SEC Chair Issues Wake-up Call to Finance Industry, Cybersecurity is the Biggest Risk

By Eric Noonan • June 3, 2016

Securities and Exchange Commission (SEC) Chair Mary Jo White bluntly told attendees of the Reuters Financial Regulation Summit in Washington D.C. a few short weeks ago that cybersecurity is the single largest risk facing the financial sector reports Reuters.  Despite “a lot of preparedness, a lot of awareness” among broker-dealers and investment advisors, Ms. White said, “their policies and procedures are not tailored to their particular risks.”  White further stated “we can’t do enough in this sector,” a statement proven by the coordinated malware attack that stole $81 million from Bangladesh central bank this past February.

Financial companies should be concerned. It has not been the only attack in recent history; the Vietnamese Central Bank lost over $1 million in a cyber-attack, and the Russian currency system was manipulated with another attack to change the ruble-dollar rate by 15% within minutes.  The multi-million and perhaps billion-dollar question is how can financial companies protect their assets? Cybersecurity is a multifaceted effort, layers upon layers of security; there isn’t a single tool that can protect everything, but by focusing on the main target, businesses can prioritize security.

If the objective is to siphon off money from a financial institution, cyber-criminals are going to target the privileged accounts that have access to the financial data. An estimated $14 trillion dollars in transactions occur every day in the United States. Applications and programs talk to each other and access information to make these transactions happen; they often use privileged accounts to do so. By infiltrating a financial institution with sophisticated malware, hackers can target the hardcoded plain-text credentials and accounts that have access to financial information, and then manipulate them to steal money and financial information, or cause havoc in general.

By implementing a secure method for App-to-App or App-to-Database communication, financial institutions can increase their security posture and reduce the risk associated with malicious software attacks. This is done by removing the need for hardcoded plain-text credentials in applications and replacing them with a utility that pulls passwords from a secure storage location.

The CyberArk Application Identity Manager acts as a credential provider for applications and works in conjunction with the Enterprise Password Vault and Central Policy Manager. Now every time an application authenticates to a database or another program, it pulls the credentials from the Password Vault. This makes it extremely difficult for hackers to steal credentials, as they’re not coded in plain-text anymore. In the event the external perimeter may become compromised, the keys to the kingdom won’t be.

Mitigating a top attack vector for cyber-criminals such as privileged accounts will greatly reduce the risk Mary Jo White referred to in May. Don’t let your financial institution be the next one in the headlines; let CyberSheath’s team of Privileged Account Management engineers help protect your financial institution’s most sensitive information.

You can learn more about our approach by viewing our Privileged Access Management service area.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft