In the wake of recent reports of malware infecting state and utility networks in the United States, many organizations are searching for any evidence of similar code on their computers. Yet looking for a specific malware is an endless cat and mouse game. As soon as a malware is catalogued and identified by traditional fraud prevention software, the fraudsters institute a new one.
Reacting by Re-examining Networks
The renewed focus on malicious cyber activity comes on the heels of a federal joint report analyzing cyber attacks, known as Grizzly Steppe, compromising a range of U.S. government, political, and private sector entities.
That report — and a later retracted Washington Post story saying hackers had penetrated the US electric grid through a Vermont utility — have prompted many American states and utilities to re-examine their network security.
In the United Kingdom, parliament also just launched an inquiry into cybersecurity. The investigation follows a move to spend £1.9bn between 2016 and 2021 as part of an update to the UK’s National Cyber Security Strategy.
Securing the Financial Sector
Those responsible for risk management at financial institutions are reminded to also reaffirm their network security. With hacking making headlines internationally, it’s a mean reminder of the always evolving nature and increasing frequency of cyber attacks. With cyber criminals growing increasingly sophisticated, the potential harm to investors, firms, and markets remains great.
Needing to protect funds as well as the confidentiality, integrity and availability of sensitive customer information, the financial sector must remain current with risk assessments, incident response, data loss prevention and staff training to be cyber secure.
Malware changes as quickly as a teenager’s moods. Rooting out a specific strain’s code on corporate networks won’t solve the problem, especially when the malware resides on an unsuspecting, Average Joe’s machine. Yes, it will identify a threat that needs to be addressed. Still, the next step for cybersecurity is to take a new approach to cybersecurity that focuses on every day users and user behaviors so regardless if the malware is known and can be identified by traditional malware detection software or not, security is still in place to identify that there is activity going on in a session that is not directed by the legitimate user.
This is where behavioral biometrics comes into play. Behavioral biometrics employs unique metrics to profile the user in any given session. Beyond passwords and security questions, behavioral biometric profiles and an always learning platform offer continuous authentication identifying human and non-human device interactions. In this way, regardless of the threat, financial institutions, ecommerce, government entities and more can detect and prevent fraud in a way that is frictionless for users.
Hautala, L. (2017, January 4). No Russian attempt to hack Vermont power grid found. https://www.cnet.com/news/no-russian-attempt-to-hack-vermont-power-grid-utility-says/
Leyden, J. (2017, January 10). UK Parliament suddenly remembers it wants to bone up cyber security *cough* Russia *cough.* http://www.theregister.co.uk/2017/01/10/mps_cybersecurity_inquiry/