How Cyber Crime Affects the Banking Industry
Cyber criminals are going directly to where the money is – the financial sector. Banks and financial firms are big targets for cyber crime, so the industry is stepping up its cybersecurity efforts.
When it comes to cyber crime, breaching a financial institution is the golden egg for criminal hackers.
So if the industry is such a target, why is it vulnerable to attacks and what are information assurance professionals doing to improve cybersecurity in the sector?
Financial Industry Faces Constant Threats
Just in the first half of 2016, 37 financial institutions reported breaches, including five of the largest banks in the U.S. Some notable incidents in recent years include:
- JPMorgan suffered the largest theft of customer data from a financial institution when hackers stole the information of 83 million consumers in 2014
- Experian had the largest breach of a credit bureau when data on 15 million customers was exposed in 2015
- Hackers stole $81 million from the Federal Reserve Bank of New York earlier this year using payment transfer messaging service Swift
- Swift said that an undisclosed number of banks lost money earlier this year to hackers using similar methods to the Federal Reserve Bank breach
How are hackers getting into these institutions to steal money and data? In some cases, criminals are using sophisticated tools to breach networks, but that’s not always the case.
According to a report by security firm Bitglass, one in four breaches were due to lost or stolen devices, and 14 percent came from people inside the organizations.
SecurityScorecard’s 2016 cybersecurity report revealed that 75 percent of the top 20 U.S. commercial banks are infected with malware and nearly one out of five financial institutions use an email service provider with severe security vulnerabilities.
“As cyber criminals find new ways to attack, breach, and exploit organizations, threat patterns such as phishing, spear-phishing, and social engineering evolve and become more sophisticated,” states Dr. Luis Vargas, senior data scientist at SecurityScorecard. “Financial organizations need solutions that assess vulnerabilities continuously and have the ability to see risks and vulnerabilities before a breach takes place.”
Improving Cybersecurity in the Financial Sector
As threats mount, authorities are putting pressure on banks to step up cybersecurity efforts.
U.S. bank regulators outlined new security standards for leading banks, requiring them to use the most sophisticated anti-hacking tools, and to be able to recover from an attack within two hours.
The Federal Reserve and Treasury Department also urged companies to implement the Group of 7 (G7) nations’ cybersecurity guidelines, which include establishing an information security strategy, identifying risks and sharing information with authorities.
The banking industry is also investing big in cybersecurity, spending $8.6 billion this year. JPMorgan doubled its cybersecurity to $500 million, and Bank of America said it has an unlimited budget for combating cyber crime.
With banks increasing their security investments, information assurance professionals are at a premium in the industry. There has been a 131 percent increase in job postings for security experts in recent years. Professionals can improve their chances of landing a position in the industry by furthering their education.
As criminals find new ways to breach financial institutions – through vendors, insiders and malware – cybersecurity professionals need top training and comprehensive strategies to secure assets.
“Criminals will use any means they can to achieve their aims, so that means we can no longer consider physical and cybersecurity separately, but instead need an end-to-end view on security,” states Troels Oerting, chief security and information security officer at Barclays.
Interested in fighting cyber crime in the financial sector? Investing in an advanced degree in cybersecurity can give your career a much-needed boost. Explore our Education section for more information.