Top IT Security Threats Facing Financial Institutions in 2015
According to Gartner Research Fraud Analyst, Avivah Titan, “Cyber extortion and company insiders acting as free agents are the greatest current IT security threats facing financial institutions in 2015.” However, it is not only financial institutions who are being targeted by cyber extortion and ransomeware cyberattacks – many large retailers, healthcare facilities and government institutions are under the same threat.
1. Cyber Extortion on the Rise
Even though large financial institutions have been facing cyber extortion attacks for well over a year now, it has been found that many are covering up these cyber extortion attacks by paying out as much as $100 U.S. for every $5’s worth of anticipated damages. A cybercriminal group, known as Distributed Denial of Service For Bitcoins (DD4BC), has been using a blend of ransomeware schemes with Distributed Denial of Service (DDoS) attacks against a number of financial institutions.
According to NSFOCUS’s 2014 DDoS Threat Report: “While 90% of DDoS attacks lasted less than 30 minutes, one attack lasted 70 hours. This shorter attack strategy is being employed to improve efficiency as well as distract the attention of IT personnel away from the actual intent of an attack: deploying malware and stealing data. These techniques indicate that today’s attacker continues to become smarter and more sophisticated.”
How Cyber Extortion (Ransomeware) Attacks Work
DD4BC cyber extortion ransomeware schemes cause costly damage to financial institutions. The way it works is: Cybercriminals plant malware on computer networks, extract information from customer’s financial files and then threaten institutions with making the information public. Cyber extortion attacks essentially leave financial institutions paralyzed, when faced with the threat of exposure in the event they do not meet cybercriminal demands. Since cyber extortion groups, such as DD4BC, typically demand payment in bitcoin currency – it has become increasingly harder for law enforcement organizations to track and prosecute these types of criminals.
Ashley Madison Data Breach
The Ashley Madison data breach is another recent example of a ransomeware cyberattack where the alleged cybercriminal group behind the attack, the “Impact Team”, hacked into Avid Life Media’s computer system. The attack went undetected and the cybercriminals were able to download 300 GB of their 37 million users’ confidential personal and financial information. The breach also cost them the exposure of over 30 million email addresses, 200,000 emails from Avid Life Media CEO Noel Biederman’s Gmail account, and many of their customers’ passwords and last four digits of their credit cards.
With the threat of attack thirty days prior, Avid Life Media chose to continue business as usual and did not shut down the three sites cited in the threat. To date the data breach has been catastrophic in that it has ruined the company’s reputation and impacted many lives.
2. Rogue Insider Cybercrimes on the Rise
A rising trend in IT security breaches is the increase of company insiders operating as free agent cybercriminals. These are individuals, either current or former employees, who are trained in specific industries to steal and profit from the sale of customer data on the ‘dark web’. It is now being theorized, by security professionals, such as John McAfee and CEO of Avid Life Media, Noel Biederman that the Ashley Madison data breach was the result of a disgruntled former employee or contractor.
3. Ways to Improve Financial Fraud Detection
According to Gartner Research, in order to prevent financial institution cyberattacks, financial institutions will first need to improve fraud detection technologies in the areas of biometrics and behavioral analytics. However, many smaller banks cannot afford advanced biometric fraud technology. Thus, only the larger banks and financial institutions will be able to benefit from the current advances in biometric fraud detection technology.
Another key way to prevent cyber fraud at financial institutions involves better methods of identity proofing, which essentially means that they will need to enhance customer authentication security and procedures at bank locations and online transactions. These measures, in part, will prevent the threat and damages caused by customer personal information ending up in the wrong hands. Fortunately, as Titan points out, biometric technology has significantly improved, due to advances in machine learning. However, this technology is still not 100% accurate or even efficient for verifying a large number of customer identities.
Biometric technologies currently being adopted by banks include: voice proofing, fingerprint scanning, facial recognition and touch ID, which have largely become more accessible and a more efficient way of identity proofing – thanks to the widespread adoption and advances in smartphone technology. In addition, financial institutions are now leveraging more dynamic information, such as phone numbers and email addresses to monitor and prevent financial fraud.
IPR Secure solutions help financial institutions protect customer information. We built it for you, so you don’t have to!
Our secure IT infrastructure, Tier III datacenters and secure Managed Datacenter Solutions support many of our large U.S. and international-based financial institutions, including the Federal Reserve.
To learn more about our robust suite of IT security and datacenter solutions, visit: http://iprsecure.com or call us today at 877.282.4873.
Data Breach Today. Gartner’s Litan: Top New Threats to Banks. Cyber-extortionists, rogue insiders head list of adversaries.
The Hacker News. Ashley Madison Hacker- An Insider Woman Employee.