Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/23/2014
03:15 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Financial Services Ranks Cyberattacks Top Industry Worry

Depository Trust & Clearing Corporation (DTCC) survey says cyberrisk is one of the top five concerns for financial services firms.

The financial services industry -- one of the most security-savvy and security-forward verticals in the world -- is increasingly getting nervous about cyberattacks.

A new report published today by the Depository Trust & Clearing Corporation (DTCC) for the third quarter of 2014 found that 84% of financial firms ranked cyberrisk as one of their top five concerns, up from 59% in the first quarter of this year. Next in the top five is the impact of new regulations (64%), geopolitical risk (62%), sudden dislocation in financial markets (43%), and disruption/failure of a key market participant (32%).

"No institution -- large or small, public or private -- is immune to a potential cyberattack," said Mark Clancy, DTCC corporate information security officer and CEO of Soltra.  "All of us need to become agile in response to these rapidly evolving threats by being able to share information about attackers’ activities between multiple stakeholders and shifting the model from individual institution’s static defenses to dynamic community responses. This shift requires both the maturation of operational capabilities and public policy frameworks to be successful."

The threat is real, given the long shadow of the massive breach at JPMorgan Chase revealed this month. Personally identifiable information (PII) for more than 76 million households and 7 million businesses were affected by the attack on the financial firm.

Close to 40% of financial firms say the probability of a "high-impact event" on the global financial system has intensified the past six months. That's a jump of 16% since the first quarter. Some 76% of firms say that over the past year, they have added more resources to detecting and mitigating "systemic risks." 

DTCC also published a whitepaper called Cyber-Risk: A Global Systemic Threat, that calls for more information-sharing among the public and private sectors as a way to fight cybercrime. While there has been some efforts here, the report says, intelligence-sharing is not well-coordinated.

The survey results are available here.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
10/27/2014 | 1:57:01 PM
Re: Report timing
@Kelly_Jackson_Higgins You are exactly correct, the breach is unsettling.  The fact that one of the largest companies within the most information security savvy sector was breached, and massively so, should be disturbing.  Attackers are pumping more money into finding new exploits than we are into new defenses.  I expect it will get worse before it gets better.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/24/2014 | 9:32:05 AM
Re: Report timing
The DDoS attack wave was one thing, but an actual breach at a financial institution as in the case of JPM is unsettling. The financial services industry is the gold standard in security and has one of the most effective and powerful threat intel-sharing ISACs. I would be the industry is reassessing and becoming more vigilant now.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/24/2014 | 8:39:02 AM
Report timing
I'm not surpised about the concern in the financial industry, giiven the timing of the 3Q report in relation to the JPMorgan breach. It will be interesting to see if cyberattacks continue to rank high if there isn't another high profile financial services breach in the near future. 
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21394
PUBLISHED: 2021-04-12
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.28.0 Synapse is missing input validation of some parameters on the endpoints used to confirm third-party identif...
CVE-2021-22497
PUBLISHED: 2021-04-12
Advanced Authentication versions prior to 6.3 SP4 have a potential broken authentication due to improper session management issue.
CVE-2021-3163
PUBLISHED: 2021-04-12
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field.
CVE-2019-15059
PUBLISHED: 2021-04-12
In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX information including extension numbers, contacts, and passwords.
CVE-2021-21524
PUBLISHED: 2021-04-12
Dell SRM versions prior to 4.5.0.1 and Dell SMR versions prior to 4.5.0.1 contain an Untrusted Deserialization Vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to arbitrary privileged code execution on the vulnerable application. The severity is Cr...