News

10:54 AM
Connect Directly
Facebook
Twitter
Google+
RSS
E-Mail
50%
50%

7 Security Predictions for 2014 from Booz Allen Hamilton

The consulting group previewed some of the important trends in cyber security that banks need to keep their eye on in 2014.

The sophisticated cyber attacks that banks experienced in 2013 will continue into 2014, Booz Allen Hamilton, a management consulting firm, said in its cyber security predictions for 2014.

Board members and executives have seen the threat landscape evolve with the high profile DDoS attacks this past year, turning cyber security into a bigger concern for all banks, the company said in a statement outlining the predictions, which was released this week.

“Our conversations with clients have significantly evolved from a focus on threats and capabilities to creating a balanced and holistic cyber security program that responds to an institution’s critical business risks,” Bill Stewart, Booz Allen’s senior vice president and head of commercial finance, explained in the statement.

Here are the consultancy’s top trends to watch in cyber security in 2014:

1. Making threat intelligence useful - Big banks have a great deal of data, but sifting through it all to find actionable intelligence and making use of it will be a big challenge next year. Threat intelligence will need to be joined with incident response, fraud and other areas.

2. Mobile threats - Emerging mobile malware threats that take advantage of vulnerabilities in mobile device platforms. One such threat, the Perkele Trojan crimeware kit seen in the Middle East, will likely spread elsewhere this holiday shopping season, Booz Allen predicted.

3. Emerging countries will experience more cyber attacks on banks - The growing wealth of emerging markets will make fraudsters take notice of the new and lucrative opportunities for them there. Countries in Latin America, the Middle East and Asia that are quickly modernizing their technology infrastructures will become more enticing targets for cyber criminals.

4. Attacks will spread to smaller institutions - Mid-tier and regional banks, wealth management firms and hedge funds don’t have the sophisticated cyber security systems and large teams of experts that bigger institutions have. Attackers will begin to shift their efforts to these easier targets over the next year.

5. New strategies for dealing with insider threats - Banks will start to develop new strategies that involve different teams across the organization to improve awareness of cyber security threats and how employees need to respond to them to help deal with social engineering attacks and other such threats.

6. Dealing with challenges created by the NIST framework - The NIST cyber security framework will make private sector businesses liable data destroyed or stolen in breaches. This will open the window for a growing insurance industry in the area of cyber attacks to help banks manage that liability, according to Booz Allen.

7. New needs around data security - More data will be moving to the cloud in the next year, which will require new security controls over the sharing of data. This will provide an opportunity for banks to improve their security architecture and integrate new controls. This will further the use of analytics in cyber security to deal with the volumes of data.

[For More On IT Security Trends, Check Out: Changing The Cloud Security Conversation]

Jonathan Camhi has been an associate editor with Bank Systems & Technology since 2012. He previously worked as a freelance journalist in New York City covering politics, health and immigration, and has a master's degree from the City University of New York's Graduate School ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Becca L
50%
50%
Becca L,
User Rank: Author
1/8/2014 | 10:38:57 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
And as far as realism goes, I hardly remember a word problem that sounded feasible. As I recall, few people buy that many bananas and apples in a single trip to the grocery store. And nobody should eat that many candy bars.
Becca L
50%
50%
Becca L,
User Rank: Author
1/8/2014 | 10:36:02 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Finally! A+, my friend.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
1/8/2014 | 10:35:02 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Ok I got this. Peter earns 50% less per hack, and Sally has hacked 2 banks for $18,000. That she means earns $9000 per hack (making the wild assumption that she somehow earns equal $$$ per hack). That means Peter earns $4500 per hack. And he has conducted 6X as many hacks as Sally, so he's done 12 hacks. 12 hacks X $4,500 = $54,000. Who says crime doesn't pay?
Becca L
50%
50%
Becca L,
User Rank: Author
12/26/2013 | 4:37:41 AM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Seriously... nobody?
IvySchmerken
50%
50%
IvySchmerken,
User Rank: Author
12/16/2013 | 6:22:36 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Smaller banking institutions, wealth managers and hedge funds may not have the resources to hire in-house cyber security experts. That's where consulting firms can come in to educate them. Insider training (as opposed to trading) is another method of protecting a firm from employees clicking on fraudulent emails. It sounds like banks and other FS firms have tons of intelligence data on cyber threats, and the issue is taking the time and resources to analyze it and extract meaning.
Becca L
50%
50%
Becca L,
User Rank: Author
12/16/2013 | 4:16:42 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
I imagine they would use word problems:

Peter has hacked six times as many firms as Sally, but because the institutions are smaller he earns 50% less per hack. Sally hacked two banks and has $18,000 in profits in her piggy bank

How much profit is in Peter's piggy bank?

Show your work.
Kelly22
50%
50%
Kelly22,
User Rank: Author
12/16/2013 | 2:47:58 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
Definitely agree with that. I'm used to weeding out spam on my laptop, but it's harder when that info has to be condensed to fit on a mobile screen. I'm guilty of opening emails I think are from real people, but didn't realize they were spam because I couldn't read the subject line or part of the email's content.
Byurcan
50%
50%
Byurcan,
User Rank: Author
12/16/2013 | 1:21:51 PM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
I wonder if there's a hacker algebra class that teaches what the optimal ration is for how many small banks you need to target to equal one large one?
Becca L
50%
50%
Becca L,
User Rank: Author
12/16/2013 | 5:40:01 AM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
If smaller institutions are easy targets hackers are going to do the math - several small hacks or one big one?

There are many vendor security solutions for smaller institutions, and I do hope these firms are carefully weighing their options.
Becca L
50%
50%
Becca L,
User Rank: Author
12/16/2013 | 5:37:31 AM
re: 7 Security Predictions for 2014 from Booz Allen Hamilton
#2 Mobile threats: great point about holiday shopping. Mobile is definitely the next frontier of consumer spamming, and it's difficult for a consumer to respond. One bad e-mail or unsecured page on a web browser and it can be all over.

On that note, from a consumer standpoint, I think sometimes when you see a spam e-mail on a computer it's easier to identify than on a mobile device. On a full screen I find you get a better sense of the headline or e-mail address being suspicious, but on a phone screen those clues are cut off. For example I might receive an e-mail titled the "Pottery Barn H0lid@y S-+Sale-+*@#", but on my mobile all I see is Pottery Barn... (does that make sense?).
Page 1 / 2   >   >>
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Janice, I think I've got a message from the code father!
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.