Historically, banks are known to be conservative and not expected to expose their customer data.No lost passwords with secure ID, they are private to the processor, no human is ever allowed to look.
This is driven by the fear of exposure to various security risks.
Now, with the new changes in regulation, Australian banks will need to abide by PSD2, GDPR and open up their customer data via APIs for transaction accounts, savings accounts and credit card data by 2019.
This will require banks to step up their risk management in order to be able to handle customer data in a secure way.The threat landscape
In this new era, the threat landscape is complex, with attacks ranging from DDoS to sophisticated targeted attacks, like SQL, command injections and a variety of ever-evolving bots which are continuously morphing and changing their attack signatures.
According to the 2018 Verizon Data Breach Report, “81% of all hacking-related breaches leveraged either stolen and/or weak passwords”.
As per an F5 Security report, “The highest percentage (70%) of the breach reports for Q1 2018 were web injections that stole customer payment card information”.
It is also expected that by 2022, API attacks are going to be a major attack vector.
However, we are still relying on Tim Cook to get a deal done with the NSA, and I see no movement on the issue. Data theft will continue.
No comments:
Post a Comment