insights (Sponsored by StoneX) August 2021 - 3

loss of millions of dollars in damages are
exploring how to up their security game
with many looking to players in the financial
industry for its reliable playbook.
The need to control and contain a data
security cyber-attack is not dissimilar from
measures to prevent and/or contain a food
safety incident. Likewise, minimizing data
security risk is about knowing the event is
likely to occur and taking steps accordingly.
Mitigating data risk will not prevent an
attack, but it can contain an attack and limit
the damage that occurs.
The ever-growing mass of data produced
can make it difficult to secure data and this
can become a challenge when it comes to
determining how to control the flow and
dissemination of data. For this, many think
of data security as the responsibility of
the security department. In truth, security
originates at the individual level. No matter
what industry you're talking about, people will
always be both an organization's biggest asset
and its biggest liability.
In any industry, the weakest link in security
is the human element. In many cases, a
security breach occurs through a simple
exchange where an individual unknowingly
supplies information to a bad actor, someone
who assumes a false identity to appear
" An organization's culture should be that
everyone is responsible for security. " said Khai
Waterman, Director of Business Security,
StoneX Group Inc., Kansas City, MO. " You
should always be suspicious. When receiving
an email that has content that might sit
funny with you, its important to recognize
that this questionable activity might be the
result of a breach where someone's account
was compromised. " The recommendation
is: always double check if what youre being
Phishing attacks look for " whales " to target
such as a chief financial officer in the c-suite.
For example, this might take the form of a
bad actor posing as an internal employee
phishing for information to facilitate a wire
transfer. These types of social engineering,
or phishing, attacks traditionally have a high
financial impact and feature a bad actor
using information targeted to further their
cause, data or information impact, according
to Waterman.
asked seems wrong. " With social engineering
or phishing, the bad actor could have
compromised a legitimate user account and
they are looking for things from you - your
actual credentials, your pets name, or your
mother's maiden name - that they can use to
advance their cause and move to a high value
target. "
Otherwise known as social engineering or
phishing, this cybercrime uses email, phone
or text messaging to pose as a legitimate
representative of an institution to lure a target
into providing sensitive information such
as passwords and sensitive customer and
supplier information and financial details.

insights (Sponsored by StoneX) August 2021

Table of Contents for the Digital Edition of insights (Sponsored by StoneX) August 2021

insights (Sponsored by StoneX) August 2021 - 1
insights (Sponsored by StoneX) August 2021 - 2
insights (Sponsored by StoneX) August 2021 - 3
insights (Sponsored by StoneX) August 2021 - 4
insights (Sponsored by StoneX) August 2021 - 5
insights (Sponsored by StoneX) August 2021 - 6
insights (Sponsored by StoneX) August 2021 - 7