The Finance Industry Must Get Serious about Cyber Security
You’ve likely heard of history’s most notorious bank robbers — the likes of Butch Cassidy, John Dillinger, and Jesse James. But the loot they scored pales in comparison to the spoils of a modern-day cyber bank heist. Nowadays a cyberbank robbery can top a billion dollars.
Financial institutions experience 300% more attacks than any other industry. While financial firms are on the forefront of adopting advanced security solutions, the rewards to be gained by sophisticated hackers are too enticing. ThreatMetrix found a 40% increase in cyber criminal activity targeting the financial industry last year — with 21 million fraud attacks and 45 million bot attacks detected in the final quarter of 2015. 2016 has not shown a slowdown and we don’t expect 2017 to get any better — ransomware, DDoS, and advanced persistent attacks (APTs) are at an all-time high.
With the expansion of mobile banking, third-party technology, and cloud computing increasing the attack surface, financial institutions need a look at the next wave in developing a comprehensive cyber security infrastructure.
A New Breed of Attack
Financial firms are targeted with customized malware, brute force attacks, and elaborate social engineering schemes. Successful attacks begin with the discovery of an employee’s login credentials through phishing emails, keystroke loggers, and remote access Trojans. Once inside, hackers go undetected and lie in wait until they can get to the target data they are seeking. The growing trend of business email compromise (BEC) attacks is another looming threat. According to the FBI, there has been a 1300% increase in identified exposed losses because of BEC attacks, leaving over 22,000 victims and $3 billion in damages in their wake.
Trends in Technology
Over 75% of cyber attacks originate from weak or stolen passwords. As more employees work remotely and use mobile devices, safeguarding login credentials is essential. In addition to security training for employees, other measures should be taken such as:
- Biometric Authentication uses physiological and behavioral characteristics that are difficult to replicate. Physiological characteristics could be a fingerprint, face recognition, DNA, palm print, iris or retina recognition. Behavioral characteristics include typing rhythm, gait, and voice.
- Multi-Factor Authentication requires a user present several pieces of evidence as proof of who they are before access is granted. This could include entering a password and receiving a token in exchange to enter into a cell phone or computer or by proving knowledge (something they know), possession (something they have), and inherence (something they are).
Recent Financial Breaches
One attack that might have been avoided with proper authentication is the 2014 hacking of banking giant, JPMorgan Chase. Hackers stole an employee’s login information from a home computer, which gave them access to financial and personal data pertaining to 83 million households and small businesses.
Banks aren’t the only institutions at risk of exposing financial information. Earlier this year, the Milwaukee Bucks basketball team was the victim of a BEC attack. Criminals used a phony email made to look like it was from the team’s president, to request documents. An employee ended up divulging the players’ 2015 W-2 information. This egregious mistake came down to human error.
Organizations must go on the offensive to monitor activity and threat intelligence in addition to employing best of breed cyber security solutions. As an expert in next-generation IT security, Fairdinkum understands the challenges you face and the latest methods for preventing, detecting and mitigating threats. We work with our clients to customize your network security implementation according to your business needs to thwart even the most sophisticated attacks. If you’d like to check the health of your cyber security, please take our free network assessment, leave a comment below, or contact us for more information.
You may want to read 5 Things Financial Firms Need To Know About Cyber Security.