Of all the technologies to emerge in recent years, encryption and automation stand out as the all-stars in terms of cross-industry appeal. They also happen to be the two that stand to have the biggest impact on your organization’s data security. With the rise in data breaches, increasing instances of business email compromise attacks, and global concerns over big data—security has never been on more people’s minds.
When you think of data that 100% needs to be encrypted, what comes to mind? How about financial data? When your bank sends sensitive financial info about your clients to other institutions, what are you doing to secure that data? Chances are, you’re using keys generated by your in-house PKI, or Public Key Infrastructure, to encrypt financial messages as they move throughout your back-office ecosystem and reach their eventual endpoints (whether that’s the SWIFT gateway or another similar system).
The coronavirus pandemic has caused, among many other things, a massive uptick in the number of companies shifting to a work-from-home model. And with that shift has come a renewed focus on email security, since workers are now conducting their conversations on whatever device they have to hand rather than their (hopefully) encrypted and secure work computers.
Instances of cyber-attacks on banks and other financial institutions are on the rise. This may come as no surprise to you, but did you know that during the Covid-19 pandemic, these attacks have spiked an incredible 238%? That’s according to a report from VMWare’s Carbon Black cloud division. The same report states that over ¼ of all cyber-attacks this year have targeted either financial or healthcare institutions. What are you doing to ensure the privacy and security of your financial information?
Banks and other financial institutions are suffering under the weight of a staggering 238% increase in cyber attacks since the beginning of the Coronavirus pandemic and ensuing lock-downs. While there are myriad reasons for this added attention from bad actors, the simple fact remains that these organizations are vulnerable due to broad attack surfaces that include numerous distinct endpoints.
Let’s say you’re a pizza delivery person showing up at someone’s home: you expect him to pay for the pie you’re delivering, but when he opens the door he claims that he never placed an order and won’t accept the delivery. If the order was placed over the phone, there’s not much you can do. Someone might have spoofed the phone number in order to perform a prank, and there’s no real way to prove who actually placed the order. Luckily, the order was actually placed via a delivery app—meaning that the recipient had to sign in to an account associated with his address and credit card. Once you pull up the app on you phone and show the nogoodnik a record of the transaction, the jig is up, and he’s forced to pay out.
If you’re drawn to Thunderbird as an email client, there’s a good chance that you’re more security-conscious than the average internet user. The majority of email users across the web aren’t going to get excited about a free, open source, cross-platform email client that stays true to the tenets of the Mozilla Manifesto—but for those who do, Thunderbird presents an attractive alternative to some of the more well-known email clients on the market. That said, it doesn’t offer encryption protection for your emails right out of the box.
p≡p for email, the easiest and most secure solution for end-to-end email encryption – now available for all your devices
SWIFT CSP’s mandatory controls get more numerous and stringent with every yearly release, and it can be difficult for even the most tech-savvy banks to keep pace. Beginning in July 2020, for instance, self-attestations will require independent audit assessments that cover at least the mandatory controls. This audit can be conducted by an internal or external team, but SWIFT seems to be pushing for (and in some instances requiring) outside assessors to help banks understand their own compliance pictures.
Code source for encryption and other cybersecurity software is a sticky topic for many in the information security world. In one camp, you’ll find those who champion open source software as being inherently more secure. And opposite them, you’ll see those who say proprietary is the only way to go since open source has no accountability attached to it. The broader open-source vs closed-source debate has been raging for decades, since the early days of software. Both sides have their prominent proponents and just as prominent opponents.