Small to medium-sized financial institutions need to reevaluate their own security controls.
Financial institutions of all sizes have found themselves the victim of advanced cyber attacks, with the most recent threats targeting small to mid-sized financial institutions. The FBI, in conjunction with Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Internet Crime Complaint Center (IC3), has issued a fraud alert warning that criminals are using a multi-vector attack to compromise financial institution networks and initiate fraudulent wire transfers. What is striking about these attacks is that unlike the recent focus on strengthening merchant controls, in this case, the cyber attackers have targeted the financial institutions directly.
Institutions need to understand this attack, and use this opportunity to conduct “what if” training. This is also a good opportunity to reevaluate their own security controls, particularly employee security awareness training, and other emerging technical controls such as out-of-band authentication and secure DNS.
Read the rest of the article at Bank Systems & Technology.