Cyber-attacks against the banking industry have soared in the last few years. And financial institutions now face 300% more attacks than any other industry. Comparatively with other industries, the financial services industry isn’t shy where it comes to cyber security investment and generally has a superior level of protection.
But this attracts a more sophisticated demographic of hacker, who will hone different types of attacks to target a bank, as they are fully aware of the rewards they could reap if they succeed.
But, given the investment banks plough into defense, how do the hackers succeed? According to the FBI, one of the key entry points for cyber criminals is to gain employee login credentials through using spam and phishing emails, key stroke loggers and remote access Trojans.
This was certainly the case for JP Morgan Chase, when, in 2014, it became the victim of the world’s biggest hit on a financial services company. This was despite having spent over $250 million and having over 1,000 of its people focused on cyber security. Hackers gained access through the computer of an employee working from home, stealing their login credentials and targeting a network server that only needed a username and password. More than 83 million customer records were compromised and although no account information was taken, the bank’s reputation took a considerable knock.
For financial institutions, the JP Morgan Chase breach highlighted a few important things. The first is the effectiveness of malware; the second is the vulnerability of workers, particularly remote workers; and thirdly, how easily hackers are able to roam around company networks once they get in. The hackers in the JP Morgan attack were “inside” for over a month before the breach was discovered.
So why is remote working such a weak spot? One reason is user authentication – over 75% of cyber-attacks stem from weak or stolen passwords. In the case of JP Morgan Chase, having poor authentication in place effectively meant they left the bank’s front door open. Using phishing or key-stroke loggers, hackers can identify usernames and passwords. The proliferation of devices is also to blame – banking employees want to be able to use their smartphones and tablets to access company systems. But “bring your own device” (BYOD) has added multiple layers of complexity to security.
When you consider the risks, you can understand banks’ reticence to sanction remote working. But financial organizations can make massive productivity gains through remote working policies – allowing people to work from home, the train or when away with work gives business productivity a real boost. The question is, how do you lock it down and make it as secure as possible?
Authentication is a key consideration. As demonstrated by JP Morgan Chase, many have password only solutions and hackers use dictionary attacks or brute force attacks to get in. Others have two-factor authentication in place but even these solutions can be compromised, as they involve tokens or cards that generate pre-issued passwords based on seed files, which can be hacked.
Bio-metric technology is becoming more popular but it is flawed and phenomenally expensive to implement and manage. And it can be compromised. The US’s Office of Personnel and Management were recently involved in a massive cyber-attack where 5.6 million fingerprints were stolen. Fingerprints, if stolen, can’t be changed.
Multi-factor authentication (MFA) is a solution that banks and insurers could consider – it captures and uses contextual data around each login to determine whether the user should be granted access, such as a user’s connection, their geographic location, a valid point of entry and time of day. If there is nothing suspicious, a one-time passcode is generated in real time and sent to the employee’s mobile, allowing them to log in securely.
The cyber security threat facing banks is increasingly exponentially. And IT professionals on the front line owe it to the bank and its customers to have every solution at their fingertips to try and circumvent attacks. MFA is only part of the solution, but in terms of locking down security around authentication, they need to do the best they can.
One of the cutting edge solutions we feel can make an impact is, Solebit’s this solution with its patent-pending DvC engine distinguishes between code and data buried deep inside data files and streams. The engine locates hidden code that could be executed in any condition, by any type of processor.
This hidden code is often the first step in an attack, allowing the APT operators to gain a foothold in the target environment. Solebit’s engine does not require updates (such as signature updates), and works independently. It does not require connectivity to the Internet, other data repositories, etc.
This engine inspects every, data file, object or stream coming into the network. The engine searches for hidden code instructions, encrypted polymorphic payloads, shell codes and other buried commands in each and every stream.
Any type of unauthorized code that is detected is not allowed into the network, essentially creating a no code zone. These data stream are quarantined for analysis, then immediately alerts the networks IT personal with a report that details the infiltration attempts.
Essentially blocking and protecting your network from Zero-Day malicious viruses/malware.
Want to learn more about this cutting edge product, please feel free to contact me.
Ref/reprint: Banking tech, Claus Rosendal