The latest on cybersecurity: Vulnerability testing and third-party software

January 04, 2021

Read about the latest insights and trends on cybersecurity from prominent experts.

 

Email cyberattacks account for most losses in modern businesses. Even as organizations are improving their cybersecurity efforts can still lag evolving threats. What’s been trending lately in cybersecurity developments?

 

Corrupt email links still dominate

Despite the advancement of automated software vulnerabilities and exploit kits, most cyberattacks still require some form of human action to validate. Email remains the largest channel for these attacks, based on a recent report by Proofpoint

“Cyber criminals continue to refine techniques that target people rather than infrastructure, with attacks that rely more on human interaction and less on automated exploits. Social engineering is pervasive, whether in rampant sextortion schemes, business email compromise (BEC), credential phishing, or other attacks that prey on human nature – and human error.

 

Third party software poses an ongoing threat

Even though cybersecurity awareness has grown in recent years, many organizations in the financial industry struggle with new attacks. Drew Kilbourne of Synopsys summarizes from his company’s report on theories that these FIs need to increase their focus on third party software during threat assessments:

“When you dig into the report, you see that one of the big gaps across both big banks and small banks is third party software. So, people are not dealing with their third-party software risks well. They do a lot of third-party assessment, but it usually includes evaluating if you have locks on the door or if your firewalls are up, if you do background checks on employees, things like that.”

 

Ransomware invades the Internet of Things

New devices are connected every day, ranging from computer devices to smart tablets, wireless home managers, etc. However, each new device can be targeted by malicious actors. Aaron Vick of Forbes notes that, while most smart home devices don’t contain sensitive personal data, there is still risk from ransomware attacks:

“There's a lot of potential damage that could be caused by hackers who decide to target power grids or communications devices. If this happens, and they demand that the victim pay the ransom, attackers could choose to shut down the system on them. They could go a step further and target factory lines, hurting manufacturing. Once connected to a network, they could turn their ransomware loose on all types of different devices.”

 

New experiments in cybersecurity defenses

Several methods to combat these emerging threats are in early experimental stages. However, there is enough proof-of-concept work to see them expanded in the coming years. Alison DeNisco Rayome of TechRepublic describes a few of these new methods, referenced from the CB Insights NExTT study, including zero-knowledge proofing:

“Zero-knowledge proofs represent a breakthrough in data privacy, allowing multiple parties to confirm that they have knowledge of confidential information, without actually revealing that information, according to the report.”

 

A layered approach to security is the best prevention. Here are some suggestions:

  1. Identify gaps: Implement employee security-awareness training and create restrictive roles for your employees with privileged access. When properly trained, employees serve as the first line of defense. 
  2. Protect and prevent: Deploy layers of security that include endpoint security, email security, network security, applications security software and advanced malware threat detection. Although it can be pricey, this long-term investment can help prevent costly and reputation-damaging breaches. 
  3. Detect: Use risk-based detection. Analyze which organizations, countries and/or individuals pose a threat to your organization. Don’t ignore warning signs. 
  4. Respond and remedy: Incident response readiness and preparation can help you quickly respond to potential threats. Run test scenarios to improve employee response. 
  5. Prepare for recovery: Don’t forget to backup and encrypt your servers. Do this regularly, and keep a recently encrypted backup copy off-line.
     

This risk isn’t likely to go away in the coming years. Current perpetrators are succeeding, which encourages them to continue their activities and expand their targets and tools. This is also be likely to inspire copycats. Because of the potential consequences, ransomware will continue to be a major risk area.

The FBI has created a helpful document on preventing, responding to and recovering from ransomware. It’s available on the U.S. Chamber of Commerce website. The Financial Services Information Sharing and Analysis Center (FS-ISAC) also has some tips for safeguarding against ransomware. We encourage you to review these documents, stay engaged and learn more about this and the other cyber risks we face.

 

Read more on the topics of cybersecurity and how to protect your organization from fraud.

Related content

Cryptocurrency custody 6 frequently asked questions

How to spot an online scam

Complying with changes in fund regulations

Risk management strategies for foreign exchange hedging

Evaluating interest rate risk creating risk management strategy

Webinar: Approaching international payment strategies in today’s unpredictable markets.

Insource or outsource? 10 considerations

Automate accounts payable to optimize revenue and payments

Webinar: Mobile banking tips for smarter and safer online banking

Webinar: How to fight off fraud

Webinar: Protect yourself or your loved ones from elder fraud

Webinar: Tips to avoid today’s cyber threats

Authenticating cardholder data reduce e-commerce fraud

Increase working capital with Commercial Card Optimization

Fraud prevention checklist

The mobile app to download before summer vacation

Learn to spot and protect yourself from common student scams

4 ways to outsmart your smart device

Dear Money Mentor: What is cryptocurrency?

Money muling 101: Recognizing and avoiding this increasingly common scam

What you need to know about financial fraud

How you can prevent identity theft

Solutions banks can offer during the COVID-19 pandemic

Hospitals face cybersecurity risks in surprising new ways

Higher education strategies for e-payment migration, fighting fraud

5 steps you should take after a major data breach

Cybersecurity – Protecting client data through industry best practices

Why KYC — for organizations

The cyber insurance question: Additional protection beyond prevention

What is CSDR, and how will you be affected?

Post-pandemic fraud prevention lessons for local governments

BEC: Recognize a scam

Fight the battle against payments fraud

The latest on cybersecurity: Vulnerability testing and third-party software

The password: Enhancing security and usability

Tactical Treasury: Fraud prevention is a never-ending task

3 timeless tips to reduce corporate payments fraud

The surprising truth about corporate cards

White Castle optimizes payment transactions

Avoiding the pitfalls of warehouse lending

4 tips for protecting your business against Coronavirus-related scams

5 Ways to protect your government agency from payment fraud

Proactive ways to fight vendor fraud

The latest on cybersecurity: Mobile fraud and privacy concerns

How to improve your business network security

Government agency credit card programs and PCI compliance

Cybercrisis management: Are you ready to respond?

Business risk management for owners of small companies

Protecting your business from fraud

Webinar: A closer look at U.S. Bank AP Optimizer

The future of financial leadership: More strategy, fewer spreadsheets

How to improve digital payments security for your health system

Enhancing liquidity management: 4 benefits of visibility

Webinar: Fraud prevention and mitigation for government agencies

Webinar: CRE Digital Transformation – Balancing Digitization with cybersecurity risk

Webinar: Recording of the Central Securities Depository Regulation and Pivot

Webinar: CRE technology trends

Webinar: AP automation—solve payment challenges with an invoice-to-pay solution

Webinar: Robotic process automation

Webinar: Economic, political and policy insights

Webinar: CRE treasury leader roundtable

Webinar: Building digital bridges for treasury optimization

Start of disclosure content

Loan approval is subject to credit approval and program guidelines. Not all loan programs are available in all states for all loan amounts. Interest rate and program terms are subject to change without notice. Mortgage, home equity and credit products are offered by U.S. Bank National Association. Deposit products are offered by U.S. Bank National Association. Member FDIC.

U.S. Bank is not responsible for and does not guarantee the products, services or performance of U.S. Bancorp Investments, Inc.