Financial Services Cybersecurity Weekly Briefing 12-15-2017

Weekly FS Cybersecurity Blast

Weekly FS Cybersecurity Blast

NewsJacker #4

In this 3+ minute NewsJacker episode, Mike shares his opinions on the most recent news in IT security:

  • Net Neutrality
    • The vote is imminent, and motivations for repeal look fishy
  • Georgia’s Hacked Voting Machine
    • Here’s a good example of why paper voting is still the best way to hold a secure election.
  • Cyber Security as a Competitive Differentiator
    • Learn the four forces accelerating infosec as a competitive advantage


Swiss Brace for Bank Cyber Hacks
The recommendations (in German) come shortly after U.S. banks have reportedly launched a doomsday shield dubbed «Sheltered Harbor» against a potentially debilitating cyberattack. A hack of American consumer credit agency Equifax, made public three months ago, compromised data of as many as 145 million Americans.


How Can Banks Fight Cybercrime?
Take virus protection – everyone shares that information publicly and within a few hours the virus is dead. […] Some banks have started to unite behind closed doors, but the financial industry needs to create a knowledge-sharing standard. The reality is that most hackers collaborate, so banks should too.


The 4 Forces Accelerating Infosec as a Competitive Differentiator
Although it is true that businesses can use security to gain an increasingly relevant advantage over slower moving competitors, that differentiation isn’t tracked as “ROI” that security delivers.  Rather, delivering trust and privacy to consumers is becoming table stakes for all business, and security is slowly becoming a market-driven assumption, instead of a perfunctory line item on an expense report.


Hackers’ Delight: Mobile Bank App Security Flaw Could Have Smacked Millions
The researchers developed a tool called “Spinner” to perform semi-automated security testing of mobile phone apps. After running the tool on a sample of 400 security critical apps, they were able to identify a serious flaw in many banking apps – including those offered by HSBC, NatWest and Co-op as well as Bank of America’s Health account app.


Researchers Expose Russian Cyber Bank Robbers Who Stole Over $10M
The bad actors stole from its first U.S. bank in May 2016 by gaining access to its network operator portal for First Data’s STAR debit payment network – an attack that was repeated against another bank in early 2017. By gaining access to STAR, the attackers were able to remove or increase cash withdrawal limits and remove overdraft limits on debit cards they had previously opened or bought. Using these same cards, money mules subsequently withdraw large amounts of money from multiple ATMs.


Financial Industry Groups Suggest Principles for Cyber Penetration Testing Framework
Leading global financial industry groups on Monday released principles for developing a commonly accepted framework for cybersecurity penetration testing, while proposing an ongoing dialogue between industry and regulators. The Global Financial Markets Association, which includes the Asia Securities Industry and Financial Markets Association, the Securities Industry and Financial Markets Association, and the Association for Financial Markets in Europe, published a set of principles to be followed during the creation of this type of framework[.]


 Brit Banks Told to Publish Details of Major Incidents That Stop Punters’ Payments
As of August 2018, banks have to clearly set out how many incidents prevented customers from using payment services, over both a three- and 12-month period. They will also have to break this down by telephone, mobile and internet banking, but security incidents will not be identified separately from operational ones.


Stay up to date on the Financial Services Information Security news that you need to know by signing up for our Financial Cybersecurity Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.