Dr Simon Wiseman by Dr Simon Wiseman | | Blog

financial graphs with city scape

With the financial services sector under fire as never before from cybercriminals here are three key target areas to focus on.

Guarding the Gateway

Many of the cybersecurity attacks initiated against organisations in the financial services sector start with a threat concealed in seemingly innocent information, documents, spreadsheets and images, arriving into the network via a web gateway. Whatever the precise nature of the threat, time and again it is this information that is used to conceal the attacker’s intent.

Traditionally, detection-based anti-virus products are used to combat this threat. However, these defences are proving inadequate in the face of cybercriminals who are now employing against commercial targets the kind of exploit techniques that were hitherto the province of nation-state intelligence entities.

To combat the threat you need to take a zero-trust approach to ensure documents and data are completely threat-free. With a zero-trust-based threat removal defence, every document arriving into the organisation is transformed into a new file to guarantee safety.

During the transformation process, only valid business information is extracted from the untrusted document. The original is then discarded. The extracted business information is then formatted to match the original and a wholly new file is ready for use. Nothing is trusted. Everything is transformed and any threats are left behind.

See Document Transformation In Action
Sign up for a Free Trial

Portal Problems

We’re in the age of the self-service portal. Prospects and customers alike are encouraged to upload PDF documents in support of everything from personal loans and mortgages to motor insurance applications. The problem is that while the PDF is a versatile and incredibly useful file format, it is also highly complex, easy to subvert and is regularly used by cybercriminals to carry malicious payloads.

Mitigating this risk to an acceptable level necessitates a rethink of the defences and a willingness to move away from a dependence on detection and towards complete elimination using zero-trust threat removal technology to ensure data is 100% threat free and able to be exchanged and leveraged risk-free.

A Cryptocurrency Fortress

It’s really something of a mistake to think that cryptocurrency security is all down to the cryptography. The real security issue is how to keep the coins safe when they are in storage. In short, you have to think about where the coins are held in the same way as you need to think about where conventional cash is kept.

Ultimately, keeping cryptocurrency coins in a properly designed hardware ‘wallet’ that is not connected to the Internet, ensures you have full control over them, but it’s a manual process and not scalable. Allowing the coins to be controlled by a connected system, means that system has to able to repel all current and future cyberattacks.

This kind of ‘failure is unthinkable’ protection has previously only been associated with defence and intelligence systems but is becoming increasingly important to online cryptocurrency systems. The providers of these systems need to deploy the latest security mechanisms, guarding the system that hosts the keys to ensure they are not compromised, and trust in the entire ecosystem is not undermined. Organisations in the financial services sector are rightly concerned about the attack surface they present to the attacker. Going forward, they must be prepared to reduce their reliance on detection based cybersecurity defences and adopt new technologies such as a zero-trust threat removal platform combined with computationally simply but robust hardware (so called “Hardsec”) if they are to improve their overall security posture.

View all posts