As cloud usage continues to evolve so should security standards; however it is extremely difficult to enforce a set of policies because of the very nature of the cloud – it is distributed within different geographic areas, with different regulations and even provided by different vendors based in multiple countries.
TRP: Are there any security concerns that are exclusive to the banking industry?
CC: Obviously the banking industry has to deal with a host of regulations and laws that do not affect other industries – from PCI DSS or Basel III to various state-specific laws such as Sarbanes-Oxley.
Not so obviously, to quote Willie Sutton, people rob banks because that's where the money is. An attack against a bank will make use of more money and technical expertise than a raid against a (comparatively) small credit card processor such as a chain store, for example.
Public clouds lure companies with the hope of standardisation and thus decreased costs, but this is also their biggest security downside. A breach in a cloud provider's security is a breach in all of its clients' operations.
TRP: In what ways can hackers and cyber criminals make use of IT systems and social means to manipulate financial markets?
CC: There are quite a number of attacks that can manipulate financial markets. The most frequently encountered type of attack is pump-and-dump spam: a type of campaign that attempts to artificially inflate the price of cheap stock by presenting stock purchases as the best thing that the user could do.
Often, pump-and-dump spam messages claim that company X has just put together a product that is so revolutionary it is going to increase the company's value thousands of times.
But pump-and-dump spam is not the only way to manipulate financial markets: a famous example being when cyber-criminals last year broke into the Twitter account of Associated Press, publishing fake news about the President of the United States being injured.
Because of its wide reach, the news caused the temporary collapse of the stock market.
TRP: What advice would Bitdefender give to businesses looking to simplify their security strategy?
CC: Online threats to small and medium businesses have never been so prevalent, or so complex. To counter the rising dangers of hacking, espionage, sabotage, phishing, viruses and data theft, we'd recommend businesses identify who needs to be educated, and then give them the correct tools to prevent real attacks by demonstrating what a cyber attack may actually look like, rather than just telling them to change their passwords often.
