Story image

80% increase in cyberattacks: “Ultimately it is a race against time”

02 Feb 18

A number of shocking facts were shared at this week’s PIMFA Financial Crime Conference held in London.

Financial Conduct Authority (FCA) head of technology, resilience & cyber, Robin Jones shared some incredible statistics surrounding cybercrime in the UK.

“In the past 12 months, the National Cyber Security Centre recorded over 1100 reported attacks, with 590 regarded as significant. 30 of these required action by government bodies, a number of which included the Financial Sector,” says Jones.

“In real terms, the UK deals with more than 10 significant cyber-attacks every week. In 2017 we had 69 material attacks reported to us, an increase on the 38 last year and 24 the year before. Recent ONS statistics show about 1.9 million incidents of fraud were cyber related.”

In response to this news, Skybox VP EMEA Justin Coker says while financial services have invested heavily into cybersecurity, it’s clear that it’s not deterring attacks or successful breaches.

“Furthermore, with the FCA calling for financial organisations to have a better understanding of their key assets and be constantly assessing where they are vulnerable, it seems that businesses in this sector do have the necessary building blocks – the required security and asset data, toolsets and people but are struggling to amalgamate these into a slick solution that spits out the correct answer,” says Coker.

“Often, they are still operating in silos and largely ineffective in joining up this mass of disparate data and analysing it in order to pinpoint exactly where their real exposures lie. Without this valuable insight, it is no surprise they are struggling to prevent breaches from happening.”

Coker says it’s all well and good to be practicing cyber resilience, however, if you don’t have a proper understanding of your ‘attack surface’ then it becomes an impossible task.

“IT network visibility (particularly as more organisations are making the transition into virtual and multi-cloud environments and growing their networks) is a basic fundamental task that, worryingly, companies simply don’t have. The bigger issue is that there are known unknowns but also unknown unknowns, and hackers are in the position to exploit both,” Coker says.

“This weakness might be explained by the fact that cybersecurity teams in financial services businesses are struggling to work out how they can best use their limited resources to make sense of the complexity and vast amount of information generated by their security tools.”

Coker says at the end of the day it’s impossible to fix everything, which means there is a need to prioritise remediation activities to close down the vulnerabilities that pose the greatest risk to ensure that data breaches and attacks are prevented.

“The real challenge is for financial services firms to completely understand the attack path and fixing it before the bad guy exploits it. Ultimately it is a race against time and the slow and steady tactic just won’t work anymore,” Coker concludes.

A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.
Gartner names newcomer Exabeam a leader in SIEM
The vendor landscape for SIEM is evolving, with recent entrants bringing technologies optimised for analytics use cases.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.