Innovation forcing CIOs to compromise IT security

Finance sector tops the list of most targeted by cyber attacks

by | July 23, 2018 | bobsguide

Cyber criminals are frequently targeting systemically vital infrastructure in healthcare, government and finance, and are increasingly sponsored by nation states.

Last week, 1.5m medical records were stolen from SingaHealth, Singapore’s main healthcare group, with the hackers acting on political motivation by "specifically and repeatedly target[ing] prime minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines" – according to a statement from the health ministry.

It suggests that cyber attacks are rapidly expanding in their scope, ambition and sophistication, and frequently aimed at the finance sector, according to the Executive Guide to the NTT Security 2018 Global Threat Intelligence Report by Dimension Data.

The report found that the finance sector topped the list with 26% of all global attacks in 2017, up from 14% on the previous year. The report also highlights how this is more so in EMEA, with finance and the supply chain making up 20% of all cyber attack targets.

Of increasing concern, ransomware grew by 350% from 2016 across the world, accounting for 29% of all cyberattacks in EMEA. 

“The WannaCry ransomware attack was, at the time, one of the most devastating and widespread cybersecurity incidents recorded,” says Matt Ellard, EMEA MD for Tanium, the cyber-security start-up. “By exploiting a known vulnerability in Microsoft Windows, attackers were able to compromise public and private-sector organisations around the world with apparent ease, despite a patch being available for two months.”

Ellard tells bobsguide quite how striking their own survey results were in terms of attitudes towards patch management: “Two-thirds of respondents admitted that they hadn’t improved their patch management process since WannaCry, which is alarming given that this could have prevented the attack in the first place.”

It is not complacency or security infancy that is letting criminals through, rather, according to Ellard, it is the need to remain enterprise agile: “Many respondents to our research admitted that the need to innovate quickly is causing them to compromise on security practices. In fact, one in five stated their cyber practices haven’t changed because other IT initiatives have had to take priority.

“Despite the widespread media attention garnered by cyber-attacks, limited budgets are also preventing organisations from taking IT security seriously. Almost a quarter of respondents to our survey admitted this was a factor holding them back from improving cyber-defences.”

Ellard provided a step-by-step account on how organisations can steer themselves to be more prepared for future attacks.

  1. Assess your organisational obstacles: Are your security and IT operations teams working in tandem or is there an accountability gap? The IT operations and security teams should be working together to bridge the accountability gap if it exists in your organisation to protect your network, company and customer data.

  2. Know your environment: If your CIO stops by and asks you to tell him how many unpatched devices are on your network, can you answer accurately? Will your answer be based on current state, or on information you gathered a week ago? It is crucial that you know your environment and the number of endpoints under management so you can achieve stronger business resilience and fight current threats.

  3. Declutter your infrastructure: One of the most cited issues throughout the WannaCry incident was the challenge of updating operating systems in an environment laden with legacy apps. If you’re running a business-critical application which requires you to keep an outdated operating system on life support, it’s time to rethink your strategy.

  4. Educate your employees: By various estimates, up to 83% of ransomware attacks originate when an employee clicks on a malicious link, opens an infected attachment, or visits a compromised website. Investing in ongoing training for employees to protect against phishing attacks should be your first line of defence.”

Take a look from the other side of the battleground with an ethical hacker's step-by-step guide to dropping ransomware in a bank.



Tackling the complexities of the Financial Transaction Tax

Best Practice | Capital markets Tackling the complexities of the Financial Transaction Tax


Tackling the complexities of the Financial Transaction Tax

GBST’s Head of Capital Markets, Denis Orrock, talks FTT with Asset Servicing Times, about how non-compliance is simply not an… Continue Reading

View resource
GFT podcast: HPC at HSBC

Other | Capital markets GFT podcast: HPC at HSBC


GFT podcast: HPC at HSBC

In this special edition of our GFT UK Talks podcast, specialists from HSBC, Google Cloud & GFT outline how HSBC… Continue Reading

View resource
Make a Smooth Transition to Mandatory e-Invoicing in the Kingdom of Saudi Arabia

Other | Compliance Make a Smooth Transition to Mandatory e-Invoicing in the Kingdom of Saudi Arabia

SunTec Business Solutions

Make a Smooth Transition to Mandatory e-Invoicing in the Kingdom of Saudi Arabia

The GAZT has made e-invoicing mandatory in KSA from December this year. Business entities including banks will have to be… Continue Reading

View resource
White Paper - Custody Services: A DIGITAL ROAD MAP FOR TIER 2-3 BANKS

White Paper | Global custody White Paper - Custody Services: A DIGITAL ROAD MAP FOR TIER 2-3 BANKS

ERI Bancaire S.A.

White Paper - Custody Services: A DIGITAL ROAD MAP FOR TIER 2-3 BANKS

This whitepaper explores the custody services industry, identifies key drivers of change, emerging trends, challenges for Tier 2-3 banks and… Continue Reading

View resource