A message from Walt Lukken, President and CEO, FIA
SADLY, IT IS MORE COMMON than not to be the victim of a cyber attack. As a former CFTC official, I found out recently that I was one of the four million current and former government officials who had their most personal information compromised by a breach of the U.S. Office of Personnel Management systems. And there have been plenty of similar headlines in the past year: Home Depot, Sony and Anthem just to name a few. Even FIA was the target of a “phishing” incident, requiring us to bolster our cyber defenses.
The financial services sector and the critical infrastructure it supports are attractive targets for hackers and cyber criminals. IOSCO reports that more than half of the world’s exchanges have experienced a cyber attack. And some experts estimate that financial institutions are four times more likely to be attacked than other industries. Across all industries, the total number of cybersecurity incidents rose by 48% from 2013 to 2014. The threat is not just growing, but it’s growing at an increasing rate.
As cyber crime has risen, the infrastructure of our industry has been evolving. More trades are centrally cleared, which creates a web of interconnected activity. An attack at one organization can have a ripple effect throughout the financial industry. A data breach not only hobbles a company by cutting through its networks, but it also has serious implications in terms of customer confidence: 82% of businesses would consider leaving a financial institution that had suffered a breach, according to a 2014 report on global IT security risks by Kaspersky Labs.
No one is immune to these attacks. Cybersecurity experts will tell you that there are only two kinds of organizations: those that have been breached, and those that don’t know they’ve been breached. Unfortunately, with continually evolving threats, there is no such thing as bulletproof protection from cyber crime. Instead, we need to shift our focus to cyber risk management.
|
Cyber Attacks on the Rise |
SOURCE: 2015 PwC Global State of Information Security Survey. |
The good news is that our industry knows quite a lot about risk management. We also have a number of resources in place already. The Financial Services Information Sharing and Analysis Center (FS-ISAC) not only provides analysis and education on cybersecurity, but also distributes anonymous real-time information about cyber threats so member organizations can quickly respond. I encourage you to visit its website to learn more about how FS-ISAC can help your organization.
FIA has made cybersecurity a priority in 2015, inviting world-renowned experts to speak at our conferences, sharing cybersecurity resources with our membership and hosting webinars with cyber experts. We have taken part in CFTC roundtables on cybersecurity and are looking forward to working with regulators to develop flexible standards that allow for innovative and evolving responses to cyber threats.
It is imperative that we get smart on this issue and do it fast. All of us should be reexamining our current cyber policies and procedures against best practices and the guidance of regulators. Being prepared is what FIA and this industry does best. As with other industry business continuity challenges like Y2K, 9-11, Superstorm Sandy, and most recently the Leap Second, we know that communication and testing is the best assurance to prepare for these threats. On both of these fronts, FIA hopes to be a resource for its members in staying ahead of the curve.
The Seven Deadly Sins of Cybersecurity
1
PATHETIC PASSWORDS
The most common corporate password is Password1 because it meets the minimum complexity requirements. And as many as 15% of corporate employees make a note of their passwords and leave it visible at their workstation.
ACTION ITEM ➔ Tear up those post-it notes and reset your passwords often.
2
SMARTPHONE STUPIDITY
70% of users don't password-protect their smart-phones. But 89% of people who find a lost phone will look through the digital contents.
ACTION ITEM ➔ Set up a password on your personal and work phones.
3
FRAUDULENT FLASH DRIVES
60% of userswho find random USB sticks in a parking lot will plug them into their computers. If the sticks have a company logo on them, 90% will do so, often times with harmful effect.
ACTION ITEM ➔ Treat a USB drive like gum - if it's not new, and it's not yours, best to avoid it.
4
SOCIAL AWKWARDNESS
52% of enterprises have seen an increase in malware infections due to employees social media use. Believe it or not, you can't trust everyone you meet on Twitter.
ACTION ITEM ➔ Follow your company's social media policy and avoid clicking unknown links.
5
EASY ACCESS
One in three workers leave their computers logged on when they step away from their desks. And 71% of workers admit to sneaking a peek at a co-workers or strangers' workstations.
ACTION ITEM ➔ Set up the auto-lock feature on your computer or manually lock it when you step away, even for a minute.
6
PHISH BITING
69% of IT professionals say that they've seen phishing messages get past their filters. You only need one employee to inadvertently click on a link or send a document to compromise the entire network.
ACTION ITEM ➔ Employee education can reduce clicks on phishing messages by as much as 42%. Consistent training for employees is a must to avoid these breaches.
7
WICKED WI-FI
Nothing in life is free, especially if someone steals your data or identity. Only 18% of users use a secure VPN tool when accessing public wi-fi, leaving their information vulnerable to theft.
ACTION ITEM ➔ If you aren't on a trusted network, use a VPN tool to ensure sensitive information is protected. Please note that the coffee shop downstairs is NOT considered a secure network.
SOURCES:
www.statista.com/statistics/193436/average-annual-costs-caused-by-cyber-crime-in-the-us/
www.csoonline.com/article/2938767/advanced-persistent-threats/report-banks-get-attacked-four-times-more-than-other-industries.html
www.pwc.com/gx/en/consulting-services/information-security-survey/key-findings.jhtml
www.investmentnews.com/article/20140110/FREE/140109928/cybersecurity-threats-to-financial-firms-on-the-upswing-in-2014
www.trustwave.com/resources/trustwave-blog
