Innovation forcing CIOs to compromise IT security

Finance sector tops the list of most targeted by cyber attacks

by | July 23, 2018 | bobsguide

Cyber criminals are frequently targeting systemically vital infrastructure in healthcare, government and finance, and are increasingly sponsored by nation states.


Last week, 1.5m medical records were stolen from SingaHealth, Singapore’s main healthcare group, with the hackers acting on political motivation by "specifically and repeatedly target[ing] prime minister Lee Hsien Loong’s personal particulars and information on his outpatient dispensed medicines" – according to a statement from the health ministry.

It suggests that cyber attacks are rapidly expanding in their scope, ambition and sophistication, and frequently aimed at the finance sector, according to the Executive Guide to the NTT Security 2018 Global Threat Intelligence Report by Dimension Data.

The report found that the finance sector topped the list with 26% of all global attacks in 2017, up from 14% on the previous year. The report also highlights how this is more so in EMEA, with finance and the supply chain making up 20% of all cyber attack targets.

Of increasing concern, ransomware grew by 350% from 2016 across the world, accounting for 29% of all cyberattacks in EMEA. 

“The WannaCry ransomware attack was, at the time, one of the most devastating and widespread cybersecurity incidents recorded,” says Matt Ellard, EMEA MD for Tanium, the cyber-security start-up. “By exploiting a known vulnerability in Microsoft Windows, attackers were able to compromise public and private-sector organisations around the world with apparent ease, despite a patch being available for two months.”

Ellard tells bobsguide quite how striking their own survey results were in terms of attitudes towards patch management: “Two-thirds of respondents admitted that they hadn’t improved their patch management process since WannaCry, which is alarming given that this could have prevented the attack in the first place.”

It is not complacency or security infancy that is letting criminals through, rather, according to Ellard, it is the need to remain enterprise agile: “Many respondents to our research admitted that the need to innovate quickly is causing them to compromise on security practices. In fact, one in five stated their cyber practices haven’t changed because other IT initiatives have had to take priority.

“Despite the widespread media attention garnered by cyber-attacks, limited budgets are also preventing organisations from taking IT security seriously. Almost a quarter of respondents to our survey admitted this was a factor holding them back from improving cyber-defences.”

Ellard provided a step-by-step account on how organisations can steer themselves to be more prepared for future attacks.

  1. Assess your organisational obstacles: Are your security and IT operations teams working in tandem or is there an accountability gap? The IT operations and security teams should be working together to bridge the accountability gap if it exists in your organisation to protect your network, company and customer data.

  2. Know your environment: If your CIO stops by and asks you to tell him how many unpatched devices are on your network, can you answer accurately? Will your answer be based on current state, or on information you gathered a week ago? It is crucial that you know your environment and the number of endpoints under management so you can achieve stronger business resilience and fight current threats.

  3. Declutter your infrastructure: One of the most cited issues throughout the WannaCry incident was the challenge of updating operating systems in an environment laden with legacy apps. If you’re running a business-critical application which requires you to keep an outdated operating system on life support, it’s time to rethink your strategy.

  4. Educate your employees: By various estimates, up to 83% of ransomware attacks originate when an employee clicks on a malicious link, opens an infected attachment, or visits a compromised website. Investing in ongoing training for employees to protect against phishing attacks should be your first line of defence.”


Take a look from the other side of the battleground with an ethical hacker's step-by-step guide to dropping ransomware in a bank.

Categories:

Resources

Article "No Time to die" - PostTrade 360° December 2021

Other | Asset management Article "No Time to die" - PostTrade 360° December 2021

ERI Bancaire S.A.

Article "No Time to die" - PostTrade 360° December 2021

The post-trade world is undergoing some major changes and transformations. Besides the impact of Covid-19, the past year or so… Continue Reading

View resource
PIMFA - 2021 Autumn Journal article

Other | Asset management PIMFA - 2021 Autumn Journal article

ERI Bancaire S.A.

PIMFA - 2021 Autumn Journal article

“From Mass Affluent to HNWIs, how to create experiences that cost-effectively support the next generation of wealth.” Contributed by… Continue Reading

View resource
Appian helps asset managers adapt and react to market changes.

Brochure / Fact Sheet | Asset management Appian helps asset managers adapt and react to market changes.

Appian Europe Ltd

Appian helps asset managers adapt and react to market changes.

Trust Appian for the process agility to respond to changing regulatory mandates. Appian asset management customers can: • Simplify… Continue Reading

View resource
White Paper - REDUCING OPERATIONAL AND COMPLIANCE RISKS IN ASSET SERVICING THROUGH REDUCING OPERATIONAL AND COMPLIANCE RISKS IN ASSET SERVICING THROUGH PROCESS DIGITALISATION AND DATA INTEGRATION

Asset management White Paper - REDUCING OPERATIONAL AND COMPLIANCE RISKS IN ASSET SERVICING THROUGH REDUCING OPERATIONAL AND COMPLIANCE RISKS IN ASSET SERVICING THROUGH PROCESS DIGITALISATION AND DATA INTEGRATION

ERI Bancaire S.A.

White Paper - REDUCING OPERATIONAL AND COMPLIANCE RISKS IN ASSET SERVICING THROUGH REDUCING OPERATIONAL AND COMPLIANCE RISKS IN ASSET SERVICING THROUGH PROCESS DIGITALISATION AND DATA INTEGRATION

This paper makes the argument that the root cause of these challenges lies in the fragmentation of data from operational… Continue Reading

View resource