Cybersecurity breaches continue to grow in both frequency and sophistication for all industries, and the financial sector is particularly vulnerable.
Financial services firms fall victim to cybersecurity attacks far more frequently than businesses in other industries. Security breaches lead to lost revenue for a banking institutions, interruptions in operations and loss of both reputation and customers.
Here are just a handful of statistics on the devastating effects of breaches in the financial industry from Fortunly:
- The cost of cyberattacks in the banking industry reached $18.3 million annually per company.
- 8 out of 10 US citizens fear that businesses are not able to secure their financial information.
- According to FBI, the amount paid to ransomware scammers has reached nearly $1 billion per year.
- 92% of ATMs are vulnerable to hacks.
Financial establishments experience threats from a variety of sources led primarily by mobile applications and web portals. Cyber criminals may steal or manipulate valuable user data and or “clone” banking apps in order to use them for nefarious purposes.
Here is a closer look at cyber threats in the banking arena.
The new FSSCC profile
Cyber attacks in the financial industry have increased significantly as attackers have become more sophisticated and as the number of potential targets or entry points has expanded. The sheer number of users has increased drastically as well as the continued proliferation and addition of new banking technologies.
In an effort to thwart potential security issues, the Financial Services Sector Coordinating Council (FSSCC) along with key agency advisors developed a new survey aimed at helping financial services firms determine the potential effects of a cyber event at their institution.
This two-pronged analysis is based on proven cybersecurity methodologies and offers financial organization decision makers a practical, common approach to cybersecurity compliance across national and international financial organizations. However, despite the availability of this tool, cyber threats to the financial world remain a significant cause for concern.
A growing risk
Banking customers are moving away from using cash and checks and relying more on electronic banking to complete transactions.
In response to this shift, financial organizations continue to develop more web portals and mobile apps. Although these apps and portals are aimed at increasing convenience and enhancing the customer experience, they pose unique risks in terms of cybersecurity.
A 2018 study by Accenture reviewed 30 major banking applications and found that all 30 had vulnerabilities ranging from insecure data storage to insecure authentication and code tampering. What’s more, a similar study revealed that 85% of the tested web apps had flaws that would permit cyber attacks against users.
From lack of secure data storage to ineffective cryptography, there are a number of reasons why online banking portals and banking apps pose a special threat:
- Lack of server security
- Insecure or ineffective data storage
- Data is not secured in the transport layer from server to client and/or from client to server
- Data leakage on the user side
- Inadequate authentication and authorization during user log-in
- Inadequate or ineffective encryption
- Client-side injection (e.g. the injection or execution of malicious code on the mobile device through the mobile app)
Solutions for secure banking
The cyber risks that plague the banking industry are multiplied when you consider the vast number of users involved. The number of potentially insecure endpoints represent a candy store to cyber criminals.
Recent statistics show online banking accounts for nearly 75 percent of all banking transactions, and this number is only expected to increase. The new FSSCC Profile is utilized by most major banking institutions along with other cybersecurity measures, although cyber crime continues to grow in sophistication.
There are really three major attack vectors that banking institutions and financial organizations need to consider. The first is the personal security of individual members accessing their accounts, the second is security of the tools you build for them to access their accounts, and third is your own internal team as they access your back-end servers and internal network (as well as the data housed on your network).
Personal protection of users
Keeping individual users secure is very difficult as you have very little control over their behavior. As an institution the most you can typically do is impose strict security requirements and controls on your web portal. This includes things like requiring strong passwords and implementing 2 factor authentication.
Internal team and data protection
Especially relevant in today's current environment, with much of your team accessing your network remotely, is the security of each endpoint you allow into your centralized protected network.
Making sure you have every device across the entire surface area we affectionately call "the edge" protected is of paramount importance. Usually achieved with a VPN solution, ensuring your staff can remotely connect through the most secure methods available is your best bet.
In the banking industry, you may also be especially concerned about a solution for communication that includes quantum resistant cryptography, particularly if the data you are transmitting would still be sensitive in 30 or so years.
Security solutions like Attila’s GoSilent are designed to detect and prevent cyber attacks from a wide spectrum of sources, and help keep your team secure.
GoSilent locks down access to the networks of banking institutions by securing all endpoints - such as servers, mobile devices, printer/scanners, laptops and desktops - and providing a secure IPSec tunnel with Commercial National Security Algorithm (CNSA) Suite.
Learn more about Attila Security’s next-generation products and solutions for financial institutions.