There is no disputing that cyber crime is at an all time high. It seems not a day goes by without an organisation suffering a security breach or customers of a major bank having money stolen from their accounts.
In fact, PwC’s Global Economic Crime Survey 2016, revealed that cyber crime has now jumped to the second most reported crime globally and that 54% of organisations have been hit with cyber crime in the last two years. This highlights just how big a business hacking has become.
However, some organisations are more of a target than others.
One of the main targets for cyber crime is without a doubt banks. In the last year, banks from all over the world have been hit by hackers.
This includes attacks against Tesco bank, where hackers stole over £2 million from customer accounts, DDoS attacks bring banks like HSBC to a standstill, as well as phishing scams targeting the customers of all major banks in the UK.
So why are banks such a lucrative target for cyber crime? The answer is simple, cyber criminals go where the money is, and banks have more money than most other organisations.
Here, Spencer Young, RVP of EMEA at cyber security firm Imperva, discusses the key threats banks and bank customers are faced with today, and how he expects banks will aim to overcome them in the future.
What are the major threats banks are faced with today?
While there are numerous threats aimed at bank systems and their customers, one of the biggest threats, and often one of the hardest to detect, is that of malicious, careless and compromised users. These employees, contractors and partners are already inside the banks secure perimeter and have legitimate access to its sensitive data and IT systems.
When these insiders abuse their privileged access or are compromised by external attackers, the valuable data is easily exposed. As banks continue to expand online and mobile access, they also expand the attack surface. As such, they must be vigilant against DDoS attacks and web application attacks such as credential stuffing.
We have seen numerous high-profile breaches against major financial services institutions in the last year, and the volume and complexity of the attacks are on the rise.
Criminals can send phishing emails or set up fake websites that dupe consumers into giving away sensitive financial data. They can also leverage information from social media sites to socially engineer their way into accounts via customer service.
For example, while it’s unclear of the exact nature of the recent Tesco attacks, one theory is that the hackers got their hands on customers’ debit card information, and then proceeded to use it in an automated attack which resulted in £2.5 million being taken from around 9,000 account holders.
Why is cyber crime still such a success?
As financial institutions shift to digital channels like online banking and mobile transactions, the attack surface grows, and there is more to protect.
Combine this with the fact that successful attacks on banks and financial services firms provide a quick way to monetise the data, and you can see why banks and financial institutions are such popular targets.
Given the number of hackers attempting to breach these institutions, it’s a matter of when, not if, financial institutions will be breached. Clearly, it’s critical that they protect the data that the criminals are after.
Is secure banking an unrealistic goal?
Even though banks are a popular target for hackers, they also are among the most sophisticated enterprises in the world from a security perspective. This is largely because security and online banking go hand-in-hand.
Consumers want the confidence that their financial information will be protected, regardless of how it’s accessed. The banks have reputation, brand and highly sensitive personal data to protect, and in the main, they take that very seriously.
What we don’t hear about are the numerous attempts to breach banking systems that are successfully prevented. This is down to the investments that the banks have made in systems and processes to defend their customer’s personal data.
We have strong business relationships with some of the world’s largest banks, and they are constantly reviewing and updating their defence systems, sometimes in response to new attack threats and types, sometimes pro-actively in evolving their systems to be the most secure they can be.
How will banks combat cyber crime in the future?
Compared to today, the secure bank of the future will use more machine-learning technology and systems to proactively prevent potential breaches and data loss.
In other words, we will see more ‘attack as the best form of defence.’ They will also defend the sensitive data they hold at every potential access point, regardless of whether that is a mobile device, internal network, connected internet of things device, through a website, through an app etc. And of vital importance, they will all then add more protection to the databases themselves that hold the key to the information the criminals are after.
So, we will see proactive prevention, and more unique layers of defence to protect what the banks value the most.