Financial Institutions, Cyberthreats Loom Large
The recent discovery of the Apache Log4j vulnerability poses a significant cybersecurity risk for financial institutions. It allows malicious code to be injected into a Log4j program, which could include downloading and executing a banking Trojan. Despite patching to mitigate the immediate software vulnerability, an ongoing risk remains. The threat facing banks and credit unions is the ability for bad actors to steal login data and send fraudulent wire transfers, set up accounts and even potentially gain access to member information and accounts.
In the first half of 2021, the banking industry reported 30% more ransomware attacks than all of 2020. In 2021, we saw the emergence of well-known groups organizing Ransomware-as-a-Service (RaaS) programs, most notably involved in the Colonial Pipeline hack, one of the worst ransomware attacks to date. Credit unions and banks are prime targets for ransomware attacks because of the sheer amount of information they store about their customers. The following points underscore the threat financial institutions face:
• The average cost of a data breach in the financial sector was $5.72 million, according to the IBM Cost of a Data Breach Report 2021.
• In the first half of 2021 alone, reported ransomware payments in the United States reached $590 million, compared to a total of $416 million in all of 2020.
• According to the Verizon 2021 Data Breach Investigations Report, 96% breaches in the financial services industry were financially motivated.
• Federal Reserve Chairman Jerome Powell warned last year that cyberattacks are the No. 1 threat to the global financial system.
Security threats don’t only come from external parties. There has also been a notable increase in the number of security breaches coming from insiders. Internal teams that have access to systems and customers’ data pose a threat to credit unions and financial institutions. Not all insider threats are malicious in nature; in many instances, they are inadvertent, reflecting a lack of security training or oversight. However, these vulnerabilities can lead to larger breaches and wreak havoc on a credit union’s reputation and bottom line.
For regional banks and credit unions, having a security partnership in place can assist with vulnerability testing, proactive threat hunting and ongoing monitoring to help reduce the burden on internal IT resources. Experts can look for suspicious activities and assess any anomalies—non-human patterns, spikes of activity outside normal business hours and other red flags—to catch threat actors or insider threats.
Cybernon partners with banks and financial institutions to provide immediate IT Support that is Cybersecurity First. Our services protect your financial institution’s reputation and most importantly your clients data and operational uptime. Cybernon protects by:
Cyber criminals are opportunists and will often target a business with the lowest level of cybersecurity. Instead of trying to spend weeks or months trying to get into a large financial institution they can target smaller banks with weak cybersecurity in less time. It is easier to hit multiple businesses instead of trying to extort a large organization that will bring in the law enforcement and government agencies.
Data security laws can vary with location. Cybernon assists your firm to understand the legal responsibilities in the event of a breach.