search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
IBS Journal August 2017


8


Executive summary


Cybercrime within the walls of the banks is still a problem although it seems to be shrinking – probably just dwarfed by the size of the attack vector from outside their walls. As the Verizon report says, banking employees have access to data in their normal work day that can easily be used to give themselves that additional ‘bonus’ they feel they so richly deserve.


Accessing systems to transfer money fraudulently or using personal information of customers for identity theft are two financially motivated examples of misuse. Interestingly, personal information is found to be the more desired data more often than banking information.


Perhaps they are more aware of the breadcrumb trail left behind when they transfer money and would prefer to use personal information to open up lines of credit or to conduct other fraud that occurs outside of their workplace.


Not only does the financial industry need to protect data that is easy to monetise, but investment banks and other non- commercial entities have information surrounding investment strategies, mergers and acquisitions, and market influencers that would be sought after by actors motivated by espionage.


The vendors are out to sell only their wares


Phil Lieberman, president, Lieberman Software Corporation, and one of the most trenchant critics of the financial industry’s attitude to cyber security, has his own view of what has to be done: “The reality of banks and other established organisations is that they have a large number of different security solutions, These are generally a result of the proliferation of different environments and business units they need to support. The same software cannot be used everywhere. Consequently, the technology in place is appropriate for each use case as well as the threats they perceive they are under.”


www.ibsintelligence.com


Source: Verizon Annual Data Breach Report 2017


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11