The cyber-threats and security risks that threaten the banking industry have the potential to cause significant damage, as has been evident in recent incidents that have led to monumental losses of both funds and financial data. In fact, as the head of the European Central Bank (ECB) warned earlier this year, a combined cyber-attack on important banks could trigger widespread financial crisis and instability.
With that potential a stark reality and given the fact that the banking industry underpins such an important part of the financial services sector, defining, understanding and mitigating the cybersecurity risks it faces is of paramount importance.
One man who is passionate about helping the banking sector do just that is Adam Glick. Glick has held various senior security leadership roles within the banking industry having served at US banking firms Brown Brothers Harriman and Century Bank. He now heads up the security division at Rocket Software, a tech company that provides tools that are used by all of the top-10 banks in the US to run their mainframe computers.
Infosecurity spoke to Glick to learn more about the cyber-risks that threaten the security of the banking industry and to gain his insight into what needs to be done to make the banking sector a more secure one.
What is the current state of the cyber-threat landscape across the banking industry?
The main threats the banking industry is seeing are: theft of personal data and money and disruption of critical services. The next most critical asset a bank holds (after money) is personal data. There is not much left to lose if a bank loses their customer’s money and data alongside losing the bank’s ability to provide critical services.
What are the greatest cyber-risks that currently threaten the banking industry?
Risk management is nothing new for financial organizations; however, cyber-risk management is relatively new in the last decade. The biggest cyber-risks a bank might face are still the tried and true methods: ransomware, phishing, data leakage and unsecured applications. Unsecured applications are generally not the initial attack, but usually the spring board, as we saw with Equifax and the compromise of an out-of-date version of Apache Struts.
How can/do cyber-criminals target the banking industry?
Most threats stayed quite the same for many years, as we’ve seen from the many banking Trojans and the DDoS attacks from 2010-2018 or so. What’s changed recently is the way in which the financial sector is being targeted now. Social engineering has always been popular, and unfortunately, successful. What we are seeing is the rise of destructive or distractive attacks. For example, Banco de Chile’s $10m breach occurred right before the release of a smokescreen that disabled the master boot records of most of the bank’s computers, hiding the attackers footsteps and providing them a clean getaway. If everything’s on fire on your network, there are decent odds there’s something else also occurring.
What are the key requirements for ensuring better information security for the banking industry?
Continual risk assessments are becoming necessary. With the ever changing threat environment, a risk assessment is only as good as the last time it was updated. In your last risk assessment did you give enough credence to a global pandemic that will force you to have an almost 100% remote work force? If not, now is a good time to update that risk assessment to ensure you have adequate controls.