Human error and disinterest are among the biggest challenges for CISOs and their security teams, but could the much-lauded ‘gamification’ be the answer to their problems? One bank is about to find out.
As reported by the Financial Times this week, Goldman Sachs is turning to so-called ‘cybersecurity war games’ to make sure its 8,000 technology staff are up to speed on the techniques and tactics being used by criminals to steal and delete bank data, undermine privacy, and threaten banking operations.
Goldman Sachs, the American multinational investment bank and financial services company, has supposedly become the first bank to sign-up with Immersive Labs, a UK-based security training organization that offers continuously-evolving learning tests and games on cyber-security threats.
On its website, Immersive Labs says that it provides a ‘game-changing practical learning environment to develop and test cyber skills’, with its SaaS platform enabling you to ‘get all the features of a cyber range, without moving from your desk’.
Training Customers for Battle? Um, No.
As we reported last week, it’s evident that new defensive methods are required, especially given the rising sophistication of criminal attacks.
For banks, this largely comes down to properly identifying the threats they face and the resources they have at their disposal to combat those threats. To stay on top of this, they must carry out continued risk assessments, vulnerability scans, and network and application penetration tests. They must also work both top-down (CEO down) and bottom-up (employees up) to identify what’s really worth protecting.
This example with Goldman Sach is a fine one of a bottom-up approach and it’s important too given how most criminals start with those ‘low hanging fruit’ attacks – phishing and social engineering. For example, shortly after the UK-based TSB Bank suffered a massive IT outage last month, it was no surprise to learn that phishing emails targeting the bank’s customers had soared.
The trouble for most banks is while they have some control over their own employees, it’s not so easy to protect their millions of customers, many of whom may not be technically literate, and who are connecting from a dizzying array of devices, operating systems and browsers.
This is a particular problem as millions of banking customers increasingly adopt web and mobile-based banking.
As we’ve discussed before, web applications are usually the most visible part of the business and are often the focus of cyber-attacks. However, hackers often turn to end users, especially unmanaged end users (those who are not on devices owned by the company), as softer targets.
While security awareness is increasingly in focus – both for organizations like Goldman Sachs for also for governments and public offices trying to educate ordinary, everyday citizens – it is extremely unlikely that every single banking user will take the initiative to protect themselves. Therefore, banks have to revise their approach to protect themselves and the transactions with their customers.
Full Transaction Stack Protection means extending invisible protection to the end user devices, detecting and blocking threats on the user side. This protection defeats malware that tries to steal user data, manipulate web sessions, and modify sensitive transactions.
Trusted Knight’s Protector Air is the only unified solution for addressing security and fraud through Full Transaction Stack Protection. Protector Air is transparent to customers and seamless to implement. To find out more please visit one of the following links: