TechJournal South Header

Posts Tagged ‘Citigroup’

Banks under denial of service attack need better defenses

Thursday, January 24th, 2013

Corero More than two-thirds (64%) of IT & IT security practitioners reported that their banks have suffered at least one Distributed Denial of Service (DDoS) attack in the last 12 months, according to independent research commissioned by Corero Network Security (LSE: CNS), a leading provider of network and application layer DDoS defense products.

The research of 650 IT and IT security professionals at 351 banks, including from some of the largest in the world, also revealed that 78% of those surveyed believed that DDoS attacks will continue or significantly increase in 2013, leaving them vulnerable to cyber attacks that could lead to downtime and compromised data.

Conducted by the Ponemon Institute, almost half of respondents (48%) said their banks had suffered multiple DDoS attacks in the past 12 months. They stated that along with DDoS attacks, Zero-Day attacks, an attack that exploits a previously unknown vulnerability, are considered to be the most severe security threats.

Lack of people, expertise, technology a problem

Among the key barriers impacting banks’ ability to deal with DDoS attacks, 50% cited insufficient personnel and expertise and a lack of effective security technology as the most serious concerns, followed by insufficient budget resources.

Despite the recognition that the threat of DDoS attacks is not abating, the survey revealed that banks are still predominately relying on previously deployed traditional technology, in particular firewalls (35%) to protect their organisation from today’s sophisticated attacks.

“The belief that traditional perimeter security technologies such as firewalls are able to protect against today’s DDoS attacks is lulling not only financial institutions but organizations across every sector into a false sense of security,” said Marty Meyer, President of Corero.

First line defense needed

“Many Organizations assume traditional firewalls can provide protection against DDoS and Zero-Day exploits at the perimeter, yet this is not what they were designed to do and therefore attacks are still getting through.

Organizations need to add First Line of Defense solutions that can provide this protection and are able to remove all of the ‘noise’ at the perimeter before it hits the network so that firewalls and servers can optimally work on the functions they were originally designed for.”

Hacktivist groups target banks

The findings add further support to the trend that hacktivist groups proactively target banks with Bank of America, JPMorgan Chase, Citigroup, Wells Fargo and Capital One and others again allegedly being actively targeted with DDoS attacks since the end of 2012.

“It really comes as no surprise that DDoS attacks are one of the most severe security risks cited by the banking industry and these results clearly demonstrate the level to which they are being targeted on a continued basis,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute.

“When such an attack occurs, the time and efforts of IT staff are devoted to dealing with the problem instead of managing other IT operational and security priorities. This leaves financial institutions open to more dangerous attacks that further compromise their infrastructure.”

To download the full report, please go HERE

IBM creating mini-Watson to answer questions on smarthphones

Tuesday, September 4th, 2012

IBMIn the not too distant future, smartphone and other mobile device users may be able to tap into the IBM technology that let its Watson computer beat “Jeopardy” quiz show champs.

Bloomberg news reports that IBM’s VP of innovation, Bernie Meyerson “envisions a voice-activated Watson that answers questions, like a supercharged version of Apple’s Siri personal assistant.”

Watson is already being used by CitiGroup to analyze financial data and by WellPoint to crunch cancer data.

But, Watson, which currently relies on 10 racks of IBM Power 750 servers that have the processing power of 6,000 desktop computers, will need to overcome technical problems to make it work on handheld devices.

The version aimed at mobile devices would need to be energy-efficient, but Meyerson said the power it needs is “dropping like a stone.”

It will need voice and image recognition and it currently requires time to do the machine-learning needed to become expert in a knowledge area.

But once Watson 2.0 is perfected, it should be able to answer more complex questions than Apple’s Siri.

While Watson defeated past “Jeopardy” champions Ken Jennings and Brad Rutter, some people commenting on the story in the NC Raleigh News & Observer note that it did so by beating the champs on ring-in with faster reaction time, giving more opportunities to answer questions.


Recent corporate data breaches could have been prevented

Tuesday, August 16th, 2011

protegrity“Data breaches are spiraling out of control, and companies like Sony, Citi and Epsilon are finding out just how expensive it is not protect customer data properly,” stated Suni Munshani, CEO of Protegrity and author of the report. “The right combination of data security solutions like tokenization and consistent security policies would have prevented all of the three data breaches mentioned in the report and saved those companies tens of millions of dollars in damages and litigation.”

Protegrity, a provider of end-to-end data security solutions, published a report analyzing the recent data breaches at Epsilon, Sony and Citigroup. The report, entitled It’s Not Just About Credit Card Numbers Anymore,” highlights the growing trend of hackers targeting personally identifiable information (PII) such as email addresses and passwords, as opposed to financial information, and offers advice on how these data breaches could have been prevented.

The report also examines the best data security approaches and how companies can implement them to ensure that they will not fall victim to a data breach in the future.

Highlights of the report include:

  • A detailed look into the Epsilon, Sony and Citigroup data breaches
  • Best practices for protecting financial information and PII
  • Why tokenization is the best way to protect all data types

The full report can be downloaded at:

Entrepreneurs reveal six new financial service innovations at New York’s FinTech Lab

Friday, July 22nd, 2011

FinTechSix entrepreneurs gave the venture community a first look at a range of cutting-edge financial technology innovations they developed over the past three months, with the guidance and support of some of the world’s leading banks and venture capitalists.

In March, the six were selected from a field of more than 90 start-up companies that applied to participate in the annual FinTech Innovation Lab. The Lab was created by the New York City Investment Fund, the economic development arm of the Partnership for New York City, and Accenture (NYSE: ACN) to ensure that New York maintains its leadership in global finance – an industry which is increasingly driven by technological innovation.

Since May, the entrepreneurs have developed, tested and fine-tuned their innovations — which provide technology solutions for market data analysis, risk management and data visualization. Throughout the product development process, 10 global financial institutions — Bank of America, Barclays Capital, Citigroup, Credit Suisse, Deutsche Bank, Goldman Sachs, JPMorgan Chase, Morgan Stanley, State Street, and UBS – provided mentors, feedback and market access to the six companies. Among those lending their advice and support were JPMorgan Chase CEO Jamie Dimon and Kohlberg Kravis Roberts & Co. CEO Henry Kravis.

“These companies are among the innovators who are creating the next generation in financial technology,” said Maria Gotsch, president & CEO of the New York City Investment Fund. “By giving them access to important potential customers, we are helping entrepreneurs to accelerate their growth and achieve an edge on competitors around the world.”

Coaching and business advice was also provided by executives at six venture capital firms: Contour Venture Partners, Polaris Venture Partners, Rho Ventures, RRE Ventures, Village Ventures and Warburg Pincus. The firms also gave each start-up $25,000 in funding for expenses. In addition, Accenture provided program leadership, work space, as well as mentoring by its financial services industry and technology experts.

“Innovation is more critical to the U.S. financial services industry than ever,” said Chris Wearing, managing director in Accenture’s U.S. Capital Markets practice. “Finding growth and new efficiencies in this radically changed marketplace depends heavily on new technologies and better processes. These entrepreneurs show how new ideas and technologies can help institutions adapt and profit. And they prove that New York continues to distinguish itself as a center for innovation.”

“As the global capital of finance, New York City is uniquely positioned to become the center of innovation in financial technology,” said Kathryn Wylde, President & CEO of the Partnership for New York City. “These six companies represent a growing tech sector that will sustain the competitive advantage of New York’s great financial institutions, while also creating businesses and jobs in New York City.”

The six participants in this year’s FinTech Innovation Lab and the products they developed are:

  • Aqumin: Using interactive 3D technology, Aqumin’s AlphaVision™ facilitates visual analysis and interpretation of vast, disparate sources of public and proprietary market data. This enables financial market professionals to identify patterns and extract information quickly. For more information:
  • CB Insights: CB Insights’ Mosaic assesses the health of private small businesses by finding signals of strength or weakness in publicly available information sources. Mosaic, through the use of these information inputs, empowers wealth management, investment banking, vendor procurement, and lending groups to improve their marketing and due diligence efforts. For more information:
  • Hanweck Associates: Hanweck Associates offers high-performance, real-time analytics and risk products for top-tier hedge funds, banks, broker/dealers and other financial institutionsThe company uses commercial graphical processing units (GPUs) to accelerate computations in its products such as Volera™, a low-latency, real-time options analytics engine. For more information:
  • is the first service to use and analyze online social networks to assess credit worthiness. The Lenddo community uses these networks to help middle class people in emerging markets obtain loans and improve their financial reputation. For more information:
  • Syphr: Syphr is a provider of highly personalized credit management and financial optimization applications that help financial institutions and online finance websites attract business. The company’s patent-pending technology identifies more qualified and better-informed customers. For more information:
  • Zipmark: Zipmark is a mobile and online payments company that works just like a check, minus the paper and trip to the bank. With a mobile barcode, Zipmark accepts secure payments from any bank, thrift or credit union, providing customers with a lower-cost alternative to pay their rent and other bills. For more information:

“New York City is one of the world’s great financial capitals and the home to a burgeoning technology start-up culture, so we are uniquely positioned to foster an attractive environment for financial technology companies,” said Deputy Mayor for Economic Development Robert K. Steel. “Congratulations to all six companies – we look forward to watching you become the next New York financial technology success stories.”

“It is great to see such vibrant innovation from the New York startup community,” said Andy Brown, Chief Technology Officer of UBS. “We have enjoyed collaborating with the finalists and there has been a great business development dialog throughout. We have found technology that we can use at UBS through FinTech.”

“We’re excited to be part of this inaugural year for Fintech,” said John Burns, CIO of the Investment Bank at Credit Suisse. “The quality of the firms and the products they are bringing to market are an affirmation of this program and one of the reasons we’re committed to its success. Technology is at the core of what we do in financial services and this program will ensure an innovation pipeline for our industry in the years to come.”

“We believe technology innovation is a key factor of gaining competitive advantage, and we are delighted to be part of a process that attracts innovative companies to be closer to the financial industry in New York City and helps them grow and foster emerging technologies that benefit us,” said Steve Randich, Co-Head of ICG Technology and Co-CIO of Citibank.

For more information about the FinTech Innovation Lab, visit:

Second quarter one of the worst on record for cybersecurity

Wednesday, July 6th, 2011

Panda SecurityThis quarter has been one of the worst on record for cybersecurity breaches, with hacking groups Anonymous and LulzSec causing widespread mayhem and organizations such as RSA Security, the U.S. Defense Department, the International Monetary Fund, the European Space Agency, Sony, Citigroup and SEGA all falling victims to attacks.  So says Panda Labs, Panda Security’s anti-malware laboratory, in its Quarterly Report for Q2, analyzing the IT security events and incidents from April through June 2011.

While Media Obsesses over Illegal Stunts, Malware Creation Shows No Signs of Slowing

In the last quarter, malware of all kinds has spread substantially, with PandaLabs observing 42 new malware strains created every minute. Once again, Trojans accounted for most of the new threats, comprising nearly 70 percent of all new malware created, followed by viruses (16 percent) and worms (12 percent).

As recorded by Panda Security’s online scanner, Panda ActiveScan, Trojans were responsible for 69 percent of infections, followed once again by viruses (10 percent) and worms (8.53 percent). Adware, which only represents 1.37 percent of all malware, accounted for more than 9 percent of all the infections, indicating the substantial effort malware writers are taking to promote this type of malicious code. Fake anti-virus programs, which are included in the adware category, have also continued to grow.

A graph of malware infections by type is available at

Asian Countries Lead Infection Rankings

In the ranking of the top 20 countries with the most infections, China, Thailand and Taiwan once again continue to occupy the top three spots. PandaLabs observed Sweden, Switzerland and Norway as being the least infected countries.

Top Security Incidents:

  • LulzSec and Anonymous: A new hacker group LulzSec emerged this quarter, specializing in stealing and posting Personally Identifiable Information (PII) from companies with poor security as well as carrying out denial of service attacks (against the CIA website, for example). They also released a full list of PII data they had previously stolen such as email addresses and passwords, which has led to account hijacking and other forms of identity theft. At the end of June, LulzSec teamed up with Anonymous for “Operation: Anti-Security,” encouraging supporters to hack into, steal and publish classified government information from any source. On June 26, LulzSec released a statement on Twitter announcing the end of their activities. Nevertheless, they urged hackers to carry on with operation Anti-Security (#Antisec) and join the Anonymous IRC channel.
  • Corporate Breaches: RSA, the security division of EMC Corporation, announced in mid-March it had suffered a breach on its network systems that exposed proprietary information about its two-factor hardware-based authentication system, SecurID. In May, Lockheed Martin, the largest provider of IT services to the U.S. government and military, suffered a network intrusion stemming from data stolen pertaining to RSA. It seems that the cyber-thieves managed to compromise the algorithm used by RSA to generate security keys. RSA will have to replace the SecurID tokens of more than 40 million customers around the world, including some of the world’s biggest companies.
  • Sonygate: The most infamous attack that occurred this quarter was the one Sony suffered. Everything started with the theft of data from their PlayStation Network (PSN), affecting 77 million users worldwide. Not only was this the biggest data theft on record, but the situation was also poorly communicated to customers by the company, which hid the problem for days. When Sony finally made it public they simply said there was evidence that some user data could have been compromised, even though they knew the situation was far more serious.

Sega: 1.3M accounts hacked; Google digitizing more texts; cashing out at Facebook

Monday, June 20th, 2011

SegaApparently, nuclear reactors are not the only thing melting down in Japan. Japanese video game developer Sega says hackers have stolen data from 1.3 million of its customers.

The company says names, birth dates, e-mail addresses and encrypted passwords were among the data compromised, but payment information such as credit card numbers, were not taken. That’s probably only because the company uses a third-party processor for financial transactions, so it didn’t store that data itself.

Sega makes games such as “Sonci the Hedgehog. The data breach is just the latest of a series of major cyber attacks that have hit Sony’s Playstatio, Nintendo, and Citigroup, among others.

A Sega spokeswoman told Reuters, “We want to work on strengthening security.” Fine time to think about that. What is wrong with these high tech companies and their security arms? How many serious break-ins will it take before they harden their ramparts?

In one odd twist, the hacker group Lulz tweeted, “Sega – contact us. We want to help you destroy the hackers that attacked you….these people are going down.”

Google deal with British Library will make 250,000 texts available

GoogleGoogle has made a deal with the British Library to digitize and make available 250,000 out-of-copyright texts from 1700 to 1870.

Google has made similar deals with other libraries as it works toward its plan of digitizing as many books as possible. In the U.S., Google’s efforts to put copyrighted texts online in digital form as well met with opposition and a law suit.

Tech firm employees want to cash out

Facebook logoMany employees of tech and social networking firms such as Facebook are eager to sell their stock while valuations are still somewhere in the stratosphere, says a New York Times report.

Facebook has been driving the trend, says the Times. Its stock accounted for about 45 percent of all trades on SecondMarket, where private company shares are traded. About 100 of Facebook’s early employees, who are not restrained from selling shares the way employees who joined the company later are, have left the firm. Most, according to Times informants, left to start new companies.

That is one of the reasons major successes in tech are so important to the startup ecosystem. They pump up the entrepreneurial ecosystem with new blood and new cash.

The Times says that Chicago-based Groupon has seen the most investors and founders “take money off the table.” That includes the CEO, chair and others, who have already become rich from its almost billion in venture-backing, even though the company is still losing money. We recently reported that daily deal sites may face an uphill battle to establish sustainable businesses despite their faddish popularity right now.