SEC Chair Issues Wake-up Call to Finance Industry, Cybersecurity is the Biggest Risk

By Eric Noonan • June 3, 2016

Securities and Exchange Commission (SEC) Chair Mary Jo White bluntly told attendees of the Reuters Financial Regulation Summit in Washington D.C. a few short weeks ago that cybersecurity is the single largest risk facing the financial sector reports Reuters.  Despite “a lot of preparedness, a lot of awareness” among broker-dealers and investment advisors, Ms. White said, “their policies and procedures are not tailored to their particular risks.”  White further stated “we can’t do enough in this sector,” a statement proven by the coordinated malware attack that stole $81 million from Bangladesh central bank this past February.

Financial companies should be concerned. It has not been the only attack in recent history; the Vietnamese Central Bank lost over $1 million in a cyber-attack, and the Russian currency system was manipulated with another attack to change the ruble-dollar rate by 15% within minutes.  The multi-million and perhaps billion-dollar question is how can financial companies protect their assets? Cybersecurity is a multifaceted effort, layers upon layers of security; there isn’t a single tool that can protect everything, but by focusing on the main target, businesses can prioritize security.

If the objective is to siphon off money from a financial institution, cyber-criminals are going to target the privileged accounts that have access to the financial data. An estimated $14 trillion dollars in transactions occur every day in the United States. Applications and programs talk to each other and access information to make these transactions happen; they often use privileged accounts to do so. By infiltrating a financial institution with sophisticated malware, hackers can target the hardcoded plain-text credentials and accounts that have access to financial information, and then manipulate them to steal money and financial information, or cause havoc in general.

By implementing a secure method for App-to-App or App-to-Database communication, financial institutions can increase their security posture and reduce the risk associated with malicious software attacks. This is done by removing the need for hardcoded plain-text credentials in applications and replacing them with a utility that pulls passwords from a secure storage location.

The CyberArk Application Identity Manager acts as a credential provider for applications and works in conjunction with the Enterprise Password Vault and Central Policy Manager. Now every time an application authenticates to a database or another program, it pulls the credentials from the Password Vault. This makes it extremely difficult for hackers to steal credentials, as they’re not coded in plain-text anymore. In the event the external perimeter may become compromised, the keys to the kingdom won’t be.

Mitigating a top attack vector for cyber-criminals such as privileged accounts will greatly reduce the risk Mary Jo White referred to in May. Don’t let your financial institution be the next one in the headlines; let CyberSheath’s team of Privileged Account Management engineers help protect your financial institution’s most sensitive information.

You can learn more about our approach by viewing our Privileged Access Management service area.

Cybersheath Blog

3 Reasons Why You Need a Privileged Access Risk Assessment

A privileged account is one used by administrators to log in to servers, networks, firewalls, databases, applications, cloud services and other systems used by your organization. These accounts give enhanced permissions that allow the privileged user to access sensitive data or modify key system functions, among other things. You can…

Incident Response – Learning the Lesson of Lessons Learned

“Those who do not learn from history are condemned to repeat it.” Over the years, variations of this famous quote have been spoken by everyone from philosophers to world leaders. The message — that we must learn from our mistakes or continue to repeat them — is also highly relevant…

What is DFARS 252.204-7012 and NIST SP 800-171?

With the Department of Defense (DoD) promising the release of an update to NIST Special Publication 800-171, it is imperative defense contractors understand what DFARS 252.204-7012 and NIST SP 800-171 Clause is and how noncompliance with the Clause will impact their business.  Compliance is mandatory for contractors doing business with…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Trace Security