The financial services sector has always been an attractive target to hackers and malware developers of all stripes. Regardless of motivation — whether for financial gain, political disruption, or plain-old mischievousness — penetrating and compromising systems of retail, commercial, securities and other financial institutions has been a top priority of bad actors in cyber space.
Indeed, according to the Federal Financial Institutions Examination Council (FFIEC), cyber-attacks on financial institutions to gain access to, and alter the settings on, Web-based control panels used by small- to medium-sized institutions are on the rise. The council is directing financial institutions to take steps to address these threats by reviewing the adequacy of their controls over information technology networks, card issuer authorization systems, ATM usage parameters, and fraud detection processes. In addition, the council expects financial institutions to have effective response programs to manage this type of incident.
The FFIEC also noted the need for financial institutions to address distributed denial of service (DDoS) readiness as part of their ongoing information security and incident plans. More specifically, each institution is expected to monitor incoming traffic to its public website, activate incident response plans if it suspects that a DDoS attack is occurring, and ensure sufficient staffing for the duration of the attack, including the use of pre-contracted third-party servicers, if appropriate.
To get a better handle on the changing threat landscape in the context of new investments that the financial services industry is making in infrastructure and applications, BizTechReports caught up with Isabelle Dumont, Head of Industry and Vertical Initiatives with Palo Alto Networks, one of the leading cybersecurity companies based in Silicon Valley.