Cyber Threats for Financial Institutions
Organisations such as banks, building societies, credit unions, insurers and investment firms are heavily regulated and often need to comply with a number of country specific and international regulations.
Financial Institutions (FIs) offering internet based and mobile banking services face increasing pressure to provide enhanced consumer protection against phishing, sophisticated malware and fraudulent activities.
Although There’s a cultural misconception that security equals lockdown in the financial sector; disclosure runs counter to that perception. Banks are less inclined to share intimate details of attacks because they don’t want to damage market confidence and that makes cyber security a major challenge for the sector.
One of the biggest news stories to hit the banking world this year came from the global provider of interbank money transfer services, SWIFT. The attacks occurred after SWIFT updated security procedures following a breach at the Bangladesh central bank in February 2016. In a private letter to customers, SWIFT said there had been new cyber-theft attempts since June, some of them successful.
SWIFT have stated that some banks attacked had lost money, but didn’t say how much money was taken or how many of the attempted hacks succeeded. The company did not identify specific banks, but said they all shared one thing in common – weaknesses in local security that attackers used to compromise local networks and send fraudulent messages requesting money transfers.
How Privileged Accounts can affect FIs
All IT Infrastructures are managed by Privileged Users, who are given elevated powers through accessing Privileged Accounts to ensure that the uptime, performance, resources, and security of the computers meet the needs of the business.
It’s the misuse of Privilege Accounts in the Hybrid-Cloud world which has become one of the most critical security challenges, because uncontrolled access to Privileged Accounts opens a “barn door” through which untrusted 3rd parties can compromise data and inflict cyber-attacks, ultimately causing irreparable damage to the business and its corporate reputation.
Which compliance standards can Osirium help FIs with in relation to Privilege Account Management (PAM)?