Financial Services Cybersecurity Weekly Briefing 02-09-2018

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

Cyberattacks on Israeli Banks Rose in Last Six Months -Regulator
“In the last half year, we have seen an increase in attempts at fraud via phishing, aimed at banking system customers with the intent to steal funds from their accounts,” the central bank said, adding that the attacker initially tries to steal the customer’s login and other personal details aimed at transferring funds between accounts.

 

Penetration Testing Is a Reference Point, Not a Strategy (Originally on CSO Online)
Pen tests are valuable only if the results are properly translated into an effective overall security strategy. I’m often skeptical of survey results, but a recent survey from the 2017 HIMSS (health sector) conference, which suggests that penetration testing is a top priority, caught my eye. Add to this Gartner’s global cybersecurity group estimate of a 14 percent uptick in “security testing,” as well as an 8.5 percent increase in “consulting.”

 

73% of Firms Fail Cybersecurity Readiness Tests
That failure to prepare has major consequences: Globally, almost half of the 4,500 businesses surveyed (45%) across the US, UK, Germany, Spain, and the Netherlands reported at least one cyber attack in the past year. Of those, two-thirds suffered two or more attacks. This should further act as a warning for businesses that have not implemented strong cybersecurity practices: It’s no longer a question of if you will experience a breach, but when.

 

Oh, Banks Have Cameras? Two Men Arrested for ATM Jackpotting Scheme Must’ve Forgot
The accused are Alex Alberto Fajin-Diaz, 31, of Spain, and Argenys Rodriguez, 21, of Massachusetts. Facing up to 30 years in prison if convicted, the pair appeared before a federal judge on Monday. Fajin-Diaz and Rodriguez allegedly dressed as repair staff, walked into banks and used malware to get the ATM machines to eject all of their money. The haul was thousands of dollars in cash each time.

 

The Cyberattacks Lurking on Private Equity’s Doorstep
As attacks have moved from major institutions, such as JPMorgan, to central banks and regulatory bodies, it has become clear that cyber crime will inevitably touch every corner of the financial industry. Yet, a sizeable proportion within private equity continues to believe that — in spite of the evidence — they are too small to be on any hacker’s radar.

 

Cybersecurity Job Fatigue Affects Many Security Professionals
This skills shortage has multiple implications. Organizations don’t have the right sized teams and operate in a perpetually understaffed mode. Often, the cybersecurity team lacks some advanced skills in areas like security analytics, forensic investigations, or cloud computing security, putting more pressure on the most experienced staffers to pick up the slack.

 

Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.