Page 22 - Demo
P. 22

 SPECIAL ARTICLE 特別文章
 How financial services can stay secure
As cyberattacks continue to evolve and become more sophisticated, a panel discussion focusing on how financial services can stay secure explained how improving defences requires a combination of new technologies, systems and people. In addition to training employees to spot phishing emails, financial institutions need to invest in a cybersecurity solutions that prevent, detect and mitigate ransomware and other cybersecurity threats. In the same way banks invest
in know-your-customer (KYC) machine learning technology, machine learning analytics can be utilised to detect know- your-hacker behaviours. By being clear on what needs to be protected, machine learning can be programmed to detect anomalies and the corresponding level of threats. However, the panellists cautioned that cybercriminals are also using AI-powered analytics and machine learning to fly under the radar of conventional rules-based detection tools. As one panellist put it, cybercriminals don’t abide by any rules, which makes it extremely important for financial organisations to identify and protect the virtual doors and windows where an organisation is likely to be the most vulnerable.
What are the security risks linked to cloud computing?
Exploring the question — is cloud technology a friend or
foe in terms of cybersecurity risks — panelists discussing cybersecurity controls for cloud, remote, mobile and virtual, offered a range of insights. While cloud technology can deliver cost savings and greater flexibility through broader data access, data that would normally be secured behind an on- premises corporate firewall can be exposed, as controls used to access systems are multiplied. While there is no one-size-fits-
需投放資源開發網絡安全方案,以防衛、偵測 和減低勒索軟件和其他網絡安全的威脅。如投 資「認識你的客戶」(know-your-customer, KYC)機器學習技術一樣,銀行可以利用機器 學習分析技術來偵測和了解黑客的行為。當 明確知道防衛的範圍和要點,銀行可以為機 器學習編製程式,以偵測異常情況和相應級 別的威脅。然而,小組專家警告,網絡犯罪分 子也使用人工智能分析和機器學習技術來避 過傳統規則性偵測工具的防衛功能。正如一 位小組專家所說,網絡犯罪分子是不遵守任 何規則的,因此,金融機構的首要任務是盡力 識別和防衛一些最易受到攻擊的虛擬門窗。
 20
小組專家亦就「雲端技術在網絡安全風險方面 是敵是友」的問題,深入剖析使用雲端、遠程、 流動和虛擬等技術時應採取的網絡安全控制 措施。雲端技術可以讓用家取得更多更廣的數 據資訊,既可節省成本,亦可提供更大靈活性。 然而,由於允許進入系統的控制點倍增,原本 受到傳統企業裝置防火牆保護的數據將面對 被暴露的風險。雖然沒有一個全方位方案能夠 解決雲端安全的問題,但為了減低災難性的風 險,小組專家提出構建兩個獨立「專責」系統或 制式,一個用來解耦中央系統和功能;另一個 用來監察、記錄和存儲業務營運情況,以便在 發生網絡安全事故時提供獨立的保護層。小組 專家亦就網絡安全風險與虛擬銀行和實體銀 行的關係作出討論,並一致認為風險因素如出 一轍,因為虛擬銀行和實體銀行均依賴在線和 數碼技術來提供服務。
ISSUE 119 • 2021
雲端技術衍生什麽安全風險?
“Top Trends for 2021”, highlighted how the move to working
from home (WFH) precipitated by the COVID-19 pandemic, had increased the scope and vulnerability to different types of cybersecurity threats.
  




















































































   20   21   22   23   24