Exploits targeting banking apps on mobile devices, are a significant part of the growing threat trend that must be addressed. Compromising mobile devices not only allows attackers to steal data stored on that device, but can be used to collect personal banking information.
In an interview with TechObserver.in Rajesh Maurya, Regional Vice President, India & SAARC at Fortinet share his views on common challenges that CISOs face, the future of cybersecurity and experienced advice for CISOs in the financial sector.
What are a few common concerns that comes up when we talk about network security?
Continually increasing complexity of threats, shortage of staff, and lack of visibility are challenges that we see across all industries and public sector agencies of all sizes. There is no CISO who could confidently say that their team had 100% visibility across the network – let alone the state of connected devices. Lack of visibility into network connections and anomalous behaviour is critical – after all, you can't protect what you can't detect.
Compounding these challenges is the need to deliver innovation and services faster and customers who expect greater levels of security and privacy. Everything is more complex and accelerating – computing, networking, security, compliance, along with all elements of the digital enterprise that is affecting all including Financial organizations.
Do you see disconnects between CISOs and business leaders that may be affecting security in the organization?
One surprising disconnect between CISOs and business leadership is the lack of adoption of the reasonable care standard for security and resiliency. Widely cited in best practices and regulatory frameworks, the reasonable care standard requires organizations to implement technologies and processes to identify and manage risk. While every CISO agrees it was the right approach, few have said their boards had adopted reasonable care as a measure of security.
But the CISO is becoming an active enabler of secure innovation which the other business leaders – the CMO, CFO, and CEO – have started to perceive their value. Deploying SD-WAN, for example, empowers remote sites, reduces the overhead of costly MPLS traffic, AND reinforces security. It's a strategic solution where everyone wins.
Why do cybercriminals increasingly target online banking and mobile apps?
There is a similarity that holds true for cybercrime and the Financial Services industry. At the end of the day, regardless of who the ultimate victim of a cyberattack is, the end goal of most cyber events continues to be financial gain. And capitalizing on the theft of information, whether credit card or banking data or the selling of PII on the dark web, ultimately involves taking advantage of someone or some organization associated with the Financial Services sector.
Exploits targeting banking apps on mobile devices, are a significant part of the growing threat trend that must be addressed. Compromising mobile devices not only allows attackers to steal data stored on that device, but can be used to collect personal banking information using phishing apps, intercept data moving between a user and his or her online bank, and monitor financial transactions when purchasing goods or services online. The Android. banker. A2f8a malware, for example, targeted more than 200 different banking apps to steal login credentials, hijack SMSs, and upload contact lists and other data onto a malicious server. It also displayed an overlay screen on top of legitimate apps to capture additional information.
These apps aren't just being downloaded from risky sites. Between August and October of last year, 29 banking Trojans masquerading as legitimate apps were removed from the Google Play store, but only after they had been installed by over 30,000 users. But even that is only part of the exposure. Compromised devices are also becoming a gateway through which the larger financial services network can be exploited.
What does the future of security look like?
Security will be more integrated with networking and computing – all of which will be more distributed and accelerated with 5G and the mass implementation of smart solutions. The third generation of security will see security being designed into solutions from the outset rather than a bolted-on afterthought.
New 5G-enabled, edge-based computing will generate more data than ever before – shifting the majority of computing to the edge, with the cloud progressively being used for correlation and storage. Security will also be more automated, leveraging AI and ML to analyze vast volumes of data for anomalous behaviour.
How does a security fabric approach protect customers in the new future of security?
Just about every breach in the last 20 years was a result of gaps in visibility, awareness, and control. If you can't see what's on your network – you can't protect it. If you can see what's connected but have no contextual awareness about what's happening – you can't protect it. And if you can detect and understand what's happening but don't have an integrated and automated way to respond – you still can't protect it.
The Fortinet Security Fabric's broad, integrated, and automated approach provides the visibility and control that's needed as security becomes even more challenging. With end-to-end visibility and a framework of integrated devices collecting and sharing data to detect threats, combined with FortiGuard AI-enabled intelligence, the fabric automates the detection and mitigation of threats at speed and scale.
How does that intertwine with dynamic cloud security zero-trust network access?
Amongst the recommendations made in light of increasingly aggressive cyber threats, there has been a specific call for the adoption of Zero Trust. Zero Trust posits that traffic inside the perimeter should be trusted no more than the outside traffic.
A lot has changed since the original inception of Zero Trust in 2009, including the disappearance of perimeters. Going forward, trust assessment needs to move beyond a simple binary yes-no model to be more adaptive and risk-based by:
- Identifying every request for network access
- Authenticating the requestor
- Confirming the state of the device on which the request is made
- Validating the access request based on a least privileged, need-to-know basis
- Continuously logging and monitoring all activity for anomalous behaviour
The Fortinet Fabric and its partner ecosystem provides enterprises with a broad, integrated and automated way to control access and continuously monitor behaviour from the IoT edge, across enterprise networks, and across the largest cloud providers.
What is your advice for CISOs and CSOs from financial organizations?
Across all the threat research it's clear that we're still not getting the fundamentals right. The vast majority of breaches are not caused by sophisticated attacks or advanced tactics, techniques, and procedures. Rather, threat actors at all levels of sophistication exploit known vulnerabilities for which patches are available. In some cases, these patches have been available for over a year. Indeed, most attacks leading to data breaches could have been mitigated via simple to intermediate controls.
Because so many attacks begin via phishing and exploit known vulnerabilities, getting the basics of security hygiene and resiliency done pays huge dividends and the following steps can help every Financial organization of all sizes:
- Implement continuous security awareness campaigns
- NGFWs are great at helping gain control because patching is not easy
- Adopt s rigorous and autonomous approach to web application vulnerability management
- Employ multi-factor authentication (especially for critical systems/processes)
- Back-up data based on criticality and SLA associated with the process