Setting a cyberattack defense

Experts say two types of banking organizations exist today—those that have been breached and those that will experience a breach.

A study by Raytheon and Websense found that financial services organizations see three times as many attack attempts by cybercriminals than other industries. Gartner estimates that by 2020, global spending on preventing and remediating cyberattacks will hit $170 billion.

Many more statistics could be cited, but the bottom line is, what can financial institutions do to improve cybersecurity preparedness?

To effectively detect and manage cyberattacks, financial institutions must understand: which types of cyberattacks are on the rise; the tactics used to accomplish such attacks; and which types of attacks cost the most. Armed with this knowledge, banks can take proactive steps to protect their business and their customers in the event of a breach.

Phishing attacks on the rise

Phishing was the number-one source of cyberattacks in 2016, according to the 2017 PricewaterhouseCoopers (PwC) Global State of Information Security Survey. Phishing is a bad actor’s attempt to seize user credentials, financial data, or other sensitive information by pretending to be a source of legitimate email communication.

Hackers continue to employ this tactic because all it takes is one employee to open an unsuspecting email and click on a bad link, giving hackers access to the company network.

Phishing techniques continuously evolve. Spear-phishing, for example, is a highly targeted and customized tactic where the source of the email appears to be a person of authority in the recipient’s own organization. Spear-phishing typically requires minimal effort with a large payoff, as illustrated by recent high-profile spear-phishing attacks. Such high-profile attacks include JPMorgan Chase, where 82 million customer accounts were hacked when employees’ credentials were stolen.

Combatting phishing attacks

The rise of phishing attacks prove that cybercriminals understand how to target organizations, and steal everything from intellectual property, network credentials, money, customer intelligence, employee data, and more.

To combat such attacks, financial institutions should assess their current policies around email usage, attachments, and web usage. By evaluating their policies, controls, and employee education, banks can determine where they are vulnerable and take steps to strengthen their cybersecurity strategy.

Financial institutions should also enact certain controls, including email and web filters, anti-virus, anti-malware, and anomalous behavior detection controls. These simple safeguards can help institutions stay ahead of many prevalent threats.

Promoting awareness of phishing among employees is important. Banks can provide training for new hires and ongoing employee training. Additionally, phishing tests and pop quizzes can be used to quickly assess employees’ reactions to a spear-phishing attempt.

USB Drives, malvertising, and ransomware

While phishing may be hackers’ weapon of choice, other threats should be on banks’ radar.

USB Drives

Compromised USB drives can contain malware that has the ability to attack isolated computers. People often use these memory sticks without thinking twice about security.

Security depends on using only memory sticks that came from a trusted source. Employees should not bring their own drives to work. As an additional precaution, banks can encourage employees to disable the autorun feature on their computer and regularly back up data as a preventative measure.

Malvertising

Malvertising is yet another tactic hackers frequently use. In fact, a 2016 Cyphort Labs report revealed that malvertising campaigns had increased by 325% since 2014. Hackers place malware on popular, trusted sites like YouTube or Yahoo. Consumers who visit these sites then accidentally click on a false advertisement that infects their computer.

Although reducing the threat of malvertising largely falls on the shoulders of ad networks and website owners, web users at financial institutions can take action by ensuring all computer systems are properly patched and updated regularly—including ad blockers.

Ransomware

Ransomware is a type of computer virus that scrambles victim’s files and demands a ransom payment in exchange for the restored files. This threat has quickly become one of the largest and most damaging risks for banks. The Internet Crime Complaint Center reported that ransomware victims paid more than $24 million to ransomware criminals in 2015 alone.

Financial institutions are a prime example of an organization at risk for a targeted ransomware attack. Hackers can hold sensitive financial data hostage, threatening to leak the confidential information unless payment is received.

Regularly backing up critical files and ensuring all systems and programs are updated and patched in a timely manner can help protect financial institutions from ransomware.

It is also wise for financial institution employees to familiarize themselves with the organization’s ransomware policies, including:

• How they will conduct business in the event of a ransomware attack.

• If and how much the institution is willing to pay hackers.

• Who will speak to the media.

• How customers will be notified.

This should all be understood and in place before an attack. During an incident, law enforcement or an attorney may be obligated to prove the institution negligent or report the incident to the Federal Trade Commission.

Cybersecurity preparedness

No financial institution is exempt from a potential cyberattack. As cyberattacks evolve and new threats emerge, financial institutions must consistently test their defenses for vulnerabilities. Banks should strive to constantly improve their cybersecurity programs and budget appropriately for hardware, software, and personnel to do so.

To begin building a cybersecurity program, financial institutions can refer to the FFIEC Cybersecurity Assessment Tool and Information Security handbook. These tools provide an optimal framework for a program. Furthermore, to ensure a solid cybersecurity plan, hiring an independent third party to check the system and report any necessary improvements can also be helpful.

Looking ahead in 2017, the financial industry will likely see a sharp increase in cyberattacks and new cybersecurity regulations, like those proposed by the New York State Department of Financial Services. 

Taking preventative measures against trending techniques used by hackers and consistently testing for network vulnerabilities will help today’s financial institutions stay ahead of cybercriminals and prevent the costly side-effects of a successful data breach.

About the author

Sean Feeney is CEO of DefenseStorm. The company is a security data platform serving financial institutions.