Financial Institutions Need to Take Cybersecurity Seriously

Tweet the fact that shocks you the most

43% of cyber attacks target small community businesses
smallbiztrends.com

4x

Financial institutions are 4 times more likely to be attacked than other industries
Websense Security Labs Report (now Forcepoint)

47% of the time, companies are unaware that they've been breached until a 3rd party tells them
Mandiant M-Trend Report

Cyber Attacks Are Expensive

For every $1 taken by fraud, financial institutions pay an additional $2.67 in chargebacks, fees, interest, and labor
LexisNexis Study

$336

The average cost per stolen record is $336 in financial services
IBM Security and the Ponemon Institute Report

81% of breaches at community financial institutions were at institutions with less than $35 million in annual revenue
Beazley Breach Response

The Threats You’re Up Against

Malware

Cybercrime group MoneyTaker used malware on a bank workstation to connect to the First Data STAR Network and steal $10 Million in debit card transfer funds
Group-IB

Over 40 different types of file extensions (file mimes) can been used to spread malware
LastLine

1/12

1 in 12 malware threats employ multiple advanced techniques such as evasion, packing, stealing, and stealth
LastLine

Phishing

91% of cyberattacks start with a phishing email
PhishMe (now Cofense)

76% of organizations reported being a victim of a phishing attack in 2016
Wombat Security State of the Phish

Fake invoice messages are the #1 type of phishing lure
Symantec Report

97% of people cannot identify a sophisticated phishing email
Intel

Ransomware

The first ransomware attack was delivered by floppy disk in 1989 and demanded $189 in payment
Wikipedia

Ransomware attacks rose 250% from 2016 to 2017 and caused an estimated $1 Billion in damage
Kaspersky

$1077

$1,077 is the average amount demanded by a ransomware attacker
Symantec Report

More than 4,000 ransomware attacks occur every day
FBI

Missing Patches / Outdated Software

E Logo

Failure to patch a 2 month old bug led to the massive Equifax breach
Ars Technica

Over 80% of breaches are the result of poor patch management
Voke, Inc.

Advanced Persistent Threat

What is an APT?

An Advanced Persistent Threat (APT) is an attack where various sophisticated techniques are employed to gain access to a network Attacks are performed by well organized and funded groups Once access is gained, attackers take sophisticated measures to avoid detection, perform reconnaissance of the environment, and then execute the primary objective Many times, the primary objective is to gather sensitive data, and then to extract that data

Beginning March 2016, Russian government cyber actors (known as Dragonfly) attacked US energy and other critical infrastructure sectors
Symantec, US-CERT

On June 4, 2015, US Government officials announced a breach of data at the Office of Personnel Management (OPM) by Chinese threat actors known as Deep Panda
SANS Institute

DDoS

In 2017, DDoS attacks increased 91% between Q1 and Q3
Corero Network Security

Password Issues

39% of people write their passwords on a piece of paper
Digital Guardian

61% of people re-use passwords across multiple websites
Digital Guardian

47% of people use passwords that are over 5 years old
TeleSign Consumer Account Security Report

Credential Theft or Misuse

49% of the time, attackers gain access to a system because they have stolen credentials
FireEye

63% of network intrusions are due to compromised user credentials
Microsoft

20% of organizations have experienced data breaches by ex-employees
OneLogin

Privilege Escalation

What is Privilege Escalation?

Privilege escalation is when an malicious program or user gains elevated access a protected area by either exploiting a bug, design flaw, or configuration oversight within an operating system or pieces of software

Forrester estimates that 80% of security breaches involve privileged credentials
Forrester Wave: Privilege Identity Management

Social Engineering

38% of attackers bypass defenses through social engineering
SANS Survey

48% of attacks occur through user error
SANS 2016 Threat Landscape Survey

58% of attacks on financial services organizations where from insiders who were either duped or bribed by outside actors
IBM

88% of IT professionals consider security awareness training to be the most effective protection against ransomware
KnowBe4 Survey

Unknown Software Vulnerabilities (Zero Day)

Fewer than 1% of vulnerabilities are classified as zero day, so 99% of vulnerabilities are known and should be patched ASAP
Symantec

There are about 27 different techniques that hackers can use to exploit any vulnerability in any product
ISMG interview of Dan Schiappa

Drive-by Downloads

What is a Drive-by Download?

Drive-by downloads are viruses or malware that a user unintentionally downloads while browsing online

The top 3 browsers (IE, Chrome and Firefox) had 1,004 vulnerabilities in 2015 and 2016
CVEdetails.com

Cybersecurity in the News

Our Top Blog Posts of 2023

Top Blogs of 2023

As we begin the new year, it’s a great time to revisit some of the most popular blogs we published in 2023. Our top blogs from last year covered a range of topics, including a cybersecurity outlook, updated third-party risk management guidelines, using conditional access policies (CAPs) and multifactor authentication (MFA) to enhance security within […]

Read more
Advanced Firewall Features Provide Critical Protection Against Cybersecurity Threats

Advanced Firewall Features Provide Critical Protection Against Cybersecurity Threats

With the risk of security breaches and data compromises constantly growing, traditional firewalls are not equipped with the capabilities financial institutions need to optimize their network security. Advanced firewalls—also known as next-generation firewalls (NGFWs)—have more complex features that can help institutions block unwanted traffic, prevent cyberattacks, and enhance their security posture. NGFWs go beyond the […]

Read more
NetConnect 2023 – A Glimpse into the Future of Technology and Compliance

NetConnect 2023 – A Glimpse into the Future of Technology and Compliance

Safe Systems hosted its 2023 NetConnect Customer User Conference last month in Alpharetta, GA. After taking a hiatus due to the pandemic, Safe Systems customers, employees, and partners were eager to reconvene to discuss the latest trends, challenges, and innovations. This year’s conference provided insights into the evolution of banking and the critical role technology […]

Read more
Important Industry Insights on the Use of Anti-Malware and Advanced Features for Ransomware Protection

Important Industry Insights on the Use of Anti-Malware and Advanced Features for Ransomware Protection

According to the IC3 2022 Internet Crime Report, the FBI received 2,385 complaints identified as ransomware with adjusted losses of more than $34.3 million. Moreover, 870 of these complaints indicated that organizations belonging to a critical infrastructure sector, such as financial services, were victims of a ransomware attack. This makes it imperative for banks and […]

Read more
© 2024 Safe Systems, Inc. All Rights Reserved. Privacy Policy