Data, whether it’s in motion or at rest, is constantly imperiled by hackers and fraudsters. This means that encryption is more important now than ever—a fact that most businesses around the world are quickly catching onto. Even as the consensus grows around the importance of encrypting both caches of stored data and communications like emails and other messages, however, there isn’t really a unified theory of how best to implement encryption in way that makes operational sense while minimizing potential attack vectors. As a result, around two-thirds of businesses list cryptographic key management as either a medium or large challenge.
In a survey of several thousand IT professionals across a dozen countries, 57% of respondents said that encryption key management at their company was “painful.” In a similar study, the risk and cost associated with key management was, on average, rated a seven out of 10. Those percentages change from year to year, but as the importance of encryption becomes increasingly obvious across different sectors, the total number of businesses dealing with serious encryption key pain is only going to go up.
At a SWIFT-run business forum a few years ago, a handful of banking insiders gave a rundown of the cybersecurity threats that keep them up at night. Some of what they were worried about was predictable—giant data breaches running hundreds of millions of dollars, adversaries getting smarter and more sophisticated, etc.—but some of it displayed a little more nuance. Some were specifically worried that they might completely miss a cyberattack and only realize what had happened much later (which is hardly an implausible scenario). Others were worried about the high rate of false positives in anti-fraud operations.
Right now, your bank is probably vulnerable to costly cyber attacks. Why? Because, like most financial institutions, you probably haven’t implemented end-to-end encryption or robust endpoint protection. It’s easy to understand why something like this could fall through the cracks—no one wants to shell out for a complex software solution whose purpose they don’t fully get—but the next big cyber bank heist is coming, and you probably don’t want to be the victim.
The online world is a bit like the American Wild West 150 years ago. Most people are genuinely good and honorable and are just trying to live their lives. Then you have the gunslingers and train robbers, those people who today are hackers and scammers just trying to make a fast buck at the expense of those good people.
The FBI is warning businesses about a growing threat to their confidential data—the Business Email Compromise (BEC) attack. This isn’t a new form of cyber assault, by any means, however, it is on the rise at an alarming rate. Whether this threat has just come onto your radar or you’ve been monitoring it for a while, there’s never been a better time to take preventative measures..
Data is big news. Whether it’s a tech company selling their users’ personal information, or a credit card company having a data breach that affects millions of people and potentially millions of dollars—data is on people’s minds these days.
In 2018, the Bank of Chile found that the malicious KillDisk virus had infiltrated 9,000 of its computers and 500 of its servers and was poised to wreak havoc on their internal systems. Understandably, they immediately went into crisis mode, working as quickly as possible to disconnect those workstations. During the ensuing flurry of activity, the hackers were able to perform their real attack completely unnoticed: $10 million worth of fraudulent SWIFT transactions that the bank was too busy to notice.
For attackers and fraudsters around the web, financial institutions have a great big ‘X’ marked on their backs. Some estimates suggest that banks and other companies in the financial sector are 300 times more likely to face cyber attacks than other businesses, with IBM suggesting that nearly 20% of the total cyber security incidents in a given year come from attacks on banks. Last year, Mastercard claimed that they were fighting off more than 460,000 intrusion attempts every day.