When it comes to cybersecurity, banking is one of the most highly-regulated industries, with multiple checks and failsafe steps put in place to ensure the highest possible level of protection. And while industry as well as government regulations include extensive, rigorous assessments, compliance alone does not suffice. Financial institutions simply must take the extra steps beyond compliance to ensure that their network and clients’ information are protected from cyber threats. On February 22nd, Network Box USA and ReliableIT hosted a Lunch & Learn for financial institutions at Maggiano’s Little Italy in Houston. This casual gathering was aimed at discussing compliance and cybersecurity. Attendees enjoyed a family-style Italian meal, as Nikki Almazan, Banking Compliance Expert from ReliableIT, talked at length about the threat landscape for banks and credit unions. She also touched on CAT, the Cybersecurity Assessment Tool, put forth by the FFIEC. After the presentation, Pierluigi Stella, CTO of Network Box USA, opened the floor for a roundtable discussion that included hot topics such as ransomware and web application security. He also, of course, circled …
The corporate world is constantly getting smarter by leveraging the latest internet technology advancements. Information sharing has over the years witnessed a gradual displacement of paper with digital becoming the dominant and favored medium.
In this concluding post on the topic of Spear Phishing, allow me to share something which happened to one of our clients last week.
One of the dangerous issues we currently face with spam emails is that of spear phishing – a type of phishing spam email targeted at the recipient. While most spam deploy a shotgun approach (send billions of emails and see what sticks), spear phishing attacks are specifically aimed the recipient, requiring hackers to do homework on the targeted victim. It is by no means random.
That application you’re currently using? More than likely, it was not developed with security in mind. No matter how much we discuss the topic and we talk about security driven application development, how many people and companies really even know how to do that?
Previously, we touched on the critical value of protecting one’s web server, and the various way to do just that such as the setting up of a DMZ or the creation of an IPS. We also introduced the fact that while a good idea, establishing an IPS in line with firewall as a means to intercept malicious traffic, was limiting.
Why do hackers want to control a web server? Because a server is often hundreds of times more powerful than a workstation, and that allows them to have a platform to launch attacks from a single point, rather than having to deal with multiple workstations.