• Bradley Sing

    Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

    Comments:0

    Add comment
Bradley Sing

Our financial services sector is under cyberattack

Content

Financial institutions like banks and other brokers hold large volumes of data about their clients, investors and customers.

That data is often of a highly sensitive nature, including everything from names, addresses, logins, bank account information, to credit and debit histories. That makes the financial services sector a prime target for hackers, as information like that can be highly valuable when carrying out fraud and identity theft. Add to that the treasure trove of data yielded by the explosion of financial technology (Fintech) apps and services (think everything from payroll apps to invoicing apps), the opportunity for hackers has never been greater.
 

In fact, Finance was the second-highest reporting sector in the first half of this year, notifying 14% of all breaches, as reported by the OAIC.


As Australia’s financial sector continues to digitise, cybersecurity risks also grow bigger, with the potential to affect any sector that depends on financial services. But what are these cyber risks exactly? Let’s take a look at the three biggest cyber threats facing our financial services sector.
 

1. DDoS and web application attacks

DDoS, or a distributed denial-of-service (denial-of-service), attacks try to disable websites by overwhelming them with fake requests, denying any other users access. These attacks can be relatively cheap and simple to pull off, which explains why they’re so common. Almost a third of network downtime incidents are attributed to DDoS attacks, resulting in huge financial losses and damaging business reputations. Luckily, there are lots of DDoS protection tools and integrated services out there that are designed specifically to counter DDoS attacks.

Web applications present another potential point of entry for hackers. Most of the digital applications we use today are hosted on the web (think Google docs, cloud-based email or online forms). Hackers love targeting these because they are the most accessible and rely on user input to work. Firewalls can be effective against hackers trying to commandeer these web apps, especially smart firewalls that can also block cross-site scripting (XSS) attacks.

The best way to deal with these risks is to simply adopt good cyber habits. Simple steps like clearing stored cookies (which a lot of apps can do automatically if the right settings are enabled), avoiding questionable websites and making sure you’re running up-to-date antivirus and anti-malware tools can go a long way to reducing your risk profile.


 

2. Backdoors and third-party vulnerabilities

Targeted attacks often use “backdoors” – software vulnerabilities that allow remote access – to sneak into secured systems. But modern digital networks are growing a lot more interconnected and complex. Modern businesses make use of everything from third-party vendors to smart devices and smartphones to carry out their operations, and any vulnerability at any point in the chain can open the door for hackers to sneak in. Though you can control the security standards of your own network, you can’t always dictate the same standards to your business partners and third party services.

The risk will never be fully eliminated, but there are ways to defend your organisation. Your first priority should be good housekeeping: using multi-factor authentication, access control, patching and good cyber habits can greatly limit your exposure to risk.

Next, you will need to thoroughly review your vendor and partner contracts for their security practices. Whether it’s cloud storage provider or a web developer, ensure any vendors you work with have good security measures in place. It won’t eliminate the risk entirely, but will greatly reduce it. Finally, consider bringing in an external security provider. Letting a reputable security partner manage and monitor your services can be a great way to ensure you have trained eyes on your network 24/7.


 

3. Insider Threats

Despite the hue and cry over external cyberattacks in the media, the inconvenient truth is that a significant number of data breaches originate from inside the company. Over a two year period, the financial services sector saw a 20.3% increase in insider attacks, according to a report from The Ponemon Institute and IBM.


Malicious employees can give hackers a way to bypass even the strictest security, just by sharing their credentials or by simply neglecting cybersecurity practices already in place. But not all of these incidents are intentional. Simple human error forms a big part of the picture, with phishing scams and malware downloads tricking even the most well-intentioned and dedicated employees.
 

The best defence against insider threats is to identify mission-critical operations and tighten access to them. The ACSC has a great guide on the concrete steps you can take to secure your company from insider threats. The next security measure is building a supportive work culture. Organisational culture is a big factor when it comes to insider risks. By fostering an open and collaborative culture that protects and values employees, your first layer of defence – the people you employ – are ready and motivated to look after your institutional assets as well as their security. 

 

To learn more, stream our webinar about strengthening your internal defences 

Technical Consultant, Mimecast

Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

Stay safe and secure with latest information and news on threats.
User Name
Bradley Sing