Prevent cyberattacks
EDITOR'S NOTE: Robin Farmer is a freelance writer.
To avoid the consequences of a costly breach, banks must be forward-thinking when it comes to preventing cyberattacks, security experts said.
While the financial services industry tends to be better balanced from a security perspective than industries such as healthcare and retail, “big banking nonetheless appears to be investing in preventive front-end controls at the expense of detective, corrective and recovery ones,” said Armond Caglar, senior threat specialist at TSC Advantage, an enterprise security solutions provider in Silver Spring, Md. Banks generally are doing well in basic prevention, which includes training in and awareness of spear phishing, basic network segmentation and intrusion detection deployments, he said.
But once a bank is penetrated, “the bad actors tend to be on the network for longer periods going undetected and purloining lots of valuable data,” Caglar said. “Additionally, time and time again, we see businesses reduce the scope of the overall cybersecurity problem to nothing more than an IT issue.”
This inadequate and dangerous approach “ignores the host of nontechnical threat vectors causing havoc in organizations, such as the growing role of deliberate and unintentional insider threat, vendor access management and travel security,” he said.
Fraudulent phishing attacks are becoming more and more convincing. They are as sophisticated as any of the marketing programs run by the bank.”
— Greg Mancusi-Ungaro, chief marketing officer for BrandProtect, a cyberthreat intelligence and brand protection firm based in Canada
Staying ahead of cybercriminals is nearly impossible making cyberattacks increasingly common, said Anton Lavrenko, deputy regional head for Financial Institutions North America, Allianz Global Corporate & Specialty, a New York-based company that specializes in corporate insurance. Highly educated, cybercriminals often work outside of the U.S. border with sophisticated tools and processes, he said.
“These guys are often light years ahead of everything that we do,” said Joseph F. Caruso, regional head for Financial Institutions North America. “These guys may get into a system and sit for months and months – until they get access.”
Proactive cybersecurity requires constant work. It takes vulnerability testing, and that requires significant financial resources, sophistication and the ability to realize when an exposure occurs, all of which make smaller banks more susceptible, Caruso said.
Increasingly common
Cyber resilience
Banks and other financial institutions can develop cyber resilience by aligning security resources against identified weaknesses, developing a response plan, protecting against hidden risks of third-party vendors, minimizing threats from rogue employees and nurturing a security culture during periods of growth, among other measures, security experts said.
More than a bank’s reputation is at risk when digital hackers and scammers attack. Standard & Poor’s recently issued a report that said banks could face a downgraded credit rating if they have ill-prepared cybersecurity measures or if a major breach led to substantial loss of customers or capital.
Cybercriminals will always go where the money is, experts said.
“That simple fact means that attacks on financial institutions such as JPMorgan Chase and Scottrade will continue,” Caglar said. “Eastern European organized criminal groups in particular target financial institutions. State-sponsored attackers also prefer large U.S. financial Institutions because they are interested in the intelligence value that banks possess, such as corporate information, merger and acquisition data, and multinational investment strategy and targets.
“Mature cybersecurity starts with a philosophy that security is not just about legacy endpoint protection we all use, such as firewalls or intrusion detection systems,” he said. “Rather, security is the collection of activities that harmonizes corporate investments in people, process and technology. The problem cannot be solved by the IT department alone. It requires C-suite buy-in, from the board (of directors), and an obligation from each employee that acknowledges their role in preventing attacks.”
See related article about some of the top risks facing banks, including cyberthreats.
Read More
For banks to stay ahead of cybercriminals, multichannel holistic monitoring, analysis and mitigation of external threats beyond the perimeter must become top priorities, experts said.
“Banks must ensure that when customers think they are engaging with a branded site, app, email, asset or social media account, it’s actually one authorized by their institution,” Mancusi-Ungaro said.
Banks are three times more likely than any other industry to be the target of an attack, and they have to protect many different kinds of data, from transaction records to customers’ personal information, said Grant Shirk, senior director, product marketing at Vera, a Palo Alto, Calif.-based firm that develops and implements mobile and cloud security solutions.
“While banks are investing billions of dollars to improve their overall security capabilities, they need to prioritize their spending and protect what matters most — the data itself,” Shirk said. Banks “have to find ways to protect customer and financial data even after it leaves their control. By protecting the data itself, no matter where it travels, banks and other financial institutions can prevent or minimize the impact of a breach.”
While banks are investing billions of dollars to improve their overall security capabilities, they need to prioritize their spending and protect what matters most — the data itself.”
— Grant Shirk, senior director of product marketing at Vera, a California-based data security company
Protect your organization from threats
Cybersecurity Courses Available
  • Mitigation risk
  • Protect customers and proprietary information
  • Remain compliant
Learn More
Concerned about data breaches and reputational harm as well as regulatory scrutiny fueled the increase in the amount of funds, bankspredicted they’d spend more on security in 2016, according to an online pollof 50 bank chief information officers and senior technology executives conducted in early 2016. In the poll conducted by SourceMedia, 70% of the respondents cited “keeping up with security issues” as a top challenge with 40% predicting an increase ranging from 20% to as much as double in spending on security.
It’s not surprising that financial institutions are scrambling to secure themselves, as threats multiply and become more sophisticated, putting banks and their customers at risk, said Greg Mancusi-Ungaro, chief marketing officer for BrandProtect, a cyberthreat intelligence and brand protection firm based in Canada.
“Fraudulent phishing attacks are becoming more and more convincing,” Mancusi-Ungaro said. “They’ve moved way beyond the traditional realm of email attacks, leading to spoof websites. Today’s attack is now much more likely to incorporate a combination of email, social media, social domain, web comments, executive or celebrity impersonation and malvertising. They are as sophisticated as any of the marketing programs run by the bank.”
Banks must take proactive steps to stay ahead of cybercriminals
© 2017 OnCourse Learning Corp. All rights reserved
Contact Us
20225 Water Tower Blvd. Brookfield, WI 53045
By Robin Farmer
More inside this guide
Prevent cyberattacks
Banks must take proactive steps to stay ahead of cybercriminals
Phishing for trouble
Hackers use phishing emails to steal data, penetrate networks
Banks face new cyber regs
New cybersecurity standards could affect large financial institutions
Leading the way
New York establishes first-of-its-kind cybersecurity standards
What you need to know
Ways financial institutions can identify and respond to cyberthreats
Email fraud and cybercrime
Tips to identify red flags and respond to email and cyberthreats
Understand the threats
Learn ways financial institutions can mitigate cyber risks
Reduce cyber risk
OnCourse Learning webinar focuses on cybersecurity issues
Choose the right vendor
Financial institutions can be held responsible for vendor tech failures
Become cyber secure
OnCourse Learning offers cybersecurity training to meet your needs
Take cybersecurity seriously
Guide helps financial institutions identify cyberthreats
Beware of ransomware
Cyberattacks involving ransomware are a growing concern
Stop the bad actors
Terrorists and other groups threaten the financial system
Credit unions raise the bar
Agency creates cybersecurity assessments for credit unions
Cyber preparedness
Why cybersecurity should be a top priority for your financial institution
Increase cyber awareness
Federal and state agencies offer many cyber resources
Protect online payments
Agency warns of cyberthreats to bank payment networks
Training in the cyber age
Preparation is better than remediation when it comes to cybersecurity
How to Navigate
How to Navigate
Move forward or backward between articles by clicking the arrows.
Click or tap to bring up the Table of Contents.
Share articles by clicking on one of the social media icons in the upper right corner of the page.
Use your mouse wheel, keyboard arrow keys, or scroll bar to move up and down in an article.