Top 10 Cyber Security Threats in 2012 And What Advisory Firms Can Do About Them
November 30, 2011 12:16 PM
Top 10 Cyber Security Threats in 2012 And What Advisory Firms Can Do About Them
The average price tag for a data breach now is $7.2 million. How are you supposed to value the loss when your crown jewels – trading algorithms – get put on data sticks or uploaded to remote servers, as happened to Goldman Sachs? Or you have to face down billions in verified losses, because you couldn’t control “unauthorized trading,” as occurred to UBS? And if you're a financial advisor or smaller advisory firm, how do you safeguard data while also taking advantage of social media and mobile devices to service your clients? The National Security Agency has begun providing Wall Street banks with intelligence on foreign hackers, a sign that financial sabotage from abroad is imminent, if not already in progress, in the estimation of Booz Allen Hamilton.
Here are the Top 10 Financial Services Cyber Security Trends to act on in 2012 and recommendations on what to do about them, from senior vice president Bill Wansley.
Here are the Top 10 Financial Services Cyber Security Trends to act on in 2012 and recommendations on what to do about them, from senior vice president Bill Wansley.
1. The exponential growth of mobile devices drives an exponential growth in security risks.<br><br>
Threat assessment: Every new smart phone, tablet or other mobile device, opens another window for a cyber attack, as each creates another vulnerable access point to networks.
Threat response: Force all communications from employees and managers portable devices through the corporate network, Wansley says. Allow no retransmission of any content obtained from within the network, through such devices. Except through monitoring software.
Threat response: Force all communications from employees and managers portable devices through the corporate network, Wansley says. Allow no retransmission of any content obtained from within the network, through such devices. Except through monitoring software.
2. Increased C-suite targeting.<br><br>
Threat assessment: Senior executives are no longer invisible online. Firms should assume that hackers already have a complete profile of their executive suite and the junior staff members who have access to them.
Threat response: Train executives not to post any personal information to social media or other public websites. Screen all incoming mail to top executives for signs of social engineering through messages that appear to come from friends. Scan all messages for odd command and control instructions and extraneous lumps of code.
Threat response: Train executives not to post any personal information to social media or other public websites. Screen all incoming mail to top executives for signs of social engineering through messages that appear to come from friends. Scan all messages for odd command and control instructions and extraneous lumps of code.
3. Growing use of social media will contribute to personal cyber threats.<br><br>
Threat assessment: A profile or comment on a social media platform even by the CEOs son or sister -- can help hackers build an information portfolio that could be used for a future attack.
Threat response: Establish as a policy that senior executives and their relatives must not post to public sites any information that indicates personal interests that can be used to build profiles or guess passwords and other authenticating access information. Use available site monitoring software to cull and, when possible, remove any new information about executives or superusers on your network. If your superusers are gamed, you will lose control of the operations of basic functions.
Threat response: Establish as a policy that senior executives and their relatives must not post to public sites any information that indicates personal interests that can be used to build profiles or guess passwords and other authenticating access information. Use available site monitoring software to cull and, when possible, remove any new information about executives or superusers on your network. If your superusers are gamed, you will lose control of the operations of basic functions.
4. Your company is already infected, and youll have to learn to live with it under control.<br><br>
Threat assessment: Security should remain a priority, but todays risks and threats are so widespread that it will become impossible to have complete protection the focus of cyber security tactics increasingly must be to analyze, detect and expunge threats inside your system.
Threat response: Spend as much time filtering communications inside your network as you do communications coming in to your firewall or trying to pass through your perimeter. Scan servers inside your network constantly for inexplicable files or fragments of code. Institute a dynamic defense: Appoint around-the-clock security cops to observe and predict what new tactics are being used to put unauthorized code inside your network and replicate it.
Threat response: Spend as much time filtering communications inside your network as you do communications coming in to your firewall or trying to pass through your perimeter. Scan servers inside your network constantly for inexplicable files or fragments of code. Institute a dynamic defense: Appoint around-the-clock security cops to observe and predict what new tactics are being used to put unauthorized code inside your network and replicate it.
5. Everything physical can be digital.<br><br>
Threat assessment: The written notes on a piece of paper, the report binder and even the pictures on the wall can be copied in digital format and gleaned for the tools to allow a hacktivist-type of security violation, and increasingly this will be a problem.
Threat response: Create awareness inside your organization that no photos or other images of any sort should be captured inside the walls of your offices, without management supervision. That smartphone photo might actually be capturing usernames and passwords posted on cubicle walls. Or it may provide fodder for email messages that will look like they are coming from trusted insiders, but arent.
Threat response: Create awareness inside your organization that no photos or other images of any sort should be captured inside the walls of your offices, without management supervision. That smartphone photo might actually be capturing usernames and passwords posted on cubicle walls. Or it may provide fodder for email messages that will look like they are coming from trusted insiders, but arent.
6. More firms will use cloud computing.<br><br>
Threat assessment: The significant cost savings and efficiencies of cloud computing are compelling companies to migrate to the cloud. A well designed architecture and operational security planning will enable organizations to effectively manage the risks of cloud computing.
Threat response: Create vaults to protect your assets, particularly something as valuable as algorithms. Lock down access to servers, except through two encrypted keys being used simultaneously by two different authorized users. Require biometric authentication before those users can employ and deploy their keys.
Threat response: Create vaults to protect your assets, particularly something as valuable as algorithms. Lock down access to servers, except through two encrypted keys being used simultaneously by two different authorized users. Require biometric authentication before those users can employ and deploy their keys.
7. Global systemic risk will include cyber risk.<br><br>
Threat assessment: As banks and investment firms continue on the path to globalization, they will become increasingly inter-connected. A security breach at one firm can create negative ripple effects that greatly impact systemic risk in financial markets.
Threat response: Filter incoming messages, in SWIFT or FIX protocols as stringently as any email message. Or more. Look for unexplained code tucked in in hard-to-notice spots. Look for non-standard formatting of messages. Look for extraneous code attached to the messages. Look for stuff that looks like commands. In fact, screen traffic flow from trading partners, market data vendors or other known partners as stringently as any traffic from inside. Audit the security procedures of any exchange, trading partner or vendor you allow to connect with your network.
Threat response: Filter incoming messages, in SWIFT or FIX protocols as stringently as any email message. Or more. Look for unexplained code tucked in in hard-to-notice spots. Look for non-standard formatting of messages. Look for extraneous code attached to the messages. Look for stuff that looks like commands. In fact, screen traffic flow from trading partners, market data vendors or other known partners as stringently as any traffic from inside. Audit the security procedures of any exchange, trading partner or vendor you allow to connect with your network.
8. Zero-day malware (malicious software) and organized attacks will continue to increase.<br><br>
Threat assessment: Like a vicious, insidious virus that mutates, the tools of cyber criminals adapt and change constantly, rendering the latest defenses useless. Firms need to be prepared to adapt quickly as well to zero-day malware and the tactics of organized crime and foreign adversaries that are increasingly used today.
Threat response: Put in place tools to watch for known signatures of malicious software. But develop an internal task force that watches trends and is charged with out-thinking and out-flanking the most brilliant of outsiders. Assume that every threat coming your way has no known signature. And has been months, if not years, in development.
Threat response: Put in place tools to watch for known signatures of malicious software. But develop an internal task force that watches trends and is charged with out-thinking and out-flanking the most brilliant of outsiders. Assume that every threat coming your way has no known signature. And has been months, if not years, in development.
9. Insider threats are real.<br><br>
Threat assessment: The accidental insider breach will continue to be the primary source of compromise for the Advanced Persistent Threat a long-term, sophisticated and patient attack -- and other attempts to take advantage of existing systems.
Threat response: Organizations need to focus on security awareness training and internal monitoring to detect intentional and accidental insider access. Data needs to be classified by its value to the firm, with the most important data being accessible only to the most valued manager. Biometric authentication is required. But, even then, not even the most valued manager should be allowed to make changes without secondary approval. Monitoring software should keep track 24x7 of all interactions from any source or individual of any piece of the crown jewels.
Threat response: Organizations need to focus on security awareness training and internal monitoring to detect intentional and accidental insider access. Data needs to be classified by its value to the firm, with the most important data being accessible only to the most valued manager. Biometric authentication is required. But, even then, not even the most valued manager should be allowed to make changes without secondary approval. Monitoring software should keep track 24x7 of all interactions from any source or individual of any piece of the crown jewels.
10. Increased regulatory scrutiny.<br><br>
Threat assessment: In October, the Securities and Exchange Commission introduced guidelines that require companies to report incidents that result, or could possibly result in, cyber theft or a risk of compromised data considered material.
Threat response: Establish security standards that exceed all industry standards. Start withISO/IEC 27002 , an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC).
Threat response: Establish security standards that exceed all industry standards. Start with
