Security professionals’ anxiety meter off the charts over cyber-warfare

Published: 19 June 2017
By: Tom Cleveland

No matter how you slice the latest cyber attacks across the globe, security professionals are worried beyond reason, and well they should be. As if in a war with starships from far, far away, our defense shields are down. The vast majority of financial, corporate, and governmental agencies from sea to shining sea are living in hope that existing firewalls will somehow make the boogeyman go away. But hope and faith alone will not provide much comfort when attacks reach a much higher pitch. Cyber-warfare is real, and for now, it’s every man and woman for themselves.

Not a week goes by that the news of another ransom-ware or completely debilitating virus grabs online headlines across both the developed and developing world. For the criminal element in our society, the time is now to cash in big time, before everyone gets their collective acts together. Major software tools in use today were never designed to withstand such attacks. Yes, many major purveyors of computer operating systems have distributed “patches” to keep the offenders at bay, but the shear weight of the water on the other side of these weakening levies is growing. Something has to give, but when?

Cyber crime

We at Forexfraud.com have written several articles to inform our readers of the growing threat of cyber-warfare. The potential for harm is global. Whether from contemptible hackers or from organized crime bent on exacting huge ransoms for their evil deeds, every form of commercial enterprise is at risk, including foreign exchange brokers. While the preponderance of attacks, the first wave if you will, has been targeted at financial service companies, corporate entities, and governmental agencies, there is increasing evidence that access compromises start with individual identity theft. A single login and password combination can provide the key that unlocks a company’s best-laid plans.

Read more forex market news

Several surveys and recent events demonstrate the severity of cyber threats

The onslaught of cyber attacks has been extremely quick and widespread, directed specifically at money centers across the planet. London, the accepted center of the forex world, has witnessed cyber crime in its region grow to more than 54% of total fraud activity in only the past two years. As one security professional recently noted, “This year’s hacking of Britain’s Tesco Bank, the Bangladesh Bank and Russia’s Central Bank were just the tip of the iceberg of attacks on banks around the world that have been successfully perpetrated by groups such as the Carbanak gang for several years.”

In recent months, a number of chilling results have been revealed by a host of surveys and related events that portend the extent of the threat and the lack of security preparedness from even our “Best of Breed” financial institutions. Here is a brief rundown of the more pertinent items:

  • One international governance association, the Information Systems Audit and Control Association, which now goes by its acronym alone, “ISACA”, published a survey from its global base of security professionals regarding the safeguards in place to combat cyber crime. Its four major insights were: “1) The majority of respondents (65 percent) said their organization employs a chief information security officer, up from 50 percent in 2016; 2) However, nearly half of respondents (46 percent) said they don't feel comfortable with their cyber-security team's ability to address incidents beyond "simple" cyber-security issues; 3) Only 31 percent of respondents said their organization routinely tests security controls, while 13 percent of respondents said their organization never tests security controls; and 4) Although 62 percent of respondents said their organization experienced a ransom-ware attack in 2016, only 53 percent of respondents said they have a formal process in place to address ransom-ware.”
  • Tech Pro Research, another global security firm, recently collected and analyzed “345 cyber-security predictions from 49 different organizations to determine cyber-threat predictions for 2017.” Here are their “Top Ten”: “1) Business and consumer IT security; 2) Security automation and orchestration; 3) Mal-ware and bad actor evolution; 4) Ransom-ware evolution and escalation; 5) Nation-state attacks; 6) Cloud security; 7) Regulation, governance and cyber-insurance; 8) Mobile security; 9) Industrial IT and critical infrastructure; and 10) Social engineering (Social media websites have become the breeding ground for identity theft activities.)”
  • A new FICO and Ovum survey focused on the readiness component in five industry sectors -- financial services; healthcare; media and service providers; e-commerce and retail; and telecommunications. Their high-level findings were as follows: “1) Although 56 percent of U.S. executives said data breach attempts will increase next year, only 49 percent reported planning to invest more in cyber-security; 2) Just over half of respondents (51 percent) said they have a data breach response plan in place; 3) Only 16 percent of U.S. companies have comprehensive cyber-risk insurance and 50 percent remain completely uncovered; and 4) Fifty-three percent of executives said their firm will be in a better cyber-security position next year, despite having no plans for investment.”
  • As you might expect, the market demand for security professionals skilled in the art of combating cyber-warfare has skyrocketed. Recent salary surveys have disclosed that, “The average salary for a U.S. senior cyber-security specialist was $118,887 in the first quarter of 2017, according to research by David Foote, chief analyst and co-founder of the IT analyst firm Foote Partners.” Less senior positions can also command six-figure compensation, but if you are capable of designing and architecting cyber-defense solutions, then as much as $123,009 is at your beck and call.
  • One shocking article that hit the London tabloids and that was confirmed by the major banking executives that were duped revealed that, “Goldman Sachs CEO Lloyd Blankfein and two Citigroup executives, CEO Michael Corbat and CEO of global consumer banking Stephen Bird, are the latest victims of an email hoax conducted by a self-proclaimed email prankster, according to fnlondon.com and cityam.com.” Fake emails, which appear legitimate in every way, are often the ruse used to gain internal access to corporate databases, beyond the firewalls that are supposed to stop such compromises. As amusing as this story might be, it is not the first of this genre. The email impersonator, according to cityam.com, had also recently tricked Barclays CEO Jes Staley, Bank of England Governor Mark Carney and Shadow Home Secretary of the British Labour Party Diane Abbott. If the “Best of Breed” are ill prepared, what about the rest of us?

Forex brokers, like other financial service companies, are at risk!

It goes without saying that forex brokers are currently at risk, According to Tim Thompson, CEO of NOIRE, a British risk management technology firm, forex brokers are especially susceptible – “It can start in a number of ways. These methods include fraudsters phishing customers details, through emails pretending to be from the broker and telephone calls, Trojan mal-ware programs often downloaded for trading platforms which look legitimate but could be obtaining customers’ login details and passwords. Fraudsters do this on an industrial scale and gain access to many customer accounts across many businesses.”

This summation was given during an interview with FinanceFeeds, which listed the following protective measures for forex brokers:

1)    “Brokerages, IBs and their clients should be very wary of emails, which prompt them to update their passwords. For clients, these could be trading account access passwords, for IBs they could be portal or CRM passwords, and for brokers they could be back office passwords.”

2)    “Anything that appears to be automatically generated and does not come from what appears to be the correct format of internal corporate email address, our advice is not to click on it as it could contain code that grants hackers access to the trading account of retail clients, or the database owned by a broker, or even worse, the withdrawals system.”

3)    “It is advisable when inserting affiliate links into websites that they are as originally defined, and that they do not appear to show unusual or differing characters than when they were inserted. These could be used to deploy ransom-ware, thus the advertisement which looks quite correct when viewed on a broker website may be contaminated with mal-ware and once it is there, it is very, very difficult to remove.”

Unfortunately, cyber-crooks appear to have the upper hand at the moment. Even the best security firms are challenged by the ferocity of recent cyber-attacks, but vigilance and additional investments in cyber-related protective measures are paramount.

What are ten steps that can improve cyber security?

What can be done? Here is one helpful diagram that details the top ten tasks to perform:

Cyber security

Along with these ten steps, it is helpful to know that, “One thing to consider is that investment in cyber security startups has rocketed over the last few months.” The U.S. may dominate global cyber-security investment, but Israel is fast becoming the “Number 2” destination, as investments in cyber-security start-ups grew three-fold in 2016. Major firms like Fiserv, a global provider of financial services technology solutions, have also recently released “centralized, real-time cyber-security platforms, designed specifically for digital financial services.”

Concluding Remarks

Make no mistake about it: Cyber-warfare is on the rise and in every nook and cranny of the world. If you have escaped its long tentacles, consider yourself fortunate, but the odds are that you or one of your financial services partners, including your forex broker, your payment provider, and your bank, will be tested over the coming year. One chilling reminder from above was that, “Although 62 percent of respondents said their organization experienced a ransom-ware attack in 2016, only 53 percent of respondents said they have a formal process in place to address ransom-ware.”

The sad reality is that cyber mal-ware is also like a virus that builds resistance to the latest treatment regimen. It morphs, adapts, and evolves to penetrate even the best of defenses. Another sad fact is that industry volumes are contracting, profit margins are under pressure, and new regulatory compliance rules require the allocation of scarce resources in order to stay in business. Where will the funding come from to build worthy cyber defenses? Time will tell.

Yes, the future will be more challenging than ever, which means that you must be ever vigilant in protecting your access devices and in spotting any service diminution on the part of your forex broker. Service interruptions, slippage, or delays in handling withdrawal requests are early indications that something is just not right in the back office. Tough times are definitely ahead, and the best advice is to be prepared for the unexpected and be ready to shift allegiances, if and when the situation calls for such actions. We can help guide you in that exercise. Stay vigilant!

Like this article? Please share!

strip