Information Security award entry

Over the past several years the number of attacks against financial institutions has grown exponentially.

There are multiple threat vectors that are actively used each day to target literally everything in the financial sector, with the ultimate aim of generating revenue or ‘cashing out’ as it’s more commonly known. These vectors range from the highly technical such as custom-built malware or compromised infrastructures, to the more prominent and simpler vectors such as spear phishing employees and customers, stealing or cloning credit cards, attacking websites and the digital targeting of senior executives, managers and staff at every level of the organisation.

The Cyjax digital intelligence platform was deployed as part of a strategy to monitor the levels of risk associated with as many threat vectors as possible. This would involve the automated collection of brand based exposure in the global mainstream press across all languages simultaneously, sentiment analysis of social media exposure, digital profile monitoring of all staff and company assets including all staff and execs, a complete sweep and subsequent monitoring framework around their entire supply chain and affiliate network, darknet monitoring and intelligence in both public and closed source areas of the various darknets, critical vulnerability monitoring of their entire software and hardware infrastructure and, the ability to monitor and view the logs of their internal processes to seek abnormal patterns in internal network traffic – also, they need to know what is happening around them; technologies, methods and processes are common throughout the financial industry, so what happens to one is of interest to all; thankfully, they share threat information, but this also needs to be collected and processed.

The difficulty in implementing an anti-fraud technical strategy is that the audience is largely non-technical, while most of the threat data is largely technical. Integrating systems to automatically block known bad things is a simple process but making vast datastores of intelligence information available to non-technical facets of a business is where the magic happens. What a financial organisation needs more than a security patch, is to understand the risk associated with the process of patching, or indeed not. Utilising the extensibility of the Cyjax digital intelligence platform, we created several new applications that were designed to provide the necessary capabilities to deliver risk-based intelligence to the important areas of the business.

While it took time to navigate the strict policies and processes that govern financial institutions, we successfully implemented a solution that provided a major boost in the fight against fraud. By the end of the first month of operation the bank had been able to fend off over 2000 low level attempted credit card fraud transactions; identify and secure the compromised access of several bank accounts containing large sums of money, rule out the possibility that they were the source of 3 breaches that were claiming to sell their customer information on darknet marketplaces, identify serious flaws in the personal online social media security practises of several senior executives, and identify and subsequently measure the level of cyber awareness among their entire staff base, helping them to quickly understand who was a target for awareness training.

The solution is now used across the entire organisation, from the board level to communicating automatically with their firewalls to block attacks in real-time. It helps to identify risk, inform strategy and ultimately prevent financial loss.

Mission accomplished!

The impact is most notable at the operational level, but difficult to quantify financially. It would likely be easier to measure how much fraud help to save their customers and the general public from.

We made a metrics engine that is as functional as Microsoft Excel, but as easy to use as an abacus. It allows anyone in the organisation to real-time mine the big data that is generated by the extensive collection processes of the mixture of technologies described above.

Cyber intelligence, physical intelligence, or just all branched under digital intelligence, it doesnt have to be difficult and it is no longer just at the reach of the technical only. It is accessible to everyone no matter their technical ability. Ensure that when you are building or advising on digital intelligence strategies that you include every area of the business and ensure that they too can make use of the tools and information that is produced as a result. Even the cleaners have keys after all.

An entry for you to assess

2017 Submission: Heading
This is the main picture that will appear at the top of your entry. At least 1200 pixels wide is recommended.
Maximum upload size: 2.1MB
Please use the internet address of a picture (it should end in .png or .jpg or similar) that will be visible to people outside your organisation until after the awards end.
No more than 10 words please.
No more than 25 words please

Save this tab if you have made any changes

Another organisation

Please provide the internet address of the organisation's logo
For inclusion in our publicity about this entry if nominated
Information will be required about the start and end date of, size of investment in and geographical scope of your initiative where appropriate

About your Entry

The information you provide here will help determine the suitability of your submission and the best shortlist for your entry if nominated

implementation
implementation
implementation
implementation
implementation
implementation
The investment on this initiative from its initial conception to now, excluding elements that would have been required for other reasons anyway, and excluding aspects that do not impact this entry. We may use this when finalising the shortlists to split a popular category into two categories by project size. Also judges take this into account when assessing Impact, and so if you can disclose this information it can only be helpful for both of these processes.
initiative's focus
Which region(s)?
Which nation?
Covering which countries?

Confidentiality

Let us know here if you would like some aspects of your entry kept confidential
We may wish to include your entry in publicity about shortlisted entries.
If you would like the candidate's organisation's name to not be mentioned by us then please ensure that it is also not mentioned in your text, images, videos or PDFs included in your entry.

Save this tab if you have made any changes

Your Entry

Here you describe your initiative or strategy; what you did and why you did it, how it was successful and what your fellow professionals could learn from your experience. You can use a mix of text, pictures, video and PDFs etc. to convey your ideas and engage the interest of judges. We recommend that you include a concise overview for judges spending less time reviewing entries, with greater depth also provided for those that wish to know more. You will be able to fine-tune (edit) your materials up until the time that judging starts.

Any background or confidential information that you would like the organisers to take into account when considering this entry for nomination. This will not be published.
Your entry in full.
If you have a video you would like included with your entry description, upload it to YouTube and paste the link here
Maximum upload size: 2.1MB
If you have a PDF you would like included with your entry description, upload it here

About the following

These input blocks for Impact, Innovation and Inspiration are provided in case you would wish to provide additional information for the judges, to help them understand the strength of your submission in terms of each of our three judging criteria.

The difference made in target communities and benefits to the organisation - good anecdotal or metric evidence of real outcomes rather than reams of stats.
If you have a video you would like included with your impact statement, upload it to YouTube and paste the link here
What's distinctive about this entry and how being creative has helped you overcome challenges - a good idea that your fellow professionals might not have thought of.
If you have a video you would like included with your innovation statement, upload it to YouTube and paste the link here
Hints and tips from your real experience to help your fellow professionals (the judges) adopt your good ideas and apply them to suit their circumstances.
If you have a video you would like included with your inspiration statement, upload it to YouTube and paste the link here

Save this tab if you have made any changes