The Federal Deposit Insurance Corporation (FDIC) is the newest entity in a long line of governmental and corporate interests to voice concern over cybersecurity measures taken by banks and other financial institutions. The FDIC recently published its Supervisory Insights Vol. 12, Issue 2, Winter 2015 Article laying out a framework for enhancing cybersecurity for banks and financial institutions.
The FDIC article focuses on the threats posed by cyber-attacks to banks and financial institutions, and how these threats are ever-evolving. The article advises banks to take steps to protect against all kinds of intrusions into banking systems. Some of the biggest cybersecurity issues that banks need to protect against include:
- Weak Links in Security: Weak links in security can take many forms in a bank setting. For instance, bank workers could improperly handle customer information or login credentials, which can be stolen and used by hackers. Training can go a long way towards educating employees about how to protect against security breaches. Similarly, third party vendors that provide services to a bank can also pose as weak links in a bank’s cybersecurity. The actions of third party vendors must be monitored by banks and any cybersecurity risks should be addressed as soon as they are identified.
- Malware: If bank employees are not careful, they could accidentally install malware onto bank computers, which can provide information to hackers, or can serve as an entry point into a bank’s systems. Malware can take many forms, and two common forms of malware associated with bank hacks are Randomware and wiper programs. Randomware holds a computer hostage and demands an exchange of information for access to the computer. Wiper programs are designed to infect and destroy files contained on a computer hard drive.
- Distributed Denial-of-Service Attacks: When too much internet traffic is sent to a specific machine or network, the machine or network becomes overloaded and unavailable for use. Attacks can be launched to occupy connections, use up bandwidth, overwhelm a system, or by targeting applications.
- Combined or Compound Attacks: Hackers often use a combination of techniques to gain access to bank systems. Banks need to be aware that where one form of attack is recognized, there are likely others also occurring that may not have yet been detected.
- Management of Security Software Patches: One of the best ways to protect against system intrusions is to ensure that security software is up to date. Patches are a good way to address flaws or bugs in security software, but patches only work when they are properly implemented. Many banks do not have good systems in place to manage the distribution and updating of computer systems so that security patches can be effective.
Cybersecurity risks are one of the biggest business risks banks and other financial institutions can face. The risks are ever-changing as technology advances and new hacking techniques are dreamed up every day by cyberthieves. Cybersecurity is an aspect of business that must be constantly monitored, and strategies for coping with cybersecurity risks must be adapted to best address the threats and breaches.