https://www.fintechfutures.com/wp-content/themes/fintech_child/assets/images/logo/fintech-logo.png
  • Home
  • COVID-19
  • News
  • Intelligence
    • Back
    • Analysis
    • Interviews
    • Features
    • White Papers
    • Case Studies
    • Surveys, Reports & Infographics
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Subscribe to Magazine
  • Content Hub
    • Back
    • COVID-19: industry impact & response
    • Challenger Banks Guide
    • Food For Thought
    • I’m Just Saying
    • Through a Gen Z Lens
    • Ask The Expert
  • Videos
  • WTF? Podcast
  • Awards
    • Back
    • Banking Technology Awards
    • PayTech Awards
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Banking Technology Magazine Calendar
    • Reports Calendar
    • FinTech Futures Newsletter
    • Events
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech
Banking Technology
  • NEWSLETTER
  • Home
  • COVID-19
  • News
  • Intelligence
    • Back
    • Analysis
    • Interviews
    • Features
    • White Papers
    • Case Studies
    • Surveys, Reports & Infographics
    • Webinars
    • Podcasts
    • Videos
    • Library
    • Techwire
    • Browse
  • Publications
    • Back
    • Banking Technology Magazine
    • Supplements
    • Daily News at Sibos
    • Subscribe to Magazine
  • Content Hub
    • Back
    • COVID-19: industry impact & response
    • Challenger Banks Guide
    • Food For Thought
    • I’m Just Saying
    • Through a Gen Z Lens
    • Ask The Expert
  • Videos
  • WTF? Podcast
  • Awards
    • Back
    • Banking Technology Awards
    • PayTech Awards
  • Advertise
  • Jobs
  • More
    • Back
    • About us
    • Contact us
    • Advertising / Media Kit
    • Banking Technology Magazine Calendar
    • Reports Calendar
    • FinTech Futures Newsletter
    • Events
  • newsletter
  • FinTech
  • BankingTech
  • PayTech
  • RegTech
  • WealthTech
  • LendTech
  • InsurTech

bankingtech.com

bankingtech.com


Keeping file-based threats out of bank vaults

  • Written by FinTech Futures
  • 11th January 2016
Greg Sim is chief executive at Glasswall Solutions

Greg Sim is chief executive at Glasswall Solutions

While mention of bank robberies will often conjure images of masked criminals and high-speed car chases, most modern instances of the crime are being conducted from behind computer screens. In addition to the lure of stealing cash, these criminals are going after banks for valuables such as the personal data of customers, details of mergers and acquisitions between companies and the private tax information of corporations, data is fast becoming an incredibly valuable commodity in its own right, writes Greg Sim

These hackers, whether criminal or state-sponsored, have the ability to bring down any bank’s operations with as little as a single email. Through manipulating file data, an unassuming attachment could be hiding a malicious set of instructions or payload which often, in highly targeted attacks, is shown to be resident for in excess of 200 days drip feeding data out of the enterprise. Typically, the hacker will have done their research through employees’ LinkedIn or Facebook profiles and metadata obtained from documents on the company’s website. This information is used to find an entry point from which they can turn an employee into an accessory without their knowledge.

Growing recognition

Cyber-crime is recognised as a serious threat in the banking industry. The Bank of England’s latest Systemic Risk survey saw 46 per cent of participants list it as a main concern, a significant increase over the 10 per cent in 2014. Unfortunately, the Bank’s response – planning cyber-security tests for every couple of years – does little to alleviate worries over the growing threat of cyber-crime, which is estimated to cost £36 billion annually in the UK.

Awareness of the threat is growing due to a number of recent scandals, such as the TalkTalk hack which resulted in the details of tens of thousands of customers being stolen. Despite the higher-profile of cyber-security, there is still little understanding of how cyber-criminals operate and the best ways to face them.

Banks must become aware that policies allowing the free exchange of documents carry a significant amount of risk, considering 94 per cent of successful cyber-attacks utilised emailed documents.

The Bank of England must be prepared to lead the charge by advocating a total overhaul of how cyber-security is handled and in particular how policy can applied to manage document flow without impacting business continuity. A wise step would be to raise awareness of the obsolescence of conventional perimeter security and to establish standards for banking communications in regards to the file types most commonly used by hackers.

The Bank must also require financial institutions to identify the vulnerable points in their daily exchange of documents such as their supply chain and customer exchanges, with the goal of ultimately eradicating them.

Outdated defences

Relying on expensive perimeter security methods such as email virus scanning, firewalls and sandbox technology, which deal only with known threats and lack the ability to screen out the new methods of attack are a thing of the past and will always be behind the innovative approach of the cyber-criminal.

For example, a hacker could use metadata obtained from a number of avenues, such as a file that has not been cleaned of metadata on the banks website, data leaked from an inadequately protected source in the supply chain or from the free flowing files traversing into and out of the banking systems to identify intelligence such as user ID’s, software versions, server paths and even employee reference data. Armed with this insider information, they could then forge an email to an employee, fooling them into opening a link that would download a zero day exploit. With this in mind, it is essential that organisations stem the flow of data leakage that is literally pouring from poor internal processes and management, thereby limiting the data hackers can add to their arsenal.

Whilst this sounds like science fiction it is a 24 x 7 activity where the hacker only needs to be successful once to breach the defences, while banks must constantly be on guard for new criminal techniques.

A breach could spell disaster for a bank, destroying consumer confidence and resulting in downgraded credit ratings as customers move their money elsewhere. In this post-financial crisis climate, it takes very little for consumers, partners and suppliers to lose trust in a bank following a security breach.

Keeping up with cyber-criminals

New practices have the ability to achieve 100 per cent effectiveness against file-based threats, by changing the paradigm of looking for bad to only allowing only the “known good” into and out of the network.

Solutions based on file regeneration permits only clean versions of files into a company’s system, using the manufacturer’s standards to assess and rebuild the file in real time. Considering the mass volume of unstructured data involved in banking, this presents a substantial advantage. This technology identifies threats by comparing unstructured and unknown files with set standards, while security methods seeking viruses and malware are only searching for known threats, causing them to lag behind criminal innovations.

Achieving compliance

The new European General Data Protection Regulation, coming into effect next year, is increasing the urgency to address file-based security. The new law will create steep penalties for businesses that fail to protect private data. Additionally, banks may be publicly named following a data breach as a matter of public influence, effectively destroying their reputation.

By implementing the right solution for file-based threats, companies can gain instant access to all reporting and policies, providing clear evidence of compliance. With advanced analytics and reporting built into this technology, companies can take back control and tweak their cyber-security policy in accordance to the most common threats.

While the open exchange of documents is key for the banking sector, the protection of this freedom is reliant on those in charge recognising that the current lines of defence don’t live up to the threat presented by cyber-crime.

Tags: Cybersecurity, Financial Crime & Fraud cyber crime, Glasswall Solutions Analysis, Industry Comment

Leave a comment Cancel reply

-or-

Log in with your FinTech Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related


  • Understanding the three key trends in SME banking for 2021
    The pandemic has accelerated digital transformation in banks’ lending platforms.
  • Fostering a growth mindset is key to getting through challenging times
    Mastering an ability to deal with tough times will strike a path towards growth.
  • My mother was right about everything
    What good are the choices, if you don't act?
  • 2021 predictions: don’t overlook the phone call
    Due to the explosion in illegal robocalls, many consumers have simply stopped answering the phone.
  • UK payments acquirer Unlimint powers on with “aggressive” LatAm expansion
    In November, the fintech rebranded to Unlimint from ‘Cardpay’ as part of its expansion plans.
  • Tackling mobile fraud in 2021
    Mobile numbers and associated SIM information have become even higher prized targets for fraudsters.
  • How FIs can reduce friction and drive value in the payments system
    FIs can help clients proactively identify and respond to potential problems.
  • Digitisation answers the quest for risk mitigation in global trade
    These concerns have been heightened by a series of fraud allegations relating to commodity transactions.

Related Content

  • Embedded insurance: a $3tn market opportunity, that could also help close the protection gap
  • What the Fintech? Season one | Fintech Jail
  • 2020 in review: Top core banking stories
  • 2020 has been the year of change, including EMTs

Magazine

Banking Technology December/January issue out now

16th December 2020

Banking Technology November issue out now

  • 1
13th November 2020
view all

Reports & Surveys

Omdia Universe 2020-21: Temenos recognised as a leader for digital banking platforms

15th December 2020

Report: Digital KYB – a springboard to customer onboarding success

30th November 2020

Report: Three key strategies for customer experience success

15th November 2020
view all

Content Hubs

COVID-19: industry impact & response

26th June 2020

The rise of challenger banks around the world

26th June 2020

CRUX RegTech Digital Day – 28 July 2020

26th June 2020
view all

Podcast

What the Fintech? | S.2 Episode 1 | Innovation in commercial lending

20th January 2021

What the Fintech? Episode 18 | Year in review

18th December 2020

What the Fintech? Episode 17 | The spirit is willing, but the markets are weak

1st December 2020
view all

Videos

Video: Top fintech stories this week – 15 January 2021

15th January 2021

Video: Top fintech stories this week – 08 January 2021

8th January 2021

Video: Top fintech stories this week – 11 December 2020

13th December 2020
view all

White Papers

Embedded insurance: a $3tn market opportunity, that could also help close the protection gap

4th January 2021

White paper: The business value of ServiceNow for retail banks

12th December 2020

E-book: Migration to cloud – your guide to delivering an intuitive customer experience

8th December 2020
view all

Techwire

Wattpad Board of Directors Approves Agreement to be Acquired by Naver, the South Korean Internet Conglomerate and Home of WEBTOON™, a Leading Global Digital Comics Platform

19th January 2021

SellersFunding Opens Full Suite of Financial Tools to Walmart Sellers

19th January 2021

Music Royalties Inc. Launches Private Placement Offering on DealSquare

19th January 2021

Digital Vault Services GmbH launches its market solution for Digital Guarantees

19th January 2021

Walser Automotive Group x PICO Venture Partners Announce FUSE Autotech

19th January 2021

MIRADOR, LLC a Finalist in Consolidated Reporting at the FAMILY WEALTH REPORT AWARDS

19th January 2021

Origami Risk Unveils Suite of Online Solutions for EHS Professionals

19th January 2021

Agile Business Development at PayRetailers

19th January 2021
view all

Twitter

FinTech_Futures

SME credit fintech Dinie lands dLocal deal one year into Brazil play fintechfutures.com/2021/01/sme-cr…

20th January 2021
FinTech_Futures

.@AionBank signs payments processing deal with @Form3Tech fintechfutures.com/2021/01/aion-b…

20th January 2021
FinTech_Futures

New York PFM/cash advance app Brigit [@hellobrigitapp] finally reveals the $35m value of its Series A, reported bac… twitter.com/i/web/status/1…

20th January 2021
FinTech_Futures

UK long-term fixed rate mortgage challenger @PerennaMortgage lands $10m ahead of Q3 launch, having applied for its… twitter.com/i/web/status/1…

20th January 2021
FinTech_Futures

.@SWBCServices picks @finicity Pay to meet new ACH requirements fintechfutures.com/2021/01/swbc-p…

20th January 2021
FinTech_Futures

.@NAB signs SME payments deal with @Eedenbull fintechfutures.com/2021/01/nab-si…

20th January 2021
FinTech_Futures

.@JoeBiden reshuffles US financial regulators to reign in corporates fintechfutures.com/2021/01/biden-…

20th January 2021
FinTech_Futures

Join FinTech Futures & @servicenow for an exclusive webinar on transforming your payments, card and loan operations… twitter.com/i/web/status/1…

20th January 2021

Report: Digital Know Your Business (KYB)

Free download

Report: Three key strategies for CX success

Free download

Omdia Universe: selecting a digital banking platform

Free download

FinTech Futures Jobs

Find a job or post a vacancy

Fintech Futures
  • About us
  • Advertise with us
  • Contact us
  • Fintech jobs
  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X