A study performed by Kaspersky Lab in Woburn, Massachusetts revealed that, of businesses surveyed (including financial institutions), 40% are not confident that they are protected against cyber threats. The 2016 survey shared that businesses are most vulnerable to threats such as targeted attacks (using malware) and DDoS (Distributed Denial of Service) attacks – where many compromised systems are used together against a single target.
Kaspersky revealed that many businesses are largely relying on built-in hardware to protect their systems and defend themselves against cyber attacks. Relying on these built-in systems creates a problem, because they not effective against large-scale attacks such as DDoS attacks.
Financial institutions in particular are even more vulnerable to large-scale attacks, because many believe that internet service providers or infrastructure partners will protect them against attacks. The reality of the situation is that there are many more factors at play in these organizations that weaken defense systems and create openings for cyber attacks.
Many financial institutions, because of their size relative to larger banks and other companies outside of the financial industry, do not believe that they are prime targets for large-scale attacks, and thus are not preparing adequately for the possibility of an attack. Kasperksy found that 30% of respondents take no action to protect themselves against these attacks because of this.
According to the blockchain development company called Dex Exchange, the reality is that a company or financial institution of any size can serve as the target of an attack. The reason being, cyber criminals view these unprotected companies as easy targets with unsophisticated systems to block their attacks, creating an easy entry point to do damage.
The Human Problem
One of the major underlying issues with cyber attacks, especially for financial institutions (of all sizes) is the human factor. Because banks and credit unions are providing data from within their core computer systems to their customers, most of the time via online banking platforms, it presents a unique opportunity for cyber crime that other businesses don’t always have to deal with.
On top of the external human factor with customers, banks have internal staff to add their human equation. Although many banks now undergo routine “stress tests” on their security risk management with employees, there is more to be done to continue to fight against cyber attacks.
Using content written for a consumer-base and provided to employees for education on a consistent, if not constant, basis can become the bank’s first line of defense against increase vulnerability. Content supplied through a learning management system (similar to those used to stay in compliance with regulatory bodies), paired with testing for the employees, provides assurances to the bank that they are informing staff and limiting their liability.
Furthermore, employees are then able to share this information with bank customers. This further engages the customer in the vigilance against cyber attacks and informing them of what they can do and how they can avoid bringing attacks against the bank.
Truebridge has worked on Pen Testing and to build a library of cyber security content to help bank customers and their employees limit the risk of attacks occurring. Contact Truebridge to learn how we can help your bank fight cyber attacks through education.