mobile security

Risk Facing Financial Services

Risk Facing Financial Services

Financial services institutions have changed significantly over the last decade – from utilizing technology in new ways to stay competitive and drive efficiencies, to adapting business practices in light of the global financial crisis and recent narrow interest margin markets.

As these businesses evolve, they’re faced with a new range of exposures that can result in significant and lasting commercial costs, and traditional exposures come to light in a different context. Crime has also changed for these businesses, with a growing number of attacks against financial institutions taking place online and through digital means.

To better understand this changing landscape, we’ve outlined the top risks facing financial institutions today:

 

Social engineering and funds transfer fraud

Financial Services .jpg

Some of the most frequent cyber claims made by businesses in the past year involved funds transfer fraud and some form of social engineering. Funds transfer fraud is often carried about by criminals leveraging fraudulent emails or phone calls to request the transfer of funds from a legitimate account to their own. In some cases, fraudsters will pose as a senior executive appearing to give urgent instructions to a junior employee. While financial institutions have greater control processes, including separation of responsibilities, both banks and their clients are at risk of falling victim to these types of attacks, and as long as they continue to prove successful, we expect this threat to grow in both frequency and severity. Financial institutions should consider employee training on these newer forms of fraud, including how to identify phishing emails. Banks should also be concerned about their customers’ susceptibility to social engineering fraud, and should consider education campaigns where relevant.

 Adherence to post-crisis regulation

Following the mortgage crisis in 2007-2008 and the subsequent global financial crisis, the regulatory burden for banks has increased significantly. This brings additional costs when meeting these new requirements, along with higher potential penalties if an institution fails to comply. In many instances, resultant fines and penalties following regulatory failures are uninsured or uninsurable. Financial institutions should seek cover where regulatory enquiry costs and expenses are covered.

 Falling prey to predatory banking

Financial institutions have found themselves in a narrow interest margin environment, which means the pressure on banks to generate revenue from non-interest earnings is intense. In some cases, the desire to drive revenue through new or existing products has led to instances of selling inappropriate products to consumers, resulting in significant consumer claims. Institutions must ensure that their products are suitable and that they meet the needs of the consumer and the consumer’s expectations. It’s also important for institutions to ensure their remuneration policies do not inadvertently encourage the miss-selling of products. The fallout from consumer protection scandals can be costly not only from a legal and regulatory standpoint, but also in terms of damage to the brand.

 Reputational damage

Predatory banking is only one type of behavior that can bring reputational harm to financial institutions. Large institutions can suffer backlash for a variety of misdeeds made public, for instance the failure in anti-money laundering controls by Wells Fargo or HSBC, who were hammered in the media for their behavior. On a smaller scale, for regional and community-based institutions, the power of social media can mean that reputational damage spreads far faster than ever before.

 Systemic instability

Nearly a decade later, the effects of the global financial crisis are still being felt by financial institutions around the world. Recent concerns over Deutsche Bank’s operational cut backs and stock price decline have shown there is still uncertainty around the performance of even the biggest financial organizations. Additionally, recent instability in Europe – particularly in Italy and Spain, as well as the still incomplete negotiation – could have effect elsewhere, including the US, where European headquartered institutions such as Deutsche Bank, Barclays and HSBC are systemically significant institutions.

 Challenger banks and new technology

The traditional banking model is increasingly challenged by newcomers trying to use technology to replace existing processes and disrupt the status quo. In the UK and Europe, challenger banks are gaining steam and traction among younger generations and early adopters. In the US, there are few online-only challenger banks, but there is increasing competition from payment processors, online non-bank lenders and other providers who are edging their way towards areas conventionally controlled by banks. The risk for traditional institutions will not only be economic, but they will also need to provide more services to their clients to ensure they are competitive and relevant, and they may need to reassess their cyber exposure as they put more systems online.

 

Apple Integrate Security Controls in iOS 12 Core

Apple Integrate Security Controls in iOS 12 Core

Apple's latest update for iOS incorporates ways to stop Safari snooping, data leaks, password reuse, and hacking.

In what has become one of the rituals of fall along with leaf peeping, tailgating, and apple picking, Apple recently introduced a new lineup of iThingies, complete with slick new iPhones and oversized Apple Watches. They all look really nice. But the most important release isn’t the (unironically named) iPhone XS or super-powerful MacBook Pro, it’s iOS 12.

The iPhone is the leader in the clubhouse as the most secure general-purpose computing device on the market. Apple’s control of both the hardware and software development process and ecosystem make the iPhone/iOS platform one of the harder targets there is for attackers at the moment. The company has been adding security features to both the hardware and software at a steady pace since the iPhone’s introduction, and iOS 12, which Apple released this week, brings several important new protections with it.

The features that will probably make the biggest immediate difference to most users are the addition of automatic strong passwords in Safari and security code AutoFill. Creating and remembering strong passwords is a pain so people often just fall back on something that’s easy to remember, which also means it’s probably easy for an attacker to guess. In iOS 12, Apple has added the capability for Safari to suggest strong, complex passwords automatically, something that has been available on the desktop version of the browser for a while. The second authentication change is a feature that will automatically fill in one-time passcodes sent via SMS. While SMS-based two-step verification isn’t the strongest option, it’s significantly better than a password alone, and Apple is making it much easier for people to use it by removing the need to copy and paste or remember those codes to enter them in apps.

Another major upgrade to the security of iOS is the inclusion of automatic software updates. Most desktop platforms have had automatic updates as an option for many years, but it’s taken a while for that feature to reach mobile devices. Until now, iPhone users needed to go into the App Store app and manually click on the Update option for each installed app. The same was true for iOS itself. In iOS 12, users have the option of setting iOS and all of the installed apps to update automatically, ensuring that the latest version is always installed. Even the minor releases of iOS come with security and bug fixes and are important for users to install, but many people aren’t even aware when new versions come out. Having automatic updates enabled takes the human part of that out of the equation.

There’s also a feature that’s less obvious but can be an important defense against some attacks. Apple has added a function called USB Restricted Mode that prevents any USB accessory from interacting with an iPhone if the device has been locked for more than an hour. The feature is buried in the Settings under the Touch ID & Passcode option and it can protect iPhones against attacks that use exploits delivered over the USB Lightning port.

On the privacy side of things, iOS 12 includes functionality in Safari that prevents third-party trackers on sites from following a user’s movements across the web without the user’s permission. It’s an important change, given how pervasive third-party tracking has become.

“Safari now prevents Share buttons and comment widgets on web pages from tracking you without your permission. Safari also prevents advertisers from collecting your device’s unique characteristics, so they can’t identify your device or retarget ads to you across the web,” Apple’s notes for iOS 12 say.

The iOS 12 update is available now. Get it.