Nettitude Blog

How do major regulatory frameworks for financial services differ across the world, and how is this changing?

By Ben Densham, CTO at Nettitude

The operational resiliency of the financial services sector is of paramount concern to governments and regulators across the globe. Identifying cyber threats and security weaknesses that could affect individual firms or Financial Market Infrastructures and their ability to respond to an attack is key to ensuring the stability of the finance sector, which is key to the stability of the global economy.

Security testing (including scanning, penetration testing, red teaming, and more), is often seen as a compliance bug bear. However, if your security team wants to provide a level of assurance to the business that if an attack was to take place, you are well placed to both defend and detect it, it is essential that you perform the right kind of testing for your business. In this post, we’ll take a look at the types of testing you should be deploying within your organization by explaining what each type of test does and what it can (and can’t) deliver for you.

We just released our latest edition of PERCEPTION, our cyber threat intelligence briefing for the financial services sector edited by Dr Graham Shaw. This contains informative, relevant and timely information about the cyber threat landscape for financial institutions, current threat actors and recent activities, and is designed to help you address the cyber risks faced by your organization.

 Cyber-attacks and the impact they have on organizations are becoming much better understood. However, in facing increasingly sophisticated, targeted and untargeted attacks, the complexity and scale of the threat means that avoiding a cyber-attack is becoming harder for organizations. If a cyber-attack is going to happen at some point, it’s essential that organizations plan for, and prepare to respond to, the inevitable. But this can be easier said than done. What steps do organizations need to take to develop a cyber security strategy that ensures they are prepared?

By Michael Fratello, Security Consultant at Nettitude

If the last five years of malware-related cybercrime were made into a movie, “The Ascension of Ransomware” would be quite the fitting title. The impact of the CryptoLocker ransomware, which emerged in late 2013, was devastating, and it caused a chain reaction. CryptoLocker revealed that the distribution of ransomware can be quite lucrative, and as expected, more and more threat actors sought to hop onto the ransomware bandwagon in hopes of achieving the same financial success as the CryptoLocker author(s). And we are still seeing devastating, high profile attacks today, such as the ransomware attack last week that brought down Hydro, one of the world's biggest aluminum producers.

In this article, we present the Internet of Things (IoT) and the current security status of IoT devices. The reader will also gain a practical guide towards IoT security in the workplace and an account of the latest information to help futureproof organisations against cyber attacks.

Even social media giant Facebook has been ordered to step up data protection as 29 million of its user’s passwords were exposed in 2018. Creating a strong and secure password is a critical step in protecting confidential data and networks. Your infrastructure can come under attack from cyber criminals at any time and passwords can provide the key to that kingdom for hackers.

The 2018 Verizon Data Breach Investigations Report (DBIR) declares ransomware “the most prevalent variety of malware”.

• Over 181 million ransomware attacks happened in the first six months of 2018.
• That is a 229 per cent increase in ransomware attacks reported compared to the same period in 2017(SonicWall)

With the number of cyber-attacks growing in prominence every day from the reputational ruin of organisations overnight to the manipulation of election results, the threat cybercrime presents to us all should not be undervalued.

What is a cybersecurity plan?

A cyber security plan is an organisation’s written guide to follow and improve its overall risk management and defences against the on-going threat of cybercrime - and some might say the most significant threat they face.