Story image

80% increase in cyberattacks: “Ultimately it is a race against time”

02 Feb 2018

A number of shocking facts were shared at this week’s PIMFA Financial Crime Conference held in London.

Financial Conduct Authority (FCA) head of technology, resilience & cyber, Robin Jones shared some incredible statistics surrounding cybercrime in the UK.

“In the past 12 months, the National Cyber Security Centre recorded over 1100 reported attacks, with 590 regarded as significant. 30 of these required action by government bodies, a number of which included the Financial Sector,” says Jones.

“In real terms, the UK deals with more than 10 significant cyber-attacks every week. In 2017 we had 69 material attacks reported to us, an increase on the 38 last year and 24 the year before. Recent ONS statistics show about 1.9 million incidents of fraud were cyber related.”

In response to this news, Skybox VP EMEA Justin Coker says while financial services have invested heavily into cybersecurity, it’s clear that it’s not deterring attacks or successful breaches.

“Furthermore, with the FCA calling for financial organisations to have a better understanding of their key assets and be constantly assessing where they are vulnerable, it seems that businesses in this sector do have the necessary building blocks – the required security and asset data, toolsets and people but are struggling to amalgamate these into a slick solution that spits out the correct answer,” says Coker.

“Often, they are still operating in silos and largely ineffective in joining up this mass of disparate data and analysing it in order to pinpoint exactly where their real exposures lie. Without this valuable insight, it is no surprise they are struggling to prevent breaches from happening.”

Coker says it’s all well and good to be practicing cyber resilience, however, if you don’t have a proper understanding of your ‘attack surface’ then it becomes an impossible task.

“IT network visibility (particularly as more organisations are making the transition into virtual and multi-cloud environments and growing their networks) is a basic fundamental task that, worryingly, companies simply don’t have. The bigger issue is that there are known unknowns but also unknown unknowns, and hackers are in the position to exploit both,” Coker says.

“This weakness might be explained by the fact that cybersecurity teams in financial services businesses are struggling to work out how they can best use their limited resources to make sense of the complexity and vast amount of information generated by their security tools.”

Coker says at the end of the day it’s impossible to fix everything, which means there is a need to prioritise remediation activities to close down the vulnerabilities that pose the greatest risk to ensure that data breaches and attacks are prevented.

“The real challenge is for financial services firms to completely understand the attack path and fixing it before the bad guy exploits it. Ultimately it is a race against time and the slow and steady tactic just won’t work anymore,” Coker concludes.

The attack surface: 2019's biggest security threat
As businesses expand, so does their attack surface – and that may be the biggest cybersecurity risk of them all, according to Aon’s 2019 Cyber Security Risk Report.
Opinion: Cybersecurity as a service answer to urgent change
Alan Calder believes a CSaaS model can enable a company to build a cyber resilience strategy in a coherent and consistent manner.
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.