At least five U.S. banks have been targeted in a sophisticated cyberattack this month. New York Times reported that hackers breached the network and stole gigabytes of sensitive information, including checking and savings account information. The F.B.I. is involved in the investigation and is conducting forensics, but it isn’t yet clear who originated the attacks.
The attack is not unexpected. Financial institutions have been fighting malware targeting online banking for over ten years. Attackers who are motivated by financial reward, however, quickly adapt to countermeasures and many security implementations are ineffective at protecting against advanced attacks. According to the 2014 Symantec Internet Security Threat Report, the financial services industry ranks 5th among the top 10 industries for targeted attacks.
How can banks strengthen online security?
Be proactive. Here are several recommendations to help organizations secure their online business:
- Protect your customer's entire website visit by deploying SSL on all your web pages.
- Implement security precautions on all mobile devices including strong authentication.
- Use encryption for data in transit and at rest (SSL does not encrypt stored data).
- Protect physical and virtual data centers with host-based intrusion detection and prevention solutions.
- Be sure to get your digital certificates from an established, trustworthy Certification Authority who demonstrates excellent security practices.
- Deploy endpoint protection software and gateway antivirus and regularly scan for vulnerabilities.
- Monitor the threat landscape and your infrastructure for network intrusions, propagation attempts and other suspicious traffic patterns.
- Educate users about security policies and information use.
Unfortunately, 45 percent of global CIOs admit to underinvesting in cybersecurity according to a recent Accenture study. While CIOs are generally aware that endpoint protection alone is not enough to protect their business against advanced cyber threats, many are reluctant to upgrade security technologies because of the perceived cost involved.
Companies often avoid sufficiently investing in cybersecurity because they perceive that existing threats don’t warrant high levels of investment. Unfortunately, the cost of data breaches is high – as many organizations have discovered in the wake of recent mega breaches.
For more information about how to protect your organization from advanced attacks, read our AV is Not Enough for the Enterprise blog, or download our white paper: The Cyber-Resilient Enterprise: Harnessing Your Security Intelligence. #GoKnow and #DoItAll