Cybersecurity Awareness Month - How to tackle cyberattacks
This feature is upgradeable
For End Users
You can activate this feature and other links for ALL VENDORS with a VendorMatch Premium subscription. Additionally you can gain access to an increased depth of data, summary reports, RFX reports (detailed completed RFIs - available to financial institutions only) and comparison grids. Please click here for more information.
For Vendors
Vendors can activate their links and gain access to analytics by upgrading to VendorMatch PRO. Please click here for more information.
Speak with an analyst
Financial institutions and their advisors can subscribe to our Analyst Access* service. Effectively phone or (email) a friend you can have on tap advice and support provided by our analysts on this vendor, solution or solution category.
HOW TO SUBSCRIBE
To protect vendor data only financial institutions and recognized advisors can subscribe to VendorMatch Premium. Please click here for more information.
or contact us to discuss a subscription.
Subject to reasonable use.
Survey Summary
The Survey Summary provides a download of the vendor profile, solution profile and the VendorMatch Discovery survey vendor responses used to power the directory. All responses are provided by the vendor online.
Note that this report is a high level summary of the vendor's credentials and a solution's capabilities designed to assist with solution short-listing. The RFX report is the more comprehensive Request For Information report designed to support evaluation and selection, this will only show where the vendor has completed the "RFX" RFI.
HOW TO SUBSCRIBE
To protect vendor data only financial institutions and recognized advisors can subscribe to VendorMatch Premium. Please click here for more information on Premium features or contact us.
RFX Report
The RFX report is an XLS download of the Vendors response to the “RFX” Request for Information for this solution.
The RFX is a centralized golden copy of a RFI authored by our analysts based on their expertise in running real-life system evaluation and selection projects and completed by the vendor online.
Note to protect vendor that only Financial Institutions and recognized Advisor can subscribe to this feature.
In each instance the first time the link is used the user requests permission to access the RFX report and it is the vendor who is required to authorizes access. You will be alerted when the vendor has reviewed your request and granted permission.
HOW TO SUBSCRIBE
Please click here for more information on Premium features or contact us.
To learn more about subscribing to our service options, please contact us here
As October is National Cybersecurity Awareness Month (ECSM), it is important that key decision-makers in the financial services sector know the best strategies to ensure the security of banks’ assets as well as how to efficiently and reliably defend their networks.
This is especially true and important in the age of digitalisation, where the surge in remote working (boosted by the Covid-19 emergency) and IT budget constraints, IT vulnerabilities have intensified.
The increase in the number of security breaches is because the number of potential targets has expanded, from laptops to smartphones to Internet of Things (IoT) devices, which pose a constant security risk to both individuals and financial institutions. These act as ideal "entry points" for cybercriminals.
Of course, security breaches lead to loss of revenue, reputation, and customers for banking institutions, as well as interruptions to operations. For the first half of 2020, banks endured a 238% spike in cyberattacks and for five consecutive years, financial services have been the most targeted sector. Let’s explore this in more detail:
What are the main attacks?There are different ways threat actors can gain access to your business network. Here are just some examples.
1. Phishing
It can be defined as the use of social engineering and technical subterfuge to defraud an online account holder of their financial personal information or login credentials by posing as a trusted identity.
Phishing attack can be executed through multiple means including phishing emails, phone calls, web link manipulation and website forgeries to convince users to divulge sensitive information or participate unknowingly in fraudulent transactions
2. DDoS attacks
They consist in launching an attack on a bank which can cause slow website response times and prevent customers from accessing their online banking and other financial applications.
This way attackers access sensitive customer data such as financial credentials and open fake accounts, access funds and continue their pattern of fraudulent activities. In 2020 a 30% increase in DDoS attacks was reportedly targeted at the financial services industry. Increases were seen in traffic volumes, attack duration and packets per second.
3. APTs
Advanced persistent threats are stealthy threat actors. They are typically a nation state or a state-sponsored group, which gain unauthorised access to a computer network and remains undetected for an extended period. The financial sector has been highly affected by APTs, and banks are particularly targeted.
These sophisticated threats combine advanced intrusion and spoofing techniques to allow hackers to gain access to account management applications, for example.
4. RaaS - Ransomware-as-a-Service
Ransomware has evolved into a ‘service offering’ known as Ransomware-as-a-Service (RaaS) that enables inexperienced cybercriminals to deploy an attack with relative ease.
Essentially, it is a subscription-based model that enables affiliates to use already-developed tools to carry out attacks and permits cybercriminals, that are unfamiliar with malware development, to outsource this skill and easily deploy an attack.
Cybersecurity for financial institutionsStandalone solutions are not enough to defend networks. Financial institutions need to consolidate a variety of protection mechanisms on a single platform such as application whitelisting, full encryption of all hard disks and media, file system integrity protection, hardware protection and a firewall to stop network attacks.
That said, organisations should also find innovative ways to use their existing resources more effectively. For instance:
- Automating more processes to identify and respond to issues in real-time before they impact business operations.
- Equalising workloads based on broader threat analysis with a particular focus on, for example, data leaks or introduced malware.
- Breaking down silos by introducing advanced self-service platforms.
- Consolidating activities such as combining effective cybersecurity strategy with proactive device monitoring to maintain service availability.
Overall, the pandemic and remote working drove a significant increase in cyberattacks and this appears to be a trend that is set to continue into the new year.
Cybersecurity is a long-term investment and organisations must teach customers and employees how to identify potential threats through training, education, and awareness programs. To circumvent such attacks, financial institutions must act now and enhance their operational resilience.