Building a Strong Defense to Combat Cyber Threats Targeting Banks
Companies in the financial services sector experience 300 times more cyberattacks than any other industry. Cyberthieves target the sensitive Personally Identifiable Information (PII)and confidential data stored by Financial Institutions (FIs) because it can deliver a significant return when sold on the Dark Web. And, the cost of the security incident can rapidly add up to millions with remediation costing FIs an average of $206 per piece of exposed customer data.
FIs are also impacted by data breaches in other ways — through the expectations that account holders have around security and protection. Consumers trust their banks to protect their financial accounts and be there to resolve any issues created by fraudulent activity. After a security incident, banks will experience further impact to profits and to their reputation as customers take their business elsewhere. According to Ponemon Institute’s 2018 Cost of a Data Breach Study, account holder churn rates hit 6.1 percent following a breach, representing more than $6 million in average total costs.
Clearly, no banking or Information Security (InfoSec) executive wants to be faced with the realization that their organization was breached. Let’s examine some of the top cyber threats that banks are facing in today’s landscape, and how FIs can defend against them.
Mobile Banking Exposed
As banks increasingly offer mobile banking solutions and integrate their services with external Peer-to-Peer (P2P) payment software like PayPal, Venmo, and CashApp, each new mobile-enabled service represents a security vulnerability across every device in the network. Statista reports that all generations are adopting digital banking solutions at a rapid pace, and more than 50 percent of all mobile phone owners use mobile banking services.
Hackers have caught on. Not only do they attack banking apps directly, they are also creating Trojan or “spoof” apps to steal banking credentials. No one can prevent consumers from being tricked by phony apps, but banks can take measures to secure their own mobile app and online banking portal. By investing in mobile threat defense, FIs can provide their IT and InfoSec teams with visibility into vulnerabilities that may exist on employee or customer mobile devices connected to their app or network. This is an invaluable asset that allows these tech teams to isolate compromised devices before viruses can spread and become a full-fledged data breach.
Remember that website that appeared to go down for hours, or perhaps you attempted an account login only to keep seeing a connection error? Distributed denial of service (DDoS) cyberattacks can overwhelm network servers, causing extreme congestion, service disruption, and significant network downtime. For FIs, a DDoS attack leads to customer frustration, even panic, when they are unable to access their financial accounts, and general disruption to regular business activities.
With the number of attack layers and devices that cybercriminals have at their disposal, preventing DDoS attacks is virtually impossible. However, with the right tools and team in place, downtime can be significantly reduced. Create a Denial of Service response plan and consider implementing a system that provides early threat detection to mitigate the risk from a DDoS attack.
Call Center Fraud
Fraudsters are now using a combination of synthetic identity theft and social engineering to target the call centers of financial services firms. These scams can be used to trick agents into resetting online account passwords or even transferring funds. According to Pindrop’s recent Call Center Fraud report, fraud activity jumped 136 percent between 2016-2017. These customer service centers process 36 billion interactions every year, creating numerous opportunities for identity thieves to make off with stolen account information.
In addition to asking security questions, call centers can utilize software to recognize callers by voice rather than personal information like account number, date of birth, address, or partial Social Security Number, all of which can be easily stolen by cybercriminals. Voice biometrics can identify a caller by their unique vocal characteristics, making fraud attempts much more difficult.
Traditional Attacks Remain Widespread
Cyber thieves try to compromise customer accounts through any means necessary. They also target banking employees to infiltrate and steal data from the inside. From phishing attacks to mobile device take over, employee error remains a major cause of breaches. Coupled with the continued worry of internal fraud, financial institutions have a lot of vulnerabilities to safeguard when it comes to account holder and employee identity protection.
Putting data security policies and training in place is the best way to reduce risk from employee negligence. Be sure to dedicate time to reinforce those teachings throughout the year, keeping the information refreshed and top of mind. Regular communications to your organization will increase employee’s ability to retain knowledge around safe practices for data security.
Free eBook: The Financial Institution’s Guide to Protecting Account Holders in 2019
Want to keep exploring why account holder loyalty and trust is critical in today’s competitive, digital banking environment, and how you can reduce the impact of cybercrime and identity theft on your customers? Download our 3rd Annual eBook to gain actionable insights around:
- Latest Scam Awareness | The schemes and cyber threats to watch for in 2019.
- Fraud’s Impact on Behavior | How customers’ attitudes and behaviors towards their financial institutions change, and not for the better.
- Deepening Customer Relationships | How to reduce the emotional toll of identity theft on your account holders and boost customer retention.