Cybersecurity breaches continue to grow in both frequency and sophistication for all industries, and the financial sector is particularly vulnerable.
In mid-2018, ITSP Magazine reported that financial services firms fall victim to cybersecurity attacks 300 times more frequently than businesses in other industries. Security breaches lead to lost revenue for a banking institutions, interruptions in operations and loss of both reputation and customers.
Financial establishments experience threats from a variety of sources led by mobile applications and web portals. Cyber criminals may steal or manipulate valuable user data and or “clone” banking apps in order to use them for nefarious purposes.
Here is a closer look at cyber threats in the banking arena.
The new FSSCC profile
Cyber attacks in the financial industry have increased significantly as attackers become more sophisticated and as the number of potential targets or entry points has expanded due to the quantity of users and the continued proliferation of new technologies.
In an effort to thwart potential security issues, the Financial Services Sector Coordinating Council (FSSCC) along with key agency advisors developed a new survey aimed at helping financial services firms determine the potential effects of a cyber event at their institution.
This two-pronged analysis is based on proven cybersecurity methodologies and offers financial organization decision makers a practical, common approach to cybersecurity compliance across national and international financial organizations. However, despite the availability of this tool, cyber threats to the financial world remain a significant cause for concern.
A growing risk
Banking customers are moving away from using cash and checks and relying more on electronic banking to complete transactions.
In response to this shift, financial organizations continue to develop more web portals and mobile apps. Although these apps and portals are aimed at increasing convenience and enhancing the customer experience, they pose unique risks in terms of cybersecurity.
A 2018 study by Accenture reviewed 30 major banking applications and found that all 30 had vulnerabilities ranging from insecure data storage to insecure authentication and code tampering. What’s more, a similar study revealed that 85% of the tested web apps had flaws that would permit cyber attacks against users.
From lack of secure data storage to ineffective cryptography, there are a number of reasons why portals and banking apps pose a special threat:
- Lack of server security
- Insecure or ineffective data storage
- Data is not secured in the transport layer from server to client and/or from client to server
- Data leakage on the user side
- Inadequate authentication and authorization during user log-in
- Inadequate or ineffective encryption
- Client-side injection (e.g. the injection or execution of malicious code on the mobile device through the mobile app)
Solutions for secure banking
The cyber risks that plague the banking industry are multiplied when you consider the vast number of users involved. The number of potentially insecure endpoints represent a candy store to cyber criminals.
Recent statistics show online banking accounts for nearly 75 percent of all banking transactions, and this number is only expected to increase. The new FSSCC Profile is utilized by most major banking institutions along with other cybersecurity measures, although cyber crime continues to grow in sophistication.
Security solutions like Attila’s GoSilent are designed to detect and prevent cyber attacks from a wide spectrum of sources.
GoSilent locks down access to the networks of banking institutions by securing all endpoints - such as servers, mobile devices, printer/scanners, laptops and desktops - and providing a secure IPSec tunnel with Commercial National Security Algorithm (CNSA) Suite.
Learn more about Attila Security’s next-generation products and solutions for financial institutions.