Author: Chris Hockings, Chief Technology Officer IBM Security
Trace the cosmos back to its earliest moments, and you’ll find the entire universe compressed into a trillion-Kelvin ball about the size of an apple. But what finally caused this small apple to explode into what we now observe as the universe is unknown. The apple to the boom of the universe, however, is much more complicated than the attack chain that eventually leads to the big boom moment after a cyber attack. In fact, a cyber attack chain is very straightforward: Break-in. Latch-on. Expand. Gather. Exfiltrate. And many cyberattacks chains also follow a detailed path to the big boom moment: phishing email, malware deployment, credentials stolen, remote access to network, database stolen, additional compromises, encrypted communication, tick, first public indicator, tick, law enforcement calls CEO…and BOOM…then, of course, the fallout: twitter sentiments fall, stock prices fall, etc. So, what causes most of today’s cyber attacks? Cyber attacks are varied and depend very much on the industry. But the highest numbers of exploitation that occurred across 2016 and 2017 were caused by the injection of unexpected items into computing systems. In 2017, the financial industry recorded the most security incidents but was second to the information and communications technology industry in terms of attacks.
Building an integrated and intelligent security system
To help minimise the cost of cyber attacks, an integrated and intelligent security system is required. There are five key components to a successful security system
Protect against attacks by discovering vulnerabilities before they are exploited.
Detect unknown threats with advanced analytics.
Respond to cyber attacks with response planning and orchestration.
Identify your cyber resiliency and readiness.
Recover access to critical data and applications for a speedy recovery.
The benefit of having this level of cyber resiliency is that it leads to three important business outcomes: Prove compliance. Stop threats. Grow business.
This year Australian Prudential Regulations Authority (APRA) introduced its first prudential standard aimed at responding to the growing threat of cyber attacks. That’s because Australian financial institutions are among the top targets of cyber criminals seeking money or customer data, and the threat is only growing. The new proposed standard would require regulated entities to adhere to strict guidelines to not only repel cyber adversaries but also to respond swiftly and effectively in the event of a breach. Implementing legally binding minimum standards of security will increase the safety of the data that Australians entrust to their financial institutions and enhance overall system stability. However, achieving compliance doesn’t happen by rolling out single tools to produce specific reports. It’s a complex requirement that covers data and how it’s protected, how employees are governed and how resilience is achieved in an organisation. Future requirements will demand even more complex reporting, so the more integration security programs have, the easier it will be to achieve and surpass compliance requirements. Unifying your overall strategy for managing security and governance can be aided by understanding the cognitive threat intelligence capabilities behind the IBM Security immune system; it combines enterprise security intelligence and expertise in a single framework. Read the Navigating the Compliance Maze report to learn more.
Similarly, in New Zealand BS11 has set out the Reserve Bank’s policy for outsourcing by large banks.
Stop cyber threats
Cyber threats are everywhere, but one hitting Australia and New Zealand with disproportionate prevalence is the Ursnif banking trojan. The Ursnif, or Gozi-ISFB, works by using stealth techniques to infect machines and steal information including banking credentials and profiles from infected PCs. Also, just this week, the FBI issued a warning to banks several days ago about a new threat, called an “unlimited” global ATM cash-out operation. In anticipation of such events, IBM X-Force® Red had commenced a program dedicated to ATM testing practice and a network of four secure facilities dedicated to ATM and other IoT testing. The ability to detect and measure the effectiveness of protection mechanisms is critical. If detection technology is able to raise alerts when incidents occur, an organisation can respond quickly and efficiently, thereby minimising the cost. Once an incident is remediated, the organisation can then perform a risk assessment to determine if further hunting is required, which might reveal motives or even campaigns specifically targeting them. IBM QRadar® Advisor with Watson™ provides access to vast structured and unstructured content via machine-learning algorithms and deep-learning networks to help you perform initial assessments of identified threats.
Open banking systems have been driven by European regulators, with similar programs now driven by the Australian government as a consumer data right initiative, with banking being the first industry chosen to deliver open banking. It will allow its customers to securely move data to FinTech start-ups and other technology companies. Customers will be able to securely link all their banking data to another potential service provider. This comes after the Productivity Commission endorsed a “comprehensive right” that allowed consumers the transfer of their data from the incumbent to competitors. The open banking platform is powered by application programming interfaces (APIs), which allow FinTech start-ups — or other companies — that meet API standards to plug into the Macquarie banking system. The open banking initiatives are a good example of where security plays a critical role. Ensuring that your clients are protected by using your internet solutions is critical in order to maintain trust. The integration of API solutions with identity programs, augmented with advanced fraud protection and application security governance, can help ensure that the organisation’s customers don’t suffer loss by being an inadvertent victim to an Internet-based attack. Learn more about how IBM Banking and Financial Markets solutions can help your financial institution achieve digital transformation with flexible infrastructure.
CISOs must balance their ability to stop threats to their organisations, maintain compliance with regulators and support innovation programs. To manage a cyber security program effectively, a balanced and strategic approach must be taken. Cyber security companies are innovating at a pace that demands organisations maintain an active and engaged conversation with strategic providers. With the active collaboration of global vendors and the emergence of cloud and artificial intelligence, the net sum will indeed be better solutions aimed at delivering to the CISO agenda in a more efficient and cost-effective manner.
Author: Pelin Nancarrow, Asia Pacific Lead – X-Force Incident Response & Intelligence Services, IBM Security Despite an increasing need for incident response planning, the majority of enterprises do not have an effective strategy to handle cybersecurity incidents, according to results of a recent global study of cyber resilience. The study, conducted by Ponemon Institute and […]
Author: Pelin Nancarrow, Asia Pacific Lead – X-Force Incident Response & Intelligence Services, IBM Security These days, it’s no longer a matter of “if” you’re going to suffer a cyber breach, it’s a matter of “when.” When the inevitable breach happens, how you respond to the breach matters. An ineffective response can add even more […]
Author: Pelin Nancarrow, Asia Pacific Lead – X-Force Incident Response & Intelligence Services, IBM Security As the cyber threat landscape evolves, what we saw in 2018 is organisations across all industries are facing unmanageable levels of cyber threats brought on by the changing threat landscape, the risk of exposure and an ever-growing attack surface. The […]
For over 80 years, IBM has been working to solve some of the biggest issues facing Australia and New Zealand. Today IBM is helping doctors diagnose disease, predicting the latest fashion trends and creating better services for citizens.
These are our stories; this is IBM.