CYBER SECURITY

CYBER-SECURITY IS MUCH MORE THAN A MATTER OF IT.

If you want to build security, avoid straining people to respect complex security tasks, but rather teach them to be vigilant and how to long for convenient and safe solutions.

Cyber risk management across the lines of defense

Staying safe is no longer just about deflecting attackers. It’s about staying 

ahead of attackers who are already inside the organization, and banks are doing this by having three lines of defense.

First line: Business units and information security teams with direct accountability for owning, understanding and managing cyber risks

Second line: Risk managers responsible for aggregate enterprise-wide cyber risks, who are granted independent authority to effectively challenge the first line's approach to cyber risks

Third line: Internal audit team providing assurance of overall cyber risk governance for the enterprise

VIRUSES, PHISHING AND IDENTITY THEFT

The Many Forms of Malware
“Malware,” or “malicious software,” refers to programs designed to invade and disrupt victims’ computers. Malware might be used to delete and destroy valuable information; slow the computer down to a standstill; or spy on and steal valuable personal data from the victim’s computer. The best-known types of malware are viruses and worms, which infect computers, replicate,
and spread to other computers. They might be transmitted via email or across networks. Another type of malware is the Trojan horse. Like its namesake from Greek legend, a Trojan horse looks like a gift – but when you click on it, you’re downloading a hidden enemy. Spyware is a type of malware that collects information without the victim’s knowledge. Some forms of spyware gather personal information including login accounts and bank or credit
card information. Some may redirect your browser to certain websites, send pop-up ads, and change your computer settings.

Phishing and Social Engineering
Kevin Mitnick, once a notorious computer criminal and now a security consultant, summed up in an August 2011 TIME magazine interview the ways criminals combine plain old psychological trickery with malware-creation skills – a combination referred to as social
engineering.

It is said that a hacker may learn your likes and dislikes from your posts on Facebook. “If I know you love Angry Birds (a popular smartphone game), maybe I would send you an email purporting to be from Angry Birds with a new pro version. Once you download it, I would have complete
access to everything on your phone,” Mitnik said Attacks like this are a form of phishing. Through phishing and social engineering, computer hackers trick victims into handing over sensitive data – or downloading malware – without thinking twice.

Keep antivirus software up to date. Install software patches and security updates for your antivirus software on a regular basis. They will help protect your computer against new threats as they are discovered. Many vendors and operating systems offer automatic updates.If this option is available, you should enable it.

Install or enable a firewall.
Firewalls protect against outside attackers by shielding your computer or network from malicious or unnecessary Internet traffic. They are especially important for users who rely on “always on” connections such as cable or Digital Subscriber Line modems. Some operating systems include a firewall; if yours has one, you should make sure it is enabled. If not, consider purchasing a hardware- or software-based firewall.

Use antispyware tools.
Many antivirus software packages are sold with antispyware tools included.
Note: Many vendors produce antivirus software. Deciding which one to choose can be confusing. All antivirus software essentially perform the same function, so your decision