financial

now browsing by tag

 
 

Financial tech firms disagree on ban of customer data screen-scraping – Naked Security

Source: National Cyber Security – Produced By Gregory Evans For years, financial technology (fintech) companies have used screen-scraping to retrieve customers’ financial data with their consent. Think lenders, financial management apps, personal finance dashboards, and accounting products doing useful things: like, say, your budgeting app will use screen-scraping to get at the incoming and outgoing […] View full post on AmIHackerProof.com

#infosec | SEC Publishes Cybersecurity Practices of Financial Industry

Source: National Cyber Security – Produced By Gregory Evans

The US Securities and Exchange Commission (SEC) has published a 10-page document detailing cybersecurity practices observed to be in use in the financial industry.

The observations were gathered by the SEC’s Office of Compliance Inspections (OCIE) and are based on thousands of examinations of broker-dealers, investment advisers, clearing agencies, national securities exchanges, and other SEC registrants.

OCIE issued the examination observations yesterday on the SEC website with the hope of providing firms with guidelines for how to strengthen their cybersecurity. 

The observations highlight certain approaches taken by market participants in the areas of governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. They also examine how companies have responded with resiliency in the wake of a cybersecurity incident. 

While acknowledging that there is no one-size-fits-all approach when it comes to cybersecurity, OCIE recommended establishing an incident response plan and contacting local authorities or the Federal Bureau of Investigation (FBI) if an attack or compromise is discovered or suspected. 

Training employees on how to detect threats was advised, along with implementing a mobile device management solution for the workplace that covered all devices used by employees under a “bring your own device” policy.

“Through risk-targeted examinations in all five examination program areas, OCIE has observed a number of practices used to manage and combat cyber risk and to build operational resiliency,” said Peter Driscoll, director of OCIE. 

“We felt it was critical to share these observations in order to allow organizations the opportunity to reflect on their own cybersecurity practices.”

To prevent data loss, OCIE recommended establishing a patch management program covering all software and hardware and verifying that the decommissioning and disposal of any hardware and software does not create system vulnerabilities.  

“Data systems are critical to the functioning of our markets, and cybersecurity and resiliency are at the core of OCIE’s inspection efforts,” said SEC chairman Jay Clayton. 

“I commend OCIE for compiling and sharing these observations with the industry and the public and encourage market participants to incorporate this information into their cybersecurity assessments.”

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

The post #infosec | SEC Publishes Cybersecurity Practices of Financial Industry appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | Cyber threats in financial institutions: Getting the basics right

Source: National Cyber Security – Produced By Gregory Evans

Murali Urs

The WannaCry Ransomware which hit businesses including banks globally didn’t spare India, which was the second-worst affected country in APAC according to reports. It was a reality check for financial institutions as the attack was estimated to have affected more than 150 countries and caused millions of dollars in damage. The banking system often emerges as a sitting duck since it is the softest and most effective target.

In India too, cyber frauds are on the rise. According to a report by the Reserve Bank of India, a total of 2,059 cases of cyber fraud were reported in 2017-18 amounting to Rs 109.6 crore. The recent frauds at Cosmos Bank and State Bank of Mauritius branch based in Mumbai are only the beginning, with rise in digital transactions and their spread to the interiors of the country, cyber frauds at banks are on the rise.

Why Financial services?

The financial services industry is naturally a lucrative target for cyber criminals. The primary targets which are usually compromised in cyberattacks on banks are the SWITCH and SWIFT systems. SWITCH is a group of servers that are responsible for sending approval request from the ATM to the core banking system. SWIFT, on the other hand, is a global provider of a secure inter-banking messaging solution.

The SWITCH and SWIFT are the most sensitive components of the banking infrastructure, as they are responsible for the authorization of fund transfers. Each piece of information hacked—whether it is the data stored on the network, competitive intelligence, access to confidential email or trading strategies–typically has different types of buyers and methods for selling. Many forums and dark web sites exist for this purpose.

It is estimated that over 90% of all successful hacking scams start with a phishing attack. CFOs and finance staff are one of the most targeted employees in the company when it comes to email fraud. Hackers choose finance employees due to their access to company finances and other sensitive information.

Fighting the threat

The industry needs to start thinking cybersecurity from the ground-up and not as an afterthought. Organisations must act more aggressively, constructively and comprehensively to address security threats. There needs have better understanding about simple vulnerabilities such as weak endpoint security and lack of security awareness.

100 percent security is impossible for any organisation; however, the below approach will go a long way in combating financial hacking:

  • Installing Threat Detection: Organizations in India can improve their cybersecurity systems with more focused monitoring of critical servers and the usage of powerful detection technologies.
  • Automation: Automating to optimize incident response and building resiliency.
  • Initiate checkpoints for large fund transfers with manual inspection: As we have seen in the case of multiple financial heists, there are few common errors that could have been easily caught using manual inspection.
  • Train the employees: Employees are primary concern in cyber security. Lack of skilled cybersecurity professionals, unprepared security operations team are all proving to be great challenges. Training the workforce and creating awareness will help prevent a lot of cyber incidents.

The best way to fend off and respond to an attack is to internalize cyber-resiliency and cyber-agility tactics. Additionally, financial services companies must prioritize the value of information assets. Allocating additional budget towards company crown jewels is a good place to start. Leading technologies are only as effective as the company’s cyber-risk culture. Financial institutions must be aware of evolving risks and establish a plan for business continuity.

The author is Country Manager – India at Barracuda Networks. Views are personal.The Great Diwali Discount!
Unlock 75% more savings this festive season. Get Moneycontrol Pro for a year for Rs 289 only.
Coupon code: DIWALI. Offer valid till 10th November, 2019 .

Source link

The post #cyberfraud | #cybercriminals | Cyber threats in financial institutions: Getting the basics right appeared first on National Cyber Security.

View full post on National Cyber Security

New York is #quietly working to #prevent a major #cyber attack that could bring down the #financial #system

Source: National Cyber Security News

Five months before the 9/11 attacks, US Secretary of Defense Donald Rumsfeld sent a memo to one of his advisers with an ominous message.

“Cyberwar,” read the subject line.

“Please take a look at this article,” Rumsfeld wrote, “and tell me what you think I ought to do about it. Thanks.”

Attached was a 38-page paper, published seven months prior, analyzing the consequences of society’s increasing dependence on the internet.

It was April 30, 2001. Optimistic investors and frenzied tech entrepreneurs were still on a high from the dot-com boom. The World Wide Web was spreading fast.

Once America’s enemies got around to fully embracing the internet, the report predicted, it would be weaponized and turned against the homeland.

The internet would be to modern warfare what the airplane was to strategic bombers during World War I.

The paper’s three authors — two PhD graduates and the founder of a cyber defense research center — imagined the damage a hostile foreign power could inflict on the US. They warned of enemies infecting computers with malicious code, and launching mass denial of service attacks that could bring down networks critical to the functioning of the American economy.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Financial Services Information Security Network

Source: National Cyber Security News

General Cybersecurity Conference

 April 23 – 24, 2018 | Windsor, United Kingdom

Cybersecurity Conference Description

The Financial Services Information Security Network returns again in 2018 on the 16th & 17th April at the prestigious Beaumont Estate, Windsor Berkshire Hotel, Windsor UK. With over 120 CISOs & Heads of Information Security & Risk from across the financial services industry, the Financial Services Information Security Network is the must attend event for the most senior security leaders within financial services to network, share insights and find solutions over the two days.

Read More….

advertisement:

View full post on National Cyber Security Ventures

New Cybersecurity Regulations Adopted to Protect Financial Systems & Information

Source: National Cyber Security – Produced By Gregory Evans

In 2016 almost 1.1 billion identities were stolen globally. This number is up dramatically from a reported 563.8 million identities stolen in 2015. In addition, the same Symantec Internet Security Threat Report placed the United State at the top of the list for both the number of breaches by country…

The post New Cybersecurity Regulations Adopted to Protect Financial Systems & Information appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Corvil Develops World’s First Virtual Security Expert to Address Cybersecurity in Financial Markets

Source: National Cyber Security – Produced By Gregory Evans

Corvil Develops World’s First Virtual Security Expert to Address Cybersecurity in Financial Markets

Corvil today announced a cybersecurity solution specifically designed to address the unique security needs of today’s electronic trading businesses looking to solve escalating concerns over cyber attacks while demonstrating compliance with evolving regulations. Powered by sophisticated machine learning algorithms, Corvil “Cara” acts as a virtual security expert that autonomously identifies vulnerabilities and possible attacks within trading environments that often process …

The post Corvil Develops World’s First Virtual Security Expert to Address Cybersecurity in Financial Markets appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacking Threat Increasingly Targeting Smaller Financial Firms

Source: National Cyber Security – Produced By Gregory Evans

Hacking Threat Increasingly Targeting Smaller Financial Firms

Big cyber heists make big headlines, but increasingly hackers are going after smaller financial firms, those with less than $1 billion in annual revenue, according to a recent report. Although …

The post Hacking Threat Increasingly Targeting Smaller Financial Firms appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Healthcare sector in the US has seen more hacking attacks than financial sector, says security firm

Source: National Cyber Security – Produced By Gregory Evans

Technology is encompassing every aspect of our lives. With the internet of things (IoT) devices, everyday equipment has a smart edge to them as well. Medical devices are no different. But unless the security loopholes are not plugged in, medical …

The post Healthcare sector in the US has seen more hacking attacks than financial sector, says security firm appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

New York Intros New Cyber Security Rules for Financial Companies

Source: National Cyber Security – Produced By Gregory Evans

New York Intros New Cyber Security Rules for Financial Companies

The State of New York recently announced new regulations [PDF], set to take effect on March 1, that require banks, insurance companies and other financial services companies to establish and maintain cyber security programs that meet specific standards. “As our …

The post New York Intros New Cyber Security Rules for Financial Companies appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures