New York, NY (PRWEB) September 25, 2012
While the dust hasn’t quite settled on exactly what happened to Bank of America, JPMorgan Chase and Citigroup last week, the mere fact that so many theories and possibilities are being floated in the media just goes to show how many potential cyber threats banks and financial institutions are actually facing on a daily basis. Obviously, first on the list are cyber intruders looking to get their hands on actual loot, as in real dollars, followed closely by intruders looking to pilfer sensitive client information which can be used to bring in a lucrative haul down the road, by either selling the information to other nefarious characters, or using it in a longer term identity theft type of operation to create those perfect cyber gifts that just keeps on giving. But today, that is only the tip of the iceberg.
The visibility, importance and clout banks and financial institutions hold in today’s society also make them prime targets for a whole slew of other types of threats, ranging from being targeted by hacktivists with a political or moral agenda, to actual cyber warfare being performed by foreign entities which can be considered hostile to the American way of life. Then of course there is the vast array of other non-state related foreign and home-grown threats, and the especially dangerous internal threats with high level access and motives ranging from financial gain, to revenge and beyond.
Joe Caruso, founder and CEO/CTO of Global Digital Forensics, has responded to many emergency cyber intrusions in the financial industry and knows more than a thing or two about what kinds of threats they face on a daily basis, as well as the techniques and methods employed by hackers to see their missions fulfilled, whatever the agenda. And if there is one piece of advice he would like to hit home it’s this, “Any bank or financial institution that doesn’t consistently do everything in their power to keep the foxes out of the henhouse are not only likely to be victimized by cyber intruders, chances are they already have been and have players with access to their digital assets which could spell all kinds of disaster on a whim.”
“Most cyber attacks on large institutions, financial and otherwise, aren’t normally quick in-and-out types of scenarios, they are longer term, with initial access being gained sometimes months, or even years in advance of the actual “job” being executed. All it takes is one successful phishing or spear phishing attack on someone on the network, or some clever social engineering to con someone into giving up access information, or even finding away to get infected physical media plugged into a network device, like leaving an infected USB stick in the lobby or the smoking area and counting on natural human curiosity to do the rest.”
So, what can be done to substantially lessen the threat?
“That’s actually a simple question with a complex answer, because every organization’s needs, based on their current strengths and weaknesses, are unique. So the first step is to have a competent and knowledgeable vendor like Global Digital Forensics perform a thorough cyber threat assessment. This will give the client a baseline to start with and aid in the decision making process to take the most efficient and cost effective steps to secure organizational cyber assets, from thorough network scans and penetration testing, to social engineering testing and policy, training and procedural review. The most important thing to remember is the cyber threat landscape is highly fluid and always evolving, so resting on yesterday’s laurels is certainly a dangerous and foolhardy approach to take. What may have been a relatively secure cyber environment yesterday could be turned on its ear, for instance, when employees start using their own non-secure devices. Like smartphones and tablets, to increase work efficiency and connectivity. They may be great for boosting production and accessibility, but if they are not considered in the big cyber security picture going forward, it could be just the springboard a hacker needs to get into the network and stay in, just waiting for the right time to strike.”
So don’t wait to become a victim of data exfiltration, identity theft, embezzlement, Denial of Service attacks, cyber warfare, or any one of the myriad of potential threats lurking in the dark places of the cyber realm, take a proactive approach with trained cyber security professionals which fight in the cyber trenches every day, know what’s going on and know how the enemies operate. Pros like the seasoned vets at Global Digital Forensics can help banks and other financial institutions plug the holes before the ship starts to sink, which is a whole lot easier than trying to salvage it from the bottom after the fact.
*Global Digital Forensics is a recognized leader in the cyber security field. To speak with a cyber security specialist about penetration testing, emergency incident response and/or customizing a security plan tailored to suit your unique needs, call 1-800-868-8189 anytime 24/7. Or visit http://www.evestigate.com for more information.