Cybersecurity

Caught on the defensive: why the financial sector needs to reevaluate its approach to cyber risk

Contrary to popular belief, the financial sector is now far more aware and better prepared for cyber attacks. The Bank of England’s Financial Stability Report, issued 1 July, states that threat awareness has grown exponentially and the sector is leading efforts to combat cybercrime. Perhaps this isn’t surprising given 90% of large businesses across the sector had suffered a malicious attack over the past year. But what is worrying is that the financial sector is falling into a familiar trap: by focusing so much on defence, it has failed to make provisions for an effective recovery

Biometrics and authentication – a new world of possibilities

With governments, retailers, banks and (not least) consumers increasingly crying out for a means of confirming someone’s identity beyond any doubt, the search for a common, international standard of payment authentication is in full flow.

‘Insidious’ client-side malware targets banks through customers

Banks are at risk from a new kind of ‘client side injected malware’ attack, in which attackers install malware on the customer’s device and use it as a base for injected ads, spyware scripts, unauthorised cookies and fake surveys designed to look like they are part of the bank’s website or app, but which actually steal a customer’s private information.

20 questions you should ask to ensure you’re doing enough on cyber-supply chain risk management

With reports suggesting hackers have siphoned off up to $1 billion from 100 banks across 30 countries as part of a targeted attack, there are heightened concerns over the cyber-threat facing the banking sector. Supply chains are a potential weak link and banks have been stepping up their pressure on vendors and suppliers to do more to protect themselves from online intrusion.

CBEST will help UK financial institutions lead in IT security

Banks will always be targeted by criminals and cyber attacks have become their most vulnerable attack surface. It isn’t simply about technology. It extends through people and process, and reaches from the central infrastructure all the way out to end users conducting online banking or financial transactions on laptops, tablets or smart phones. Because banks and financial firms have very large and sophisticated systems, this means that end-to-end security is notoriously difficult

Mobey Forum, Biometrics Institute and Natural Security Alliance join forces to promote biometrics for digital services

The Biometrics Institute, Mobey Forum and Natural Security Alliance have launcehd a cross-association collaboration to promote the use of biometrics in digital services. The organisations plan to have their inaugural meeting, on biometrics for non-government services, in Paris on 1 July.

Five common pitfalls of financial crime prevention

Financial services organisations can, and do, prevent many criminal acts through adequate controls, proper supervisory procedures, and sophisticated detection and incident management technology. However, there are a handful of shortcomings that derail the best preventive measures and result in negative news headlines and increased regulatory scrutiny for individual employees and entire institutions alike

The road towards a better bank

The financial sector is a slow mover in innovation, however no single industry is leading the way in the Digital Identities economy. Banking is one sector that can take advantage of Digital Identities to better develop customer experience given the nature of the engagement and relationship between Banks and their customers. Banks fulfil a very […]

‘Hound of Hounslow’ highlights need for surveillance says Nasdaq

As greater convergence between asset classes and the unification of trading desks and trading strategies across multiple asset classes becomes more common, the opportunities for sophisticated market abuse may be on the rise. That may mean that the need for surveillance is greater than ever, according to Tony Sio, head of SmartsTrade Surveillance, exchange and regulators at Nasdaq.

Study shows 60% of banks’ digital assets on wrong side of firewalls

Security specialist RiskIQ says the growth in digital business is producing an increasing threat to banks across the world, with the largest banks owning an average of 7,500 public facing digital assets – 60% of which are outside the company firewall.

Beware of cyber-complacency warns ex-MI5 director

A former head of the UK Security Service better known as MI5 says banks need to beware the danger of state agencies and others stealing or destroying confidential information.

Banks must protect the “crown jewels” from cyber-attack – but can’t keep attackers out completely

Banks need to recognise that building a wall to keep cyber security threats out will not work. With breaches from both sides of the wall inevitable, financial institutions would do better to pare down their activities and focus on defending their core assets – including intellectual property and transactional systems.

Banks warned to stay out of politics as state-sponsored cyber-attacks get personal

Bankers should watch what they say in public, or risk a devastating computer network attack on their business from state-sponsored hackers. This was the stark warning offered by speakers at the FIX Trading Community conference in London yesterday.

Don’t be the slowest zebra in the herd

At lunchtime on the African savannah, you needn’t be the fastest zebra to survive –you need to avoid being the slowest. You can only be sure you’re not the slowest zebra if you can see what the rest of the herd are up to. Efforts in software security to share information on attacks, responses, and best practices are important to understanding what the herd is doing …

Don’t delegate cyber risk management responsibility

To counter cyber-crime, an organisation must have a person providing leadership and oversight in the strategic planning, execution, and assessment of security strategies, policies, procedures and guiding practices. Ensuring compliance with legal obligations in respect of information and information security is also a key responsibility. What many companies need is a chief information security officer

Europol takes down botnet in international action

In a joint international operation Europol’s European Cybercrime Centre seized servers said to have controlled the Ramnit botnet that had infected 3.2 million computers internationally. The operation involved investigators from Germany, Italy, the Netherlands, and the UK – which led the operation – along with partners from private industry.

Banks warned to brace for the coming storm as Carbanak malware steals $1 billion

Financial institutions are being urged to revisit their cyber-security following revelations that an online gang using the Carbanak malware stole up to $1 billion from banks in 30 countries around the world in a series of highly-sophisticated attacks over the last two years.

February 2015: Banking in cyber-space

The cyber-attack on Sony Pictures at the end of last year highlighted something that IT and security people in financial services have known for some time – the modern networked environment is far less secure than most people are prepared to admit …

Sharing threat intelligence is challenging the industry, but it’s the only way forward

Protecting your banking infrastructure from cybercriminals is one of the toughest IT challenges in banking. It keeps getting harder, even though banks are working tirelessly to protect both customers and assets. Attacks are growing in size, and new developments such as the Internet of Things mean attack surfaces are growing, as well as the number of endpoints that can be used to launch attacks.

Investment banks can benefit from online intelligence

It’s no secret that more bulge bracket trading desks are turning to online intelligence – predominantly social media – to obtain breaking news and views ahead of traditional wires. Yet, with constant pressure to get the edge over competitors, other departments of major investment banks will start following the trading floor’s lead.

Regulators set to clamp down on HFT market abuse in 2015 warns report

Securities market regulators are beginning to clamp down on market abuse linked to complex high-frequency trading strategies – but there is much more to be done, according to a new report by financial consultancy Kinetic Partners.

The critical 48 hours after a cyber attack

A range of social, political, cultural and economic factors drives cyber attacks. How well banking and financial institutions understand the drivers for an attack and how effectively they respond in the 48 hours following the discovery of an attack has a major effect on the resultant impact.

Four cyber security risks not to be taken for granted in 2015

With Sony the latest victim of hacking, large organisations are witnessing yet again how data breaches cause serious damage, to the tune of millions. The prevalence of hacking in the media begs the question, what’s in store for 2015?

Five challenges for the banking industry in 2015

As 2015 gets under way, it is time to take stock of some of the biggest challenges facing the banking industry this year – including cybercrime, cultural change, more stress testing, ever-increasing regulatory scrutiny and a troubled economic outlook in Asia, Europe and the Middle East.

Biometrics – novel solution, or novelty?

One of the trends of 2014 was its delivery of technology that we had been promised for years but had fallen short until now. Siri, Cortana and Google Now all make good on the sci-fi staple of the voice-activated computer. Virtual reality has been attempted many times, but it seems that the Oculus Rift may have finally cracked it. And biometric authentication, while often included in devices but rarely used, is now commonly used by owners of new iPhones to unlock their devices thanks to Touch ID.

DTCC and FS-ISAC launch cyber threat “beacon” system

A platform for sharing cyber-security threat intelligence among financial services companies has been launched by US post-trade utility the DTCC and non-profit security organisation FS-ISAC. Called Soltra Edge, the platform gathers data about cyber-security threats and converts it into a standardised format for sharing.

Banking and biometrics – a whirlwind romance?

As Bob Dylan, famously sang, The Times, They Are A-Changin’. Once, the tools required to carry out a bank raid usually comprised a shotgun, old stockings and a bag labelled “swag”. Today, it’s a laptop, computer programming skills and patience. And the nature of the crime is changing too – previously, the goal was often to get away with a few thousand pounds, before lying low for a while. Now, the “prize” sought may be the theft of millions or the personal details of thousands, to be then sold on.

Banking on a holistic approach to combating financial crime

Fraud and financial crime are growing substantially in their nature and complexity as we continue to evolve into an ever more connected world. New technologies, particularly the spread of mobile devices, have opened up different avenues of attack for technically sophisticated and well organised gangs of fraudsters and criminals. The social and economic costs of organised crime in the UK alone are estimated to be £24bn, of which £8.9bn are associated with fraud.

Cyber-security top issue for systemic risk says DTCC

Greater information sharing and closer collaboration between the public and private sectors are needed to combat cyber-attacks, which are now the principal concern of the financial services industry, according to the DTCC. A top priority should be the creation of global industry working groups to engage with national regulators on the development of cyber-security regulations that address the real-time and evolving nature of cyber-threats.

How to fight cyber crime

The recent nomination of the British Banker’s Association as an intelligence node and source of benchmarks and practices in the UK’s financial infrastructure, via CBEST, has pushed the role of the banking sector in detecting and remediating breaches into the spotlight. So what can banks do to ensure their cyber defences are up to the task?

Why security strategies must adapt to the retail banking revolution

As banks develop new retail styles, they face new security challenges as the changing use of space in-store means surveillance and alarm systems must evolve in tandem.

Microsoft fights cyber crime with pilot project

Microsoft has begun a joint pilot project with the Financial Services Information Sharing and Analysis Centre (FS-Isac) to tackle financially-motivated cyber crime attacks, which are estimated to cost $100 billion a year in the US alone.

‘Pernicious disease’ of cyber war escalates

While the average bank heist averages $6000, a cyber-thief can make off with millions. Last year 552 million identities were breached, while every call about a compromised credit card costs a bank $4.

Banks’ cyber resilience requires ongoing review against escalating threats

The news last month (June) that the Luuuk malware had snared its first victim, an unnamed European bank, has again highlighted the magnitude of the challenge facing the banking sector. While the reported theft of €500,000 during the course of a week certainly does not break any records, the discovery of what is believed to be a variant of the feared Zeus malware, is just the latest in a line of increasingly sophisticated cyber attacks

Dispelling the myths surrounding voice biometrics

With passwords continuing to attract widespread derision from consumers it seems that businesses are starting to listen to their customers and in recent weeks voice biometrics has been hitting the headlines, as the technology is set to replace the bane of so many people’s lives.

Bank of England CIO: ‘think twice about cost, security, data sovereignty in the cloud’

Firms looking to adopt cloud-based services should consider the security and data privacy implications associated with moving critical systems into the cloud, and not let vendors drive their technology strategies for them, according to Bank of England CIO John Finch.

Financial services in the firing line for cyber-attacks says ex-CIA chief

“The fastest growing national security threat facing the [US], which also happens to face the financial services industry, is cyber-espionage, cyber-crime and cyber-terrorism” according to a former deputy and acting director of the Central Intelligence Agency, speaking at the SifmaTech conference in New York.

Waratek wraps vulnerable Java code in security blanket

Specialist Java start-up Waratek has announced a security product intended to protect older Java code – which can contain five to 10 security vulnerabilities per 10,000 lines of code – from security breaches.

Tokenisation may offer antidote to soaring cyber crime epidemic

As the number of cybercrime incidents increases, financial institutions and their corporate customers should take renewed steps to protect their data – including using tokenisation and hosted payments pages, according to a new report by Chase Paymentech.

Account misuse drives rise in UK fraud levels

Bank account fraud in the UK increased 48% in the first four months of this year, with a 57% rise in the number of identity frauds compared to the same period last year.

Top stories

The hottest news this week

Media Packs

FinTech Futures Media Pack

FinTech Futures Spotlight Media Pack

Webinar | 23 July 2024 | Fintech rebound: Unveiling opportunities for 2024 and beyond

Video: Banking in 2024 – the key digital transformation trends shaping the industry

Report: It’s prime time for real-time 2024 – real-time payments adoption and growth around the globe

The future of fraud detection: how AI revolutionizes your bottom line

Account takeover fraud: the definitive guide

White paper: Deepfakes and identity – ensuring authenticity in a synthetic world

White paper: Data unleashed – five ways COOs can equip their businesses to win the data race

White paper: Bridging the gap between data science and decision-making in financial services

Banking Technology Magazine June 2024 issue out now

Upcoming events

PayTech Awards 2024

Banking Tech Awards 2024

PayTech Awards USA 2024

Banking Tech Insights

Demystify Podcast: Demystifying international payments with Eddie Harrison of Navro

What the FinTech? | S.5 Episode 10 | Generative AI and cloud core modernisation

Demystify Podcast: Customer-centric innovation in finance with Anette Broløs and Erin Taylor

What the FinTech? | S.5 Episode 9 | Fintech innovation and collaboration

FinTech Founders Video: Key strategies for communicating fintech value propositions

Video: FinovateSpring 2024 – what’s hot and what’s not in fintech

Video: Amdocs at Money20/20 Europe – Bridging fintech’s personalisation divide

Video: Code and capital – AI as a co-pilot in financial services

Video: Fintech insights – the evolving embedded finance and BaaS landscape

BIS readies for live implementation of Project Nexus in Asia

Payments Canada concludes search for new CEO with Susan Hawkins appointment

Bank of Ireland seeks to fill 100 technology roles to support new digital projects

BIS readies for live implementation of Project Nexus in Asia

Payments Canada concludes search for new CEO with Susan Hawkins appointment

Bank of Ireland seeks to fill 100 technology roles to support new digital projects

Chime acquires employee rewards start-up Salt Labs

Revolut announces record $545m profit for 2023

US FDIC issues consent order to Thread Bank

Demystify Podcast: Demystifying international payments with Eddie Harrison of Navro

CTBC Bank goes live with Avaloq core in Hong Kong and Singapore after three-year implementation