The financial services industry continues to be heavily targeted by cyber-attacks because of the sensitive financial data that institutions hold. Hackers, in turn, recognize one of the greatest potential avenues for financial gain is in targeting financial institutions, enabling them to either commit fraud themselves or sell the information to a third-party. What is most troubling is that cyber criminals have displayed new and advanced levels of sophistication, knowledge and ambition in 2017 – a year characterized by a series of extraordinary attacks, including malware threats, credit and debit card breaches, phishing attempts and data breaches.
Some of the most common security threats financial institutions are facing today include:
Ransomware has established itself as one of the leading cyber threats with instances increasing by 44 percent last year. In fact, according to the 2017 State of Malware Report by Malwarebytes, ransomware was the favored method of attack used against businesses in 2016. Recent FBI statistics also indicate that hackers successfully extorted more than $209 million in ransomware payments from businesses and financial institutions in Q1 2016, and the business of ransomware is now on track to become a $1 billion per year crime.
- Lack of Third-Party Vendor Security
While a financial institution might have the right security systems and policies in place to protect itself and its customers from a cyber-attack, its third-party providers and vendors may not have the same level of security and diligence. This creates a major vulnerability for the financial institution and risks Federal Financial Institutions Examination Council (FFIEC) compliance issues.
- Insider Threats
Often, all it takes is a disgruntled employee or ex-employee to release valuable security information and compromise system and data security. Additionally, cyber criminals are increasingly realizing success through bribery as a means to entice bank employees to give up their login credentials or other security information, allowing direct access to internal systems.
- Lack of Employee Training and Security Expertise
Cyber-attacks are often able to outpace cyber-defense due to a shortage of qualified cybersecurity personnel and the limited IT staff bandwidth to stay abreast of a continually evolving security landscape. Employee testing and training is critical for banks and credit unions to decrease vulnerabilities and ensure staff — at all levels — understand their roles and responsibilities in protecting against security threats. Until this learning gap is resolved, financial institutions will continue to struggle to efficiently manage cybersecurity threats.
Combating Security Threats & Protecting Customer Data
To adequately protect against cyber threats, financial institutions should ensure that every device on the network has up-to-date antivirus software, adequate firewall protections and that all patches are up-to-date as a minimum requirement.
In addition, financial institutions should also employ a strategy that places many uniquely tailored layers throughout their networks, from the end-user to the Internet to establish a secure IT environment. Adding preventive, detective and responsive layers to IT security strategy will help strengthen an institution’s approach and build an effective security foundation. Proactively protecting customer data will always be more cost effective than falling victim to malicious activity.