Hackers Know Your Organization. Do You Know Theirs?

At the Money Experience Summit 2020, Dan Jones, Head of Cybersecurity at MX, dove into the topic of hackers knowing your organization and how you can adapt and stay up to date with security practices.

Jones believes the most effective way to stay secure is by knowing what’s out there. He says, “The approach that we take that I think is the most effective for any organization is to know the threat that's out there and build a security program out there that addresses the threat and the concerns you're seeing.” 

As the cybersecurity space continues to evolve, Jones believes that “there’s an interesting opportunity that exists. I think that there's some value here as it's actually forcing a lot of the security practices to go back to the identity of their employees, the identity of their systems and assets, and really try and make some intelligent decisions. As more SAS products are used by large organizations, they've been forced to think through what we often call zero trust, where you're relying on this walled garden that you build. And once everybody's inside of it, you can trust everybody.”

With so many partnerships, Jones further dives into what financial institutions should be looking for from a security perspective. He says, “As you’re evaluating providers, figure out how they’re adapting. Unfortunately, cybersecurity oftentimes is like an arms race. When we do things better, miscreants change their tactics. Figure out how an organization is doing their cybersecurity practices that leaves them to be nimble and agile and not stuck with it, hoping that their perimeter will always be safe.”

When it comes to strategies used by hackers, Jones explains that “there are five different tiers. At that bottom level, you have the very novice, and maybe they have decided that they want to go and do some nefarious things, but they're not very skilled or organized yet. As we go all the way up the spectrum and get to the top of that pyramid, you have organized, very methodical miscreants, willing to spend years for one single attack. But where we tend to see most of our activity is that middle tier, the third tier of hackers. These people are organized, they're part of a group, and they have a specific mission and objective.”

So how do organizations stay safe? Jones says, “We’re taking a trust-but-verify approach at every authentication measure. For example, if you’re here in Utah and are magically authenticated an hour later in Boston, that velocity is too aggressive. And it's not based on one single attribute. It’s the entire context of the connection. The entire context of the transactions being done on your network is really vital to address a lot of these concerns that are coming up.” Jones believes that “the more we can come together as an industry, the more we'll be able to innovate and build more secure systems out of the gate, instead of having to be reactive.”