The cat-and-mouse games waged between white hat and black hat hackers have escalated both in complexity and the damage done to financial institutions and their customers. Hackers are continuously inventing more effective methods of attacking financial institutions, which is why it’s more important now than ever to get ahead of cyber-attacks.
Whether it’s the recent discovery of the Meltdown-Spectre bug, new ransomware, or phishing attacks, levied against banking employees, there are hundreds of threats entering the landscape daily that every financial institution needs to be prepared to handle with resources at their disposal.
Most Urgent Threats to Financial Institutions’ Network Security
According to this year’s Ponemon Cost of Data Breach Summary, the average cost of a data breach to companies around the world was $3.62 million per successful attack. These attacks are becoming both more frequent and more sophisticated each year, but the good news is the mechanisms designed to defend against them are being created apace.
When discussing the defense tools available against the bevy of attacks that hackers might employ to penetrate the perimeter of your company, first and foremost it’s imperative to know what they are, and how they work:
This malware is designed to scan devices and networks for financial transactions, and it’s one of the most underreported forms of cyber threats in existence today. There were 2.5 times more financial malware attacks than ransomware breaches in 2016, according to a recent report by Symantec. This means financial institutions must stay vigilant in data protection efforts while remaining aware of the latest threats attempting to breach their networks. Heuristic anti-virus systems which analyze activities rather than rules should be employed because they are best ferreting out the evolving threats.
Mobile Banking Malware:
Another issue to watch for is malware targeted at mobile banking. As more customers access their accounts through mobile apps, more cyber criminals are using mobile devices to pilfer funds from those customers. Mobile banking malware samples increased by 94% in 2017 according to a study by Trend Micro. Development and deployment of robust banking applications can protect customers from these threats.
Since whaling entered the scene a few years ago it has wreaked havoc among financial institutions and shows no signs of slowing down. A good course of action in these cases is to implement frequent, role based training for executives on specific whalting threats, can mitigate this potentially expensive risk.
The backbone of most successful attacks is social engineering. It works not by cracking a firewall or breaking through a network, but by exploiting what is often the weakest point of entry in any financial institution: employees. The key to overcoming social engineering is to understand its origin. Many social engineering attacks leverage available personal information with email, clever subject lines and email layout/design, to trick employees into clicking on malicious links. Continually educating employees about what a social engineering attack is and how to identify them will go a long way to preventing future breaches. Also, testing employee responses to phishing emails, phishing web sites and pretexting can provide assurance that the training is paying off.
Certain technical systems can also improve your defenses including spam filters and email sandboxes that can catch phishing email before it gets to the employee. Web filtres can also play a role by either keeping employees from accessing phishing web sites or keeping browsers from being directed to command and control web sites.
A BEC attack, or “business email compromise,” occurs when a hacker gains full access to the machine of a banking employee. This can allow the perpetrator to impersonate the employee, use their terminal to transfer funds out of the bank, or simply trick other employees into handing over their own credentials to further their grip on the network as a whole. This threat isn’t going away anytime soon. The FBI reported a 2,370 percent increase in losses from this type of attack between 2013 and 2016.
A Multi-Pronged Defense
Because there is no one perfect software solution that can help your institution defend against these attacks simultaneously, it’s important to come at the issue with:
executive and employee training,
specialized software solutions, and
industry-leading network security.
DataComm is committed to providing services that can help train your employees and managers in best data protection practices, as well as installing security services that can stop threats before they have a chance to get into your network. We offer a number of auditing services that can help your team with everything from cybersecurity risk assessments to actively training employees on how to spot social engineering attacks before they succeed.
By employing the help of a third-party network defense team, you not only protect yourself from the current threats of 2018 but also are prepared for any new attack vectors that are waiting just over the horizon.
For a more in-depth look at how cyber threats affect financial institutions, download “The Ultimate Guide to Data Security for Financial Institutions.”
And to learn more about how you can protect your financial institution and its employees from network threats, call DataComm at 1-800-544-4627, or visit our Contact Page.
Financial institutions remain an attractive target for cybercriminals. Learn how to keep your customer data safe.