If Bonnie and Clyde were around today, they wouldn’t be cruising the countryside in a Ford sedan, striking fear in the hearts of the many bankers they robbed at gunpoint.

They’d be much more efficient than that.

Verizon Data on Security Threat Actors

Today’s heist is more likely to be conducted electronically, with hackers working to exploit network flaws and conduct social engineering to gain access to banks’ data and assets. And banks are the most popular target for cybercriminals, according to a new report from Verizon Enterprise.

Verizon’s 2013 Data Breach Investigations Report indicates 37% of breaches affected financial institutions, with 92% of attacks perpetrated by outsiders. More than half of the threats Verizon identified came through hacking (52%), while malware accounted for about 40% of breaches. The communications firm analyzed 47,000 reported security incidents and 621 confirmed data breaches in the past year.

“All in all, 2012 reminded us that breaches are a multi-faceted problem, and any one-dimensional attempt to describe them fails to adequately capture their complexity,” the report’s introduction reads.

The bottom line driving these attacks is fairly clear: 75% of these attacks are financially driven, and the report considers just as many attacks to be opportunistic. Common points of attack are user devices (71%), and servers (54%). A primary target exclusive to banks is the ATM. According to American Banker:

“The biggest takeaway for banks is they had a huge portion of ATM skimming and we had to account for that in some of our data analysis,” says Jay Jacobs, a senior analyst with Verizon’s RISK Team, the company’s investigative response unit.

He adds that without ATM skimming, financial services companies drop from first place on the list to seventh, behind retail and food services.

Other points of attack common to financial institutions are at the POS controller, POS terminal, databases and desktops.

RELATED:

Best practices for malware removal and prevention for your financial institution

Information Technology: 10 steps users should follow to help protect your financial institution

 

Write a Comment