YOUR ITADVANTAGEAdvanced Cyber Security Threats to the Financial Services
30 October 2017
Agenda
Advanced Cyber Security Threats to the Financial Services
• Global Trends
• Common Threats against financial institutions
• Top Threats
• Source of attacks
• Malwares
• Dark Web
• Data Compromises
• Recommendations and Mitigations
• Third- & Fourth-party Best Practices
30 October 2017 2
Why Financial Sector is Targeted
Financial Threats are still profitable for cyber
criminals and therefore continue to be an
significant part of the threat landscape. From
financial Trojans that attack online banking, to
attacks against ATMs and fraudulent interbank
transactions, there are many different attack
vectors utilized by criminals.
There is a gap between companies perception of theircyber security capabilities and their actual ability todefend themselves from cyber threats
30 October 2017 3
Global Trends
Threat Landscape Is Changing
and Complexity AroundHeightened Awareness
Personal Information
The More Connected The More Vulnerable
New IT Sourcing Models are Being Implemented
30 October 2017 4
Industries Most Frequently Breached in 2016
The financial services sector moved from the third most-attacked industry in 2015 (behind healthcare and manufacturing) to the first most-attacked in 2016, due primarily to a large rise in SQLi and OS CMDi attacks. Also the financial services came third in regards to the number of records breached.
The cost of a cyber
attack by C-level
executives is estimated
at $11.6 million, while
IT Decision Makers
estimate $19.2 million
Information and communications
Government
Financial Services
Media and entertainment
Professional services
3,377,128,95585
398,087,84139
204,420,28322
42,008,94737
19,574,0005
Records breached Number of incidents
Data Source: IBM X-Force® Research and Development30 October 2017 5
Common Threats Against Financial Institutions
30 October 2017 6
Who is Responsible for Security Breaches?
Accountability and responsibility creates gaps for attackers to exploit.
Such disconnects and communications failures can also create problems in the event of an attack, when time is often of the essence and clarity is important.
It’s vital that organizations work to narrow these gaps in understanding, intelligence and responsibility.
C-SUITE
35%
21%
11%
17%
11%
The IT team Senior management team The leader of the organisation All Staff The board
19%
30%
20%
17%
13%
ITDM
WHO IS RESPONSIBLE FOR SECURITY BREACHES?
32%
30 October 2017 7
50%
Data Source: BAE Systems - The 2017 Cyber Defense Monitor
Who Are TheAttackers?
ATTACKER MOTIVATION, CAPABILITY & INTENT
Opportunists
Cybercriminals
Hacktivists
Nation State
30 October 2017 8
Top Threats to Financial Institutions
Unencrypted Data New Technology Without Security
Third Party Services
Being Unprepared for New Forms of
HackingUnsecured Mobile
Banking
30 October 2017 9
Source of attacks against financial services security clients
In 2016, insiders were
responsible for more
financial services
sector attacks than
outsiders
Data Source: IBM X-Force Interactive Security Incidents data30 October 2017 10
Source of attacks against financial services security clients
Injection-type attacks were the clear leader in the financial services sector in 2016
1%
Data Source: IBM X-Force Interactive Security Incidents data30 October 2017 11
1%
51%
0% 10% 20% 30% 40% 50% 60%
Employ probabilistic techniques
Engage in deceptive interaction
Inject unexpected items
Subvert access control 13%
Manipulate data structures 13%
Collect and analyse information 9%
Indicator 6%
Manipulate system resources 3%
Abuse existing functionality 3%
Detection Distribution and Threat Detection 2015-2016
Number of financial threat detections in 2016 and 2015Distribution of financial malware detections
The financial Trojan threat landscape is dominated by three
malware families: Ramnit, Bebloh (Trojan.Bebloh), and Zeus
(Trojan.Zbot). These three families were responsible for 86
percent of all financial Trojan attack activity in2016
Data Source: Symantec – ISTR Financial Threats Review 201730 October 2017 12
Still Lots of Opportunities for Malware
30 October 2017 Data Classification: MEEZA 13
Phishing – Widespread email – lots of victims
Spear Phishing – Targeted email aimed at a few victims
Compromised Vendors – any remote access is high prize target
IT Supply Chain – compromise integrators / distributors
Malicious Mobile Apps – Free or fake mobile apps
IT Patch Management Systems – broad distribution of code
Drive by Download– the unintentional download of malicious software, typically from an infected reputable site
Major Milestones in the Evolution of Evasion Techniques
30 October 2017 14
Malware evasion
techniques have
become far more
numerous and
sophisticated
since they first
appeared in 1980.
Data Source: McAfee
Dark Market Evasion Tools for Sale
30 October 2017 15Data Source: McAfee Labs Threats Report, June 2017
Dark Web: Connecting Miscreant Suppliers with MiscreantBuyers
Online libraries and advertisements of stolen data
Education on how to launch spamming, phishing, and key logging attacks
Advertisements for partners for complex fraud schemes
Recruitment
Detailed info sharing on technical vulnerabilities of software and specific financial institutions and their service providers
30 October 2017 16
Data Compromises by Region & Industry
Data Compromises By Region
Data Source: 2017 Trustwave Global Security Report30 October 2017 17
Data Compromises By Industry 2016
Data Compromise – Method of Detection
Data Source: 2017 Trustwave Global Security Report30 October 2017 18
Median Time Between Compromise Milestones (Days)
Containment is Much quicker when a breach isself-detected
Median Time Between Intrusion and Detection
Data Source: 2017 Trustwave Global Security Report30 October 2017 19
Median Time Between Detection and Containment(Days)
Recommendations and Mitigations
Never neglect training and refreshing
Further reduce exposure to insider threats
Protect your enterprise while reducing costand complexity
Risk and Resilience Seek Balance
Embrace Adaptive SecurityApproaches
Apply a cognitive approach to detecting
Augment cyber Security intelligence capabilities
Finding Security-People and Skills
Security Disciplines Converge
Extending Security For Digital Businesses
30 October 2017 20
Third- & Fourth-Party Best Practices
Never neglect training and refreshing
Collaborating with vendors
Creating a fourth-party risk program.
Using continuous monitoringtechnology
Emphasizing the importance of third- and fourth-partycybersecurity to the board
Considering how third- or fourth-party cybersecurity impacts cyber insurance
30 October 2017 21
Any Questions?
30 October 2017 22
Thank You
Faisal Al KuwariChief Technology Officer
T +974 4405 1000 F +974 4405 2000 P.O.Box 892 Doha – Qatarwww.meeza.net
Top Related