Page 132 - Cyber Defense eMagazine January 2023
P. 132

Banks  can  also  use  contextual  authentication,  smart  tools  that  account  for  behaviors  and  context
            surrounding events like transactions or logins. These tools review a lot of data and use an algorithm to
            present a risk score which triggers automated security protocols.



               6.  Cloud-based attacks

            Cloud  systems  are  another  big  security  liability  as  they  contain  volumes  of  sensitive  business  data.
            Protecting these systems isn’t really up to the financial organizations but to their service providers.

            That is why financial organizations should do their due diligence in finding reliable partners that have
            excellent security tracker records and strategies to ensure no damage will happen. You can do this by:

               •  Checking if their security is up to standards, including ISO-27018, ISO-27001, ISO-27002, ISO-
                   27017, and ISO 27001:2013;
               •  Checking their identity and authentication controls like MFA, CIFA, or real-time identity monitoring
               •  Seeing if they outline security, support, and maintenance in their SLA;
               •  Checking out their storage and data center locations
               •  Checking if they are compliant with the PCI-DSS and EUGDP regulations
               •  Doing a penetration test on their infrastructure with a cybersecurity professional.



               7.  Increased risk of supply chain attacks

            Supply chain attacks target vendors that offer vital tools or services to the whole supply chain. They inject
            malicious  code  within  vendor  applications  to  infect  all  of  their  users.  Software  supply  chains  are
            particularly vulnerable because modern programs are written by using pre-made components like APIs,
            proprietary code, and open-source code.

            To  protect  themselves  against  these  attacks,  financial  organizations  need  to  create  a  Zero  Trust
            Architecture.  With  this  structure  set  in  place,  all  digital  interaction  stages  are  validated  and  verified,
            making it much more difficult for attackers to breach information through other services.


            Organizations  can  also  include  Privileged  Access  Management  because  this  process  controls  and
            monitors all users with access. Access control is essential, primarily when criminals target accounts
            already within a system.



               8.  Defi and cryptocurrency

            More and more financial services include crypto transactions, and even though this might be good news
            for crypto enthusiasts, these services carry many risks. DeFi projects often have internal risks as their
            systems aren’t secured and tested over time.

            Some of the most common internal cybersecurity risks include:





            Cyber Defense eMagazine – January 2023 Edition                                                                                                                                                                                                       132
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.
   127   128   129   130   131   132   133   134   135   136   137