Financial institutions consistently have been the most cyberattacked industry for the past decade. It is no surprise, given that banking enterprises hold large volumes of sensitive data about people, companies, and governments, and their transactional business revolves around massive volumes of money transfer. Hackers will continue to strike with increasing sophistication since the data held by financial institutions is of high value with the potential for extremely lucrative financial gains if stolen. For example, the Europe-based Carbanak and Cobalt malware campaigns targeted more than 100 financial institutions in greater than 40 countries during five years from 2013-2018, and the criminal profits yielded over a billion Euros.
Attacks are increasingly sophisticated and cyber criminals continue to invest in new and complex criminal strategies and campaigns. Hackers in banking often take advantage of the interdependencies of financial institutions to service products such as credit cards and mortgages for other banks. From one bank breach, the cyber cartels jump to the partnered financial institution to steal its data as well.
In some types of cyberattacks, criminals make slight changes to data, which may not be immediately detectable. Because nothing is stolen at the time, users may not recognize the attack. However, once the criminals gain access to this data, they can manipulate algorithms in the system for their own financial gain. Timestamp manipulation is a newer strategy, whereby criminals have found that they are more likely to evade detection if they manipulate time for an otherwise valid transaction. Changing timestamps can alter the value of capital and trades. Because the parties to the transaction appear to be legitimate, this type of fraud is harder to detect.
Other criminals outright steal data for financial gain by selling it, hold data hostage for ransom profit, or pilfer intellectual property such as an organization’s competitive strategy and business plans to sell to interested parties. But the main goal in banking cyber-criminal activity is direct profit from a modern-day bank heist—stealing money from the bank.
Despite the increasing complexity of cyberattacks against financial institutions, there are some tools and best practices that banks and credit unions can use to protect themselves from these threats:
- Continuously update security technology and protocols as threats evolve and adapt with the help of a dedicated full-time security team.
- Employ 24/7/365 monitoring with remote remediation to quickly stop attacks in their tracks
- Monitor endpoint devices to stop attacks before they hit networks.
- Monitor cloud security including application use across the financial institution.
- Monitor email and Office 365 using tools specially designed to thwart attacks on these platforms, such as proactively recognizing and removing phishing scams.
- Have a dedicated security team and SOC, or hire an expert outside managed security services firm that embeds tools, technology and 24/7/365 monitoring to serve as your SOC.
- Push frequent patches so that user devices are equipped with the latest security protections.
- Adopt deep learning or AI monitoring, mitigation and context investigation that can more quickly identify threats.
- Encrypt data so that it is not compromised even if a breach occurs.
- Use multi-factor authentication to protect against unauthorized access.
- Instruct employees and customers to only access bank data in a secure location over a non-public Internet connection.
- Train employees on cybersecurity threats quarterly.
- Develop a solid business recovery plan for when an attack occurs.
Learn more about how Aunalytics Advanced Security helps protect financial institutions, and businesses in other highly regulated industries, from cyberattacks.