It is no surprise that cybercriminals are after the money, and banks have plenty lying around. They also have gobs of data, making banks irresistible to hackers who have a field day attacking complex banking IT systems flush with more connections than a movie agent.
Here are a few recent facts to know:
Hackers don’t always want to steal data. Sometimes they just want to change it. These modifications are often hard to spot because the data looks no different. But accurate data is a bank’s lifeline and alterations cause reputational and financial damage.
Cybercriminals are sometimes just as happy to destroy information. “Cybercriminals targeting the financial sector often escalate their destructive attacks in order to burn evidence as part of their counter incident response. Our report found that 63% of financial institutions experienced an increase in destructive attacks, a 17% increase from last year,” argued VMware in its Modern Bank Heists report. “Destructive attacks are launched punitively to destroy, disrupt, or degrade victim systems by taking actions such as encrypting files, deleting data, destroying hard drives, terminating connections, or executing malicious code.”
Ransomware continues to rage as some 75% of respondents have fallen victim to at least one ransomware attack, with 63% of victims paying the ransom.
Financial Services firms face an array of security and compliance pain points, including:
While old threats seemingly never die, new ones continually emerge. In the case of banks, cybercriminal groups increasingly target so-called non-public market information. The idea here is to steal information that points to changes in the market – a thief’s version of insider trading. So, while credit card numbers remain an easy path to fraud, unreleased earnings estimates, transactions and information about public offerings allow gangs to invest their ill-gotten gains in stocks they know will move once this data becomes public.
In fact, the annual Modern Bank Heists report found that 66% of financial institutions have been targeted by these attacks.
Did you know it takes on average 287 days to discover, identify and contain a data breach — and the longer it takes to find the more it costs? “Data breaches that took longer than 200 days to identify and contain cost on average $4.87 million, compared to $3.61 million for breaches that took less than 200 days,” the IBM Cost of a Data Breach Report found.
Network bandwidth and device monitoring can help identify potential breaches, often in the breach attempt phase. And IT can perform security forensics through network logs, log analysis and reporting. This way, IT knows what happened and why. Armed with this information, IT can minimize ongoing damage and, knowing the source, block it from happening again.
Unfortunately, the systems designed to help (IT alerting tools) can overwhelm IT. Ovum research of banks found that 40% get hit with an average of 160,000 mistaken, redundant or irrelevant alerts every day. Alert overload from myriad security tools is the culprit. Ovum found that 73% have at least 25 separate security tools.
Smart organizations invest in tools that provide a platform with many capabilities: bandwidth monitoring, log management, network traffic analysis, virtualization monitoring and more. WhatsUp Gold combines these approaches as a way to provide deep insights into what is happening with your networked devices and systems. You can bank on that.
Get our latest blog posts delivered in a weekly email.