Connect with us
Finance Digest is a leading online platform for finance and business news, providing insights on banking, finance, technology, investing,trading, insurance, fintech, and more. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

TECHNOLOGY

By Omar Yaacoubi, CEO, Barac

The financial sector has long been a prime target for cybercriminals. The kudos associated with breaking into a financial organisation, coupled with lure of harvesting and selling on high-value customer data, means the industry finds itself under near-constant attack. According to the Government’s 2018 Cyber Security Breaches Survey, some 57 percent of financial services companies experienced a cybersecurity breach or attack in the previous year. Across all business sectors, the figure was considerably lower, at 43 percent.

Omar Yaacoubi

Omar Yaacoubi

Financial firms understand that they are being singled out by the criminal underworld and spend a small fortune protecting their networks from these attacks. Encryption, in particular, has emerged as a key defence. It ensures that, even if a hacker does penetrate a network, they cannot access or make use of the sensitive data.

Moving to the cloud and the introduction of stricter compliance regulations and privacy laws – most notably, GDPR – has accelerated the adoption of encryption solutions. Google estimates that, this year, some 80 percent of internet traffic will be encrypted as organisations attempt to avoid the large fines associated with non-compliance and, of course, protect their sensitive data from external threat actors.

Encryption poses new security risks

While encryption undoubtedly plays a critical role in protecting financial and customer data, its growing popularity has spawned a new risk for the financial sector: encrypted malware.

Just as encrypted traffic makes it harder for hackers to access valuable data, it also makes it more difficult for organisations to identify and block malware. PWC estimates that by the end of 2019, some 60 percent of all malware will be hidden inside encrypted traffic flows. Many organisations have seen this first-hand. A CIO survey by Vanson Bourne found that 90 percent of organisations had experienced – or expect to experience – a network attack using the commonly deployed Secure Sockets Layer (SSL) encryption or its successor, Transport Layer Security (TLS) encryption during the course of this year.

The biggest example is Equifax where hackers used the cover of SSL and encrypted traffic to exfiltrate the valuable data in order to avoid detection by the company’s security tools.

Why encrypted malware is hard to spot

Encrypted malware has become the hacker’s attack vector of choice because traditional security tools have become ineffectual in protecting against it. Simply put, many of today’s popular cybersecurity solutions are unable to see inside encrypted traffic. To check for malicious code, they first have to decrypt all of the network traffic, before performing a scan, re-encrypting it and then forwarding the data packets on to the intended recipient. This process is the most commonly used approach to catch hidden malware, yet it comes with many flaws.

The decryption process is extremely compute intensive and can negatively affect the performance of the network, limiting the capabilities of nearly all firewall and Intrusion Prevention Solutions (IPS) available on the market today. Growing volumes of encrypted traffic mean there are more and more data packets to decrypt, scan and re-encrypt. These increased loads can stop devices from functioning altogether. As a result, some organisations give up following this process, and allow encrypted traffic flows onto their networks without scanning for malware.

The same decryption process could also be placing financial institutions in breach of the very compliance regulations that encryption was deployed to address. In decrypting the traffic, there will be a short period when the data is in plaintext and visible to all, putting a mass amount of sensitive data at risk.

Decryption might not even be technically possible for too much longer. The introduction of the new Transport Layer Security (TLS) 1.3 protocol – which, includes stronger encryption processes in order to prevent hackers from snooping on sensitive data – will also prevent the decryption of traffic to search for malware. Whilst the previous TLS 1.2 protocol allowed for clients and servers to decrypt and scan traffic, the newer version, introduced in August 2018, has stricter regulations meaning this ‘passive mode’ encryption is no longer possible.

 New problems require new solutions

Banks need to find alternatives to decryption as a way of protecting against the hidden threat of encrypted malware. While many organisations are aware of the critical importance of investing in new technology for the future, it’s another thing to bite the bullet and adopt these types of solutions. Indeed, Accenture’s 2018 State of Cyber Resilience Report found that although 83 percent of organisations agree that new technology is an essential tool, only two out of five are investing in AI, machine learning and automation technologies.

Yet encrypted malware is one threat that can already be nullified by these new technologies.

Using machine learning techniques and behavioural analytics to scan the metadata of encrypted traffic (rather than the actual contents), new tools are emerging that learn the difference between ‘good’ and ‘bad’ traffic. This provides financial organisations with the ability to block encrypted malware without the need for decryption, all in real-time and with no concerns over compliance or network performance.

Continue Reading

Recent Posts