Financial Institutions Need to Take Cybersecurity Seriously

Tweet the fact that shocks you the most

43% of cyber attacks target small community businesses
smallbiztrends.com

4x

Financial institutions are 4 times more likely to be attacked than other industries
Websense Security Labs Report (now Forcepoint)

47% of the time, companies are unaware that they've been breached until a 3rd party tells them
Mandiant M-Trend Report

Cyber Attacks Are Expensive

For every $1 taken by fraud, financial institutions pay an additional $2.67 in chargebacks, fees, interest, and labor
LexisNexis Study

$336

The average cost per stolen record is $336 in financial services
IBM Security and the Ponemon Institute Report

81% of breaches at community financial institutions were at institutions with less than $35 million in annual revenue
Beazley Breach Response

The Threats You’re Up Against

Cybercrime group MoneyTaker used malware on a bank workstation to connect to the First Data STAR Network and steal $10 Million in debit card transfer funds
Group-IB

Over 40 different types of file extensions (file mimes) can been used to spread malware
LastLine

1/12

1 in 12 malware threats employ multiple advanced techniques such as evasion, packing, stealing, and stealth
LastLine

91% of cyberattacks start with a phishing email
PhishMe (now Cofense)

76% of organizations reported being a victim of a phishing attack in 2016
Wombat Security State of the Phish

Fake invoice messages are the #1 type of phishing lure
Symantec Report

97% of people cannot identify a sophisticated phishing email
Intel

The first ransomware attack was delivered by floppy disk in 1989 and demanded $189 in payment
Wikipedia

Ransomware attacks rose 250% from 2016 to 2017 and caused an estimated $1 Billion in damage
Kaspersky

$1077

$1,077 is the average amount demanded by a ransomware attacker
Symantec Report

More than 4,000 ransomware attacks occur every day
FBI

E Logo

Failure to patch a 2 month old bug led to the massive Equifax breach
Ars Technica

Over 80% of breaches are the result of poor patch management
Voke, Inc.

What is an APT?

An Advanced Persistent Threat (APT) is an attack where various sophisticated techniques are employed to gain access to a network Attacks are performed by well organized and funded groups Once access is gained, attackers take sophisticated measures to avoid detection, perform reconnaissance of the environment, and then execute the primary objective Many times, the primary objective is to gather sensitive data, and then to extract that data

Beginning March 2016, Russian government cyber actors (known as Dragonfly) attacked US energy and other critical infrastructure sectors
Symantec, US-CERT

On June 4, 2015, US Government officials announced a breach of data at the Office of Personnel Management (OPM) by Chinese threat actors known as Deep Panda
SANS Institute

In 2017, DDoS attacks increased 91% between Q1 and Q3
Corero Network Security

39% of people write their passwords on a piece of paper
Digital Guardian

61% of people re-use passwords across multiple websites
Digital Guardian

47% of people use passwords that are over 5 years old
TeleSign Consumer Account Security Report

49% of the time, attackers gain access to a system because they have stolen credentials
FireEye

63% of network intrusions are due to compromised user credentials
Microsoft

20% of organizations have experienced data breaches by ex-employees
OneLogin

What is Privilege Escalation?

Privilege escalation is when an malicious program or user gains elevated access a protected area by either exploiting a bug, design flaw, or configuration oversight within an operating system or pieces of software

Forrester estimates that 80% of security breaches involve privileged credentials
Forrester Wave: Privilege Identity Management

38% of attackers bypass defenses through social engineering
SANS Survey

48% of attacks occur through user error
SANS 2016 Threat Landscape Survey

58% of attacks on financial services organizations where from insiders who were either duped or bribed by outside actors
IBM

88% of IT professionals consider security awareness training to be the most effective protection against ransomware
KnowBe4 Survey

Fewer than 1% of vulnerabilities are classified as zero day, so 99% of vulnerabilities are known and should be patched ASAP
Symantec

There are about 27 different techniques that hackers can use to exploit any vulnerability in any product
ISMG interview of Dan Schiappa

What is a Drive-by Download?

Drive-by downloads are viruses or malware that a user unintentionally downloads while browsing online

The top 3 browsers (IE, Chrome and Firefox) had 1,004 vulnerabilities in 2015 and 2016
CVEdetails.com

Cybersecurity in the News

Services to Protect You

DNS Protect Logo

DNS Filtering

Lookout Logo

Security Event Log Monitoring (SELM)

Warden Logo

Endpoint Security

Scout Logo

Anti-Ransomware

RAD Rogue Actor Detection Logo

Rogue Actor Detection

V-Scan Logo

Vulnerability Scanning

Antivirus

Security Awareness Training