CYBERSECURITY FOR LEGAL AND FINANCIAL BUSINESSES
Taking on the threat
Cybersecurity is vitally important for legal and financial businesses, especially through emails. As the threats continue to evolve, solutions must also be agile enough to cope.
Cyberthreats are growing for businesses across the board, but for those in the legal and financial sectors it is particularly acute, largely down to the vast swathes of confidential information that they are involved in. Chris Campbell, lead solutions engineer, EMEA at HackerOne, says that due to stringent compliance with regulations, the financial services industry has to maintain the highest security maturity. “Yet, it remains a prime target for cybercriminals,” he says. “The question emerges – why is the financial sector so susceptible to cyberthreats? As bank robber Willie Sutton said when asked why he robbed banks, ‘because that’s where the money is.’ “Unpatched vulnerabilities are a primary access point for attacks, and when you consider an organisation’s unknown assets and their subsequent unpatched vulnerabilities, the risk is exacerbated. “In addition, financial organisations increasingly rely on third-party vendors to maintain smooth operations. Rapid digitalisation across the finance industry further heightens exposure to third-party cybersecurity risk. Widespread adoption of multi-cloud infrastructure has expanded the scope of potential targets for cybercriminals.” Sam Harrison, channel manager EMEA at Kiteworks, agrees: “The movement of more and more confidential data into the digital space and it being regularly exchanged with first and third parties has not gone unnoticed by those with unscrupulous intent,” he says. “This had made the financial industry to continue to be a top target for cybercriminals. In fact, it has got so bad that 96% of financial services organisations tell us that they have experienced four or more exploits of sensitive content communications in the past year alone." Common threats The biggest threat to legal and financial services companies is still phishing attacks, says Durgan Cooper, CETSAT chairman.
“Targeting employees to gain access to secure data or to instigate further attacks through clicking links etc,” he says. He adds that ransomware attacks that aim to lock out companies from their systems until a ransom is paid are also common, as are insider threats, where employees or contractors misuse their access to sensitive information. Endida’s founder and co-CEO Fiona Whyte, agrees that ransomware that locks and encrypts data, devices and systems rendering a business unable to trade is a big threat. “The legal and financial sector, because of the nature of their business are also susceptible to double extortion where attackers not only encrypt data but also threaten to release it publicly,” she says. “Data theft is an obvious risk but equally as threatening is an alarming increase of a sophisticated advanced persistent threat attacks involving data tampering that injects or alters data and often go undetected for long periods of time. “Legal and financial institutions have a strong reliance on third party services such as payment processing and data storage. A breach in a third party’s system (supply chain attack) can lead to compromised security for the institution using that service.” The acceleration of AI and the software supply chain are creating new vectors of risk that legal and financial cyber teams must adapt to, adds Scott Johnson, VP of product management at Synopsys Software Integrity Group. “AI generated code introduces new threats that challenge the norms of IP laws as well as license compliance usage requirements,” he says. Changing requirements This means that cybersecurity solutions are imperative, and there are a range of solutions that legal and financial businesses are now requesting. “Companies should start with the presumption that they will be targeted and have a comprehensive incident response plan
Chris Campbell lead solutions engineer EMEA
hackerone.com
Sam Harrison channel manager EMEA
kiteworks.com
Durgan Cooper chariman
cesat.com
24
Powered by FlippingBook