What are the new and emerging cyber threats and the key factors in building a multiple risk-based solution?
No company will ever be 100% secure to avoid cyber threats. The threat environment is simply too clever and moving too fast. Rather than focusing on a bulletproof IT security structure organizations need to evaluate and balance the cost of breach and intrusion as compared to the stolen easily available data is worth anything.
No company will ever be 100% secure to avoid cyber threats. The threat environment is simply too clever and moving too fast. Rather than focusing on a bulletproof IT security structure organizations need to evaluate and balance the cost of breach and intrusion as compared to the stolen easily available data is worth anything.
That could be obtained is worth, using a layered, risk-based approach to maintain the balance between security and customer experience.
The cyberthreats that menace the global economy are multiplying at an alarming rate. From denial-of-service attacks that take a website offline to corporate account takeover and malware, financial institutions should take notice of the information security threats that could deeply affect their infrastructure in this rapidly evolving world.
With the knowledge that 100% security can never be assured in the face of cyberthreats, the strategies of leading FIs and businesses instead focus on making the effort to breach their security more trouble than the underlying data is worth (or more difficult to garner than it is to compromise the bank or business down the street). Here are a few suggestions for FIs and merchants:
- Look for tools that can be leveraged in different ways to solve multiple problems. While there is no such thing as a one-size-fits-all tool when it comes to security, tools such as behavioral analytics can be leveraged in various ways to solve different problems.
- Encrypt sensitive data both in storage and in transmission. This includes PII as well as credentials. Build a robust feedback loop so that in the event that your security is compromised you can quickly assess how and why, and adjust your defenses accordingly.
- Don't put all your eggs in one basket. Cybercriminals have proven adept a bypassing virtually every form of online fraud mitigation and authentication when deployed as a single point solution. To be effective in the war against cybercriminals, FIs need to adopt a layered approach that protects not only the session but also the transaction itself.
- Continue to perform ongoing risk assessments. It's important to stay abreast of the latest malware capabilities and understand how current defenses can (or cannot) be effective against them.
- Proactively interface with marketing and technology. Ensure you have input and buy-in from all stakeholders when new functionality is planned via online and mobile channels so you have preparation time instead of being in a reactive mode after its introduction.
The cyber threats that menace the global economy are multiplying at an alarming rate. These threats come in the form of malicious software code, waves of distributed denial of service (DDoS) attacks, and insidious corporate espionage, all designed to provide financial or political benefit to criminals. While no aspect of the global economy is immune to attack—everyone from government entities to utilities to e-commerce merchants has hit the headlines with big breaches over the last year—this white paper will focus on two of the most lucrative targets for the organizations behind the attacks: financial institutions (FIs) and merchants.
One of the challenges in defending against the onslaught of attacks is the many different players and attack vectors. International organized crime rings seek financial gain; nation-states, individuals, and crime rings are engaged in espionage against governments and businesses; and hacktivists hope to make headlines. There are no clear dividing lines between players' causes either; many times, the place wher hacktivists leave off and fraudsters begin is none too clear.
There are a few common elements in the threats and the defenses employed by FIs and merchants, however.
- The threats are escalating more quickly than banks or businesses can deploy defenses against them. The bad guys don't have to make a business case in order to innovate and deploy new technology, whereas the forces of good usually do. With new malware being deployed constantly (more than 150,000 unique new strains each day in Q1 2013), it's very difficult for the good guys to keep pace.
- The username/password combination as an authenticator is officially broken. With myriad database breaches over the last year compromising tens of millions of usernames and passwords, and consumers exercising very little care or caution, the sole relevant use of this combination is now that of a database look-up mechanism.
