1950’s bank robber Willie Sutton was once—erroneously—quoted as saying “I rob banks because that’s where the money is.” Sutton never said it, a reporter made up the quote. However, cyber criminals are taking the advice.
In early 2018, the World Economic Forum announced that worldwide losses from cybercrime approached USD 1 trillion. According to the latest Data Breach Investigations Report, crimeware (which includes ransomware, malware, worms, spyware, etc.) was the single largest attack method used on the banking industry. With the potential take being upwards of tens of millions, as in the case of the Far Eastern International Bank in 2017, it shouldn’t come as a surprise.
So, what are banks doing to respond?
To provide the best defensive stance possible, banks need to have a malleable plan that can adjust to the constant game of cat-and-mouse played by cybercriminals. In general, two response trends are being taken by banks:
- Improve Staffing – everything from hiring cybersecurity experts to putting response teams together is on the agenda.
- Upgrade Technology – According to threat analysis company, Positive Technologies, two-thirds of banks use outdated software, 58% use insecure data transfer protocols, and half leave remote access and control interfaces exposed to the Internet. Banks such as PNC have traditionally spent their budget on infrastructure and not on security-focused technology. But banking institutions today are realizing they need to spend their budget on securing the perimeter, their endpoints, their vulnerabilities and on improving IT resiliency.
Banks also need to add Security Awareness Training to the mix. According to Positive Technologies, 75% of banks are vulnerable to social engineering attacks. Elevating bank employee awareness to the presence of social engineering, phishing scams, and the methods used can significantly reduce the risk of infection, compromise, and successful attack.
Based Blockchain Network