SEC Chair Issues Wake-up Call to Finance Industry, Cybersecurity is the Biggest Risk

By Eric Noonan • June 3, 2016

Securities and Exchange Commission (SEC) Chair Mary Jo White bluntly told attendees of the Reuters Financial Regulation Summit in Washington D.C. a few short weeks ago that cybersecurity is the single largest risk facing the financial sector reports Reuters.  Despite “a lot of preparedness, a lot of awareness” among broker-dealers and investment advisors, Ms. White said, “their policies and procedures are not tailored to their particular risks.”  White further stated “we can’t do enough in this sector,” a statement proven by the coordinated malware attack that stole $81 million from Bangladesh central bank this past February.

Financial companies should be concerned. It has not been the only attack in recent history; the Vietnamese Central Bank lost over $1 million in a cyber-attack, and the Russian currency system was manipulated with another attack to change the ruble-dollar rate by 15% within minutes.  The multi-million and perhaps billion-dollar question is how can financial companies protect their assets? Cybersecurity is a multifaceted effort, layers upon layers of security; there isn’t a single tool that can protect everything, but by focusing on the main target, businesses can prioritize security.

If the objective is to siphon off money from a financial institution, cyber-criminals are going to target the privileged accounts that have access to the financial data. An estimated $14 trillion dollars in transactions occur every day in the United States. Applications and programs talk to each other and access information to make these transactions happen; they often use privileged accounts to do so. By infiltrating a financial institution with sophisticated malware, hackers can target the hardcoded plain-text credentials and accounts that have access to financial information, and then manipulate them to steal money and financial information, or cause havoc in general.

By implementing a secure method for App-to-App or App-to-Database communication, financial institutions can increase their security posture and reduce the risk associated with malicious software attacks. This is done by removing the need for hardcoded plain-text credentials in applications and replacing them with a utility that pulls passwords from a secure storage location.

The CyberArk Application Identity Manager acts as a credential provider for applications and works in conjunction with the Enterprise Password Vault and Central Policy Manager. Now every time an application authenticates to a database or another program, it pulls the credentials from the Password Vault. This makes it extremely difficult for hackers to steal credentials, as they’re not coded in plain-text anymore. In the event the external perimeter may become compromised, the keys to the kingdom won’t be.

Mitigating a top attack vector for cyber-criminals such as privileged accounts will greatly reduce the risk Mary Jo White referred to in May. Don’t let your financial institution be the next one in the headlines; let CyberSheath’s team of Privileged Account Management engineers help protect your financial institution’s most sensitive information.

You can learn more about our approach by viewing our Privileged Access Management service area.

CyberSheath Blog

How to Safeguard Your Company from Phishing

Email is so ubiquitous in our everyday lives that it can be a challenge to always be on guard when receiving messages. Each day it’s not unheard of for each member of your team to have hundreds of messages land in their inbox. How do you make sure that none…

3 Tools to Help Defend Your IT Infrastructure from Threats

With the continually evolving threat landscape and the prevalence of team members working from home, it is more important than ever to be proactive with how your company is protecting itself from cyberattacks.  CyberSheath can help. We offer services to build on all the great work you have already done…

DNS Filtering for Additional Protection of IT Systems

Phase one of securing your IT infrastructure should include protecting your endpoints and safeguarding your employees from phishing attempts. After you have implemented these controls, the next logical step is to launch a DNS filtering solution.   What is DNS filtering and why do you need it? Domain name server…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO