Category: BAI Security Blog
Banks Take Action

WARNING: LARGE BANKS FACE DOS THREATS – SMALL BANKS TAKE ACTION

When the Financial Services – Information Sharing and Analysis Center (FS-ISAC) raises its threat level from “elevated” to “high”, banks need to take action.  The combination of the recently publicized rise in cyber-attacks against financial institutions and the number of institutions increasingly vulnerable make this a time for action. While the headlines are focusing on Denial-of-Service (DoS), the most common and serious hacking schemes involve remote access, keyloggers, and more generalized Trojan software. The foundation for many of these threats that result in a successful compromise often relate directly to the underlying weaknesses (i.e., vulnerabilities) in operating systems and applications. Hackers and organized cyber criminals using techniques like phishing, webpage redirection, and other common social engineering tactics are taking advantage

Read More »
BAI Security October 16, 2012
Computer Security Employees

REAL WORLD SOCIAL ENGINEERING ATTACKS … IN THE TRENCHES WITH AN AUDITOR

How well are your users prepared for modern-day social engineering attacks?  If you’re like the majority of management personnel I speak with during our pre-audit consultations you’re wary, but confident that your staff has properly prepared your employees from this threat to your organization. In response, I routinely explain that it is admirable that you have that kinds of faith in your managers and user base, but based on our statistical averages be prepared for the possibility of a less than ideal result when you receive our audit findings report. Preventing Social Engineering Attacks with a Social Engineering Evaluations Statistically, the first time we perform a social engineering evaluation on an organization it’s not uncommon for as many as 65% of the users to

Read More »
BAI Security October 9, 2012
Computer Security

MANY BANKS AND CREDIT UNIONS FAIL THE VULNERABILITY TESTING COMPONENT OF THEIR IT SECURITY AUDIT DUE TO WEAK PATCH MANAGEMENT

Do you have a patch management plan?  If so, how effective is it?  Many companies either lack a comprehensive plan or the necessary tools to properly automate the processing of updates.  In fact, the underlying reasons many banks and credit unions fail the vulnerability testing component of their IT security audit is this lack of effective patch management. Failed Vulnerability Testing Due to Weak Patch Management Often Root Cause of Poor IT Security Audit Results As for the tools, many companies rely only on Windows Server Update Services (WSUS) to patch their Microsoft Windows operating system and other Microsoft software.  WSUS does not patch non-Microsoft application software, such as Adobe Acrobat, Adobe Flash, Adobe Shockwave, which often have severe risks that can lead

Read More »
BAI Security October 4, 2012
Assesement Tool

15% OF USERS WILL DIVULGE LOGON CREDENTIALS TO STRANGERS – SOCIAL ENGINEERING ATTACKS

Social engineering is the art of manipulating people into performing actions or divulging confidential information and/or proprietary information, non-disclosed information or usernames and passwords. It is the classic approach of the confidence man, convincing someone he or she is something they are not.  If you think your personnel would never be fooled, you’re fooling yourself.  There is a reason this approach to criminal activity has a long successful history. Examples of Social Engineering Attacks and Social Engineering Psychology In the early days of computer security, social engineering might have involved a hacker calling one of your employees and talking him or her into giving up authentication credentials or login information to private systems. The current state of the art makes this

Read More »
BAI Security September 27, 2012
Assesement Tool

7 OUT OF 10 BANK IT AUDITS INADEQUATE – BANKING CYBER SECURITY STANDARDS

Are your IT auditors using best-of-breed commercial grade products or do they use freeware and open source IT Assessment tools? Vulnerability Assessment Tools – IT Audits and Banking Cyber Security Standards Based on BAI Security’s review of previous IT auditor’s results, the majority of banks are being left exposed with potentially serious undiscovered vulnerabilities. The most common underlying factor in these environments is the actual testing tools and testing methodology.  To fully understand the risks to your organization, you need to have your auditors use tools and processes capable of identifying all threats to your systems. Simply stated, traditional network-based vulnerability assessment tools send requests to systems/software running on the target machine and look at the responses to determine if particular vulnerabilities exist. 

Read More »
BAI Security September 19, 2012
Assessment Tool

4 TECH TIPS FOR ORGANIZATIONS PLANNING A MERGER

Mergers, Acquisitions and Divestitures require special handling when bringing together two distinct organizations or separating a business from the remaining IT infrastructure. The technical environment can be rife with unsecure access points, un-patched servers, and incorrectly configured firewall settings. Information on the acquired company technical environment may be non-existent or incomplete and depending on the nature of the merger, it may be difficult to work with people during the transition. The idea of bringing together two organizations under one leadership requires understanding the risks. This risk analysis requires multiple tasks to uncover any underlying vulnerabilities in the architecture. So where do you start to untangle the colliding technical environments? 1.  Vulnerability Scanning 2.  Firewalls 3.  Remote Access 4.  Compliance Audits We

Read More »
BAI Security October 31, 2012

BAI SECURITY BLOG

Welcome to the BAI Security Blog! We are going to write and comment about the latest issues in IT Security and Compliance. Our focus will be on writing about IT Security and Compliance issues in the Banking and Financial Services Sector. We want this blog to be a resource for people interested in discussing the latest trends in IT Security & Compliance. Our current focus is on issues surrounding IT Assessment Tools, Social Engineering and Patch Management. We are looking forward to comments from our customers, prospects and industry experts to discuss a wide range of issues.

Read More »
BAI Security September 13, 2012
BAI Security Audit

BAI Security: “Most Promising Enterprise Security Companies”

BAI Security is pleased and proud to announce that we have been included in the CIO Review Enterprise Security list of the “20 Most Promising Enterprise Security Companies.” The companies included in this year’s list were selected by a panel of CIOs and CEOs of public companies, analysts, and the CIO Review editorial board. The list highlights a select group of companies that “provide uniquely effective approaches to enterprise security threats.” CIO’s write-up also states that it “believes these companies have achieved significant momentum and will rise above the rest.” So you can see why we’re so pleased to be included. In CIO Review’s article on BAI Security, we were (correctly!) described as a “singularly-focused IT Security and Compliance firm

Read More »
BAI Security March 3, 2015

Recent Posts

Keywords

CONTACT

READY TO LEARN MORE?

We’re here to discuss your upcoming IT security assessment and compliance audit needs.

CONTACT US
SCHEDULE A CALL

Let´s network on

Linkedin Twitter

BAI Security

ABOUT US

SERVICES

Contact