Cybersecurity: a long term sucess for businesses
23 October 2024
Brief-your-board 1/25: Finance and insurance
Addressing security topics at management level, backed by first-class research facts
Cyber Security is vital to remain in business. Every CISO, every analyst, every defender knows that. Carefully observing the dark web we see evidence that the number of Cyber Extortion victims grew by at least 26% yoy, with attackers getting much more aggressive lately. The number of vulnerabilities grows by thousands every month, with no sign of slowing down. And state-backed actors with deep pockets and lots of time sneak their way into corporate networks with sophisticated techniques, stealing know-how and essential IP.
But where to start? How to support IT teams in making better use of their budget? And how to explain such topics to non-technical managers, equiping them with sufficient insight to make the right decisions in navigating their organization through the treacherous waters? That's where the executive briefing kit (EBK) can help.
Download the EBK 1/25 for Finance & InsuranceYou're a defender, you can make a difference!
The good news is: there are ways out of the crisis. Advanced technology and numerous experts and researchers are constantly pushing the limits of what can be done to prevent, detect and respond to cyber attacks. If you're looking for a way to address the most urgent pain points of your industry in a way that is understandable to your directors read on. We want to share something with you that you will find quite usefull. It gives you the information and detailed background on your industry: what has happened in the past few months that impacted your vertical? How does it compare to other industries in terms of vulnerability, incident response times and cyber extortion? And most importantly: what options do you have to adapt to this threat situation and help your business? These are some of the questions you will find answered in the EBK.
Our researchers have assembled key insights in a briefing for you, and added to that a streamlined, condensed presentation that is understandable for a non-technical audience. It gives you everything you need to confidently talk about ways to improve the security situation of your company, and get it across to decision-makers.
Newsflash: What has been impacting Finance & Insurance in Q4 2024?
Intelligence from our CERT and research analysts have identified the following topics of interest for your industry:
Orange Cyberdefense CERT recently observed several highly critical vulnerabilities exploited in practice by threat actors
Most of them were related to remote connection technology like VPN or security assets like firewalls
Some state-affiliated activity has been observed too, also exploiting vulnerabilities in remote access tech, as well as sophisticated attacks to steal information from WiFi connections and Phishing
Two out of three incidents have been triggered by an outsider, one has been triggered by an insider (malicious or non malicious, e.g. through unauthorized access or misconfiguration)
Though the finance sector is in the upper middle field in terms of vulnerability handling across the industries we see (score of 8 out of 13), we still see critical vulnerabilities being unpatched for 136 days
Our CyberSOC customers are a bit above the average in responding fast to incidents with a mean time taken for an incident to be resolved of 56 hours (avg: 65 hours)
This affects the Finance Industry in three critical ways:
1. Traditional remote access technology like VPN is challenged very frequently. Investment into more modern concepts can reduce risk significantly.
This increases potential damage and financial loss in case of a serious attack.
2. Finance is a target for high-profile, state-affiliated actors, using advanced techniques and potentially have motivations beyond just financial gain.
Countering state affiliated APT groups requires advanced detection and threat hunting operations.
3. Patch Management is a challenge, but also a vital lever to improve the situation.
Critical vulnerabilities remaining open for over 136 days give attackers an extensive window of opportunity to cause damage
Download the EBK 1/25 for Finance and Insurance!
Brief your board on
- how to deal with legacy technology, that increasingly becomes a risk-driver
- protection against state-backed APTs and hacktivist activity
- efficently managing vulnerabilities and patching without being overwhelmed
If you need further support we have your back! You can book a meeting with one of our strategic advisors to get a full walk-through of all the topics.
