IPC to banks: Your cybersecurity measures are not enough
Local cloud services pioneer and IT security specialist IPC strongly urges financial institutions to safeguard their systems by deploying up-to-date security measures to ensure data and network protection. IPC called on banks to check on their current data security setup, stating that even the most secure institutions are not exempt from the alarming increase in crimes perpetrated online.
“This is a reality that has caused the loss of significant revenue for many businesses. The global recorded cost of cyber attacks is at $400-500 billion dollars per year― roughly fifty percent of which is from DDoS attacks,” said IPC President Rene Huergas, citing data from DDoS Mitigation partner Nexusguard. Unless executives take stock of this as a serious issue at hand, companies are most likely to lose more.
IPC acknowledges that some institutions may have inadequate system and network security layers to protect them from cyber attacks. “This poses an even greater danger to both the customer as well as the institution. As data and network security is a commodity in this day and age, now is the best time to recognize that the threats are real and can make businesses vulnerable and susceptible to attacks; banks and financial institutions being the most inclined to this kind of attack,” added Huergas.
Just recently, several Iranian hackers have been indicted following a well-orchestrated cyber attack on US banks. The criminals hit the banks with DDoS (Distributed Denial of Service) attacks on an almost weekly basis, flooding their servers with illegitimate traffic that slowed websites down and caused millions in lost business.
“Perpetrators have been launching DDoS attacks to mask the other ways by which they compromise systems,” said IPC Director for Product Management and Marketing Niño Valmonte. “Financial institutions, especially those with online transactions (e-payments, online banking), must remain vigilant against these threats or they’ll easily lose their client’s trust and consequently, their business.”
While DDoS attacks are considered the world’s most costly cyber crime, cyber attacks that involve malware, phishing, password attacks, MITM (Man-in-the-middle), Drive-by downloads, malvertising, and rogue software are also widespread. In fact, it was found that the Philippines’ vulnerability to cyber crimes has statistically doubled. A large percentage of computers in the country have been invaded by malware, the same intrusive software initially found to have allowed the illegal electronic transfer of funds in the Bangladesh case.
This condition poses a real and imminent threat as records from the Bangko Sentral ng Pilipinas show that around 22 million people utilize electronic banking services and channels and that the volume and value of e-money transactions keep growing over the years. The figure continues to increase each year as more and more people join the workforce and make use of a bank’s facilities. This translates to the overwhelming amount of data that is at risk.
“Cyber attacks have been growing in size and becoming more and more complex. While they can’t be scrapped entirely, employing security features and updating them every once in a while will help ensure that disruptions to business processes are at a minimum,” Valmonte said.
IPC, through its ThinkOutCloud™ initiatives, has been continuously educating enterprises and the public about the threats that jeopardize data and other properties stored online. To prevent the possibility of having sensitive data compromised, IPC recommends that at the most basic level, installation of updated anti-virus protection and firewalls, as well as utilization of Secure Socket Layer (SSL) encryption and cookies should be done to ensure the security of connection.
“But it doesn’t stop there. Depending on the needs of the institution, additional security measures have to be in place. It is also as important to regularly review and assess whether these security measures are being implemented and are functioning well,” Valmonte explained.
Businesses that do not have a core competency on data and network security may leave it to experts like IPC to conduct rigid vulnerability assessments to ensure that all bases are covered.
“IPC has been in the business of security for over ten years, it is the de facto security provider for majority of companies nationwide. Financial institutions should rethink their data security measures if they would like to ensure that their data and network are safe from the imminent threats and attacks looming,” Huergas explained.
As the country’s pioneer DDoS Mitigation service and data security provider, IPC has best-in-class facilities that are ISO 27001:2013 Information Security Management Systems-certified. Moreover, IPC is partnered with the world leaders in DDoS mitigation and it is the first and only DDoS Mitigation Service provider that has an in-country DDoS scrubbing center, addressing data sovereignty concerns.
“Because we are in the business of data centers, security is in our DNA. It is something that we take seriously on a day to day basis. All companies—big and small—can be the subject of attacks. The only way we can eventually destroy these threats is if we adopt a defensive mindset,” concluded Huergas.