BACK TO NEWSCEO Jeremy Samide warns that banks need to focus on cutting edge technologies to survive the cyberwar.
Banks are lending more than money these days. As banks and financial institutions all over the world continue to expand their digital footprint by aggressively marketing for new customers, keeping pace with regulatory compliance and implementing new technology services to better serve is current customer base, they are lending more risk to their customers than ever before.
With over 70% of cyber attacks today categorized as financially motivated, hackers have their sites fixed on a relatively easy bank heist worthy of John Dilinger’s approval. With financial institutions trying to compete for business, they are rapidly deploying more cloud-based solutions, mobile banking options and global online services susceptible to cyber attacks. Banks are making some progress but still lack a formidable strategy to combat the evolution of cyber threats.
Boards and the C-suite need a new approach and more “out of the box” thinking in order to stay afloat if financial institutions intend to turn the tide in their fight. Everyone is a target, big or small and to think you’re not is career suicide. It’s more than the next generation firewall or latest black box technology, it’s about intelligence – Collection and analytics, and lots of it. Organizations that are focusing on cutting edge, applied concepts like artificial intelligence, contextual analytics, cognitive analysis, natural language processing and quantum technologies will advance and ultimately survive into the next frontier of the cyber war.
Introduction
When we sign up for a bank account, we are expected to show multiple proofs of identification including a photo ID, Social Security Number, and current mailing address. It makes sense that a bank would need all this to help establish an identity with the bank. However, handing over this personally identifiable information (PII) is essentially handing over our identities as individuals to the bank. In surrendering this sensitive information, we also expect the bank will have proper safeguards in place to keep that sensitive information secure and intact.
What happens when a bank suffers a cyberattack? What are some of the cyber threats that affect banks? How can these threats be mitigated? These are just a few questions that will be answered.
Specific Threats to Big Banks
There are a number of cyber threats that affect the financial and banking industry worldwide. Specifically, some of the biggest cyber threats that affect bigger banks include social engineering, the insider threat, outside hackers or hacker groups, and malware. These all affect the financial and banking industry in one way or another.
Social engineering is when an outsider pretends to be someone of importance trying to gain physical or remote access to the organization. For example, someone posing as a computer repair technician shows up at a business. The receptionist has no idea who the repair tech is, but let’s the technician into the business’ server room. From there, the repair tech has complete control over the business’ IT equipment.
The insider threat is a person within the organization itself and can be anyone, from a teller to a CEO. The insider threat quite often has more access to data than they really need, and because of this fact alone, it makes them one of the biggest threats. For example, a teller has unlimited access to a bank’s loan documents. Should a teller have access to such documents? Not necessarily, as tellers are not loan officers. Should this teller, for whatever reason, get terminated as an employee, that teller could in theory copy all those loan documents to a USB flash drive and walk off the premises with them. The disgruntled employee could then turn around and sell that sensitive information on the dark web or maybe even hold it ransom.
There are outside hackers and hacker groups that are almost always trying to break into bank and financial organization networks. Either to steal money or sensitive data to sell on the dark web. An example would be the SWIFT cyberheist of Bangladesh this past February. Cybercriminals were able to infiltrate the Bangladesh bank using internal credentials, and then initiate bank transfers between Bangladesh and the Federal Reserve Bank of New York. The result was a stolen $81 million.
Then there’s malware. There are two types of malware to have targeted the banking and financial industry for some time now; banking Trojans and ransomware, which are most commonly deployed via phishing campaigns using malicious email attachments. Banking Trojans, aim to steal a victim’s online banking credentials, and are a global threat. These banking Trojans are quite convincing, as cybercriminals use a technique called web injection and overlays. Basically, a victim’s online login page is overlaid with an exact duplicate, but with the credential fields getting harvested by the cybercriminals during the authentication process.
Ransomware on the other hand, is malware designed to encrypt files, and will sometimes delete the encrypted files if a ransom is not paid (often in Bitcoin) within a certain time frame. Ransomware has become so advanced and dangerous, that some of the most recent variants are capable of spreading like a virus. One encrypted file when executed on an uninfected machine, will start the encryption process all over again. The ransomware infection can spread like a wildfire, potentially infecting an entire organization if a single infected file were shared out to all other users.