Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

10/23/2014
03:15 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Financial Services Ranks Cyberattacks Top Industry Worry

Depository Trust & Clearing Corporation (DTCC) survey says cyberrisk is one of the top five concerns for financial services firms.

The financial services industry -- one of the most security-savvy and security-forward verticals in the world -- is increasingly getting nervous about cyberattacks.

A new report published today by the Depository Trust & Clearing Corporation (DTCC) for the third quarter of 2014 found that 84% of financial firms ranked cyberrisk as one of their top five concerns, up from 59% in the first quarter of this year. Next in the top five is the impact of new regulations (64%), geopolitical risk (62%), sudden dislocation in financial markets (43%), and disruption/failure of a key market participant (32%).

"No institution -- large or small, public or private -- is immune to a potential cyberattack," said Mark Clancy, DTCC corporate information security officer and CEO of Soltra.  "All of us need to become agile in response to these rapidly evolving threats by being able to share information about attackers’ activities between multiple stakeholders and shifting the model from individual institution’s static defenses to dynamic community responses. This shift requires both the maturation of operational capabilities and public policy frameworks to be successful."

The threat is real, given the long shadow of the massive breach at JPMorgan Chase revealed this month. Personally identifiable information (PII) for more than 76 million households and 7 million businesses were affected by the attack on the financial firm.

Close to 40% of financial firms say the probability of a "high-impact event" on the global financial system has intensified the past six months. That's a jump of 16% since the first quarter. Some 76% of firms say that over the past year, they have added more resources to detecting and mitigating "systemic risks." 

DTCC also published a whitepaper called Cyber-Risk: A Global Systemic Threat, that calls for more information-sharing among the public and private sectors as a way to fight cybercrime. While there has been some efforts here, the report says, intelligence-sharing is not well-coordinated.

The survey results are available here.

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Robert McDougal
50%
50%
Robert McDougal,
User Rank: Ninja
10/27/2014 | 1:57:01 PM
Re: Report timing
@Kelly_Jackson_Higgins You are exactly correct, the breach is unsettling.  The fact that one of the largest companies within the most information security savvy sector was breached, and massively so, should be disturbing.  Attackers are pumping more money into finding new exploits than we are into new defenses.  I expect it will get worse before it gets better.
Kelly Jackson Higgins
50%
50%
Kelly Jackson Higgins,
User Rank: Strategist
10/24/2014 | 9:32:05 AM
Re: Report timing
The DDoS attack wave was one thing, but an actual breach at a financial institution as in the case of JPM is unsettling. The financial services industry is the gold standard in security and has one of the most effective and powerful threat intel-sharing ISACs. I would be the industry is reassessing and becoming more vigilant now.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
10/24/2014 | 8:39:02 AM
Report timing
I'm not surpised about the concern in the financial industry, giiven the timing of the 3Q report in relation to the JPMorgan breach. It will be interesting to see if cyberattacks continue to rank high if there isn't another high profile financial services breach in the near future. 
Can Your Patching Strategy Keep Up with the Demands of Open Source?
Tim Mackey, Principal Security Strategist, CyRC, at Synopsys,  6/18/2019
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12346
PUBLISHED: 2019-06-24
In the miniOrange SAML SP Single Sign On plugin before 4.8.73 for WordPress, the SAML Login Endpoint is vulnerable to XSS via a specially crafted SAMLResponse XML post.
CVE-2014-9699
PUBLISHED: 2019-06-24
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthenticated attackers through this HTTP server.
CVE-2019-7231
PUBLISHED: 2019-06-24
The ABB IDAL FTP server is vulnerable to a buffer overflow when a long string is sent by an authenticated attacker. This overflow is handled, but terminates the process. An authenticated attacker can send a FTP command string of 472 bytes or more to overflow a buffer, causing an exception that termi...
CVE-2017-17945
PUBLISHED: 2019-06-24
The ASUS HiVivo aspplication before 5.6.27 for ASUS Watch has Missing SSL Certificate Validation.
CVE-2019-10271
PUBLISHED: 2019-06-24
An issue was discovered in the Ultimate Member plugin 2.39 for WordPress. It allows unauthorized profile and cover picture modification. It is possible to modify the profile and cover picture of any user once one is connected. One can also modify the profiles and cover pictures of privileged users. ...