According to analysts, in 2019, more than 90% of cyber attacks began with phishing. Can we conclude from this that the weakest link of financial institutions from the point of view of cybersecurity is its employees?
So, it is no wonder why people try to pick up the best Windows 10 antivirus software or check the information on how to install PCmatic for Mac to ensure phishing protection.
A modern bank is a huge IT infrastructure with its perimeter (the one that separates the external network from the internal one), which reliably protects the organization from hacks. Attacking it is a very expensive, yet worthwhile event.
That is why attackers more often choose people as the object of attack. For example, just go to the bank, throw a flash drive on the floor, and in 15 minutes, it will be in one of the computers. The “service” of throwing a flash drive can be bought on the black market.
Having access to an employee’s computer makes it much easier to move through the company’s protection levels. Therefore, social engineering as the means of attacking a company is really the simplest and cheapest first step.
How to Solve The Employee Security Problem?
Basic rules do not require people to be cybersecurity specialists. Everything is exactly like with hygiene: not only doctors know that you need to wash your hands. In the field of cybersecurity, there are also basic rules, compliance with which prevents 90% of problems.
And the remaining 10% is solved by technical means and the diligent work of the SOC( Security Operations Center – information security monitoring center).
Of course, you can crack any system if you invest enough time and money in it. To prevent this, organizations should comply with basic rules in the field of cybersecurity – with a high degree of probability, this will help prevent the bulk of incidents.
How to Ensure the Necessary Measures?
The measures taken have to combat cybercrime, but they shouldn’t interfere with a financial company’s business processes.
The question of choosing between convenience and safety is really classic. And if we are talking about financial organizations, security is extremely important because banks cannot afford to be irresponsible about their clients’ data.
On the other hand, safety must be customer-oriented. Iron enforcement of norms and policies can spoil a lot – both product, and client communications, and, as a result, business indicators. The optimal balance to be sought will depend on the point of application.
For example, if we are talking about systems without company-sensitive data, you need to lean towards usability.
And if we are talking about systems that directly participate in the processing of customer data or financial information, security will be more important – in the case of such systems, one miss is enough to bury the company’s reputation and cause significant damage to its investment attractiveness.
Making sure that security measures do not interfere with business processes is not easy. To do this, you need to look at the cybersecurity unit as part of the business.
The head of information security must share this view – then his strategy and solutions will be focused on the business result.
A product that has been released with a delay because it has been protected for a long time is as bad as a weak product in terms of safety.
Hackers and Artificial Intelligence
Today, the very definition of artificial intelligence algorithms and its application is somewhat blurred – sometimes, they call it almost everything that is used in data analysis. In this regard, it is worth noting that hackers are specialists who have excellent abilities for a high-quality analysis of information and can find vulnerabilities in it.
For example, when a hacker makes a reconnaissance, he creates an algorithm that will allow him to quickly identify weaknesses in his IT infrastructure in the event of an attack by a large company.
So hackers use artificial intelligence algorithms. But the scope of such technologies lies in the plane of working with data. For example, if hackers received a stolen client database and apply it to social engineering methods, they can use data science algorithms to identify users whose attack would be most effective.
In the future, they can form a “model” from the results of the search for new victims. It is absolutely certain that data science algorithms can be used on the other side of the barricades, but this is hardly massive.