search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
IBS Journal August 2017


19


Mitigating your cyber exposure, whatever the scale of your business


Cybercrime is an ever-increasing risk for financial institutions. While the wealth management industry has thus far been less affected by major breaches than other sectors, wealth managers should be arming themselves with the right tools in the fight against hackers


Chief Technology Officer, Dolfin Dmitry Tokarev


A


DDoS attack is one of the biggest cyber threats currently faced by fintech companies. This ‘distributed denial of service’ occurs when cyber criminals flood a website with


traffic in order to overwhelm it and shut down services. The very nature of their business makes financial institutions an obvious target for hackers; attacks are relatively easy to launch and smaller companies’ systems can be overwhelmed by them.


The motives for these attacks can vary, but might include demanding a ransom in return for stopping the attack, or as a diversion to tie up security staff while hackers carry out a more significant assault. The good news for smaller companies is that, unlike their larger rivals, they are unhampered by cumbersome legacy systems. Agility, innovation and collaboration are key to combating cyber crime, and small firms can harness the power of cloud-based DDoS protection services.


It’s all down to your capacity


These services have a huge network capacity so they can filter out large amounts of DDoS traffic without being overwhelmed. This allows legitimate traffic from customers to get through without interruption. This can also be used to intercept scanning activity. ‘Scanning activity’ is used by hackers to attempt to scan a company’s computer systems by sending traffic to its network in the hope of finding software with known vulnerabilities that can be exploited.


Criminals may also try to gain access through social engineering. This often involves emailing or calling staff and tricking them into believing they are talking to a fellow employee. A workforce that isn’t sufficiently trained to know what to monitor for when it comes to phishing emails or other malicious tactics can leave its organisation very exposed.


While social engineering methods pose a major cyber security risk for any company, these malicious techniques are theoretically a


greater threat to larger organisations with bigger workforces that are harder to train and monitor. Nonetheless, firms of every size and scale should have effective training and processes in place to help mitigate risks.


Combat the criminals


Increasingly sophisticated tools are available to combat the criminal on the street trying to log into, for example, a victim’s online banking or investment portal. A large number of financial services firms now use ‘panic password’ technology to protect their clients, whereby you can enter a special PIN code (i.e. not your actual password) if under duress, that will automatically notify your security teams that you are being coerced. Further to this, the app will appear to continue to work ‘normally’, leading the attacker to believe that they are able to steal funds and transfer them to a particular account.


Another way in which providers can protect clients is via two-factor authentication. Many large financial institutions require some extra information in addition to a password to log on to a service, often a one-time password or PIN that is sent to the customer’s phone via a text message or generated by an app on their


smartphone. Other companies offer dedicated security tokens that generate a short code on a built-in screen.


Two-factor authentication provides better security than a password alone because even if a hacker can guess a user’s password, they can’t use it unless they have the smartphone or security token as well. This type of technology is relatively low cost, making it perfectly feasible for smaller fintech companies to implement. And in a world that is seeing an alarming rise in the size and scale of cyber attacks, firms must take every step possible to mitigate exposure.


www.ibsintelligence.com


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48