Bank robbers have traded in masks and guns for VPNs and proxy servers, and there’s more of them than ever.
In the last 12 months, 67 percent of financial institutions — banks, credit unions, and the like — that participated in a cybersecurity report published this month by security firm Carbon Black said that they were hit by an increasing rate of attempted cyberattacks and hacks. On top of that, 79 percent said that the hackers were becoming more and more sophisticated. It’s no surprise that crime is moving online and that security means more than thick vault doors. But cybersecurity practices haven’t quite kept up with the sheer volume of hackers targeting banks, as the report says that many attacks were at least partially successful.
Instead of settling for a quick buck, many of the attacks included in the report were intended to disrupt banking services or delete financial records — a hack strategy that’s increased by 160 percent over the last 12 months. And once the hackers are in, 32 percent of banks said that the hackers were digging in their heels and fighting back against efforts to lock them out of the system.
“It’s something that we should be very concerned about,” Tom Kellermann, Carbon Black’s chief cybersecurity officer, told BobsGuide, “because what that says to me is that [cybercriminals] are willing to shoot the hostages now, they’re willing to burn down the infrastructure, and destroy segments of a financial institution because they’re angry that you are reacting to them in the first place.”
Putting Out Fires
Many banks’ cybersecurity vulnerabilities are introduced when they launch a new platform, be it online banking, mobile banking, or anything of the like.
Kellermann told Bobsguide that banks’ tendency to launch new services and platforms without a proactive focus on security “is a systemic mistake and it is a terrible mistake.” Too often, Kellermann said, security teams are left running around and putting out fires rather than proactively seeking out and securing their vulnerabilities.
“They’re doing this to increase access to their systems,” Kellermann said. “What they’re not understanding is that if you build it they will come and not all of them will be righteous.”
READ MORE: Technology obsession blinding banks from real cybercrime threat [Bobsguide]