27 May 2021

Kaspersky advises local finance sector to improve threat intelligence

05/16/2021 01:40:45 PM


As digital money transactions soaring high during this ongoing pandemic period, the financial sectors need to take a critical look at their integrated security and improve their threat intelligence capabilities.

Cybersecurity company Kaspersky told the statement in their recent press release.
“For the large majority of cybercriminals, easy money is the prime motivator. And the financial sector is uniquely positioned to be a target of attacks regardless of season because it’s always where the money is. The growth of digital financial services in the Philippines, like in other parts of the region, is creating new and heightened risks for both service users and service providers. In this case, technology will be the game-changer,” said Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky.

Despite the Philippines boasting a perfect score in the Global Microscope 2020 with regulations set on e-money and basic deposit accounts, the results of the recent Philippine Banking Sector Outlook Survey showed there is a need to integrate and leverage technology within the next two years. Especially with lockdown restrictions and an increase in remote working arrangements, not all banks are prepared to handle cyber threats.

The restricted measures ignited the rise of digital payments and electronic money platforms. Technological capabilities and operating models built to continue banking operations despite the lockdowns were considered vital pieces in ensuring business survival, maintaining controls and compliance, and increasing performance.

A survey conducted by the country’s central bank among all local financial institutions—universal/commercial banks and their subsidiaries, thrift banks, and rural and cooperative banks—it revealed that a high volume of rural and cooperative banks were determined to incorporate technology in their businesses.

Banks that are lagging behind in terms of digital transformation efforts also realized the need to fast-track their digitization journey. In 2020, respondent banks said they are now planning to use technology in banking services at 89.2% compared to 87.4% in 2019. Although the speed of digital technology implementation is taken seriously by financial institutions, securing the platform and the users hold as much value as innovation.

Last year, an American digital banking app was attacked by the ShinyHunters hacking group, and over 7.5 million users’ personal information like names and social security numbers were being posted publicly on hacking forums as its result.

With almost half of organizations having difficulties finding the difference between real threats and false positives, security teams are left “flying blind” instead of properly prioritizing actionable threats; prompting them vulnerable to unexpected attacks in the process.
“Digital transformation always presents new challenges, especially for the financial sector. The Philippines is in the middle of a digital revolution where the use of online payment gateways and e-wallets is expected to expand. While it is a huge responsibility for banks and financial service providers to secure their virtual systems, investing in the most intelligent solutions is essential as they build their cyber defenses to better protect their customers and their businesses. From a cybersecurity standpoint, threat intelligence is an advanced, specialized framework that the financial sector will significantly benefit from,” Yeo added.
Kaspersky’s recent IT Security Economics Report found out that threat intelligence is considered an area of investment for 41% of enterprises and 39% of SMBs in response to a data breach. 

To secure ongoing efforts for digital connectivity, identification, and payments infrastructure, up-to-the-minute threat intelligence feeds play a vital role in keeping tabs on the cyberattacks that grow in both frequency and complexity.

Threat intelligence can identify and analyze cyber threats targeting a business. It’s about going through piles of data to examine it, to spot real problems, and deploy solutions specific to the discovered problem. However, this field is not to be confused with threat data which is a list of possible threats. It is when IT specialists or sophisticated tools “read” threats and analyze them, and apply historical knowledge to know if a threat is real and if it is, what to do about it.

With Kaspersky’s Threat Intelligence Services, organizations are provided with data feeds that cover phishing links and websites, and malicious objects that target Android and iOS platforms.

Since users most of the time access digital financial services through smartphones, banks can easily warn clients against ongoing cyberattack campaigns that usually involve phishing links on emails posing as the bank.

This up-to-the-minute machine-readable threat intelligence in security information and event management systems also enables security teams to quickly launch an automated incident response and easily sift through which alerts must be escalated for further investigation and resolution.

This feed is a collection of data sourced from Kaspersky’s own cloud infrastructure called Kaspersky Security Network, web crawlers, an always-on unique proprietary platform called Botnet Monitoring, email honeypots, research teams, and the company’s global partners.

For industries like financial services, how can threat intelligence be useful? There are three basic things:
1. Prevent data loss - a well-structured cyber threat intelligence (CTI) program means your company can spot cyberthreats and keep data breaches from releasing sensitive information
2. Provide direction on safety measures - by identifying and analyzing threats, CTI spots patterns used by hackers and helps businesses put security measures in place to safeguard against future attacks
3. Inform others - hackers get smarter every day so cybersecurity experts share the tactics they’ve seen with the IT community to create a collective knowledge base to cybercrimes.
 
In a span of three months last year (January to April 2020, to be exact), the average daily instances of brute force attacks met a whopping 24% increase. In fact, even healthcare organizations and other essential services are being targeted by advanced persistent threat (APT) groups. It's even unfortunate when not all APT threats are either reported immediately or publicly announced.

Managing threats requires a 360-degree view of your assets. Here’s what to look for in a Threat Intelligence program:
1.IOC (indicator of compromise) - IOC is the basis of threat intelligence. Its evidence can be measured and recognized like a fever showing signs of disease in the body. There are many IOC services. To choose the right one, you’ll need to know which threats you’re most likely to face.
2.Threat data feeds -These provide integrated intelligence by analyzing adversaries and the wider threat landscape. To choose the best one for you, ask: do we need an APT data feed if we’re not a likely target for APT groups? Where is the best place in the IT infrastructure to add the feeds? Should we block threats or just alert the team? Your answers will depend on your organization’s security posture and IT strategy.
3. Threat intelligence platform- A threat intelligence platform lets you manage a range of specialist software that supports the different components. What you choose and how you integrate services comes down to your budget and business needs. Although there are open-source data feeds out there, you can buy more sector-specific intelligence. It’s essential to drill down when you purchase threat intelligence services to make sure the vendor provides a responsive service – both in the quality of data feeds and speed if they’re providing incident response.

With careful planning, while choosing a vendor and a well-thought-out strategy, your SOC can benefit from the full protection and power of threat intelligence.

Author: slickmaster | © 2021 The SlickMaster's Files

No comments:

Post a Comment

Feel free to make a comment as long as it is within the bounds of the issue, and as long as you do it with decency. Thanks!

Reader Advisory

Some articles posted in The SlickMaster's Files may contain themes, languages, and content which may neither appropriate nor appealing to certain readers. READER DISCRETION is advised.