It is no surprise that cybercriminals are after the money, and banks have plenty lying around. They also have gobs of data, making banks irresistible to hackers who have a field day attacking complex banking IT systems flush with more connections than a movie agent.
Here are a few recent facts to know:
- According to Forbes, 35% of all data breaches impact banks and financial services organizations.
- Security attacks are unremitting. A survey by Vanson Bourne of 100 financial services decision makers in the UK found 70% were hit by a security incident in the last twelve months.
- Meanwhile, the Boston Consulting Group finds that “Financial services firms are 300 times as likely as other companies to be targeted by a cyberattack. Dealing with those attacks and their aftermath carries a higher cost for banks and wealth managers than for any other sector.”
Hackers don’t always want to steal data. Sometimes they just want to change it. These modifications are often hard to spot because the data looks no different. But accurate data is a bank’s lifeline and alterations cause reputational and financial damage.
Cybercriminals are sometimes just as happy to destroy information. “Cybercriminals targeting the financial sector often escalate their destructive attacks in order to burn evidence as part of their counter incident response. Our report found that 63% of financial institutions experienced an increase in destructive attacks, a 17% increase from last year,” argued VMware in its Modern Bank Heists report. “Destructive attacks are launched punitively to destroy, disrupt, or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code.”
Ransomware continues to rage as some 75% of respondents have fallen victim to at least one ransomware attack, with 63% of victims paying the ransom.
Financial Security Pain Points
Financial Services firms face an array of security and compliance pain points, including:
- Compliance: Taking improper care of data leads to compliance violations and subsequent regulations and fines.
- Identities and Authentication: Banks must not only control access to data from employees and outsiders, but IT systems must also be protected through proper credentials for the IT pros themselves.
- Security: A bank breach is front-page news, invading customer privacy and harming the organization’s reputation.
New Threats and Targets
While old threats seemingly never die, new ones continually emerge. In the case of banks, cybercriminal groups increasingly target so-called non-public market information. The idea here is to steal information that points to changes in the market – a thief’s version of insider trading. So, while credit card numbers remain an easy path to fraud, unreleased earnings estimates, transactions and information about public offerings allow gangs to invest their ill-gotten gains in stocks they know will move once this data becomes public.
In fact, the annual Modern Bank Heists report found that 66% of financial institutions have been targeted by these attacks.
Breach Forensics Done Right
Did you know it takes on average 287 days to discover, identify and contain a data breach — and the longer it takes to find the more it costs? “Data breaches that took longer than 200 days to identify and contain cost on average $4.87 million, compared to $3.61 million for breaches that took less than 200 days,” the IBM Cost of a Data Breach Report found.
Network bandwidth and device monitoring can help identify potential breaches, often in the breach attempt phase. And IT can perform security forensics through network logs, log analysis and reporting. This way, IT knows what happened and why. Armed with this information, IT can minimize ongoing damage and, knowing the source, block it from happening again.
When Security Tools Do More Harm than Good
Unfortunately, the systems designed to help (IT alerting tools) can overwhelm IT. Ovum research of banks found that 40% get hit with an average of 160,000 mistaken, redundant or irrelevant alerts every day. Alert overload from myriad security tools is the culprit. Ovum found that 73% have at least 25 separate security tools.
Smart organizations invest in tools that provide a platform with many capabilities: bandwidth monitoring, log management, network traffic analysis, virtualization monitoring and more. WhatsUp Gold combines these approaches as a way to provide deep insights into what is happening with your networked devices and systems. You can bank on that.