Protecting your bank against cyberattacks (Part 1 of 3)
With data breaches making more headlines, security remains top-of-mind for financial institutions. Despite robust security controls, banks can still be vulnerable to threats.
At Micah Group, we keep security at the forefront of everything we do. We partnered with Tony Asher of Asher Security for his recommendations on protecting your bank from becoming the next target.
My phone rang with a number I didn’t recognize from out of state. Assuming it was another spam call, I answered it with hesitation. To my surprise, it was the financial department of a new client. They explained they had received an invoice, and as a part of their security procedures they always call the vendor and verify their information before issuing payment.
These increased due diligence procedures have become the norm now that cybersecurity threats have overwhelmed the market. More procedures like this need to be put in place to help financial institutions protect their assets and client data from malicious hackers.
The most recent Verizon Data Breach Report reviewed over 5,000 breaches and found the top three threats were:
What can financial institutions do to reduce the risk of these breaches happening? Let’s break down these top three and examine the what allowed these breaches to be successful, and what can be done to protect against them.
Social Engineering
Social engineering breaches are malicious activities accomplished through human interaction and manipulation. Attackers will send a spoofed (fake) email, or even call employees trying to get them to perform an action or reveal information.
Most people are familiar with this attack by now, but unfortunately, it’s still at the number one spot on the breach report.
Successfully reducing this threat requires continued diligence and training. Implementing a good cybersecurity awareness and training program. A good awareness program accomplishes the following:
Practical and applicable. It applies to the what the employee actually does in their role. For example – don’t include firewall rules for an HR employee.
Valuable to the employee at work and at home. Employees care about threats, and they care even more about their personal lives.
Attestable. Ask employees to digitally attest to understanding the training. Record this in their file. That way, you can prove you performed due diligence, even if a breach occurs from a social engineering attack.
In addition to training, make sure resources are available for your employees to engage and ask questions. I recommend the names, faces and phone numbers of the cybersecurity staff are available to all employees.
In part 2, learn about web application attacks and protective measures you can take.
“Make sure resources are available for your employees to engage and ask questions. I recommend the names, faces and phone numbers of the cybersecurity staff are available to all employees.”
About Asher Security
We protect your critical information assets by securing your data, detecting malicious attempts, and preventing the compromise of confidentiality, availability, and integrity of crown jewels at the core of your business. More at ashersecurity.com.
About Micah Group
Micah is the intelligent lending platform for fast, efficient credit decisions. From application to approval, it turns a weeks-long process into days or minutes. Micah automates spreading and credit memos, so lenders can spend more time on customer experience and analysis. More at micah-group.com.