In February 2011, the Canadian government was attacked by foreign hackers using IP addresses from China. The hackers infiltrated Defense Research and Development Canada, a move that forced the Finance Department and Treasury Board to shut down internet access – but not before the hackers accessed highly classified federal information. While we may cheer the lovable anti-hero hackers in the movies, cyber attacks on the financial industry pose real-world threats. With that in mind, the OSFI (Office of the Superintendent of Financial institutions) released the Cyber Security Self-Assessment Guidance for federally regulated financial institutions (FRFI’s) in November, 2013.
Charged with the regulation and supervision of all Canadian banks, the OSFI does not have any on-point legislation about social media use, but rather is concerned with cyber security and threats from all sources. What are the risks, and does your organization have the tools and strategy to fend off a cyber attack?
Much like the 2011 attack, hackers are using sophisticated and undetectable methods to harvest sensitive data. The Canadian Security Intelligence Services notes that “the use of crafted e-mails, social networking services and other means and techniques to facilitate efforts of various hostile actors to acquire government, corporate or personal data” is becoming more common, but harder to detect. In fact, the 2011 attack came as a result of a “phishing” scheme, a method that includes sending innocuous looking emails with infected attachments that allow hackers to harvest sensitive data.
Since the sole purpose of most cyber attacks is to access sensitive information, a financial institution risks being in breach of compliance and privacy regulations.
FRFI’s looking to leverage social media will also need to consider tools for archiving, approving, and filtering posts to social networks.
Ready to get started assessing your cyber security risk? Print the template here.
Read More Articles Like This