A ransomware attack that began in Europe on Friday, 12th May 2017, is lingering — and making headlines after cybercriminals hijacked hundreds of thousands of computers worldwide.
The most accurate description of the latest ransomware attack is the phrase officially published by Microsoft: "a wake-up call"!
Over the last few years we have seen growing awareness about global cyber security risks, however, it's not always going well with regular security audits, software updates and staff training. The most recent example of this is the "Wanna-Cry" attack, that targeted assets with outdated systems (that are sometimes in their EOL, and no longer supported for critical security patches) across industries (NHS in the UK, FedEX in the US, Renault in France, Government sector in Russia, and more). Scale of the attack and damages caused reveals massive risk for almost every IT asset around the world who is not audited, secured and updated on regular basis.
Cyber risks and threats in financial industry:
Global financial systems are powered and maintained by network of IT assets around the world. 24*7 trading and information exchange systems are two examples of complex backbone network structures that are used by individuals or companies in their daily operations in the global financial markets.
However, we often see outdated applications, unsupported technologies or bad practices in these systems, primarily due to one (or more) of the following reasons:
- Cost of implementing new technology, updating existing internal systems or migrating certain solutions from EOL stack into modern supported software is much higher for company / corporate assets than for individual users or SMEs. It's not just the investment but the multiple factors like, staff training, outsourcing audit services, end user awareness and external dependencies
- Many IT managers focus too much on securing edge perimeter of their networks (Firewalls/IDS/IPS) but are not prepared for internal threats. Many do not have proper procedures and policies in place that could define how to take actions against the threat that is already in the system. They consider Cyber Security changes as hard to implement, complicated and sometimes even unnecessary - treating ‘security as obstacle’.
- Specially in financial sector, when it comes to upgrading the operating systems or a software components (like database systems etc.) there is resistance to change – ‘why change something that’s working’. This is primarily because of the external dependencies, extensive testing required in change processes, global deployment issues etc. But such approach conflicts with Cyber Security principals, unless the software / hardware vendor provides active support and security patches for the platform. However, one should always be cautious and continuity plan in cyber security process. Outdated IT systems or bad security practices are only increasing risks to such ransomware and any other malicious attacks.
We are still exposed to, and in very high risk of, another "Wanna-Cry" similar attack. There is a high risk of "copy-cat-authors" or other external parties to utilize the security vulnerabilities in outdated software for another global attack. This attack showed how vulnerable digital society is and how important it is to keep our systems secure and updated. At Dion Global Solutions, our highest priority is keeping systems safe for our clients and their customers. We are working very closely with cloud service partners to ensure safety of all our hosted solutions and client database. We are following modern cyber security practices and lowering the layer of exposure of attack to absolute minimum. Our cloud solution offerings are powered by most advanced industry recognized Intrusion Detection and Intrusion Prevention systems in co-operation with regular updates, security audits and vulnerability assessment tasks.
To summarize, security is common responsibility - even in hosted services both parties customer and cloud service provider should be aware of security threats and work closely together to ensure whole cloud ecosystem is secured, up to date and with lowest possible attack surface.
Wanna-Cry generated considerable feedback from the Cyber Security industry and from the affected parties. The objective now should be to utilize this information to build stronger policies, guidelines and systems that will help avoid similar attacks and layer of exposure in the future.
In the end, reiterating the words of Microsoft’s Chief Legal Officer, Brad Smith:
"As cybercriminals become more sophisticated, there is simply no way for customers to protect themselves against threats unless they update their systems"
Dion Global Solutions
Dion Global Solutions is a trusted global financial technology company with expertise in building
solutions for wealth management & asset administration; retail & institutional trading and settlements;
FATCA, CRS & other tax compliances; real time payments; bank connectivity & case management; data
lifecycle management platform; and GRC audit. With presence in over 17 cities across 12 countries for
over two decades, company has built in-depth global fintech expertise to serve the specific and localised
needs of financial services firms across the globe. Dion has over 500 clients in more than 85 countries
supported by a worldwide staff of nearly 500, including more than 250 in product development.
For more information, visit dionglobal.com
MEDIA CONTACT:
Pooja Yadav
Dion Global Solutions
+91 120 4894 866
pooja.yadav@dionglobal.com
Technical Solutions Architect at Dion Global Solutions
- A member of Dion's technical services team, Dariusz is also a member of The Information Assurance Advisory Council (IAAC), a not-for-profit research organization in the UK the aims to work for the creation and maintenance of a safe and secure Information Society.
- connect@dionglobal.com
