finance Archives - Cyber Secure Forum | Forum Events Ltd
Posts Tagged :

finance

Financial sector subject to cyber attack ‘death by a million cuts’

 960 640 Stuart O'Brien
By:
0
0

BlackBerry’s Global Threat Intelligence Report states that threat actors focusing efforts on targeting high-value data held by the global financial sector, with one million attacks logged over the 120 day period.

This “death by a million cuts” is revealed to be using mainly commodity malware, which indicates a large number of independent actors targeting the industry in pursuit of financial gain. Critical infrastructure attacks, including those targeting government, financial, healthcare and communications industries, altogether accounted for 62 percent of industry-related attacks over the report period, September to December 2023.

The BlackBerry Threat Research and Intelligence team registered a 27 percent uptick in novel malware to 3.7 new malicious samples per minute prevented by its AI-powered cybersecurity solutions, compared to 2.9 per minute in the previous reporting period. Overall, BlackBerry claims its cybersecurity solutions stopped 31 attacks every minute, a 19 percent increase on the last reporting period.

“We’re consistently seeing increased volumes of attack in highly lucrative industries using novel malware,” said Ismael Valenzuela, Vice President of Threat Research and Intelligence at BlackBerry. “Novel malware typically indicates specific motivations from threat actors towards particular attack targets with intent to evade defences, which are often based on static signatures. We’ve reached a pivotal point where traditional detection methods alone are not enough to combat this increasingly complex problem. AI is already being weaponised by malicious entities, so it must equally be the dominant tool for detection and defence.”

Highlights from the latest BlackBerry Global Threat Intelligence Report include:

  • 62 percent of industry-related attacks targeted critical industries: Digitization and the prospect of debilitating national infrastructure attracted notorious gangs and Malware-as-a-Service (MaaS) groups who attempt to exploit security misconfigurations and vulnerabilities for varying motives.
  • Commercial enterprises also under attack: 33 percent of all threats targeted commercial enterprises (including retail, manufacturing, automotive and professional services), with the majority (53 percent) of those deploying information-stealing (Infostealer) malware with the aim of accessing highly sensitive data.
  • Rapid weaponization of CVEs by Threat Actors: Ransomware gangs observed taking advantage of new Zero Day vulnerabilities and mass mobilizing against potentially vulnerable targets, with zero-day exploits motivating profiteer groups.

Based on its data analysis, the BlackBerry Threat Intelligence and Research team predicts that 2024 will bring an increase in attacks targeting critical infrastructure and other profitable segments. VPN appliances will likely remain desirable targets for nation-state-level threat actors and it is anticipated that there will be a continued increase in supply chain cyberattacks targeting hardware and software vulnerabilities. Further, APAC will likely see an increase in attacks from China and North Korea, particularly financially-motivated attacks.

Photo by Jeffrey Blum on Unsplash

Asset financing – and how to avoid getting stung by unexpected costs from hyperscalers

 960 640 Guest Post
By:
0
0

“To hyperscale or not to hyperscale” remains a key question for any CIO. And, while the majority of large organisations have already taken that step, for some, if not all, they question whether their IT infrastructure strategy is delivering the  cost and flexibility benefits expected. At a time when capex budgets are coming under ever greater pressure, pushing CIOs even harder towards the hyperscale opex alternative, Mark Grindey, CEO, Zeus Cloud calls on CIOs to read the small print – or pay the price…

Escalating Costs

Drivers for the adoption of public cloud platforms vary, but for many larger organisations, the agility, innovation and scalability have outweighed the expected cost benefits. The ability to spin up new systems has improved time to market, accelerated digital transformation and enhanced business resilience. For CIOs, the shift away from on premise to the hyperscalers has met objectives – in the main. There is one, very notable exception: cost. While cost control may not have been the priority, it is always a factor in any IT strategic change. Few businesses expected to incur the level of ‘additional’ costs associated with the public cloud. And, given the on-going economic challenges, this upward trend is raising serious concerns.

The biggest problem is that, despite the perception, the price of public cloud service is not ‘known’. Monthly costs are not consistent. The subscription model is just one element in a sliding scale of usage- based costs. Companies are discovering the additional fees demanded for extra security and support. They are incurring far greater storage costs, due to the tendency to charge for both storing and deleting data. Even a user inadvertently changing Active Directory settings can lead to an unexpected hike in costs.

Add in the limitations on bandwidth, the additional charges for cpu or RAM, plus the fact that if the business is using VMWare, it will be paying again based on those same usage factors. Therefore, it’s these further hidden costs of the cloud that have caught many companies by surprise.   

Security and Latency Risks

Of course, unexpected IT costs are nothing new. Big companies have deep pockets – if the public cloud is delivering the required agility and flexibility, is the higher price tag worth it? The problem is that the escalating level of security attacks on these high profile hyperscalers is also causing serious concerns, especially for organisations dependent upon 100% uptime and very low latency.

Financial services organisations cannot endure the increasing latency associated with essential additional levels of security. Key infrastructure providers, including telecommunications and utilities, are justifiably concerned about the risks associated with Distributed Denial of Service (DDoS) attacks occurring almost continuously on these organisations.

But what is the alternative? At a time of economic and geopolitical uncertainty, there is little if any desire to revert to the traditional IT finance model, however deep an organisation’s pockets. Add in new compliance demands and the need to adapt to a changing marketplace, and capex projects are already oversubscribed. Further, large businesses have embraced the flexibility and agility associated with scaling up and down in line with demand. New business innovation is now predicated on the ability to accelerate IT development.

Retaining Flexibility

The cloud model works on so many levels. The issue that organisations have to address is how to retain a cloud-based infrastructure without incurring unacceptable costs. Clearly, it is vital to read the small print. But it is also important to consider the alternatives. Would an on-premise private cloud option work, for example?

Using flexible financing, Service Integration & Management (SIAM) vendors can offer the agility of the cloud with the benefit of locating the kit either on premise or in a dedicated co-location centre. Unlike Managed Service Providers (MSPs), a SIAM doesn’t mark up the equipment. It will simply use its market buying power to access the best prices for the kit required.

Critically, when compared head-to-head with the equivalent hyperscaler cost, this model is typically 50% cheaper. And, with simpler, transparent contracts, companies can – finally – achieve the known monthly cost model that was one of the original promises of the cloud.

Photo by John Vid on Unsplash

Navigating recessionary budget pressures on IT departments

 960 640 Stuart O'Brien
By:
0
0

In today’s challenging economic landscape, budgetary pressures have become a reality across every department. None more so than IT. In spite of the promise of increased productivity and performance, advanced technologies such as AI, faster storage, and more secure data inevitably cost more and take longer to deliver than today’s budgets can afford.

IT directors are grappling with the need to accomplish their initiatives, while operating within shrinking financial constraints. The good news is that some of the largest and blue-chip businesses are already using a viable solution, and despite recessionary budget pressures, many companies still have the resources to invest for productivity and growth. Steve Hollingsworth, Director, Covenco, explores further…

Economy induced budget cuts

During an economic downturn, organisations face various challenges regarding funding and executing their IT projects. Budgets are often reduced, and IT departments find themselves forced to accomplish more with fewer resources. In addition, the increasing cost of borrowing has significant implications for organisations’ ability to invest in IT equipment, which can hinder productivity and growth.

As the cost of borrowing rises, organisations face higher interest rates on loans, making it more expensive to finance capital expenditures, including investments in IT equipment. This limits their ability to allocate funds towards technological advancements that drive innovation and growth. Additionally, higher borrowing costs often lead organisations to defer or scale back their technology upgrade plans. This results in maintaining outdated IT infrastructure, impeding productivity, efficiency, and competitiveness in an increasingly digital marketplace.

Tackling inflation head on

Organisations must make informed decisions about prioritising technology initiatives by recognising the potential impact of borrowing costs on IT investments. Collaborating with specialist IT brokers who offer cost-effective alternatives for acquiring IT equipment becomes crucial in navigating budget constraints while still investing in the technology necessary for growth and innovation.

It’s no secret that a good broker can deliver remarkable cost savings when replacing defective equipment – or expanding an existing system. And now, many larger organisations are also discovering that implementing previous-generation IT equipment can benefit them in other ways, including:

– Matched system opportunities

Supplementing existing infrastructure with matching servers, storage, and networking equipment is far easier, cheaper and more efficient. There is no need to rip and replace a functional environment, with all the associated upheaval of introducing new software versions, licences, and training.

– Opportunity for competitive advantage

When competitors face investment challenges due to increased borrowing costs, organisations that can navigate these constraints can gain a competitive advantage. Businesses can streamline operations, enhance customer experiences, and differentiate themselves in the market by strategically investing in IT equipment and leveraging advanced technologies.

– A catalyst for innovation and growth: 

By embracing digital transformation initiatives and adopting cutting-edge IT solutions, organisations can optimise processes, automate workflows, and unlock new opportunities. This positions them to respond more effectively to market dynamics, improve decision-making, and adapt swiftly to changing customer demands.

– Long-term cost savings: 

Although the initial investment in IT equipment may seem challenging due to borrowing costs, it is important to consider the long-term cost savings associated with enhanced efficiency and productivity. Modern IT infrastructure can streamline workflows, reduce downtime, and improve overall operational effectiveness, leading to significant cost savings over time.

– Improved sustainability:

IT Brokerage companies are vital in helping today’s leading organisations achieve their sustainability goals. By partnering with an accredited broker, businesses can effectively manage their IT assets throughout their lifecycle, contributing to a more sustainable and environmentally conscious approach. Specialist brokers will also offer aspects of an IT Asset Disposition (ITAD) solution to ensure that all data-carrying assets are wholly sanitised for data security.

Those who overcome these obstacles can gain a competitive advantage by leveraging technology to drive innovation, enhance productivity, and differentiate themselves in the marketplace. Strategic investment in IT, even in the face of higher borrowing costs, can lead to long-term growth, cost savings, and improved operational efficiency.

IT projects no longer have to be restricted by recessionary budget pressures. By embracing the cost-effective solutions specialist IT brokerage companies provide, IT directors can achieve their objectives while maximising limited resources. And so by employing refurbished hardware from major manufacturers, many organisations are already maintaining performance, reducing costs, and contributing to sustainable practices while improving their productivity and delivering growth.

Image by Kevin Morison from Pixabay

Cybersecurity in Financial Services: Remaining compliant and reducing risk with automation

 960 640 Guest Post
By:
0
2

By LogRhythm

Businesses in the financial services sector have to manage enormous risk, wealth and personally identifiable information (PII), all while meeting strict regulatory requirements.  

As the proliferation of financial data continues to grow, organizations face the task of continuously protecting that information and keeping it secure, while maintaining a reputation in the financial sector. Despite this, many security teams lack the resources and funding to keep up with the evolving threat landscape and ecosystem of regulatory compliance rules.

The Complexity of Complying

For financial services organizations, cybersecurity is about minimising risk for both the customers and the business. This includes compliance, it is vital organizations reduce the possibility of further fines or other penalties by implementing security measures. 

On top of this, security teams are often attempting to mitigate threats manually, increasing effort and stress. Analysts need to eliminate the time spent writing scripts, building rules and creating reports to allow focus on evolving attacks.

Automating Processes for Financial Security

Implementing prebuilt content which is specifically mapped to the individual controls of each regulation enables instant results that do the heavy lifting for you. Combining compliance automation software with Security Information and Event Management (SIEM) gives analysts the resources to comply with necessary mandates more efficiently and effectively than previous manual processes. A SIEM platform can facilitate security teams to improve detection, mitigation and response capabilities.

Furthermore, automation systems allow workflows to be more streamlined to help analysts combat evolving threats by removing manual tasks and enriching data with contextual details consistently.

An Expanding Compliance Environment

Looking forward, the financial sector is expected to face continued vulnerabilities in its technological offerings, both online and traditional brick and mortar. With compliance automation systems at the forefront, patterns of fraudulent activity will be detected at a greater rate, increasing the likelihood of mitigation before impact. 

The compliance environment can only extend further, with more regulatory requirements coming into play. Financial organizations should be prepared for stricter security rules becoming a necessity to protecting both customer and business data.

LogRhythm’s offerings provide financial services organizations with industry-leading automation, compliance and auditing support, comprehensive reporting and protection against advanced cyberthreatsLearn more >