Hackers gain momentum: Study

Advisors and their dealers need to work harder to protect their client’s confidential information, according to a new cyber-attack and data theft report, which identified the financial services sector as one of the hardest hit industries.

The report – released Thursday by Websense, Inc., which protects organizations against these types of attacks – outlines the latest shift in complex cyber-attack trends.

In particular, security researchers - who analyzed seven threat stages of advanced attacks- determined that the use of Zeuz malware- designed as a financial threat and key-logging Trojan – has dramatically increased and been repurposed to target vertical markets - other than financial services and manufacturing - including government and the communications industries.

“Cybercriminals continue to evolve their attack planning and execution to stay ahead of most existing security measures,” said Charles Renert, vice president of security research for Websense in a news release. “Even these more 'common' forms of attack are easily slipping past organizations without real-time defenses.”

Key findings from the report include:

• 85 per cent of malicious links used in web or email attacks were located on compromised legitimate websites
• 3.3 per cent of all spam contained malicious links and other malicious content
• The average number of website redirects used per attack in 2013 was four
• The maximum number of redirects used in a fully documented attack was 20
• Websites classified as Business and Economy, Information Technology, Shopping and Travel made the top 10 list of compromised redirect destination categories

In June 2013, IIROC released 7 steps to build up your security, which include:

1. Understand the risk: what technology is used and how, identify the security risks you are exposed to and perform security assessment against industry best practice.
2. Test your systems security and try to break in: perform a vulnerability scanning of the network and a penetration testing against your key systems to identify critical security exposures and vulnerabilities.
3. Develop a clear security roadmap: identify clear actions to address high vulnerabilities and risks.
4. Embrace compliance with laws and regulations.
5. Consider advanced automated security tool: professional and personal mobile devices; system log monitoring, protection against data leakage.
6. Security training and awareness for employees
7. Perform regular reviews of your security performance: annual or semi-annual.

 According to data from an ICSPA Key Cyber Crime Study:

• 7 out of 10 companies have been attacked
• Almost 8 in 10 companies don’t have internal a cyber-risk assessment process
• Only 3 in 10 companies have a plan in place and have personnel trained to respond to a cyber-attack
• 94 per cent of organizations surveyed were not accredited to national or international security standards
• Awareness of the Canadian cyber security strategy was 7 per cent
• Almost 5 in 10 companies did not know who to contact if a cyber-crime occurred

What are you doing to protect your system from being hacked? Tell WP about your strategy in the comment box below.

Related Stories:

Your client gets scammed by a referral. Are you responsible?