The need for cybersecurity in the financial services industry has never been greater. Financial Institutions (FIs) have been and will continue to be the subject of cyberattacks by adversaries of all varieties. The old adage “why do you rob banks....because that’s where the money is” holds in this domain as well. In 2019, 86 percent of breaches were financially motivated, and the records exposed in all breaches increased by 284 percent. And if that’s not enough for FIs to worry about, consider that the average cost of a breach as disclosed by public firms in 2019 was $116 million. Given the magnitude of this issue, these are the top trends seen in cybersecurity this year.
Thoughts around threat landscapes commonly prioritize corporate and governmental networks assets as high priorities, with personal networks and resources as lower-level threats. However, there have been recent changes that have caused the reassessment of prioritization levels at times. As a result of the COVID-19 pandemic, the number of individuals who work from home has greatly increased. In fact, Stanford researcher Nicholas Bloom places the percentage of people currently working at home at over 40%.
Today, Zero Trust is the subject of much discussion and debate; for instance, is Zero Trust doable in reality or more so in theory?
As many are aware, Zero Trust is a concept that deems everyone (employees, freelancers and vendors) and everything (datacenters, applications and devices) must be verified before being allowed into a network perimeter – whether they are on the inside or the outside of an organization.
In Spring 2020 as the COVID-19 pandemic was starting to spread across the globe, a survey of approximately 250 U.S. consumers commissioned by Awake Security found that the two threats from the DHS list that worry Americans most are cyberattacks on core infrastructure (electric, water, transportation etc.) and cyberattacks on corporations.
Diving deeper into the results surfaces something that is contrary to the popular narrative: consumers take responsibility for their personal cybersecurity and even help out those around them. They hold the government and enterprises ultimately accountable, but also understand the role each individual has to play.
Recently, two teens and a young adult infiltrated one of Silicon Valley’s biggest companies in a high-profile hack – and the biggest ever for Twitter. Authorities say the 17-year-old “mastermind” used social engineering tactics to convince a Twitter employee that he also worked in the IT department and gained access to Twitter’s Customer Service Portal. The 130-account takeover proved unique, as it was fundamentally a dramatic manipulation of trust and could have had far more world-changing consequences if the attackers had the aspirations of say, a dangerous fringe group versus that of a teenager. There are a few takeaways to learn here, especially when it comes to considering redefining what we classify as “critical infrastructure” and what must be protected at all costs.
As some U.S. states relax their shelter-in rules, businesses prepare for a slow recovery due to the uncertainty of COVID-19’s almost certain resurgence. The questions arise for those physical businesses in need of unarmed or armed guards: what precautions are to be taken by guards, and what kind of interaction is there going to be with their customers?
The pandemic has redefined what it means to be a resilient business, especially when it comes to retail. “Essential” businesses that have remained open, such as supermarkets or pharmacies, have had to figure out how to operate safely in this new world. No matter the type of retailer, the importance of cybersecurity hasn’t gone away. If anything, it becomes more important as a cyber disruption could be the fatal final straw for a business looking for a smooth return to operations and maintain its brand image and reputation.
As businesses and schools seek to bring people back to brick and mortar establishments, it’s going to be important to make customers, students and teachers feel comfortable, in addition to simply following guidelines. Customers are going to have to feel that it’s worth going out, versus shopping on-line. For retailers, that comfort might in part be derived from visible occupancy monitoring efforts and automated voice-down messages when people aren’t wearing masks or keeping their distance.
The coronavirus pandemic has triggered an unprecedented chain reaction of border closures around the world. This truly is an extraordinary situation, and many countries have also grappled with lack of information, resources and coordination between relevant agents and authorities. These operational issues have raised questions globally about whether border controls are effective in containing such outbreaks, how prepared border agencies were for the emergency and what this will mean for border management in a post-pandemic world.
After 11 years, 135 columns and more than 250 feature articles and cover stories…it is time for me to say goodbye as Editor-in-Chief of Security magazine.