Data Security in 2018: A Year in Review
On January 28, the world will observe Data Privacy Day, the signature event in a greater privacy awareness and education effort that focuses on helping consumers own their online presence.
For Financial Institutions (FIs), the need to protect account holders’ Personally Identifiable Information (PII) has never been greater. PII that leads to fraudulent access of financial accounts is a favorite target of cyberthieves, and that puts FIs in the crosshairs constantly. This unwanted attention from cybercriminals costs financial services firms an average of $18 million per firm to remediate, which is 50 percent higher than in other industries, according to Forbes.
When the Trend is Not Your Friend
The number of data breaches among FIs has increased exponentially over the last several years, and 2018 was no exception. During the first half of the year, 3.3 billion records were exposed globally, with just six breaches accounting for more 56 percent of the total records compromised.
Perhaps even more alarming, a 2018 ServiceNow cybersecurity study reported that 45 percent of financial services institutions suffered a data breach in the previous two years. According to Dan Schulman, CEO of PayPal, U.S. financial services firms are attacked by cybercriminals over 1 billion times a year. Compare that to all other industries, who experience an average of 4 million attacks per year.
Worst Data Breaches of 2018
A number of high-profile data breaches impacted financial institutions or their account holders in 2018. Unfortunately, when payment card information is exposed, banks and credit unions are usually responsible to remedy the damages. Here are three prominent cyber incidents that impacted the financial services sector:
- Saks Fifth Avenue (April 1, 2018) — Hackers captured the debit and credit card information of more than 5 million Saks Fifth Avenue and Lord & Taylor Those responsible for the breach sold the customer payment card data to fraudsters on the Dark Web.
- SunTrust Banks (April 20, 2018) — The Atlanta-based bank reported a breach that impacted 1.5 million clients. Customers’ names, addresses, phone numbers, and account balances were compromised.
- TaskRabbit (June 25, 2018) — A freelance labor-for-hire website, TaskRabbit confirmed that the bank accounts of 3.75 million users were exposed in a data breach. Additional information compromised included names, birthdates, and Social Security numbers of both customers and contractors.
The average cost for U.S. FIs to repair these breaches are significant — $336 per record in 2017. Other consequences can be serious, too, including lost customers. A 2016 survey showed that 12.3 percent of people left credit unions and 28 percent left their banks as a direct result of unauthorized account activity.
Stay on Alert: Three Common Financial Scams
When it comes to relieving unsuspecting people of their money or PII, the methods of today’s creative cyber thieves are increasingly deceitful. Consider the following three scenarios:
- Telephone imposters — A call is initiated with fake caller ID to a bank customer. The fraudster on the line identifies herself as a bank employee and tells the recipient that an unauthorized user has been using a debit card ending in 2345 at [pick any retailer]. The caller then asks the customer to verify his full Social Security number (offering just the last four digits as a teaser) and divulge his complete debit card information to “end the fraudulent use.”
- Payment card skimmers — These devices are secretly placed on ATMs and payment terminals, where they capture and store the payment card data from magnetic strips. Criminals use this stolen data to make fraudulent charges online or with a cloned credit card, or sell the information on the Dark Web.
- Call center fraud — Banks and credit unions have 24/7 customer service via their call centers. Scam artists have turned these centers into a target by using consumer information that they’ve either stolen, found, or purchased on the Dark Web. They use this information to bypass authentication questions of customer service representatives and gain access to your financial accounts.
Mobile Devices Allow Scammers to Move Laterally Across Company Networks
Financial institutions have created mobile banking products and services to keep up with their customers’ on-the-go, tech-savvy lifestyles. Threats to these mobile devices include rogue applications, spyware, unsecured Wi-Fi connections, and even fake networks — essentially all the same dangers that can harm your PC. The rapid growth of BYOD (Bring Your Own Device) in the workplace and the ubiquity of mobile devices being used anytime, anywhere, has significantly expanded the data-breach-threat perimeter.
“74 percent of IT leaders report that their organization has experienced
a data breach as a result of a mobile-security issue… and that mobile devices are the hardest enterprise asset to defend.” — IDG
ITSP notes that half of all bank customers (and 43 percent of credit-union patrons) expect their institution to reduce their identity theft exposure, and to quickly fix the situation if their data is compromised. Fortunately, there are a number of available identity theft protection products that can serve as the first or second line of defense for financial institutions seeking to protect their customers’ PII.
Preparing for, anticipating, and responding to data breaches, cyber intrusions, and identity theft is the best way to protect your business against potentially devastating financial losses. Here are some links to additional resources that may help your organization stay at least one step ahead of the bad guys.
Data Breach Resources for Your Business & Your Customers
- Password Strength Test
- Data Breach News Summary (Table)
- RapidResponse℠ Exclusive Breach Guarantee
- 2018 Data Breaches – The Worst So Far (Blog)
- 8 Tips for 2018 Data Breach Victims (Infographic)
- 7 Tips for Protecting Your Identity (Printable PDF)
- Lessons Learned from Data Breaches in 2017 (Blog)
- Mobile Security for Safeguarding the Entire Digital Footprint (Webinar)
- Risky Business: Data Breach Impact on Your Organization & Employees (Whitepaper)