CISOs, Strengthen Your Cybersecurity Posture with These Resources

There is a hacker attack every 39 seconds. The average cost of a data breach in 2020 is expected to exceed $150 million. And by 2021, there will be more than 3.5 million unfilled cybersecurity jobs worldwide. No enterprise is safe from an attack.  

Because of that, CISOs realize as they evolve business operations to better serve customers, such progression has unintended security consequences and compromises. With strapped resources (both human and financial), how can CISOs in commercial sectors DO MORE to up their cybersecurity posture WITH LESS? The answer lies in the human-power to control systems, processes, and technologies.   

CISOs in every industry realize technologies and “one-and-done traditional training” cannot keep companies safe—but with the properly skilled individuals taking the reins to leverage those technologies optimally, the human-side of cybersecurity can minimize the skills gap and frequent attacks.  

Resource Roundup 

We’ve taken the liberty of publishing several articles to help CISOs “do more with less” to strengthen their cybersecurity posture. We understand you’ve spent lots of time and resources developing your teams. And they’re doing the best they can with the resources they have. Still, to amplify their success, ongoing training can help—and we hope these articles help, too.   

  1. Help wanted: Combatting the Cybersecurity Skills Shortage 
  2. Modernizing Cyber Ranges for Professional Learning 
  3. How to Tell if your Cyber Posture is Prone to an Attack
  4. Cybercrime Incidents in the Financial Services Sector 
  5. Why We Can’t Keep Ignoring Cyber Fatigue 
  6. How Continuous Learning Can Help Upskill Cyber Teams 
  7. Why Gamification is the Answer You’ve Been Looking For 
  8. The Benefits of Active Learning in Cyber Training  

Growing Cybersecurity Challenges  

CISOs and their teams are challenged to keep pace with evolving cyber threats due to staffing shortages, resource constraints, strategy misalignment. Not to mention the continuous threat of attacks on industries with interconnected technologies. In fact, 70% of cybersecurity professionals claim their organization is impacted by the skills shortage; With spending expected to exceed $1 trillion between 2017 and 2021 and 74% of C-suite executives failing to involve CISOs the leadership table, this makes the job of the CISO incredibly difficult. That is why Circadence is dedicated to helping CISOs DO MORE WITH LESS—because we understand the arduous uphill climb they face (and will continue to face) if something is not done.   

 

Hungry for more help? Download our 3 A’s INFOGRAPHIC to learn more ways to support your cyber team against imminent threats.

 

There’s Still Time to Up Your Cybersecurity Posture 

If cyber teams cannot upskill and keep pace with evolving threats, commercial sectors will continue to be hacked. Customers will not only lose trust in these institutions that aim to protect them and make their daily lives functional, but they simply won’t be able to operate efficiently, economies will suffer, and more.   

However, for enterprises that have experienced an attack, it’s not too late to invest in cyber training to prevent another. Doing nothing after an attack is the worst possible response. With failure comes opportunity to enhance resiliency on both a company-wide level, as well as at an employee-specific level. Investing in training tells hackers the attack attempt stops at its people first.  

For enterprises that have not experienced an attack, it’s not a matter of “if” but “when” it will occur. Digitalization and limited human resources make company’s front lines vulnerable and appealing to hackers. Now is the time to be proactive and empower cyber teams to train against hackers in a way that doesn’t require time-consuming travel, expenses, and other resources—simply a willingness to learn, grow, and upskill to better the company and themselves.   

Circadence wants to change how cyber professionals prepare for, protect, and defend against evolving cyber threats. We hope these, and future resources will help CISOs and cybersecurity leaders take proactive steps to strengthen their cybersecurity posture by training their teams and their entire organization, without the costly burden of traditional training courses.   

Learning from the Top 5 Financial Cybersecurity Incidents

Banks, credit unions, credit card companies, investment firms, and insurance companies are all under cyberattacks—making financial cyber security a hot topic of discussion. For years, the finance industry has been one of the hardest hit with cybercrime according to Deloitte. And it continues to rank in the top five most vulnerable industries. In 2017, 69 material cyber incidents were reported to the Financial Conduct Authority, an increase from the 38 incidents in 2016, according to Information Age. Financial cyber security regulations are keeping companies in check but the pace at which threats evolve in sophistication requires a persistent approach to stay ahead of hackers.

If you bank online or have an insurance policy, you likely understand the convenience of single keystroke access to financial information. It’s easy, convenient and useful to transfer funds from mobile device to mobile device; electronically sign a form; or get a quote for a mortgage company just by entering in new financial details. Unfortunately, the rapid pace of adoption of new technologies that make these everyday transactions convenient is widening the attack surface for hackers and prompting security professionals to consider even stronger finance cyber security risk management processes.

Financial Cyber Security Incidents

Below are some of the most notable cybercrime attacks on financial services firms that we can learn from in order to take a more proactive approach to cyber security readiness.

Equifax 

The consumer credit reporting agency was breached in 2017, exposing the sensitive personal information of more than 147 million Americans. Partial driver’s license data was the primary data leaked. Equifax representatives said the vulnerability that allowed for the attack to occur was the failure to keep its computer systems adequately up to date.

Bank of Chile

State-backed hackers infiltrated the Bank of Chile’s ATM system in January 2019 and stole $10 million. The cyber heist was deployed via hackers initiating a virus as a “distraction” then prompting banks to disconnect 9,000 computers to “protect customer accounts.” Meanwhile, hackers sneaked in and used the global SWIFT bank messaging service to deploy fraudulent transactions.

India’s Cosmos Bank

Unauthorized users accessed their system and siphoned nearly $13.5 million through withdrawals across 28 countries. Unidentified hackers created a proxy switch that approved all the fraudulent payments.

Lazarus group

North Korea’s hacking operations are targeting financial institutions nationwide—completely indiscriminate of a brand or geographic location. The country is linked to attacks in 18 countries, according to a report from Russian cyber security firm Kaspersky Lab. The hacking operation known as “Lazarus” targeted employees at banks who visited the hackers’ list of 150 specified internet addresses. Experts say the attacks are at a “level of sophistication not generally found in the cybercriminal world,” and companies should take proactive measures to carefully scan their networks for the presence of Lazarus malware samples, disinfect their systems and report the intrusion.

Bangladesh Bank 

Bangladesh Bank experienced a hack in February 2016 that drained $81 million from accounts in a few short hours. Attackers subverted the bank’s SWIFT accounts, the international money transfer system, to get what they wanted, reports Wired magazine. Hackers sent more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York asking the bank to transfer millions of Bangladesh Bank’s funds to accounts in the Philippines, Sri Lanka, etc. Reports indicate lax computer security practices were to blame (e.g. lack of firewalls installed on the networks), allowing hackers to easily infiltrate the network and find the credentials needed to proceed. The concept of attacking systems on the weekend isn’t a new approach either—other banks like Tesco experienced the same timing in November 2016 when thousands of current account customers were hit with fraudulent transactions by hackers.

Learning from Financial Cyber Security Incidents

Outdated systems, employee exploitation, weakened network security, and a poor ratio of defenders to hackers all contribute to the severity of these financial cyber security incidents.

These attacks tell us a lot about what preventative steps can be taken. To ensure financial services firms have the latest systems updated and in place requires an experienced cybersecurity team to perform regular system checks and updates.

Financial cyber security compliance leaders need to empower their teams with the right tools and persistent learning opportunities so they can be prepared for any malware infection or system overwrite that occurs.

The increase in reported attacks reflects a greater need for accountability across all financial institutions. As the attack frequency grows, so must our cybersecurity vigilance. Cyberattacks will adapt to defense strategies so financial firms need to ensure they are always one step ahead. The best way to achieve this goes beyond hiring our way out of the issue. Training your cyber workforce proactively using gamified cyber range training to combat the latest threats is the key to sustained success.

For more information on how financial firms can upskill their security workforce
download Project Ares subscription brochure.

Photo by Alexander Mils on Unsplash