Cybersecurity


Don’t be the slowest zebra in the herd

At lunchtime on the African savannah, you needn’t be the fastest zebra to survive –you need to avoid being the slowest. You can only be sure you’re not the slowest zebra if you can see what the rest of the herd are up to. Efforts in software security to share information on attacks, responses, and best practices are important to understanding what the herd is doing …

Don’t delegate cyber risk management responsibility

To counter cyber-crime, an organisation must have a person providing leadership and oversight in the strategic planning, execution, and assessment of security strategies, policies, procedures and guiding practices. Ensuring compliance with legal obligations in respect of information and information security is also a key responsibility. What many companies need is a chief information security officer

Europol takes down botnet in international action

In a joint international operation Europol’s European Cybercrime Centre seized servers said to have controlled the Ramnit botnet that had infected 3.2 million computers internationally. The operation involved investigators from Germany, Italy, the Netherlands, and the UK – which led the operation – along with partners from private industry.

February 2015: Banking in cyber-space

The cyber-attack on Sony Pictures at the end of last year highlighted something that IT and security people in financial services have known for some time – the modern networked environment is far less secure than most people are prepared to admit …

Sharing threat intelligence is challenging the industry, but it’s the only way forward

Protecting your banking infrastructure from cybercriminals is one of the toughest IT challenges in banking. It keeps getting harder, even though banks are working tirelessly to protect both customers and assets. Attacks are growing in size, and new developments such as the Internet of Things mean attack surfaces are growing, as well as the number of endpoints that can be used to launch attacks.

Investment banks can benefit from online intelligence

It’s no secret that more bulge bracket trading desks are turning to online intelligence – predominantly social media – to obtain breaking news and views ahead of traditional wires. Yet, with constant pressure to get the edge over competitors, other departments of major investment banks will start following the trading floor’s lead.

The critical 48 hours after a cyber attack

A range of social, political, cultural and economic factors drives cyber attacks. How well banking and financial institutions understand the drivers for an attack and how effectively they respond in the 48 hours following the discovery of an attack has a major effect on the resultant impact.

Five challenges for the banking industry in 2015

As 2015 gets under way, it is time to take stock of some of the biggest challenges facing the banking industry this year – including cybercrime, cultural change, more stress testing, ever-increasing regulatory scrutiny and a troubled economic outlook in Asia, Europe and the Middle East.

Biometrics – novel solution, or novelty?

One of the trends of 2014 was its delivery of technology that we had been promised for years but had fallen short until now. Siri, Cortana and Google Now all make good on the sci-fi staple of the voice-activated computer. Virtual reality has been attempted many times, but it seems that the Oculus Rift may have finally cracked it. And biometric authentication, while often included in devices but rarely used, is now commonly used by owners of new iPhones to unlock their devices thanks to Touch ID.

DTCC and FS-ISAC launch cyber threat “beacon” system

A platform for sharing cyber-security threat intelligence among financial services companies has been launched by US post-trade utility the DTCC and non-profit security organisation FS-ISAC. Called Soltra Edge, the platform gathers data about cyber-security threats and converts it into a standardised format for sharing.

Banking and biometrics – a whirlwind romance?

As Bob Dylan, famously sang, The Times, They Are A-Changin’. Once, the tools required to carry out a bank raid usually comprised a shotgun, old stockings and a bag labelled “swag”. Today, it’s a laptop, computer programming skills and patience. And the nature of the crime is changing too – previously, the goal was often to get away with a few thousand pounds, before lying low for a while. Now, the “prize” sought may be the theft of millions or the personal details of thousands, to be then sold on.

Banking on a holistic approach to combating financial crime

Fraud and financial crime are growing substantially in their nature and complexity as we continue to evolve into an ever more connected world. New technologies, particularly the spread of mobile devices, have opened up different avenues of attack for technically sophisticated and well organised gangs of fraudsters and criminals. The social and economic costs of organised crime in the UK alone are estimated to be £24bn, of which £8.9bn are associated with fraud.

Cyber-security top issue for systemic risk says DTCC

Greater information sharing and closer collaboration between the public and private sectors are needed to combat cyber-attacks, which are now the principal concern of the financial services industry, according to the DTCC. A top priority should be the creation of global industry working groups to engage with national regulators on the development of cyber-security regulations that address the real-time and evolving nature of cyber-threats.

How to fight cyber crime

The recent nomination of the British Banker’s Association as an intelligence node and source of benchmarks and practices in the UK’s financial infrastructure, via CBEST, has pushed the role of the banking sector in detecting and remediating breaches into the spotlight. So what can banks do to ensure their cyber defences are up to the task?

Microsoft fights cyber crime with pilot project

Microsoft has begun a joint pilot project with the Financial Services Information Sharing and Analysis Centre (FS-Isac) to tackle financially-motivated cyber crime attacks, which are estimated to cost $100 billion a year in the US alone.

‘Pernicious disease’ of cyber war escalates

While the average bank heist averages $6000, a cyber-thief can make off with millions. Last year 552 million identities were breached, while every call about a compromised credit card costs a bank $4.

Banks’ cyber resilience requires ongoing review against escalating threats

The news last month (June) that the Luuuk malware had snared its first victim, an unnamed European bank, has again highlighted the magnitude of the challenge facing the banking sector. While the reported theft of €500,000 during the course of a week certainly does not break any records, the discovery of what is believed to be a variant of the feared Zeus malware, is just the latest in a line of increasingly sophisticated cyber attacks

Dispelling the myths surrounding voice biometrics

With passwords continuing to attract widespread derision from consumers it seems that businesses are starting to listen to their customers and in recent weeks voice biometrics has been hitting the headlines, as the technology is set to replace the bane of so many people’s lives.

Financial services in the firing line for cyber-attacks says ex-CIA chief

“The fastest growing national security threat facing the [US], which also happens to face the financial services industry, is cyber-espionage, cyber-crime and cyber-terrorism” according to a former deputy and acting director of the Central Intelligence Agency, speaking at the SifmaTech conference in New York.

Tokenisation may offer antidote to soaring cyber crime epidemic

As the number of cybercrime incidents increases, financial institutions and their corporate customers should take renewed steps to protect their data – including using tokenisation and hosted payments pages, according to a new report by Chase Paymentech.

Mobile payment security will depend on using the ‘smart’ in smartphone

Confusion and concern over security is cited over and over again as the biggest barrier to widespread consumer uptake of mobile payments. And no wonder – confidence in the protection of sensitive cardholder data lies at the heart of trust in this technology. An EMV card as a physical asset is cryptographically secure. How can we emulate this security with something that is virtual?

Why banks need a chief mobility officer

Mobility has risen to such a level of importance that many people believe it deserves its own C-level position to advance and align mobility strategy throughout the enterprise. In no other industry is this more pressing than in banking where financial institutions are increasingly using mobile apps to set themselves apart from their rivals.

Why Yahoo’s malware attack is hitting banks hard

At the end of last year, Yahoo was hit by a malware attack. It affected over two million clients, mainly in Romania, Great Britain, France, Italy and Spain, putting their personal data at risk. Upon visiting the website between 27 December and 3 January, users received advertisements, some of which were malicious and infected users’ devices without even a click.

Mobile vulnerabilities require banking apps rethink

Concerns are emerging over the failure of some mobile banking providers to address security risks. According to a recent review of 40 home banking apps from the world’s top 60 banks, nine out of ten apps had serious security vulnerabilities.

2014: a good year for the fraudsters

2014 looks to be a good year for fraudsters as government and law enforcement struggle to come to terms with the issues and the continuing spread of mobile continues to offer them poorly-protected targets.

Global exchanges get together to address cyber threat

The World Federation of Exchanges has set up a Cyber Security Working Group with a “mission to aid in the protection of the global capital markets” in the wake of a number of attacks on international exchanges over the past few years.

NCR makes “fundamental” changes to financial services business

NCR is “fundamentally and permanently changing” financial services its financial services business with a £1.6 billion acquisition of Digital Insight, a Californian on-line and mobile banking solutions provider. It has also bought UK-based fraud prevention company Alaric.

Cyberspace: beyond the rule of law?

Cybersecurity and cyber espionage have been in the headlines the past few years as leaked stories relating to government-sponsored activities have appeared and sabre rattling between aggrieved nations has moved to the public domain. At the same time an increased volume of distributed denial of service attacks (DDoS) on banks and other institutions carried out […]

More collaboration ahead, says Swift’s Leibbrandt

Front and centre of the agenda that Swift set out at the beginning of this week’s Sibos is the concept of collaboration and cooperation – a perennial theme for Swift, but Leibbrandt told Daily News at Sibos there is a change in the air.