Presentation is loading. Please wait.

Presentation is loading. Please wait.

CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit.

Published byAustin Griffin Modified over 7 years ago

Similar presentations

Presentation on theme: "CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit."— Presentation transcript:

1 CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017
Presented by Osato Omogiafo Head IT Audit

2 Presentation Overview:
OUTLINE Presentation Overview: CyberSecurity CyberSecurity Incident CyberCrime Q Cybercrime Report – Key Global Trends Report – Key Global Trends CyberSecurity Incidence 2016 NIBSS Industry Fraud Report 2016 Improving CyberSecurity Conclusion – CyberSecurity in 2017

3 CyberSecurity Cyber security refers to the body of technologies, processes, and practices designed to protect networks, devices, programs, and data from attack, damage, or unauthorized access. Cyber security may also be referred to as information technology security.

4 CyberSecurity Incident
Cybersecurity Incident is any malicious act or suspicious event that: Compromises, or attempts to compromise, the Electronic or Physical Security Perimeter of a Critical Cyber Asset, or Disrupts or attempts to disrupt the operation of a Critical Cyber Asset. Definition: Cyber Security Incident | Open Energy Information en.openei.org/wiki/Definition:Cyber_Security_Incident

5 CyberCrime

6 CyberCrime Cybercrime has jumped to the second most reported economic crime in PWC’s Global Economic Crime Survey, & financial institutions are prime targets. Cybercriminals increasingly attack, breach, & exploit organizations through more sophisticated threat patterns of phishing, & social engineering. Legacy IT systems are increasingly becoming a risk factor in the financial industry, as these systems are prone to more unpatched vulnerabilities. Payment card vulnerabilities have been linked to numerous bank frauds.

7 Q4 2016 Cybercrime Report Key Global Trends
122 million attacks were detected & stopped in real time; more than 35% increase over 2015. Growth in attacks outpaced overall growth in transactions, and the overall rejected transaction rate grew by 15%. Mobile-only users have increased across all industries. 45% of transactions now come from mobile devices, a 32% increase on the previous year. Majority of cybersecurity hacks have succeeded due to weak Information System Security in banks.

8 CyberSecurity Incidence 2016
Ransomware attacks were the most common type of cyber criminal activity in the year 2016. An uptick in the number, power & sophistication of distributed denial of service (DDoS) attacks. Data breaches, including the US Navy breach of personnel data due to 3rd party system compromise. Cyber crime in the financial sector was another hallmark of the year, series of bank heists associated with SWIFT. In November, Tesco Bank current accounts were hit by fraudulent transactions of hackers, and £2.5m lost through the online banking platform.

9 CyberSecurity Incidence 2016

10 CyberSecurity Incidence 2016
Nigerian banks continued to record electronic incidence through online banking channels & payment cards. A large percentage of the reported losses were attributed to insiders, who colluded with hackers to defraud the banks. Phishing scams were also on the rise with many bank employees falling for these scams, & giving out critical information to aid fraudulent transactions.

11 CyberSecurity Incidence 2016
Online fraud values in Nigerian banks increased in , for ATM, eCommerce & Mobile channels. Online fraud values on the Mobile Channel increased by 3,714% in Q3, 2016 (compared to Q3, 2015). Nigerian banking industry recorded 37.14% decrease in the amount lost to online fraud in Q4, 2016 (compared to Q4, 2015). Amount lost to fraud in Q4, 2016 from electronic channels is estimated at over NGN 173 million.

12 NIBSS Industry Fraud Report 2016

13 NIBSS Industry Fraud Report 2016

14 Improving CyberSecurity
Continuous benchmark of infrastructure & systems against leading best practices in cybersecurity. Improved responses to evolving cyber threats. Collaboration & continuous review and improvement among stakeholders cannot be overemphasized. Partnership between Financial Institutions & telecommunications firms, internet service providers, regulators and law enforcement agencies. Decrease in fraud loss figures in 2016 was made possible by collaboration among relevant stakeholders in the financial services industry.

15 Improving CyberSecurity
Every customer should: - Keep his/her online transaction credentials (User ID, Password, token/PIN ) confidential. Financial institutions should ensure: - Fraud awareness as part of customer on boarding. Regulators should: - Drive improved compliance with global security best practice & regulations. The government should ensure: - Establishment and equipping of Special Cybercrime unit within the Police Force.

16 Conclusion – Cybersecurity in 2017

17 Conclusion – Cybersecurity in 2017
Rise of the Global Mobile Customer: In 2017, mobile transactions will overtake web transactions across the globe. Ineffectiveness of Static Identity Data: In light of rampant data breaches, dynamic information around one’s digital identity will be crucial to differentiate between good & bad customers. The ‘Cybercrime Franchise in-a-Box’: 2017 will bring increased availability of tools that will allow criminals without technical skills to carry out sophisticated attacks.

18 Conclusion – Cybersecurity in 2017
Trust: Businesses need to deploy new digital identity solutions that establish the trust level of each user across all data, devices, locations, and behaviour—cross referenced in real time against worldwide threat intelligence. Rise of ‘Identity Farms’: New attacks will focus on gathering more information to beef up stolen identities, rather than immediate monetization.

19 Conclusion – Cybersecurity in 2017
Analytics is Crucial: Organizations will increasingly rely on dynamic behavioural analytics to identify high-risk behaviour on an individual user level. Behavioral analytics: Analysis of a user’s intricate and often diverse online footprint can give us a unique way of identifying anomalous and high-risk behavior Machine learning: This can provide a predictive model based on past behavior and transaction data, ideally using a clear-box approach to produce a more accurate and actionable model.

20

21

22

Download ppt "CYBERSECURITY INCIDENCE IN THE FINANCIAL SERVICES SECTOR March 28, 2017 Presented by Osato Omogiafo Head IT Audit."

Similar presentations

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.

Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.

Security and Trust in E- Commerce. The E-commerce Security Environment: The Scope of the Problem  Overall size of cybercrime unclear; amount of losses.
Acorn.gov.au The ACORN REPORT. PROTECT. PREVENT. acorn.gov.au What is cybercrime? REPORT. PROTECT. PREVENT In Australia, the term 'cybercrime' is used.

Acorn.gov.au The ACORN REPORT. PROTECT. PREVENT. acorn.gov.au What is cybercrime? REPORT. PROTECT. PREVENT In Australia, the term 'cybercrime' is used.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.

Are Large Scale Data Breaches Inevitable? Douglas E. Salane Center for Cybercrime Studies John Jay College of Criminal Justice Cyber Infrastructure Protection.
Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.

Security Awareness Challenges of Security No single simple solution to protecting computers and securing information Different types of attacks Difficulties.
Bank Crime Investigation Techniques by means of Forensic IT

Bank Crime Investigation Techniques by means of Forensic IT
Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.

Cybercrime Outlook on African banks Adwo Heintjes Global Head IT Audit & Ops Rabobank.
Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.

Lecture 11 Electronic Business (MGT-485). Recap – Lecture 10 Transaction costs Network Externalities Switching costs Critical mass of customers Pricing.
TRACs Security Awareness FY2009 Office of Information Technology Security 1.

TRACs Security Awareness FY2009 Office of Information Technology Security 1.
Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.

Cyber crime on the rise. Recent cyber attacks How it happens? Distributed denial of service Whaling Rootkits Keyloggers Trojan horses Botnets Worms Viruses.
1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB

1 Group-IB: Digital investigations and forensic Ilya Sachkov Group-IB
BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT
Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,
Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.

Security Awareness Challenges of Securing Information No single simple solution to protecting computers and securing information Different types of attacks.
Cyber Security Nevada Businesses Overview June, 2014.

Cyber Security Nevada Businesses Overview June, 2014.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.
Identity Assurance Emory University Security Conference March 26, 2008.

Identity Assurance Emory University Security Conference March 26, 2008.

Similar presentations

Ads by Google