Financial firms at high risk of a cyber-attack!


Posted on: 23 July 2019
By: Jamie Turvey, Marketing Executive

By the nature of the industry, it’s no big shock that financial firms are the most targeted compared to any other market. What is shocking is the sheer scale of cyber-incidents within this sector. In fact, the Financial Conduct Authority (FCA) has reported that cyber-incidents have spiked by 1000% in 2018 within the UK finance sector!

The report revealed that the number of declared events rose from 69 in 2017 to 819 in 2018. The monumental increase is thought to be so dramatic because of the introduction of GDPR in May 2018, which informed businesses they were obliged to report any cyber breaches or face extreme penalties. However, as financial firms hold huge amounts of personal, financial and sensitive data, which is incredibly valuable to any cyber-criminal, is it a huge surprise?

A cyber breach for any financial firm can be highly detrimental and could even mean survival is no longer an option. An attack can result in reputational damage, business disruption, legal action and financial loss, and with GDPR, firms could face fines as high as £20 million or 4% of their annual turnover!

The FCA report found that the cyber-incidents identified came from a number of root causes, which could have all been preventable. These causes included: hardware and software issues, third-party failure, human error, process failure and malware, ransomware, DDoS and phishing attacks.

In light of these statistics the FCA has worked closely with the National Cyber Security Centre (NCSC) and published the Cyber Security – Industry Insights guide which they strongly recommend any financial business to read and adapt their cyber security strategy to align with their guidelines in order to help prevent cyber-incidents.

The FCA’s Cyber Security Industry Insights

The FCA is an independent, financial regulatory body that is the conduct regulator for 59,000 financial service firms and financial markets in the UK. In order to help prevent cyber-attacks occurring their detailed guide highlights changes they strongly recommend ALL financial firms undertake to help avoid being another cyber-attack statistic.

We’ve highlighted 3 of their key recommendations….

1. Identify your vulnerabilities

Understanding your vulnerabilities is a crucial first step in trying to prevent a cyber-attack, as how are you supposed to ensure you are cyber secure when you don’t know where your weakest vulnerabilities are.

The FCA guide states:

Identifying vulnerabilities, weaknesses or flaws that might be exploited is a continuous exercise. Any holes in your cyber security could allow malicious intruders to gain a foothold in your organisation.”

How CyberGuard can help…

A quick and easy way of understanding your vulnerabilities is by having regular security tests to highlight your security gaps. Using the industry’s most-widely deployed vulnerability-scanning technology and the same processes a hacker would use to compromise your IT systems, our cyber team offers three types of assessments to pinpoint security weaknesses within your IT infrastructure: vulnerability testing, penetration testing and wireless testing.

We have also recently been recognised as CREST accredited. This highlights that our Cyber Testers are qualified to the highest level and maintain their knowledge and skills around the latest vulnerabilities.

2. Protect your assets appropriately

It sounds like a fairly obvious statement, but the FCA emphasise that financial organisations should continually look to improve their cyber security and believe investing in cyber security training and using good detection systems are critical in order to combat cyber-crime.

The FCA guide states:

Invest in Training. One-off cyber security and awareness exercises do not guarantee security. Think long term and design a user education and awareness programme that constantly weaves cyber security into the culture and behaviours of your organisation.

Target training the same way a cyber-criminal might target specific individuals, groups of users or a department, such as those with access to critical systems. Align training with your employees’ roles, responsibility, duties and access to data.

Firms must (also) be able to detect actual or attempted attacks on systems and business services. Thorough and effective system monitoring is essential to detection and helps to ensure that systems are being used in line with organisational policies.”

How CyberGuard can help…

We actively encourage all organisations to have regular staff training sessions as in today’s modern business environment it’s easy for staff members to fall victim to cyber-crime. Your staff are your biggest security weakness and also the most targeted. What’s frustrating is the majority of cyber-attacks targeted at staff are preventable with basic understanding and training. We offer two types of security training: Awareness Training and Advanced Cyber Training. Awareness Training includes monthly, company-wide phishing attacks, bi-annual spear attacks and regular password checks. Whereas, our Advanced Cyber Training targeted at IT and Security professionals, offers a range of subjects and delivered by influential directors at Kaspersky.

Further to our cyber security training courses, we have various cyber detection services to suit all business needs. These include our next-generation anti-virus protection, Carbon Black, which helps protect, detect and kill threats that are a risk to your network. Our managed firewall service is a proactive security service that not only monitors and maintains your firewall, but it also provides detailed analysis of user and traffic behaviour. We also provide our Managed SIEM service that offers a complete package of cyber security measures, including: Vulnerability Assessment, Intrusion Detection, Behavioural Monitoring, Asset Discovery, Security Management, and Alarm Management and Analysis.

3. Be aware of emerging threats and current issues

With cyber threats consistently increasing year-on-year, new emerging threats are being discovered daily. Without a single universal security product to protect businesses against every single attack, it’s never been more relevant to understand cyber threats and recognise where and when to look for danger trends. Threat Intelligence is a must for any company wanting to take a proactive approach to cyber crime and allows IT managers or business owners to make smarter business decisions when challenged with how to prepare for a cyber threat.

The FCA guide states:

You need to be alert to emerging threats and issues to make informed cyber resilience decisions. This intelligence may come from a variety of internal and external sources, which highlights the importance of sharing intelligence when possible.”

How CyberGuard can help…

We have recently become the first cyber security company in the UK to secure a Threat Intelligence service agreement with world-renowned IT security provider Kaspersky Lab.

This means we can offer multiple sources of Threat Intelligence. Firstly, we use our own in-house intelligence team, Unit 12, who gather information from our own customers which is thoroughly analysed and added to our vast database. Secondly, by working in a unique partnership with Kaspersky, we can provide further intelligence using advanced machine-learning technologies and a unique pool of world experts who are capable of mining petabytes of rich threat data from hundreds of global sources.

Let us take responsibility for your cyber security

As a cyber security managed service provider, we specialise in taking responsibility of all cyber security concerns. You’re good at delivering exceptional financial services, we’re experts in cyber security. The more involved you are with managing your own cyber security, the less time you have to apply to your own business, which can only have a huge, detrimental effect.

The Executive Director of Supervision at the FCA, Megan Butler, commented: "It is a major concern that a lot of firms still seem to be trying to get the basics right on cyber.

"A third of firms do not perform regular cyber-assessments. Most know where their data is but describe it as a challenge to maintain that picture. Nearly half of firms do not upgrade or retire old IT systems in time.”

Our cyber security services can take away all of the hassle!

Get in contact with us…

CyberGuard Technologies, a division of OGL Computer, a company that’s been in business for over 40 years, and understands the industry, can offer help and guidance on the best practices for being cyber-secure.

If you have any cyber issues, we have a cyber solution for you! We offer all the above services and much more.

To find out more, click here: www.cg-tech.co.uk

Alternatively, If you would like to talk to one of our Security Consultants, contact us here and we’ll be happy to give you a call.

Sources:

https://www.fca.org.uk/publication/research/cyber-security-industry-insights.pdf

https://www.bbc.co.uk/news/technology-48841809

We are currently recruiting for Appointment Maker, Internal Sales Team Leader, IT Sales Apprentice Find out more >