<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

News & Events

Financial Firms in the News: How to Avoid Network Breach Fallout

Financial Firms in the News: How to Avoid Network Breach FalloutBreaches of financial institutions’ networks are happening with more frequency, and they’re getting more attention in the media as well. Five banks in Mexico and two in Canada experienced high profile breaches that exposed tens of thousands of customers’ information.

Financial institutions in the United States aren’t immune. Most recently, Frost Bank in San Antonio experienced a breach that revealed the check images from 470 of the business customers’ accounts. One of Western Union’s data storage providers disclosed transaction information of several of their customers in March.

Bottom line: Breaches are disturbingly common for financial institutions, and it’s prudent to implement the most stringent measures possible to ensure your network is secure.

Two features of the breaches in Mexico and Canada include:

Phantom Bank Transfers: Cybercriminals made off with an estimated $20 million from five banks in Mexico by exploiting the country’s electronic funds transfer system known as SPEI. The offenders created fake or phantom transfers and withdrew funds on the fake transactions, leaving the banks to deal with the shortfall.

Cybercriminals Alert Banks of Breach: In the case of the two breaches at Canada’s banks, traditional means ruled the day. Cybercriminals breached the banks’ networks and gained access to the data of 90,000 bank customers. The only way the banks knew what happened, is that the attackers let the banks know what they did. The attackers have yet to leverage the information they’ve stolen. The banks responded by telling customers to change their passwords and PINs. But is that enough to protect their financial information? Some would say, no.

The common thread in all of these breaches is once cybercriminals gain access to the network, that criminal has unfettered access. An under-monitored network doesn’t discern the behavior of the malicious user once they’re in the firm’s internal system. The key is to increase the  layers of security and network monitoring to the point where certain behaviors trigger alerts and actions, whether that behavior is latent or active within the network.

Financial institutions often become hesitant to implement stringent protocols around user access within the network because it slows transactions and overall customer access to funds. Yet the growing amount of breaches of sensitive financial information gives responsible firms no choice but to treat some internal network user’s behavior as malicious (false positive threats) to identify and eliminate potential threats.

Here’s why: Attackers often incubate in a financial firm’s network and will observe the flow of transactions from origination to distribution. The cybercriminal will then mimic the transaction flow during an active breach to call as little attention as possible to their behavior until it’s too late for the financial firm to take preventative measures. The challenge here also is to identify, isolate, and eliminate incubating network users who could in all likelihood be potential attackers lurking in the network.

Network Security for Financial Firms Remains a Tricky Balancing Act: Here’s Why

Network Security for Financial Firms Remains a Tricky Balancing Act: Here’s Why

Financial firms have the added burdens of regulations and public scrutiny. The stakes remain high because financial institutions work to build public trust and breaches serve only to chip away at that trust when not handled properly.

Their silence eroded the public trust: If a breach occurs in a financial network, how a firm handles communication can be just as important as remediation of the breach itself. In the case of the recent breaches at Mexican banks, the federal government held onto the information about the breach for several weeks, and the financial institutions themselves remained silent. This approach rarely has positive outcomes and serious, large investors choose to remove deposits from organizations that refuse to own up to the incidents that threaten their funds.

Their lack of preparation risked customers’ data. The Canadian banks exposed their breaches to the public immediately but couldn’t explain why or how cybercriminals breached their networks. The country’s financial institutions pride themselves on having the most stringent network security protocols for financial institutions. The “we don’t know what happened” response also undermines the trust financial institutions build with the public. Although the financial institutions did offer a plan of action for customers to protect themselves post-attack, showing an immediate understanding of what happened, and why it happened, is the best way to recover from a breach at a financial firm.

The nightmare scenario for any financial institution is a combination of the Canadian and Mexican bank breaches where both customer data and funds are stolen from what should be highly protected networks. As firms wrestle with the best ways to prevent such occurrences, it’s important to implement network monitoring that tracks and identifies user behavior.

Uncover Lurking Threats with the Right Solution

Uncover Lurking Threats with the Right Solution

In all of the examples we just shared, there was a common component: a hibernating threat in the financial institutions’ network. It’s said there are three kinds of companies: Ones that haven’t been breached, ones that have been breached, and ones that have a potential breach lurking in their network.

In these situations, it’s important to have an intrusion detection system and robust firewall monitoring and reporting to single out cybercriminals that may be monitoring your firm’s network activity. One vendor we trust is WatchGuard. Here’s some guidance based on the key features of the firm’s suite of solutions for network protection:

  • Signature-based defenses just aren’t enough to protect the network anymore. Sophisticated malware attacks subvert these defenses and wreak havoc. The best way to expose malware is to create a cloud sandbox and simulate your network hardware. WatchGuard APT makes that happen, through an easy-to-use interface.

  • Effective network security requires a layered approach.
    Firms that successfully keep themselves out of the headlines understand that cybercriminals view a breach of a financial institution as a big win. As attacks become more sophisticated, financial institutions would do well to employ a variety of tools and gather multiple resources to prevent and identify attacks. Those layers include resources that provide prevention and others that provide detection of malware post-breach.

  • Full-system emulation effectively identifies and eliminate threats.
    Since most financial institutions store sensitive information throughout the network, it can be difficult to reduce the attack surface by isolating critical data. The solution here is to emulate the entire network, effectively giving your organization the freedom to test, challenge, and identify threats before they cybercriminals can mount a full attack on the network.

No firm wants to end up in the news due to a coordinated attack on their network that cybercriminals had planned for months, if not years in advance of the actual attack. With advanced sophistication comes a higher demand and greater pressure for financial institutions to monitor and protect the network.

It’s becoming more than a full-time job, and savvy firms often look to enhance their defenses by getting expert help from those focused on network security for the financial industry. Trust DataComm to keep your financial institution safe by using our world-class network protection solutions.

Data Security Report
This entry was posted in financial institutions, network security, consultation

For More Information, call 1-800-544-4627, or Contact Us