cyber criminals are implementing increasingly intelligent ways of outsmarting IT systems. The truth is that firms in this sector have been facing cyber attacks for decades, as this industry is especially attractive for criminals who are looking to access financial data. Aſter all, the data being held on these systems not only includes clients’ financial and personal details, but also information about the firms as well. It is undoubtedly difficult for banks and financial institutions to continually defend against the constant cyber attacks they face, but IT security must be considered a priority when it comes to budgets.
Why are banks such easy targets? The biggest reason that criminals target banks is obvious: money. Financially- motivated cybercrimes account for three quarters of all reported security breaches. This is an issue, with many firms underestimating the importance of cyber security. With budgets being evaluated more critically than ever in an
‘ According to FCA data, only five cyber attacks were reported in 2014 – as opposed to the staggering 75 reported in the first 10 months of 2016 alone’
effort to reduce costs, financial firms can find themselves working with substandard defences. In addition, the computing systems of financial firms are not only incredibly complex, but can include outdated legacy systems. This creates a good opportunity for cyber criminals to target various parts of the communication and transactional systems within these organisations. The individuals behind these attacks understand that bypassing standard controls can provide them with access to the back-end systems, which can lead to a huge loss for the firm and a major gain for the fraudsters. Without a doubt, cyber criminals have
become more patient and more intelligent over the years, especially when they’re financially motivated. Some hackers will watch an organisation for months, sometimes even years, to establish where the vulnerabilities are in its systems are.
What methods should be used to improve cyber security? Ensuring that IT systems are up to date with the latest soſtware is crucial for any firm, but for banks and other organisations that hold enormous amounts of data, this is even more important. It is still common practice in many companies to allow access to their systems via a password alone, which is unacceptable from a security standpoint. The weakness in password-only protection is widely known, yet it is still being ignored. Whatever the reasoning behind this decision, it is dangerous and leaves organisations highly vulnerable to cyber attacks.
ISO 27001 is a global and solid standard
that can help greatly in relation to IT security in general, as it enables financial institutions and any other businesses to identify what risks there are to their operations and then assign controls to prevent or minimise the likelihood of them from occurring. The assets, risks and controls are then reviewed continually, creating a living standard that ensures continuous improvement. The senior leadership also plays a huge
role when it comes to cyber security. Rather than placing blame solely on the IT team, the C-level must take full responsibility both when determining a cyber security strategy and in the event of a security breach. Senior management also needs to communicate with employees at all levels in order to understand what the risks are and how the firm can work together to prevent these attacks from happening.
How can staff help to keep IT systems safe? All members of staff need to know the IT basics as a minimum, no matter what part of the business they may be working in. Most data breaches oſten occur internally because an employee failed to notice a potential threat to the firm, such as not knowing they were opening an email that contained a virus or a dangerous website link.
Social engineering has always been one of the most effective ways to breach a system at its core. It’s not uncommon for a fraudster to ring up a company pretending to be an IT technician in order to convince the employee to handover their login details. In this scenario, the employee who provides these details will essentially be giving the attacker full access to the firm’s network and confidential files. It is therefore vital to train all your staff in how to identify and handle these oſten illicit communications. This first line of defence is essential for the financial services industry to protect their data. These individuals are the ones who will be able to spot, block and prevent a security breach in the future. Equifax is a wakeup call, and it’s time for firms to start responding. n
Robert Rutherford is CEO of the business and technical consultancy QuoStar
dofonline.co.uk DIRECTOR OF FINANCE 17
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52
