We’ve all heard the high-profile names of retailers and financial institutions that were the victims of a data breach in the past year (looking at you, Target, Home Depot, eBay, Michaels, PF Chang’s, Goodwill, Michael’s, JPMorgan Chase, Neiman Marcus, and more). Clearly, cybersecurity is becoming a bigger issue every day and even the big guys can’t seem to fight hackers. Because of the nature of their business, financial institutions are likely to always be targets of these attacks.
AffirmX sat down with computer security expert Jay Ranade to ask him a few burning cybersecurity questions. Mr. Ranade is the author of more than 35 IT-related books, teaches at both New York University and St. John’s University, and conducts a two-day workshop of cyber security fundamentals presented by eDelta Consulting.
AffirmX: In this day and age, is it realistic to think that a bank or credit union can completely shield itself from a data breach?
Jay Ranade: No institution should expect to be able to eliminate all these threats. It seems that not a day goes by that we do not hear about cyber attacks. It makes sense, given that there is a continuous supply of cyber attackers and that there will always be weaknesses and vulnerabilities in any system. Sometime your controls will fail and you will get hit hard.
Therefore, your goal is to minimize such cyber risks to an acceptable level. Part of this is creating an incident response plan to correct any risky situations.
AffirmX: Beyond thieves looking for customer data, what other types of attacks should we be aware of?
JR: Recently, there was a well-publicized case related to email hacks of Sony, where allegedly a nation-state was involved stealing the information. Five or six years ago, one of the worst denial of service attacks was launched on US government websites which lasted for several days in July 2009. This attack basically shut down several federal websites, including those for the Secret Service, CIA, White House, etc.
In addition to these attacks, there have been many malicious viruses and worms causing havoc. Some notorious ones that come to mind are the Morris worm, Melissa virus, Code Red, the ILOVEYOU virus (which caused over $5 billion loss globally), and the Conflickr worm (which is still lurking around somewhere). One of the most notorious and advanced viruses of all time is Stuxnet, which performed targeted, but highly destructive, attacks.
AffirmX: What can financial institutions do to better protect themselves against such attacks?
JR: There is a great demand for cybersecurity experts in financial institutions, as well as within the federal government, the military, the private sector, and also nonprofit organizations. By some accounts, there’s a shortage of one million cybersecurity professionals.
According to my experience, universities have been pretty slow in meeting these demands (academia is usually a couple of years behind reality). In their place, some credentialing organizations have stepped up to fill in this gap. One of them is called (ISC)² and another is called ISACA. ISACA has launched a program called CSX (cyber security nexus). It’s certificate program is called Cybersecurity Fundamentals Certificate.
AffirmX partner eDelta Consulting has stepped forward to take the lead in cybersecurity training and is offering a class to cover the fundamentals that are prerequisite for the other certifications. It’s a course I teach. You may attend the class online or in-person in our New York City office Jan. 26-27, 2015.
For more information about the course, click here.
Video
Watch this video, in which Jay Ranade shares two simple things you’re probably doing right now that you should stop doing to enhance your personal cybersecurity.
cyber security tips