Post-Pandemic Technology & Cyber Security Trends in Banking – Part 2 In this second part of our review of key cyber and security-related technology trends in banking in the post-pandemic world, we look at the top cyber threats targeting banking and financial services organisations in 2021. We also look at some of the emerging cyber technologies being adopted and considered by banking and financial services organisations around the world. Over the last decade, cyber attacks have become an ever-growing threat for banks. Technology has advanced rapidly and threat actors have learned that banks are a lucrative target. Threat actors have evolved their techniques to make it difficult for any company to fend off the attacks. Cybersecurity is not an issue limited to industries involving technology only. It holds a critical value in banking since banks make millions of transactions each day, most of which are done on digital payment platforms. Without
Post-Pandemic Technology & Cyber Security Trends in Banking - Part 1 The banking sector is in the midst of a digital transformation that is causing its attack surface to grow, exposing organisations to increased levels of cyber threat activity. As more organisations adopt digital banking solutions, having effective cybersecurity programs has become more important than ever before for the banking industry. In this article we explore the post-pandemic technology and cyber security trends in banking. Elasticito was recently approached by a financial services firm to provide some analysis on new technology and cyber trends within the banking and financial services industry. A summary of our findings make up this blog post, but one common theme that we observed was that, despite the pandemic, the unstoppable momentum of digital transformation is causing a huge impact in the way that banking services are and will be delivered to customers over the
Building the case for Security Validation Image credit: USA Today Events of the last month have shown that, despite best efforts and assumptions on how well protected corporate networks are, damaging Ransomware attacks and other cyber threats, continue to wreak havoc on companies and organisations in all industry sectors. Just in the last month, we have seen crippling Ransomware attacks on Colonial Pipeline, the Irish Health Service, the University of Portsmouth, and many others. In most, if not all, of these cases, the IT and information security teams will undoubtedly have told their management teams and oversight Boards, that they had invested in adequate security controls and that they conduct regular penetration testing. So, it begs the question: why are corporate networks still so vulnerable to these attacks? The answers to this are probably wide ranging, but one consistent theme is an assumption that corporate networks are protected because certain
My wife is a cat person. We have two fluff-ball Ragdoll cats, who are not allowed outside - mainly because we know that they have the capability to scale our garden wall, but probably not the ability to find their way home again! Recently, we adopted a rescue dog. She is however, allowed into the garden; much to the chagrin of the cats. This is because, to our knowledge, we do not believe that the dog has the capability of scaling our outer perimeter. In the information security world, we at Elasticito, spend a lot of time working with information security teams and senior management helping them to understand and manage cyber risks, threats and threat actor capabilities within the context of their businesses. It seems to me, that the complex world of cyber security is actually not much more complex than the dynamics between cats, dogs and garden fences.
MITRE ATT&CK is a phenomenal global free knowledge base produced by MITRE, a US Government research organisation, that maps adversary tactics and techniques that are used by threat actors to launch cyber attacks against targets. The ATT&CK framework (which stands for Adversarial Tactics, Techniques, and Common Knowledge) began its life in 2013 and now incorporates a vast array of Tactics, Techniques and Procedures (TTPs). As Sun Tzu famously wrote in The Art of War, 'Know your enemy ...' - this is about understanding how cyber adversaries operate and what tactics and techniques they use when conducting reconnaissance on a target and launching an attack, with the aim to try and disrupt their activity to make an attack too complex or too costly for the attacker to pursue. MITRE ATT&CK Navigator The MITRE ATT&CK Navigator is used to map and filter adversary TTPs in order to understand the phases and techniques
Using the FAIR Model to quantify Cyber Risk for 3rd parties - Recorded webinar View webinar recording Understanding the true and realistic financial impact on the cyber risk that key 3rd party organisations pose to your business has been a hugely complex and expensive challenge to solve. Until now. Join this webinar to learn more about how NormShield has incorporated the Fair® cyber risk quantification model into its cyber risk assessment platform to provide instant and dynamic visibility of the financial impact and likelihood of a breach with 3rd parties that you do business with. If your business could be affected by a major cyber incident with one of your 3rd parties, you should attend this session. Suggested audience: - CISOs - Cyber risk/GRC specialists - Third Party Risk Managers - IT Governance professionals View webinar recording