This article was originally written for Credit Union tech-talk, a technology newsletter for credit union professionals and vendors. It is featured on their website here.
Over 3 billion email addresses, usernames and passwords, and growing. That’s the number of compromised account credentials being traded and sold on the dark net that LookingGlass has identified and collected in its database. Even more concerning is the number of compromised account credentials associated from financial institutions that have been obtained through targeted phishing attacks and drive-by downloads. These attacks lead to breaches of personally identifiable information of all forms, including credit card numbers, bank account numbers and social security numbers.
In the face of these seemingly insurmountable odds, not only are security teams searching for better ways to keep their organizations secure, but they are also experiencing security fatigue. Trying to keep up with the bad guys is exhausting the resources of even the best staffed and funded security organizations, many of which are the same financial institutions being targeted by the threat actors.
When infamous American bank robber Willie Sutton was asked why he robbed banks, his answer was eloquent in its simplicity, he said, “Because that’s where the money is!” Rather than use bombs and bullets, today’s bank robbers use Phishing: The use of emails that appear to be from a legitimate, trusted source that are enticed to trick recipients into entering valid credentials including personal information such as passwords or credit card numbers into a fake platform or service. LookingGlass Cyber (n) - tailoring an attack (such as email) to garner trust and credentials that are then used maliciously. The preverbal digital version of the ol' hook and bait. attacks, drive-by downloads of malicious software and botnets to achieve their goals.
Organizations need highly scalable solutions to meet their needs from both a size and level of security operations sophistication and maturity perspective. Some may want to start with threat data feeds. That data or intelligence is then run through mitigation products such as SIEMs, firewalls and mitigation solutions to stop threats. Others, as they begin integrating multiple threat feeds, turn to a Threat Intelligence: Evidence-based knowledge about an existing hazard designed to help organizations understand the risks common and severe external threats, used to inform decisions regarding the subject’s response. LookingGlass Cyber (n) - Actionable, relevant, and timely information that can help when assessing the security posture of an organization. A little more left. No no, that’s now too far... platform for help. And then there are those who may choose to augment their security operations with threat intelligence analysts and services.
The bottom line is that it is critical to have a range of technology options that are easy to use and can evolve with an organization as it matures. In a time where hackers are looking to exploit any and every vulnerability, financial institutions need access to threat intelligence-driven security solutions that combat these threats in near real-time. Solutions that take the emphasis away from “how much data can we gather” and instead focus on providing actionable intelligence that show results.
As cyber security regulations tighten, financial institutions now more than ever need unprecedented visibility into their cyber risk to stay one step ahead of the threat. The LookingGlass ScoutShield™ Threat Intelligence Gateway and the LookingGlass Cyber Attack Surface Analysis offerings are two examples of products that when deployed (individually or integrated into a broader cyber security defensive system) deliver unprecedented visibility into an organization’s cyber risk and provide real-time protection from phishing attacks, drive-by malicious downloads, and infected devices communicating with command and control servers attempting to steal your data.
With solutions like these, along with a deep understanding of global internet risks and activity, LookingGlass serves as a trusted technology partner not only helping individual security professionals and security teams battle cybercrime, but also preventing the security fatigue that comes with the battle.