Financial Services Cybersecurity Weekly Briefing 01-12-2018

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

Wary Businesses Test Fixes for Chip Flaws Before Installing
Banks and other financial institutions spent much of the week studying the vulnerabilities, said Greg Temm, chief information risk officer with the Financial Services Information Sharing and Analysis Center, an industry group that shares data on emerging cyber threats. […] “It’s like getting a diagnosis of high blood pressure, but not having a cardiac arrest,” Temm said. “We’re taking it seriously, but it’s not something that is killing us.”

 

The Financial Impact of Data Breaches is Just the Beginning 
Though every data breach is different, Ponemon has identified the average cost of a breach as $3.62 million in its 2017 Cost of Data Breach study, though certain industries can have more costly breaches. However, it is almost as important to consider those indirect costs which can also affect a company’s chance of rebounding from a cyber attack.

 

Cybersecurity Needs to Move from IT to Boardrooms
What Palo Alto Networks found in its survey was that most of the companies also followed a ‘response’ mechanism – reacting to threats after they had occurred and already resulted in significant damage and loss of data. Companies, especially those in the financial services sector have to move away from this mind-set and think about ‘prevention’.

 

Cybersecurity Today Is Treated Like Accounting Before Enron
But when these vulnerabilities are exposed and damaging attacks occur, there are few lasting repercussions. Almost without fail, stock prices bounce back, customers return, executives keep their jobs or exit with golden parachutes, and government mostly looks the other way. […] The tepid consequences are part of a growing problem. From a corporate governance and accountability perspective, cybersecurity today is being treated like accounting was before the fallout from the Enron scandal inspired the Sarbanes-Oxley Act’s increased standards for corporate disclosures. With the privacy and personal data of hundreds of millions of people at risk, and especially now with the increasing ubiquity of connected devices in our lives, the security of digital assets is too important for that kind of treatment.

FakeBank Malware Accesses Sensitive SMS Banking Messages
Additionally, Trend Micro found that FakeBank steals data including user phone numbers, installed banking apps, balances on linked bank cards, and location information, and transmits that information to a command-and-control server. To prevent victims from uninstalling the app, Fake Bank prevents users from opening device settings. The malware also impedes victims from opening the targeted bank’s legitimate app, thereby stopping users from modifying links between their bank card numbers and phone numbers.

 

Financial Firm Outsourcing Increasing Risk of Cyber-attacks: IIAC

The head of the Investment Industry Association of Canada says the risk of cyberattacks is being amplified by the significant outsourcing done by investment dealers and asset managers. Ian Russell told attendees at an Empire Club of Canada luncheon on Thursday in Toronto that firms’ financial integrity and cybersecurity may not be matched by third-party vendors hired to enhance efficiencies, compensate for scale and reduce costs.

 

 

Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>