Since financial data is one of the most appealing targets for hackers, institutions dealing primarily in finance need to remain extra vigilant about cybersecurity. In fact, security experts cite cyber threats as one of the top risks to financial markets.
To help your organization plan for the coming year, here are 2016’s top 10 cybersecurity threats for financial institutions.
Sensitive data that wasn’t properly encrypted created an expensive problem during 2015’s many financial data breaches. Essentially, stolen data could immediately be used by hackers after a data breach – unless the data was properly encrypted, that is.
How to counter: Protect your financial services business by using proper encryption for account numbers, names, addresses, and any other sensitive information. This alone will greatly decrease the cost of recovery in the event of a data breach. Whenever data is not in use, it should be encrypted.
New Hacker Opportunities
New technologies, such as the Internet of things, always create new cybercriminal opportunities. (For example, 2015 saw medical devices, connected cars, and even toys fall victim to either real or hypothetical attacks.) CCTV cameras can be turned into botnets designed to attack banks.
How to counter: Adopt a holistic approach to cybersecurity. Monitor network activity for suspicious traffic. Look for “symptoms” of a hack – including suspicious network traffic – and then
Cybersecurity professionals have confirmed numerous cyber-attacks sponsored by foreign governments. Organizations in the US responsible for critical infrastructure need to be especially vigilant against these types of attacks, which are expected to increase in severity and frequency.
How to counter: Develop a cybersecurity policy according to NIST guidelines that includes watching out for government alerts.
Insecure Third-Party Services
Financial institutions intertwine services from multiple vendors, partners, and other third parties. Unfortunately, some of these third-party services can place its partner institutions at risk if they become compromised. Though regulators in both the United States and European Union are trying to decrease this risk, acting now is smarter than waiting for government regulations.
How to counter: Consider cybersecurity from the earliest planning stages of third party integrations into financial institution services. Ensure regular testing and updates will be available to protect from security threats before deploying any third-party solution.
Protect your organization. Get the plain English cybersecurity guide every executive should own. Download the Cybersecurity Resource Kit today!
Changed or Manipulated Data
As even minor errors can lead to millions or billions of dollars in damage, a new type of attack puts financial institutions at high risk. Attackers have started deliberately changing or manipulating data during hacking incidents. In many cases, this is even more damaging than deleting data because it makes data untrustworthy.
How to counter: Create regular data backups. Seek the specific advice from security professionals to determine how to ensure accurate data is mirrored.
Mobile Banking Risks
The last few years have seen mobile banking explode in use by consumers. However, storing sensitive information on user devices presents a major security risk (especially on rooted or jailbroken devices). How can financial institutions deliver greater convenience to their customers while preventing malware or other device comprises from accessing sensitive data?
How to counter: One answer is to encrypt all data on the mobile device (or at least as much data as possible). Another solution is to store as little sensitive data as possible (for example, storing only usernames instead of username/password combinations). Thorough testing on a wide variety of platforms and devices will also help identify potential security risks.
Compromised end user devices will continue to pose one of the most significant threats next year. As bring your own device (BYOD) policies become more popular, the opportunity for infected devices to connect to a network will dramatically rise. Each time an uncontrolled device connects to a network, sensitive data passes through. Hidden malware could read or hijack this data.
Another common technique is to secretly install backdoors that listen and wait for instructions. These backdoors can exist for months or years before becoming active.
How to counter: Use proper security to detect backdoors. Implement network security protocols, such as advanced firewalls, to carefully restrict traffic.
Business Email Compromise (BEC) and other scams
Compromised business email accounts have led to billions of dollars lost by businesses in the United States, including financial institution. Often, these scams aren’t detected until it’s too late. Since they are the result of meticulous research, high-value accounts (such as C-level executives) are especially at risk.
How to counter: Become educated about how spoofing attacks occur and what to do to stop them. Develop an employee education plan to help lower-level employees and managers recognize when something fishy is happening.
Advanced Spoofing Attacks
A spoofing attack on three Florida banks showed just how sophisticated these attacks have become. Hackers were able to hijack the banks’ websites and steal user login information. Normally, spoofing attacks use similar URLs to impersonate legitimate sites. These attacks, however, were somehow able to attack users who typed in the correct URL. Experts are concerned advanced spoofing attacks like this could spread.
How to counter: Use multifactor authentication to keep user accounts safe. Deploy privileged user management solutions to restrict user access and provide security intelligence.
New Chip-and-Pin Attacks
2015’s switch to EMV payment processing made using debit and credit cards at stores more secure. It also protected financial institutions from liability in some cases.
However, an unintended consequence from the EMV switch is that cyber criminals have had plenty of time to think of alternative ways to steal payment information. Some of these attacks may have already occurred. The switch to EMV won’t affect online transactions, making online fraud more appealing.
How to counter: Develop a post-breach recovery plan. Having a step-by-step process ready to go if or when a breach occurs.
Protect Your Financial Organization
As these 10 cybersecurity threats for financial institutions demonstrate, cybersecurity professionals have their hands full during the next year. Fortunately, with the assistance of cybersecurity professionals, your organization can stay protected from hackers.
Don’t let your financial institution fall victim to these – and other – cybersecurity threats. Buy Maryland Cyber has the largest, most comprehensive directory of Maryland-based cybersecurity firms ready to guide your organization through 2016’s most dangerous threats.
These professionals can help you develop a plan to identify, prevent, and recover from cyber-attacks. Search our directory listings to find a cybersecurity professional near you to help your financial institution stay protected.Posted on