The billion dollar Bangladesh Bank heist in the news these days exposed the real threat banks now face from sophisticated cyber-attacks.
Panelists at a cyber security in the finance industry press conference organized by IBM Philippines on March 21 shared their expertise to a room of bank IT managers, and one thing emerged clear—the issue is not limited to the finance industry alone. The threat of hackers and cyber-attacks affects all, whether you are a big corporation or a starting small and medium enterprise (SME).
In an increasingly digital world where most business owners rely on digital and mobile tools, the threat is not only imminent, but also poses a danger to their employees. Valuable employee data which are personal in nature can be “phished” or gained access into. These information can be used in illegal transactions and they can even hold personal accounts hostage in exchange for money, Luis Pineda, IBM Philippines president and country general manager; Joey Regala, Information Security Officers Group president; and Diana Kelley, IBM executive security adviser warned the audience.
These criminals are getting more creative when phishing information that is why the financial industry wants to lead the fight against it. Here are the vital things they want you to know about cyber security:
1. Cyber attackers do not discriminate.
No one is immune to cyber-attacks. Wherever you are in the world, as long as you go online or own digital devices, you are a potential victim.
Cybercrime is costing the global economy more than $445 billion or more per year due to these cyberattacks. The top method of attack is still sending malicious links and documents. Another emerging trend is ransomware, which “kidnaps” or “holds up” a company’s server, apps, or devices. The cybercriminals would only give you back access when you pay a ransom money.
2. Be careful what you download.
Every time you download anything on your phone or computer, you are putting it at risk—not only from virus, but also malwares, spywares, malicious codes.
For example, you download an innocent-looking microphone app. What you may not know is that certain apps have the capability to access to all information in your phone. Once you download a malicious app, some of these hackers are even sophisticated enough to turn on certain parts of your devices when they want to. They can turn on your microphone and listen to all conversations you are having. How to protect yourself against this? Make sure to always buy from legitimate app stores like the Apple App Store or Google Play Store and not from suspicious-looking websites.
3. Be mindful what you post on social media.
Anything that you post publicly on social media can be used against you, Kelley said. Cyber attackers can pretend to have met you at a party or event so they can phish information from you. And how did they know you attended this event? Kelley said that these phishers or hackers probably saw this because you posted it publicly online.
This kind of cyber-attack is called spear phishing where these cyber attackers target specific people and pretend to know them personally. These phishers know some information about you, based on what you post online. Then they proceed to send an email or personal message so that they can get valuable information such as credit card details or passwords.
4. Leaders should take the initiative in cyber security.
Decision makers in the company should be the one taking initiative on improving the company’s cyber security. Those in marketing, human resources, and finance departments represent prime targets for cybercriminals because they manage sensitive customer and employee data. Heads should implement a mobile device management system and should require apps to undergo testing before deployment. A study by IBM and Ponemon Institute revealed that 35% of companies do not test apps before widespread company use. Testing should be standard procedure, Kelley said.
5. Collaborate and share incidents.
IBM Security and IBM’s Institute for Business Value's new study Securing the C-Suite, Cybersecurity Perspectives from the Boardroom and C-Suite, revealed that 70% of chief experience officers think that these cyber-attacks are carried out by individuals.
The fact is that 80% of cyber-attacks are planned and executed by highly organized crime rings. Regala shared that these groups use the deep web to share data, tools, and expertise. This is why he urged people to also collaborate in terms of combatting cyber-attacks. Companies should come forward when their securities have been breached, despite looking weak. It is through this sharing of incidents that people get to learn more about what type of attacks are being made. For collaboration, those in the finance industry can join an organization like Information Security Officers Group (ISOG). Companies can also join a collaboration platform like X-Force Exchange.
6. Educate employees.
Prevention is still better than cure and an educated employee will be more equipped to face these challenges in cyber security. Company leaders should take the time to send their employees to workshops or talks about cyber security.
If they cannot afford it, they should at least give them access to reading materials on how to protect themselves. Studies are available for download for free at IBM Security’s site or you may also read blog entries at Security Intelligence’s site. If you would rather watch, they also prepared videos for your understanding. The trick is to keep up with the latest readings or studies because cybercriminals are always up to something new and it is everyone’s responsibility to educate themselves on how to be prepared.
Nicai is the marketing head of Rising Tide, a technology solutions company. She is also the Manila Bureau Manager of Probe Media Foundation's Mulat Pinoy-Kabataan News Network and a regular contributor for SPOT.ph. Follow her on Twitter, @nicaideguzman, and LinkedIn, https://www.linkedin.com/in/nicaideguzman.