Between February and April of 2020, banks saw a 238% increase in cyber attacks. It’s reasonable to assume that this uptick in breaches is attributable to the COVID-19 crisis but, national pandemic aside, when asked about the emerging cybersecurity threats to their financial institution, CISOs and CTOs across the U.S. identified three overarching cybersecurity threats which put their banks at risk.
Social Engineering & The Human Factor
Social engineering is the act of tricking someone into entering network information, like login credentials, for example, to gain access to a larger system or network with the intention to attack. Cyber attackers can accomplish this through a number of tactics, but one popular method is a phishing scam.
COVID-19 presented the perfect scenario for phishing emails. Realizing that employees were desperate for information on how to proceed in the “new normal,” hackers used this opportunity to send spoofed emails to organizational email accounts, pretending to disseminate the pertinent information employees were seeking. Employees, many working remotely, would then click on the links in the email or enter their credentials, unknowingly putting the organization at risk. Employee education on such attacks quickly became a priority for IT departments, but also highlighted the need for continuing education as new cybersecurity trends evolve.
The banking and finance industry is notorious for having a high employee turnover rate— 18.6% annually. This means that IT and Human Resources departments are constantly coordinating program access controls for new hires, as well as revoking privileges for terminated employees. Manual provisioning requires a lot of time and effort, which unfortunately allows room for error. In fact, 40% of security breaches are caused by employee negligence, which certainly isn’t always intentional but can be as simple as overlooking a permission change request for an employee who took a new position.
Supply Chain Risk/Third Party Vendors
Some banks use over 200 processes or programs from many different vendors. If we think of a bank’s system as a building, these vendors/APIs/programs represent many different doors through which an employee can enter the building. Each door represents an opportunity to access the bank’s network. If you can imagine, having to constantly monitor 200+ entrances to a secure building requires a lot of effort and there are certainly opportunities for bad actors to sneak in. Banks are now turning to solutions where everyone would enter though one door, so to speak, with Identity Access Management (IAM) emerging as a top cybersecurity solution contender.
Deploying an IAM Solution
IAM is a framework that ensures the right people have the right access to an organization’s programs and systems at all times. Fortunately, it provides an excellent solution to each of the cybersecurity threats listed above through:
- A single source of sign on – When coupled with strong MFA & VPN solutions, IAM significantly reduces opportunities for cybersecurity breaches, including social engineering attacks.
- Automated provisioning– Assign program access on one platform, which includes expiration dates so IT/HR never has to worry about overlooking help desk tickets for permission changes.
- One cohesive platform - Seamlessly and securely connect to all banking platforms in one cohesive platform, including financial APIs. Everyone enters through one door.
Where does my company stand?
Many companies are beginning to recognize that data is their most important asset. As such, they are beginning to view cybersecurity as more than an “IT issue”, but instead as a company-wide risk management concern. One way IT teams can adopt this mindset as they double down on security measures is to assess their cybersecurity maturity. By understanding where they stand, CISOs and CTOs can better convey to management what they need in order to stay ahead of ever-changing cybersecurity threats.
Need a little help reviewing your cybersecurity practices? Check out this white paper, co-authored by Cyturus Technologies, and learn how to evaluate your cyber maturity.