Sharing data on cyber-attacks is helpful for financial institutions, but it is time for them to reboot their thinking on cyber-security.
“We know that the threats are no longer Matthew Broderick with his Commodore 64,” said Russell Stern, CEO of Solarflare. “We are talking about nation-state sponsored attacks on the US financial infrastructure as well as in Europe and other countries.”
Compounding the problem is the proliferation of Web-facing applications that forces firms to conduct secure private business across the public network, which has made security issues much more complicated, he added.
However, Stern noted that as the attack methods have changed, so have the people who are responsible for stopping them.
Russell Stern, Solarflare
“They used to be UNIX administrators and people who were CCIE-trained or something,” he said. “Now, I find them being former members of the Department of Defense, National Security Agency, Central Intelligence Agency. They’re people that know how to think like the bad guys.”
Stern also suggest that organizations should go beyond thinking of firewalls and network routers as their final lines of defense against cyber-crime and look to network adapters, which connect servers to the rest of the world.
In the upcoming release of Solarflare’s 8000 series of adapters, the vendor plans to include access control that resembles the physical access control exchanges deploy within their data centers.
“In each server adapter, we are bonding the adapter to that server and only letting people with the ‘keys’ in,” explained Stern. “This turns a firm’s technology problem into a personnel problem. Now they have worry if one of their employees is a spy who is trying to compromise the bank.”
Besides access control, Stern also believes that a network adapter with a black/white list capabilities could cut down on distributed denial of service attacks as well as recent ransomware attacks on Synology network attached storage devices.
This basically would be equivalent to a firewall built into every server in a firm’s environment, which could filter traffic based on any element in a messaging packet’s header, he added.
For more on Cyber-Security:
- EU Adopts Cybersecurity Rules
- OPINION: Read This or the File Gets It
- SWIFT Hackers Targeted More Than Banks
NEWSLETTER SIGN UP
And receive exclusive articles on securities markets
As Technology Evolves, Asset Managers Adapt and Innovate
Citi Changes Organizational Structure
SEC Charges Virtu for Disclosures Relating to Information Barriers
ICE Futures Singapore Partners with CoinDesk Indices
Related articles
-
Third-party risk was the headline culprit in 2023.
-
Regulators have proposed new rules for operational resilience and cyber security.
-
An unauthorized party took control of an SEC cell phone number in an apparent “SIM swap” attack.
-
Staff are coordinating with appropriate law enforcement and federal oversight entities.
-
SEC should provide a briefing to Financial Services Committee staff no later than 17 January 2024.