Banking's Darkside Lurks in Your Inbox

Written by

When it comes to keeping your bank account safe, things aren’t as bad as you think—in fact they’re actually much worse.

While bank robberies of the past invoke images of masked gunmen and high-speed car chases, many of today’s robberies are conducted from behind computer screens with just the click of a button. These hackers—whether criminal or state sponsored—have the ability to bring down any bank’s operations with as little as a single email.

The Weakest Link

Hackers plan their attacks and seek out their victims by looking for the easiest point of access, and bank employees have become one of the weakest links. In fact, many of the world’s leading banks, including Barclays, HSBC, Lloyds banking Group, RBS and Santander, have reported human error to be responsible for 93% of breaches.

This is no fluke. Hackers carefully gather research through employees’ LinkedIn, Facebook, or other social media channels and use this information to find an easy point of entry. By simply gleaning career and relationship information, such as the names of colleagues and friends, hackers can establish cover for spear-phishing and other social-engineering campaigns.

How Can Banks Step Up Their Security To Prevent Large Scale Breaches?

According to USA TODAY, an FBI official recently reported that more than 500 million records have been stolen from financial institutions over the past 12 months as a result of cyber-attacks. With such a massive number of cyber-attacks targeting the financial industry, it should come as no surprise that banks are beginning to invest heavily in cybersecurity.

Here are some guidelines that banks can follow to ensure that their customers are kept safe:

Plan For Major Spending - For organizations in the banking and finance industry, it’s very important to set aside a large budget for security and prevention. It’s not only that consumer data can be hacked—but for many banks, a hack can go undetected for several months or even years. Financial institutions need to have preventative measures in place and the right security professionals on the team who can anticipate, address, and help prevent security threats. 

Invest in Education – Ensure that employees are adequately trained in security awareness. Invest in professional development and seek out the right workshops that can help existing staff boost security. Employees should know how to identity suspicious emails, including those being sent from unfamiliar senders. They should also avoid opening any attachments or clicking on any links contained in emails, as they may contain malware.

Monitor Social Media Exposure – When a network engineer or high-level executive posts his experience online (with a specific operating system for example,) he’s giving away information to a possible intruder. Likewise, an employee’s employment history on LinkedIn can unintentionally expose a company to a security breach. Be smart about what you post and make sure employees and smart about it too.

Use a comprehensive Secure Email Gateway Solution – A Secure Email Gateway monitors emails being sent to an organization for unwanted content and prevents these messages from being delivered. A comprehensive SEG should have the technology to scan all incoming files, and remove malicious codes, including undisclosed and zero-day exploits, helping banks stay protected while allowing operations to continue as normal.  

While banks cannot and will not be able to stop all attacks, staying up to date on current threats and investing heavily in security teams and technology will most certainly help them prevent most.

What’s hot on Infosecurity Magazine?