More and more banks are employing ethical hackers to locate the cracks in their cybersecurity frameworks. During RMA’s latest Risk Readiness Briefing, Rob Shapland, Head of Cyber Professional Services, Falanx Cyber, provided an inside look at what ethical hackers do and the latest cyber threats to financial institutions.
Shapland described what his job as an ethical hacker entails. The process involves open source intelligence gathering to build a convincing phishing attack and on-site reconnaissance to physically break into a building to test its security and overtake a network. Institutions often discover through these simulations that their staff is insufficiently trained, visitor validation is inadequate, sensitive information is protected only by Windows credentials, among other shortcomings.
Shapland offered three recommendations for financial institutions to prevent actual attacks on their networks. First, he stated the importance of training staff. Effective training includes real-life examples to support the requisite do’s and don’ts. Second, a financial institution needs to focus on its IT hygiene. Shapland stressed the necessity of two-factor authentication and keeping the system up to date. Lastly, he emphasized password complexity. Shapland suggested utilizing passwords that were a collection of random words containing one misspelling as a strong deterrent to cyber hackers.
A recording of the webinar is available for download here.