With an increasing amount of cybercriminals attacking large organisations, banks in particular have been warned that they need to do more to protect both themselves and their customers. Over the past few years a number of consumers have been switching to paperless banking by utilising websites and Apps in order to look after their finances.
Cybercriminals have seen this digitalisation of personal banking as an opportunity to steal funds or even highjack bank accounts around the world. In fact, recent reports have shown that India’s banks are the third most targeted after China’s and the US’, mainly due to the fact that consumers have started to use online banking technology. Security solutions specialist Trend Micro stated that in May alone there were thirteen thousand malware attacks on Japanese banks, five thousand on American banks and three thousand on Indian banks.
Myla V Pilao, director of Trend Micro’s research and development centre TrendLabs, said: “India posed for cybercriminal expansion with an average of 2.5 million malware detection in a given month. Also, 33 per cent more malicious apps were downloaded and network traffic from affected computers continued to rise. Total attacks have exposed more than 10 million personal records as of July 2014 and that strongly indicates that organisations need to adopt a more strategic approach to safeguarding digital information.
“The pace of change in technology sector has never been as rapid as it is now, and as a result we see firms struggling to keep up with the latest developments.” The American bank JPMorgan Chase is just one corporation that is struggling to keep up with the methods employed by cybercriminals to access their customers’ accounts, as shown last week where it was revealed a large amount of sensitive data had been stolen from the bank.
It has been claimed that hackers were able to take advantage of a flaw in the company’s website, allowing them to access data without detection until last month. Since the attack JPMorgan has remained relatively silent on the subject, except for one spokesperson stating: “Companies of our size unfortunately experience cyber attacks nearly every day. We have multiple layers of defence to counteract any threats and constantly monitor fraud levels.”
Even with JPMorgan’s defence measures, hackers were still able to access their data bases, showing that they and other banks around the world need to do more to protect their users’ information. In order to achieve this it would be wise for them to create a multi-pronged defence strategy which focusses on the data centres themselves, their websites, and any mobile Apps that customers use to access their accounts.
Installing intricate firewalls and anti-virus software is just the first step that banks should take in order to protect their data, however there are other, more obvious, steps that could also protect them in the future. Firstly, they should remind all members of staff and customers on a regular basis that they need to be wary of any emails they receive as they could contain malware. Secondly, they need to regularly test their websites and Apps in order to find any flaws before cybercriminals do.
The final way that banks can protect themselves in the future is to understand that they will only become larger targets as their technology develops, which means they need to invest more heavily in security solutions. It is also wise for banks – or any company that deals in the finance sector and could be targeted by cybercriminals – to have a contingency plan in place should their sites be compromised. As JPMorgan stated, cyberattacks are something that large corporations have to deal with on a daily basis, however the faster they detect and resolve a hack the less likely they are to lose sensitive information.
Simon Stokes, Strategic Account Director at Fluidata, adds: “Cyber-attacks occur in the financial sector in all sorts of ways, from hacking to the more common Distributed Denial of Service (DDOS). To manage this increasing threat customers need a combination of defences. If we focus on minimising the client’s Internet footprint we can immediately reduce risk. To make your critical network infrastructure invisible removes it as a target. We can then focus on a reduced visible network and ensure we design a capable defence model.
“In the financial sector there is a security balance to be had between an infrastructure vs application security and every company has different requirements. At Fluidata we train our staff that one model cannot fit all and instead we pursue a unique network design for each client.”