Cyber Defense eMagazine November 2020 Edition

More documents

Recommendations

Info

How to Adapt Financial Services to The Online Space Securely – And Still Sleep at Night Financial institutions, like eCommerce industries, are leading today’s fast, pandemic-driven transition to the digital space. A change that will become a norm. By Robert Capps, VP of Marketplace, NuData, a Mastercard Company Branches have now reopened, but many customers will continue to transact online and enjoy the convenience of banking in pajamas. In a recent NuData webinar with Aite Group’s Julie Conroy, she shared that, “one bank’s public investor filing says that 75% of their servicing transactions are now digital in the wake of the pandemic.” In addition, for many financial service employees, the period of remote work that began in the spring is still ongoing, with no clear end in sight. Few would disagree that this digital transformation is a positive development that makes financial services more accessible to everyone, but it doesn’t come without risks. When evolution is rushed, the established technologies and processes may leave vulnerabilities that bad actors can take advantage of. To support a streamlined, consistent digital customer experience while also ensuring security, your organization may need to add additional layers of protection. Cyber Defense eMagazine – November 2020 Edition 90 Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
Add a pandemic to fraud prevention One-third of finance login attempts within the NuData client network are high risk. This is not a negligible proportion of the average financial institution’s online traffic. As Robert Capps explains during the same webinar with the Aite Group, “even when those login attempts are unsuccessful, they hurt your bottom line by raising operational costs.” He also added, “You’re paying for more bandwidth, more servers, more licensing fees to run software on those servers, more space in a data center, more power — and so on — all to process transactions that have zero to negative value for your company.” For many companies, these expenses run into the double-digit millions or more. By getting top-of-funnel fraud attacks under control, you could reduce your fraud losses but also impact your bottom line. Fraud prevention was already a mind-bending challenge, but the pandemic has made it even worse for many financial institutions. With many offices closed and travel restricted, users log in from fewer locations on fewer different devices, making them, at first sight, easier to identify and differentiate from fraudsters. But financial customers have also changed their habits in sometimes unpredictable ways. They complete different types of transactions and transact more frequently, at different times of day, compared to before the pandemic. These behavioral changes thwart some financial institutions’ existing fraud risk models, increasing false positives, while still letting fraud through. It doesn’t help that cybercriminals are adopting ever more sophisticated tactics to bypass financial institutions’ defenses. According to NuData research, in the first half of 2020, 96% of attacks against financial institutions were sophisticated. These are attacks that tried to mimic human behavior in an attempt to blend in with legitimate traffic. Some attacks take it one step further and solve bot challenges such as CAPTCHAs by sending them to human farms — essentially call centers for fraudsters. Humanfarm workers are paid to process as many requests as possible, manually. Financial institutions need to understand how these attacks happen and how they behave, to tell them apart from legitimate users. WFH-ing safely Remote work poses another growing challenge for financial institutions, as it may increase some types of fraud risk. Many cyberthreats start at home — for example, a personal device on the home network infected with malware can be an entry point. Bad actors can use that back door to infect a corporate asset on the same network. It’s increasingly common for the initial attacker to sell such access to a third party, who then exploits the breach to compromise user data or perform any number of malicious actions. 5 steps to lose the fear of cyberthreats When shoring up your cybersecurity protections, prioritize solutions — both internal and external — that enable an uninterrupted customer journey. As mentioned during the Aite Group webinar, 22% of consumers left their credit or debit card issuer because of a poor experience. Here are a few ways to tighten security without adding too much friction. 1. Tighten permissions for administrative users. Lessen the risk of internal fraud or data leakage by reducing the amount of sensitive information that employees can access, for example, by anonymizing personally identifiable information (PII). Behavioral analytics tools (see #5 below) Cyber Defense eMagazine – November 2020 Edition 91 Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.
Page 1 and 2:
4 Reasons Why Cyber Security Is Imp
Page 3 and 4:
Takeaway from the SANS Institute At
Page 5 and 6:
@MILIEFSKY From the Publisher… Ne
Page 7 and 8:
Welcome to CDM’s November 2020 Is
Page 9 and 10:
Cyber Defense eMagazine - November
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
4 Reasons Why Cyber Security Is Imp
Page 23 and 24:
2. Reassure Your Customers Your bus
Page 25 and 26:
About the Author Gabe Nelson is a c
Page 27 and 28:
to higher performance. So she set o
Page 29 and 30:
In the Midst of the Pandemic, Cyber
Page 31 and 32:
Senior leaders: Use ongoing educati
Page 33 and 34:
About the Author Samantha Humphries
Page 35 and 36:
That almost always triggers a bigge
Page 37 and 38:
More importantly, there are those a
Page 39 and 40: Why Cybersecurity Awareness is More
Page 41 and 42: The Washington Post also revealed t
Page 43 and 44: as far as hosting a “Name and Sha
Page 45 and 46: When these individuals need access,
Page 47 and 48: start of the pandemic. In the same
Page 49 and 50: About the Author Noah Johnson is Co
Page 51 and 52: a new and more serious threat for m
Page 53 and 54: Perfecting Your Cybersecurity Sales
Page 55 and 56: Do your homework For those with tru
Page 57 and 58: Though sales culture won’t change
Page 59 and 60: 2. Plan a Phased Migration When lea
Page 61 and 62: Has Your Data Been Leaked to the Da
Page 63 and 64: Rogue Insiders attempting to steal
Page 65 and 66: friendly way for organizations to m
Page 67 and 68: If the recent spate of attacks is a
Page 69 and 70: had an attack targeted at them befo
Page 71 and 72: Behind the Scenes of AppSec’s Mis
Page 73 and 74: Next Steps Where we go from here is
Page 75 and 76: Coupled with a wide variety of atta
Page 77 and 78: Zero Trust Model Is Meaningless Wit
Page 79 and 80: Solutions need to take a “decrypt
Page 81 and 82: Automated Pentesting - Ready to Rep
Page 83 and 84: page that you can use to pivot furt
Page 85 and 86: Not even Microsoft is fool proof Wh
Page 87 and 88: Emerging Technologies Create A New
Page 89: Beyond seamless, frictionless authe
Page 93 and 94: About the Author Robert Capps VP of
Page 95 and 96: Security awareness training should
Page 97 and 98: About the Author Jay Ryerse, CISSP,
Page 99 and 100: IT Outsourcing firm has considerabl
Page 101 and 102: ecognizing parts of your system mos
Page 103 and 104: Server updates can be risky, which
Page 105 and 106: Unlocking the Promise of Packet Cap
Page 107 and 108: About the Author Kathryn Ash is the
Page 109 and 110: DNS and DDoS attack vectors have em
Page 111 and 112: NCSAM Provided an Opportunity to Re
Page 113 and 114: leveraging IT resilience solutions
Page 115 and 116: Many businesses struggle to set up,
Page 117 and 118: data protection and privacy for use
Page 119 and 120: Patched Minimizes Risk - But Opens
Page 121 and 122: Further, DCs often receive patches
Page 123 and 124: For Federal Agencies, Securing Inte
Page 125 and 126: C2C allows the DoD to inspect every
Page 127 and 128: The following are documented cybera
Page 129 and 130: About the Author Ryan Benner is Vic
Page 131 and 132: How Is Video Intercom Being Used in
Page 133 and 134: Cyber Defense eMagazine - November
Page 141 and 142:
Meet Our Publisher: Gary S. Miliefs
Page 143 and 144:
FREE MONTHLY CYBER DEFENSE EMAGAZIN
Page 145 and 146:
Nearly 9 Years in The Making… Tha
Page 147 and 148:
Page 149 and 150:
show all

Cyber Defense eMagazine November 2020 Edition

Create successful ePaper yourself

Delete template?

Save as template?