Securities and Exchange Commission (SEC) Chair Mary Jo White bluntly told attendees of the Reuters Financial Regulation Summit in Washington D.C. a few short weeks ago that cybersecurity is the single largest risk facing the financial sector reports Reuters. Despite “a lot of preparedness, a lot of awareness” among broker-dealers and investment advisors, Ms. White said, “their policies and procedures are not tailored to their particular risks.” White further stated “we can’t do enough in this sector,” a statement proven by the coordinated malware attack that stole $81 million from Bangladesh central bank this past February.
Financial companies should be concerned. It has not been the only attack in recent history; the Vietnamese Central Bank lost over $1 million in a cyber-attack, and the Russian currency system was manipulated with another attack to change the ruble-dollar rate by 15% within minutes. The multi-million and perhaps billion-dollar question is how can financial companies protect their assets? Cybersecurity is a multifaceted effort, layers upon layers of security; there isn’t a single tool that can protect everything, but by focusing on the main target, businesses can prioritize security.
If the objective is to siphon off money from a financial institution, cyber-criminals are going to target the privileged accounts that have access to the financial data. An estimated $14 trillion dollars in transactions occur every day in the United States. Applications and programs talk to each other and access information to make these transactions happen; they often use privileged accounts to do so. By infiltrating a financial institution with sophisticated malware, hackers can target the hardcoded plain-text credentials and accounts that have access to financial information, and then manipulate them to steal money and financial information, or cause havoc in general.
By implementing a secure method for App-to-App or App-to-Database communication, financial institutions can increase their security posture and reduce the risk associated with malicious software attacks. This is done by removing the need for hardcoded plain-text credentials in applications and replacing them with a utility that pulls passwords from a secure storage location.
The CyberArk Application Identity Manager acts as a credential provider for applications and works in conjunction with the Enterprise Password Vault and Central Policy Manager. Now every time an application authenticates to a database or another program, it pulls the credentials from the Password Vault. This makes it extremely difficult for hackers to steal credentials, as they’re not coded in plain-text anymore. In the event the external perimeter may become compromised, the keys to the kingdom won’t be.
Mitigating a top attack vector for cyber-criminals such as privileged accounts will greatly reduce the risk Mary Jo White referred to in May. Don’t let your financial institution be the next one in the headlines; let CyberSheath’s team of Privileged Account Management engineers help protect your financial institution’s most sensitive information.
You can learn more about our approach by viewing our Privileged Access Management service area.